Analysis Overview
SHA256
66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3
Threat Level: Known bad
The file 66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe was found to be: Known bad.
Malicious Activity Summary
Glupteba
Glupteba payload
Lumma Stealer
Stealc
SmokeLoader
Detects executables containing URLs to raw contents of a Github gist
Detects executables containing artifacts associated with disabling Widnows Defender
UPX dump on OEP (original entry point)
Detects Windows executables referencing non-Windows User-Agents
Detects executables Discord URL observed in first stage droppers
Detects executables referencing many varying, potentially fake Windows User-Agents
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Detects executables packed with VMProtect.
Creates new service(s)
Downloads MZ/PE file
Contacts a large (569) amount of remote hosts
Stops running service(s)
Loads dropped DLL
Executes dropped EXE
UPX packed file
Deletes itself
Writes to the Master Boot Record (MBR)
Adds Run key to start application
Suspicious use of SetThreadContext
Launches sc.exe
Unsigned PE
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Creates scheduled task(s)
Uses Task Scheduler COM API
Suspicious behavior: MapViewOfSection
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-25 05:02
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-25 05:02
Reported
2024-02-25 05:05
Platform
win7-20240221-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
SmokeLoader
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7964.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7964.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9011.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\94B4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\13A4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A1FF.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9E6.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7964.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\7964.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\94B4.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2588 set thread context of 2660 | N/A | C:\Users\Admin\AppData\Local\Temp\7964.exe | C:\Users\Admin\AppData\Local\Temp\7964.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\9011.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe
"C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe"
C:\Users\Admin\AppData\Local\Temp\7964.exe
C:\Users\Admin\AppData\Local\Temp\7964.exe
C:\Users\Admin\AppData\Local\Temp\7964.exe
C:\Users\Admin\AppData\Local\Temp\7964.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\83E0.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\83E0.dll
C:\Users\Admin\AppData\Local\Temp\9011.exe
C:\Users\Admin\AppData\Local\Temp\9011.exe
C:\Users\Admin\AppData\Local\Temp\94B4.exe
C:\Users\Admin\AppData\Local\Temp\94B4.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 124
C:\Users\Admin\AppData\Local\Temp\13A4.exe
C:\Users\Admin\AppData\Local\Temp\13A4.exe
C:\Users\Admin\AppData\Local\Temp\A1FF.exe
C:\Users\Admin\AppData\Local\Temp\A1FF.exe
C:\Users\Admin\AppData\Local\Temp\9E6.exe
C:\Users\Admin\AppData\Local\Temp\9E6.exe
C:\Users\Admin\AppData\Local\Temp\52F8.exe
C:\Users\Admin\AppData\Local\Temp\52F8.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| GB | 139.162.210.252:443 | tcp | |
| PL | 51.68.141.70:443 | tcp | |
| DE | 217.160.49.126:443 | tcp | |
| N/A | 127.0.0.1:49225 | tcp | |
| DE | 217.160.49.126:443 | tcp | |
| PL | 51.68.141.70:443 | tcp | |
| US | 8.8.8.8:53 | gmbo.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | uzlomojedchbrjers.cem | udp |
| US | 8.8.8.8:53 | fpj.cem.vz | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | gmbo.cem | udp |
| US | 8.8.8.8:53 | fpj.cem.vz | udp |
| US | 8.8.8.8:53 | fpj.cem.vz | udp |
| US | 8.8.8.8:53 | uzlomojedchbrjers.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| N/A | 127.0.0.1:52639 | tcp | |
| N/A | 127.0.0.1:52639 | tcp | |
| N/A | 127.0.0.1:52639 | tcp | |
| N/A | 127.0.0.1:52639 | tcp | |
| N/A | 127.0.0.1:52639 | tcp | |
| N/A | 127.0.0.1:49312 | tcp | |
| N/A | 127.0.0.1:49319 | tcp | |
| N/A | 127.0.0.1:49322 | tcp | |
| N/A | 127.0.0.1:49325 | tcp | |
| N/A | 127.0.0.1:49329 | tcp | |
| N/A | 127.0.0.1:49331 | tcp | |
| N/A | 127.0.0.1:49338 | tcp | |
| N/A | 127.0.0.1:49347 | tcp | |
| N/A | 127.0.0.1:49349 | tcp | |
| N/A | 127.0.0.1:49352 | tcp | |
| N/A | 127.0.0.1:49355 | tcp | |
| N/A | 127.0.0.1:49358 | tcp | |
| N/A | 127.0.0.1:49360 | tcp | |
| N/A | 127.0.0.1:49364 | tcp | |
| N/A | 127.0.0.1:49367 | tcp | |
| N/A | 127.0.0.1:49381 | tcp | |
| N/A | 127.0.0.1:49383 | tcp | |
| N/A | 127.0.0.1:49387 | tcp | |
| N/A | 127.0.0.1:49391 | tcp | |
| N/A | 127.0.0.1:49395 | tcp | |
| N/A | 127.0.0.1:49397 | tcp | |
| N/A | 127.0.0.1:49399 | tcp | |
| N/A | 127.0.0.1:49401 | tcp | |
| N/A | 127.0.0.1:49403 | tcp | |
| N/A | 127.0.0.1:52639 | tcp | |
| N/A | 127.0.0.1:49409 | tcp | |
| N/A | 127.0.0.1:49425 | tcp | |
| N/A | 127.0.0.1:49436 | tcp | |
| N/A | 127.0.0.1:49438 | tcp | |
| N/A | 127.0.0.1:49440 | tcp | |
| N/A | 127.0.0.1:49455 | tcp | |
| N/A | 127.0.0.1:49458 | tcp | |
| N/A | 127.0.0.1:49460 | tcp | |
| N/A | 127.0.0.1:49462 | tcp | |
| N/A | 127.0.0.1:49464 | tcp | |
| N/A | 127.0.0.1:49468 | tcp | |
| N/A | 127.0.0.1:49470 | tcp | |
| N/A | 127.0.0.1:49472 | tcp | |
| N/A | 127.0.0.1:49478 | tcp | |
| N/A | 127.0.0.1:49482 | tcp | |
| N/A | 127.0.0.1:49484 | tcp | |
| N/A | 127.0.0.1:49486 | tcp | |
| N/A | 127.0.0.1:49488 | tcp | |
| N/A | 127.0.0.1:49490 | tcp | |
| N/A | 127.0.0.1:49492 | tcp | |
| N/A | 127.0.0.1:49493 | tcp | |
| N/A | 127.0.0.1:49496 | tcp | |
| N/A | 127.0.0.1:49498 | tcp | |
| N/A | 127.0.0.1:49501 | tcp | |
| N/A | 127.0.0.1:49504 | tcp | |
| N/A | 127.0.0.1:49506 | tcp | |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| N/A | 127.0.0.1:49513 | tcp | |
| N/A | 127.0.0.1:49520 | tcp | |
| N/A | 127.0.0.1:49535 | tcp | |
| N/A | 127.0.0.1:49540 | tcp | |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| N/A | 127.0.0.1:49548 | tcp | |
| N/A | 127.0.0.1:49553 | tcp | |
| N/A | 127.0.0.1:49557 | tcp | |
| US | 8.8.8.8:53 | redoffmbol.cem | udp |
| N/A | 127.0.0.1:49563 | tcp | |
| N/A | 127.0.0.1:49566 | tcp | |
| N/A | 127.0.0.1:49568 | tcp | |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| US | 8.8.8.8:53 | sbrvbjbzokuzoversojy.bc.oz | udp |
| US | 8.8.8.8:53 | redoffmbol.cem | udp |
| N/A | 127.0.0.1:49582 | tcp | |
| N/A | 127.0.0.1:49585 | tcp | |
| N/A | 127.0.0.1:49589 | tcp | |
| N/A | 127.0.0.1:49593 | tcp | |
| N/A | 127.0.0.1:49595 | tcp | |
| N/A | 127.0.0.1:49599 | tcp | |
| N/A | 127.0.0.1:49602 | tcp | |
| N/A | 127.0.0.1:52639 | tcp | |
| N/A | 127.0.0.1:49605 | tcp | |
| N/A | 127.0.0.1:49607 | tcp | |
| N/A | 127.0.0.1:49619 | tcp | |
| N/A | 127.0.0.1:49636 | tcp | |
| N/A | 127.0.0.1:49638 | tcp | |
| N/A | 127.0.0.1:49640 | tcp | |
| N/A | 127.0.0.1:49642 | tcp | |
| N/A | 127.0.0.1:49645 | tcp | |
| N/A | 127.0.0.1:49647 | tcp | |
| N/A | 127.0.0.1:49651 | tcp | |
| N/A | 127.0.0.1:49654 | tcp | |
| N/A | 127.0.0.1:49656 | tcp | |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | sbrvbjbzokuzoversojy.bc.oz | udp |
| N/A | 127.0.0.1:49663 | tcp | |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| KR | 183.100.39.16:80 | trmpc.com | tcp |
| N/A | 127.0.0.1:49666 | tcp | |
| N/A | 127.0.0.1:49668 | tcp | |
| N/A | 127.0.0.1:49670 | tcp | |
| N/A | 127.0.0.1:49672 | tcp | |
| N/A | 127.0.0.1:49674 | tcp | |
| N/A | 127.0.0.1:49676 | tcp | |
| N/A | 127.0.0.1:49678 | tcp | |
| N/A | 127.0.0.1:49683 | tcp | |
| N/A | 127.0.0.1:49685 | tcp | |
| N/A | 127.0.0.1:49687 | tcp | |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| N/A | 127.0.0.1:49702 | tcp | |
| N/A | 127.0.0.1:49704 | tcp | |
| N/A | 127.0.0.1:49706 | tcp | |
| N/A | 127.0.0.1:49709 | tcp | |
| N/A | 127.0.0.1:49713 | tcp | |
| N/A | 127.0.0.1:49715 | tcp | |
| N/A | 127.0.0.1:49720 | tcp | |
| N/A | 127.0.0.1:49733 | tcp | |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| N/A | 127.0.0.1:49743 | tcp | |
| N/A | 127.0.0.1:52639 | tcp | |
| N/A | 127.0.0.1:49749 | tcp | |
| N/A | 127.0.0.1:49751 | tcp | |
| N/A | 127.0.0.1:49753 | tcp | |
| N/A | 127.0.0.1:49755 | tcp | |
| N/A | 127.0.0.1:49761 | tcp | |
| US | 8.8.8.8:53 | en.bestsup.su | udp |
| US | 104.21.29.103:80 | en.bestsup.su | tcp |
| N/A | 127.0.0.1:49763 | tcp | |
| N/A | 127.0.0.1:49766 | tcp | |
| N/A | 127.0.0.1:49773 | tcp | |
| N/A | 127.0.0.1:49776 | tcp | |
| N/A | 127.0.0.1:49778 | tcp | |
| N/A | 127.0.0.1:49785 | tcp | |
| N/A | 127.0.0.1:49804 | tcp | |
| N/A | 127.0.0.1:49806 | tcp | |
| N/A | 127.0.0.1:49808 | tcp | |
| N/A | 127.0.0.1:49810 | tcp | |
| N/A | 127.0.0.1:49814 | tcp | |
| N/A | 127.0.0.1:49816 | tcp | |
| N/A | 127.0.0.1:49820 | tcp | |
| N/A | 127.0.0.1:49825 | tcp | |
| N/A | 127.0.0.1:49827 | tcp | |
| N/A | 127.0.0.1:49830 | tcp | |
| N/A | 127.0.0.1:49832 | tcp | |
| N/A | 127.0.0.1:49834 | tcp | |
| US | 8.8.8.8:53 | bbckfremjhefujure.oe | udp |
| N/A | 127.0.0.1:49837 | tcp | |
| N/A | 127.0.0.1:49839 | tcp | |
| N/A | 127.0.0.1:49841 | tcp | |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| N/A | 127.0.0.1:49845 | tcp | |
| N/A | 127.0.0.1:49847 | tcp | |
| N/A | 127.0.0.1:49849 | tcp | |
| N/A | 127.0.0.1:49851 | tcp | |
| N/A | 127.0.0.1:49853 | tcp | |
| N/A | 127.0.0.1:49859 | tcp | |
| N/A | 127.0.0.1:49863 | tcp | |
| N/A | 127.0.0.1:49867 | tcp | |
| N/A | 127.0.0.1:49880 | tcp | |
| N/A | 127.0.0.1:49889 | tcp | |
| N/A | 127.0.0.1:49895 | tcp | |
| N/A | 127.0.0.1:49903 | tcp | |
| N/A | 127.0.0.1:52639 | tcp | |
| N/A | 127.0.0.1:49918 | tcp | |
| N/A | 127.0.0.1:49924 | tcp | |
| N/A | 127.0.0.1:49929 | tcp | |
| N/A | 127.0.0.1:49931 | tcp | |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| N/A | 127.0.0.1:49933 | tcp | |
| N/A | 127.0.0.1:49936 | tcp | |
| N/A | 127.0.0.1:49940 | tcp | |
| N/A | 127.0.0.1:49942 | tcp | |
| N/A | 127.0.0.1:49944 | tcp | |
| US | 8.8.8.8:53 | ybhee.cem.br | udp |
| N/A | 127.0.0.1:49955 | tcp | |
| N/A | 127.0.0.1:49957 | tcp | |
| N/A | 127.0.0.1:49959 | tcp | |
| N/A | 127.0.0.1:49961 | tcp | |
| N/A | 127.0.0.1:49963 | tcp | |
| N/A | 127.0.0.1:49966 | tcp | |
| N/A | 127.0.0.1:49968 | tcp | |
| N/A | 127.0.0.1:49971 | tcp |
Files
memory/1960-1-0x0000000002E40000-0x0000000002F40000-memory.dmp
memory/1960-2-0x0000000000220000-0x000000000022B000-memory.dmp
memory/1960-3-0x0000000000400000-0x0000000002D3F000-memory.dmp
memory/1960-5-0x0000000000400000-0x0000000002D3F000-memory.dmp
memory/1196-4-0x0000000002DF0000-0x0000000002E06000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7964.exe
| MD5 | 0c115f8bfa52df41bf55979e615fc9dc |
| SHA1 | bab9e8ed03ada856024161c1455d2d188f82b507 |
| SHA256 | 4e73110e33be1ae421aa3574b54826095efdc1000d15dd270e8204490b77e4c9 |
| SHA512 | 51593bb257374b7258682775bba62e681ecaf6a1fb8255bcd1a00643a24f6520b055e2094549cb07596d845540c6c9e6387e6c9b6cdd36feacbd0fef4f762a5c |
C:\Users\Admin\AppData\Local\Temp\7964.exe
| MD5 | b2fdceb3b4d53dab1f616ff2edaab2e5 |
| SHA1 | 34cee87e40076f6cc103b54909274b2979d95c3a |
| SHA256 | c282bf5d083bed9ea61133daf494f5bdaa15338c259fbe1189f2cd42e6ddeef8 |
| SHA512 | bc4a775ba9609c8d028d269cd55960bcf4cbffc4489773a3c8ad7491fa3a2546a9b7ff537cd23f1199792444d234ade1c83b171a2486c6691c8036c50ea89c2b |
memory/2588-17-0x0000000004860000-0x0000000004A18000-memory.dmp
memory/2660-27-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2588-18-0x0000000004860000-0x0000000004A18000-memory.dmp
memory/2660-28-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-29-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2588-26-0x0000000004A20000-0x0000000004BD7000-memory.dmp
memory/2660-30-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7964.exe
| MD5 | 147f5f5bbc80b2ad753993e15f3f32c2 |
| SHA1 | 16d73b4abeef12cf76414338901eb7bbef46775f |
| SHA256 | 40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990 |
| SHA512 | 9c43aaa68161ef04c60e3f64c3fd54426dfd387f0013f009f3da94d45f19e514cd41de7b95865c47f55e5800222fd74736659138bb96406aa37f9cdc8e5799b6 |
memory/2660-31-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-23-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-21-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\83E0.dll
| MD5 | 7f341437d787033f6b2e746037413de6 |
| SHA1 | 3c41114a7782cabc996183faae3c8be2fad4613b |
| SHA256 | de3307883a72f85e2f2caaa0a5dfa0e76f08136bfa7e2daf78e4b15cce4d0860 |
| SHA512 | 8ab0900bd5ed08a01fd997e8b8a106ba3d553081508d3c29f3f47965e538af4c8aee5af09cd1622ecf43da677136165b8a6b266fd574c1353de28d97f4dd5ee4 |
\Users\Admin\AppData\Local\Temp\83E0.dll
| MD5 | 783a0d04fa675e3ac921fc4db25e73f0 |
| SHA1 | 7c44c426dbfeb53335d931c91d8e524ac155424b |
| SHA256 | 09da77eec8a7f70c6db57b0ce71e08e38031e9813ae6ca0ad45f5ddb7e866d61 |
| SHA512 | 49a621e18a4db532259ee35728ce0b902b90a3a442e79718b792907cbdf01d6826b0892ca508cf06bbf9bcd03331fe0cb9c7a7a64ce1a442d20809efd422301d |
memory/2576-39-0x0000000010000000-0x000000001020C000-memory.dmp
memory/2576-40-0x0000000000170000-0x0000000000176000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | 101360b70d900277b1b8a1f08f4b1c48 |
| SHA1 | 56e6ef73af3b7a161fe793db26df71784933706a |
| SHA256 | 5d5d1d2456e4d9b2d1364dfe298b77d11421d0427829749fbdb2d50aebecf387 |
| SHA512 | fc9c535513d1b3ee82ad219bff235936bec1a9b513bc9e1745762337670dcae96dc9c3d7107df092616ce7ec339f1b008e20100eaf5f30611652fc0c14a75b2d |
memory/2576-50-0x0000000002640000-0x000000000277C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\9011.exe
| MD5 | 837c618c7cbbe1a6e0dd9abf561641f7 |
| SHA1 | 6a946bc8320cb78b5208f3669a26cec5a097dc56 |
| SHA256 | 76d8a3f96b4a49afb8097b79962e71cf8915c2a1afd5bf41ee5eba6feb3fb02e |
| SHA512 | 81cddf99feb6f78248b6d9a502b7f19eb8d51c7064a4582895b728b1e52a1e07d42154953c7f3c25c1c351ada15f20ebc7b577ef051d89901670d06f7918cbc5 |
memory/2576-57-0x0000000002780000-0x000000000289B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\9011.exe
| MD5 | a47f852ec1363ba368d10d82d48086b7 |
| SHA1 | d39992b105554e54960331d23487c61e48b5436a |
| SHA256 | b1039f60690875488a72bf9ad09c5839bebee60543d0c114f48b21c7664942ea |
| SHA512 | df12746fd1d060b0eeb2c821185e14485b7758d41e4ea88223a938ea97cfd12f9cc28f6a7a27a3b96e0864bbf2218b7d68b56de557ec6ea4a800fce1a881c792 |
C:\Users\Admin\AppData\Local\Temp\94B4.exe
| MD5 | e6dd149f484e5dd78f545b026f4a1691 |
| SHA1 | 3ea5d0fb2de5bfad3dc6dc1744708ccd31102df6 |
| SHA256 | 11243641663323721ba21494a394de70ae70d4ea23c23f2e2a397fcc3cfea1a7 |
| SHA512 | 0defb358d59221c56731745a25250dfea49ecbb411f11f31a92ec20fa2123646f4aaf9fd4999898c39e4674f616bc1bed7ef2368b61a29d595dc7b9340dd058b |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | 4202ba85188d7d3de2aceaf6946e9cbc |
| SHA1 | 3384efbe793ceee5db864a79799f72edbe8b2227 |
| SHA256 | 91976614c518436dc5ec512af78bbe6a661a1e07ec9ffcca90b4f8ec336d0735 |
| SHA512 | e9a165e01099c6367a12be24b5ffec5a3ac80f44751dad5be2f7c020322f1d3c0e9288c21594963cec88ee12ad5435feca9aa6c394478186ff5f81723a6dbe5c |
memory/2060-70-0x0000000002EB0000-0x0000000002FB0000-memory.dmp
memory/2060-85-0x0000000000400000-0x0000000002D8C000-memory.dmp
memory/2608-88-0x0000000000FB0000-0x000000000185F000-memory.dmp
memory/2608-89-0x00000000000C0000-0x00000000000C1000-memory.dmp
memory/2060-83-0x0000000000220000-0x000000000028B000-memory.dmp
memory/2060-91-0x0000000000400000-0x0000000002D8C000-memory.dmp
memory/2660-93-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2608-92-0x00000000000C0000-0x00000000000C1000-memory.dmp
memory/2608-94-0x0000000077DB0000-0x0000000077DB1000-memory.dmp
memory/2576-97-0x0000000010000000-0x000000001020C000-memory.dmp
memory/2608-78-0x00000000000C0000-0x00000000000C1000-memory.dmp
memory/2608-98-0x00000000000D0000-0x00000000000D1000-memory.dmp
memory/2576-69-0x0000000002780000-0x000000000289B000-memory.dmp
memory/2660-99-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-100-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-104-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-105-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-108-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-110-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-114-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-118-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-125-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-131-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-135-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-133-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-132-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-130-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-128-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-126-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-123-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-122-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-117-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-116-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-115-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-111-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-109-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2660-106-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\13A4.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/612-223-0x0000000001080000-0x0000000001936000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\A1FF.exe
| MD5 | 3893d9674f9791363d8f92edae4427a7 |
| SHA1 | 93603d9de7c259c8437f320f032ba171be67e200 |
| SHA256 | ad3a5d32351e9b26a5206751e45f27bf4def2890008e573dce58c4e9791fdcce |
| SHA512 | 9918357b96ea5af2ec3f056c0d7c41a025558fba88d6ada2ade153dc5b944670acdcc0e1abc76e52d9a9186abd15345519802f605473bf4fb59c81f972a3a6d6 |
C:\Users\Admin\AppData\Local\Temp\9E6.exe
| MD5 | 11eb0a10f78be46588571972a4c74a2e |
| SHA1 | d72959bb548e3051b97e0f13643ee4ac47604624 |
| SHA256 | 92842e4ce17c59ca055bf2399a15f31c2b238cb086d2159ea240febe939714ed |
| SHA512 | 4a9ff65cb7f21653911293429f7a42cb8a38a0e2ca0567e2b6f53b5707603bdc76d7cfec8b987cd73ce8c5f525f404861bb21620d6d01c97b0d797b880d9cb83 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-25 05:02
Reported
2024-02-25 05:05
Platform
win10v2004-20240221-en
Max time kernel
49s
Max time network
163s
Command Line
Signatures
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
SmokeLoader
Stealc
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects Windows executables referencing non-Windows User-Agents
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects executables Discord URL observed in first stage droppers
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects executables containing URLs to raw contents of a Github gist
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects executables containing artifacts associated with disabling Widnows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects executables packed with VMProtect.
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects executables referencing many varying, potentially fake Windows User-Agents
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Contacts a large (569) amount of remote hosts
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\126A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\126A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\28D2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2C8C.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3C5C.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\126A.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1836 set thread context of 2984 | N/A | C:\Users\Admin\AppData\Local\Temp\126A.exe | C:\Users\Admin\AppData\Local\Temp\126A.exe |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\5C8A.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\nsg608C.tmp |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe
"C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe"
C:\Users\Admin\AppData\Local\Temp\126A.exe
C:\Users\Admin\AppData\Local\Temp\126A.exe
C:\Users\Admin\AppData\Local\Temp\126A.exe
C:\Users\Admin\AppData\Local\Temp\126A.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1885.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\1885.dll
C:\Users\Admin\AppData\Local\Temp\28D2.exe
C:\Users\Admin\AppData\Local\Temp\28D2.exe
C:\Users\Admin\AppData\Local\Temp\2C8C.exe
C:\Users\Admin\AppData\Local\Temp\2C8C.exe
C:\Users\Admin\AppData\Local\Temp\3C5C.exe
C:\Users\Admin\AppData\Local\Temp\3C5C.exe
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
"C:\Users\Admin\AppData\Local\Temp\FourthX.exe"
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe"
C:\Users\Admin\AppData\Local\Temp\4ECC.exe
C:\Users\Admin\AppData\Local\Temp\4ECC.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\5852.exe
C:\Users\Admin\AppData\Local\Temp\5852.exe
C:\Users\Admin\AppData\Local\Temp\5C8A.exe
C:\Users\Admin\AppData\Local\Temp\5C8A.exe
C:\Users\Admin\AppData\Local\Temp\is-PEBDU.tmp\5852.tmp
"C:\Users\Admin\AppData\Local\Temp\is-PEBDU.tmp\5852.tmp" /SL5="$A0054,4185251,54272,C:\Users\Admin\AppData\Local\Temp\5852.exe"
C:\Users\Admin\AppData\Local\Temp\nsg608C.tmp
C:\Users\Admin\AppData\Local\Temp\nsg608C.tmp
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Users\Admin\AppData\Local\DVD Slow\dvdslow.exe
"C:\Users\Admin\AppData\Local\DVD Slow\dvdslow.exe" -i
C:\Users\Admin\AppData\Local\DVD Slow\dvdslow.exe
"C:\Users\Admin\AppData\Local\DVD Slow\dvdslow.exe" -s
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3668 -ip 3668
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 540
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2184 -ip 2184
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 2336
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "UTIXDCVF"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "UTIXDCVF"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "UTIXDCVF" binpath= "C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe" start= "auto"
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1268 -ip 1268
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 460
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| US | 8.8.8.8:53 | 120.85.215.91.in-addr.arpa | udp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | 19.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | resergvearyinitiani.shop | udp |
| US | 104.21.94.2:443 | resergvearyinitiani.shop | tcp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | 2.94.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| KR | 183.100.39.16:80 | trmpc.com | tcp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | 118.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | 126.195.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.39.100.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | 253.76.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 172.67.147.18:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | en.bestsup.su | udp |
| US | 172.67.171.112:80 | en.bestsup.su | tcp |
| US | 8.8.8.8:53 | 18.147.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.171.67.172.in-addr.arpa | udp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| US | 8.8.8.8:53 | 90.128.172.185.in-addr.arpa | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 8.8.8.8:53 | 127.128.172.185.in-addr.arpa | udp |
| CH | 46.19.141.85:8100 | tcp | |
| DE | 142.93.169.197:9001 | tcp | |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| US | 8.8.8.8:53 | 197.169.93.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.128.172.185.in-addr.arpa | udp |
| DE | 136.243.92.194:9001 | tcp | |
| FI | 135.181.213.167:9200 | tcp | |
| US | 8.8.8.8:53 | 194.92.243.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.213.181.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| DE | 136.243.92.194:9001 | tcp | |
| FI | 135.181.213.167:9200 | tcp | |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | slicerr.net | udp |
| US | 8.8.8.8:53 | bestbusinessideas.net | udp |
| US | 8.8.8.8:53 | tegalpools.net | udp |
| US | 8.8.8.8:53 | tuabogadomigratorio.net | udp |
| DE | 81.169.145.72:80 | slicerr.net | tcp |
| US | 8.8.8.8:53 | cannaboostcbdgummies.net | udp |
| US | 8.8.8.8:53 | abundancemarketinginc.net | udp |
| SG | 68.178.236.110:80 | tegalpools.net | tcp |
| US | 216.239.34.21:443 | tuabogadomigratorio.net | tcp |
| US | 8.8.8.8:53 | firststreetplazaeaton.net | udp |
| US | 8.8.8.8:53 | streamindiaapkdownload.net | udp |
| US | 8.8.8.8:53 | dermaclearantiagingcream.net | udp |
| US | 162.144.14.245:443 | cannaboostcbdgummies.net | tcp |
| US | 8.8.8.8:53 | presentes-de-produtoscom.net | udp |
| US | 8.8.8.8:53 | amenajarirenovariinterioare.net | udp |
| IN | 134.209.145.114:443 | streamindiaapkdownload.net | tcp |
| US | 70.40.220.126:443 | abundancemarketinginc.net | tcp |
| US | 66.235.200.145:443 | firststreetplazaeaton.net | tcp |
| US | 8.8.8.8:53 | nbvo.org | udp |
| US | 8.8.8.8:53 | 72.145.169.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | w4dt.org | udp |
| US | 50.87.150.117:443 | dermaclearantiagingcream.net | tcp |
| US | 143.95.32.79:80 | amenajarirenovariinterioare.net | tcp |
| BR | 45.152.46.138:443 | presentes-de-produtoscom.net | tcp |
| US | 8.8.8.8:53 | coyl.org | udp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| US | 8.8.8.8:53 | a3psm.org | udp |
| US | 50.87.180.87:443 | nbvo.org | tcp |
| US | 8.8.8.8:53 | acstp.org | udp |
| US | 8.8.8.8:53 | aiwiz.org | udp |
| US | 8.8.8.8:53 | aleih.org | udp |
| US | 172.67.181.150:443 | coyl.org | tcp |
| FR | 89.116.147.188:443 | a3psm.org | tcp |
| US | 8.8.8.8:53 | ancwl.org | udp |
| US | 162.254.39.93:443 | acstp.org | tcp |
| US | 8.8.8.8:53 | nihit.org | udp |
| US | 8.8.8.8:53 | 245.14.144.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.200.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.220.40.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.64.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.150.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.32.95.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.46.152.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.180.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tcpse.org | udp |
| US | 8.8.8.8:53 | puccc.org | udp |
| US | 8.8.8.8:53 | tvcnj.org | udp |
| US | 8.8.8.8:53 | ufav2.org | udp |
| US | 8.8.8.8:53 | elapo.org | udp |
| US | 162.241.24.173:443 | aiwiz.org | tcp |
| US | 8.8.8.8:53 | taff2.org | udp |
| US | 138.128.191.138:443 | aleih.org | tcp |
| US | 8.8.8.8:53 | isshr.org | udp |
| US | 8.8.8.8:53 | nailli.org | udp |
| US | 66.235.200.147:80 | tcpse.org | tcp |
| ZA | 41.222.34.14:443 | ancwl.org | tcp |
| US | 208.97.152.71:443 | nihit.org | tcp |
| US | 8.8.8.8:53 | adepos.org | udp |
| US | 198.54.116.158:443 | puccc.org | tcp |
| US | 8.8.8.8:53 | jcmcoh.org | udp |
| US | 162.241.217.135:443 | tvcnj.org | tcp |
| US | 172.67.181.195:443 | ufav2.org | tcp |
| US | 8.8.8.8:53 | 150.181.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.147.116.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.39.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.24.241.162.in-addr.arpa | udp |
| US | 104.21.18.71:443 | elapo.org | tcp |
| US | 8.8.8.8:53 | www.arbemo.org | udp |
| US | 160.153.0.39:443 | taff2.org | tcp |
| US | 131.186.3.178:443 | isshr.org | tcp |
| LT | 84.32.84.32:443 | nailli.org | tcp |
| US | 8.8.8.8:53 | mgdphb.org | udp |
| US | 8.8.8.8:53 | arepso.org | udp |
| US | 8.8.8.8:53 | topguy.org | udp |
| US | 164.52.146.195:443 | jcmcoh.org | tcp |
| ZA | 156.38.230.107:443 | adepos.org | tcp |
| US | 8.8.8.8:53 | mialin.org | udp |
| US | 8.8.8.8:53 | kingm4.org | udp |
| US | 8.8.8.8:53 | www.elapo.org | udp |
| US | 108.163.201.34:443 | www.arbemo.org | tcp |
| US | 162.254.39.113:443 | mgdphb.org | tcp |
| DE | 194.163.180.153:80 | arepso.org | tcp |
| US | 8.8.8.8:53 | stpllc.org | udp |
| US | 8.8.8.8:53 | www.fr-cni.org | udp |
| US | 8.8.8.8:53 | funaki.org | udp |
| US | 8.8.8.8:53 | 147.200.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.191.128.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.152.97.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.34.222.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.116.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.181.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.18.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.217.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.84.32.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.3.186.131.in-addr.arpa | udp |
| US | 162.254.39.111:80 | topguy.org | tcp |
| US | 172.67.208.109:443 | mialin.org | tcp |
| US | 8.8.8.8:53 | totoin.org | udp |
| US | 104.21.18.71:443 | www.elapo.org | tcp |
| US | 172.67.207.223:443 | kingm4.org | tcp |
| US | 154.56.47.80:443 | stpllc.org | tcp |
| US | 8.8.8.8:53 | abwabcc.org | udp |
| US | 8.8.8.8:53 | acl-sjm.org | udp |
| US | 8.8.8.8:53 | wankbot.org | udp |
| US | 8.8.8.8:53 | mofthgo.org | udp |
| US | 8.8.8.8:53 | www.jcmcoh.org | udp |
| US | 8.8.8.8:53 | ikatomi.org | udp |
| JP | 49.212.221.152:443 | funaki.org | tcp |
| US | 8.8.8.8:53 | kaigaya.org | udp |
| US | 8.8.8.8:53 | tmwhats.org | udp |
| US | 8.8.8.8:53 | proeval.org | udp |
| FR | 109.234.165.168:443 | www.fr-cni.org | tcp |
| US | 172.67.150.197:443 | totoin.org | tcp |
| LU | 217.70.186.103:443 | acl-sjm.org | tcp |
| US | 8.8.8.8:53 | 195.146.52.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.201.163.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.230.38.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.180.163.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.39.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.208.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.39.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.207.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.47.56.154.in-addr.arpa | udp |
| US | 164.52.146.195:443 | www.jcmcoh.org | tcp |
| US | 172.67.213.212:443 | wankbot.org | tcp |
| ID | 153.92.11.8:80 | ikatomi.org | tcp |
| US | 172.67.151.230:443 | tmwhats.org | tcp |
| US | 8.8.8.8:53 | jbonews.org | udp |
| US | 8.8.8.8:53 | myinhue.org | udp |
| US | 8.8.8.8:53 | lutikhd.org | udp |
| US | 8.8.8.8:53 | mrhfood.org | udp |
| US | 192.232.249.212:443 | abwabcc.org | tcp |
| US | 8.8.8.8:53 | gosetgo.org | udp |
| US | 8.8.8.8:53 | elektri.org | udp |
| US | 8.8.8.8:53 | irtibat.org | udp |
| JP | 157.7.184.35:443 | kaigaya.org | tcp |
| US | 8.8.8.8:53 | 2slgbtqi.org | udp |
| US | 8.8.8.8:53 | pmglobal.org | udp |
| US | 162.144.14.104:443 | proeval.org | tcp |
| US | 8.8.8.8:53 | luckyjob.org | udp |
| US | 104.21.63.225:443 | lutikhd.org | tcp |
| US | 8.8.8.8:53 | e3ghana.org | udp |
| US | 172.67.223.105:80 | mrhfood.org | tcp |
| US | 8.8.8.8:53 | 152.221.212.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.150.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.165.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.186.70.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.213.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.151.67.172.in-addr.arpa | udp |
| HK | 103.21.220.17:443 | luckyjob.org | tcp |
| US | 8.8.8.8:53 | slimketo.org | udp |
| US | 173.255.194.246:443 | jbonews.org | tcp |
| US | 8.8.8.8:53 | suhendar.org | udp |
| US | 192.254.232.58:443 | gosetgo.org | tcp |
| US | 208.113.188.124:443 | elektri.org | tcp |
| US | 8.8.8.8:53 | pmcorner.org | udp |
| US | 8.8.8.8:53 | gidonline.rip | udp |
| US | 8.8.8.8:53 | krcconta.org | udp |
| US | 8.8.8.8:53 | biz-feed.org | udp |
| US | 106.0.62.83:443 | newrun4u.org | tcp |
| US | 104.21.45.210:443 | wordmate.org | tcp |
| US | 8.8.8.8:53 | inewshub.org | udp |
| US | 8.8.8.8:53 | purbayan.org | udp |
| US | 162.241.218.28:443 | pmglobal.org | tcp |
| US | 8.8.8.8:53 | toebeans.org | udp |
| US | 8.8.8.8:53 | chumatec.org | udp |
| HK | 103.21.220.17:443 | luckyjob.org | tcp |
| US | 162.241.85.121:443 | 2slgbtqi.org | tcp |
| US | 8.8.8.8:53 | 8.11.92.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.249.232.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.223.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.14.144.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.184.7.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.194.255.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.220.21.103.in-addr.arpa | udp |
| ID | 153.92.13.69:443 | suhendar.org | tcp |
| US | 8.8.8.8:53 | day-drink.weeblyte.com | udp |
| US | 8.8.8.8:53 | www.nihit.org | udp |
| US | 8.8.8.8:53 | pretty68.org | udp |
| US | 104.21.92.179:443 | gidonline.rip | tcp |
| US | 104.21.77.244:443 | biz-feed.org | tcp |
| US | 8.8.8.8:53 | rbftracker.org | udp |
| US | 192.232.219.77:443 | slimketo.org | tcp |
| US | 162.241.159.130:443 | moose252.org | tcp |
| LU | 198.251.84.110:80 | chumatec.org | tcp |
| TH | 147.50.227.16:443 | pmcorner.org | tcp |
| US | 8.8.8.8:53 | lava88game.org | udp |
| US | 8.8.8.8:53 | broker-pro.org | udp |
| US | 8.8.8.8:53 | libertnet.org | udp |
| US | 8.8.8.8:53 | asian-spicy.weeblyte.com | udp |
| US | 8.8.8.8:53 | cgecglobal.org | udp |
| US | 8.8.8.8:53 | edenmedia.org | udp |
| US | 106.0.62.83:443 | inewshub.org | tcp |
| US | 104.21.50.58:443 | pretty68.org | tcp |
| US | 8.8.8.8:53 | 124.188.113.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.232.254.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.45.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.62.0.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.218.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.85.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fchristman.org | udp |
| US | 172.67.152.191:443 | asian-spicy.weeblyte.com | tcp |
| US | 8.8.8.8:53 | realrating.org | udp |
| US | 8.8.8.8:53 | linkflow.ai | udp |
| US | 208.97.152.71:443 | www.nihit.org | tcp |
| US | 63.250.43.12:80 | toebeans.org | tcp |
| US | 8.8.8.8:53 | www.tyriancoin.org | udp |
| US | 8.8.8.8:53 | roarhawaii.org | udp |
| US | 8.8.8.8:53 | robertrome.org | udp |
| US | 8.8.8.8:53 | getrichway.org | udp |
| US | 8.8.8.8:53 | kyarvtrail.org | udp |
| US | 8.8.8.8:53 | whichrobot.org | udp |
| US | 8.8.8.8:53 | acobio2d-mg.org | udp |
| US | 8.8.8.8:53 | coffeecraze.org | udp |
| US | 8.8.8.8:53 | sbccphotos.org | udp |
| US | 8.8.8.8:53 | longleafumc.org | udp |
| US | 104.21.31.78:443 | lava88game.org | tcp |
| DE | 212.224.112.219:443 | broker-pro.org | tcp |
| US | 8.8.8.8:53 | pkgbusiness.org | udp |
| BR | 45.132.157.2:443 | cgecglobal.org | tcp |
| US | 154.41.231.65:443 | libertnet.org | tcp |
| FR | 91.216.107.79:443 | edenmedia.org | tcp |
| US | 23.185.0.2:443 | rbftracker.org | tcp |
| US | 8.8.8.8:53 | 69.13.92.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.92.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.77.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.219.232.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.84.251.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.159.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.227.50.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | plus-studio.org | udp |
| ES | 217.76.150.56:443 | fchristman.org | tcp |
| US | 8.8.8.8:53 | ecuaexterior.org | udp |
| US | 8.8.8.8:53 | www.floresdeamor.org | udp |
| US | 172.67.152.191:443 | asian-spicy.weeblyte.com | tcp |
| US | 8.8.8.8:53 | fundacioncle.org | udp |
| US | 35.229.21.161:80 | robertrome.org | tcp |
| US | 104.131.57.184:443 | roarhawaii.org | tcp |
| US | 104.21.59.53:443 | www.tyriancoin.org | tcp |
| US | 104.21.60.7:443 | realrating.org | tcp |
| US | 104.21.50.172:443 | linkflow.ai | tcp |
| US | 151.101.66.159:443 | kyarvtrail.org | tcp |
| HK | 103.21.220.17:443 | getrichway.org | tcp |
| GB | 178.159.5.244:443 | acobio2d-mg.org | tcp |
| US | 104.21.20.223:443 | coffeecraze.org | tcp |
| US | 8.8.8.8:53 | www.myafrolegacy.org | udp |
| US | 8.8.8.8:53 | dl-consults.com | udp |
| US | 8.8.8.8:53 | mydreammean.com | udp |
| TR | 89.252.186.67:80 | whichrobot.org | tcp |
| LU | 198.251.84.110:443 | chumatec.org | tcp |
| US | 8.8.8.8:53 | 58.50.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.152.67.172.in-addr.arpa | udp |
| US | 68.66.200.209:443 | sbccphotos.org | tcp |
| US | 8.8.8.8:53 | 12.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.31.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | naturedotee.com | udp |
| US | 8.8.8.8:53 | offercerles.com | udp |
| US | 8.8.8.8:53 | himasiaction.org | udp |
| US | 208.76.80.43:443 | plus-studio.org | tcp |
| US | 131.153.147.50:443 | pkgbusiness.org | tcp |
| US | 8.8.8.8:53 | nickelemporium.com | udp |
| US | 8.8.8.8:53 | ninfaestilista.com | udp |
| US | 8.8.8.8:53 | norofohamilton.com | udp |
| DE | 35.246.171.25:80 | fundacioncle.org | tcp |
| CA | 15.235.86.237:443 | www.floresdeamor.org | tcp |
| US | 8.8.8.8:53 | orientationatx.com | udp |
| US | 8.8.8.8:53 | patisseriekiho.com | udp |
| US | 216.253.72.96:443 | longleafumc.org | tcp |
| FI | 95.216.88.83:443 | www.myafrolegacy.org | tcp |
| US | 198.54.116.189:443 | dl-consults.com | tcp |
| US | 8.8.8.8:53 | perfilmentoria.com | udp |
| US | 8.8.8.8:53 | tyriancoin.org | udp |
| US | 8.8.8.8:53 | 219.112.224.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.0.185.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.107.216.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.157.132.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.150.76.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.50.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.20.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.57.131.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.21.229.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.186.252.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.200.66.68.in-addr.arpa | udp |
| US | 162.0.209.33:443 | naturedotee.com | tcp |
| US | 8.8.8.8:53 | pettoyskingdom.com | udp |
| SG | 45.130.231.217:80 | himasiaction.org | tcp |
| ES | 185.156.219.152:443 | ecuaexterior.org | tcp |
| US | 8.8.8.8:53 | openhearthands.com | udp |
| IT | 179.43.152.162:443 | norofohamilton.com | tcp |
| ES | 185.209.60.236:443 | ninfaestilista.com | tcp |
| US | 8.8.8.8:53 | pkbmsugihmukti.com | udp |
| US | 8.8.8.8:53 | www.planetsolarity.com | udp |
| US | 172.67.171.139:443 | mydreammean.com | tcp |
| US | 162.241.219.11:80 | nickelemporium.com | tcp |
| US | 8.8.8.8:53 | plantasicartsa.com | udp |
| US | 8.8.8.8:53 | pequenoscheffs.com | udp |
| US | 8.8.8.8:53 | playboyblogger.com | udp |
| US | 8.8.8.8:53 | pokraskadiskov.com | udp |
| US | 8.8.8.8:53 | politicasdocus.com | udp |
| US | 8.8.8.8:53 | www.princessetatoo.com | udp |
| US | 8.8.8.8:53 | publishmycraft.com | udp |
| US | 8.8.8.8:53 | www.pronktech.com | udp |
| US | 209.182.203.21:443 | pettoyskingdom.com | tcp |
| BR | 82.180.153.132:443 | perfilmentoria.com | tcp |
| US | 8.8.8.8:53 | pulp-ecodesign.com | udp |
| US | 8.8.8.8:53 | internationalcollectionagencyservices-usa-taiwan.com | udp |
| US | 8.8.8.8:53 | 50.147.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.80.76.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.5.159.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.171.246.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | internationalcollectionagencyservicee-usa-germany.com | udp |
| US | 8.8.8.8:53 | internationalcollectionagencyservices-usa-belgium.com | udp |
| US | 8.8.8.8:53 | internationalcollectionagencyservices-usa-germany.com | udp |
| US | 8.8.8.8:53 | internationalcollectionagencyservices-usa-ireland.com | udp |
| US | 8.8.8.8:53 | aimcarromapk.net | udp |
| US | 8.8.8.8:53 | cortexideals.net | udp |
| US | 8.8.8.8:53 | citytraveler.net | udp |
| US | 8.8.8.8:53 | customisable.net | udp |
| US | 8.8.8.8:53 | doctruyen14s.net | udp |
| US | 8.8.8.8:53 | efectoventas.net | udp |
| US | 104.21.59.53:443 | tyriancoin.org | tcp |
| US | 35.229.21.161:443 | robertrome.org | tcp |
| SG | 83.136.216.129:443 | pkbmsugihmukti.com | tcp |
| US | 212.227.236.232:443 | www.planetsolarity.com | tcp |
| UA | 185.68.16.65:443 | pokraskadiskov.com | tcp |
| US | 8.8.8.8:53 | futbolablogs.net | udp |
| US | 8.8.8.8:53 | 237.86.235.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.72.253.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.88.216.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.116.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.209.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.219.156.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.152.43.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.60.209.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.171.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.231.130.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.219.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | harfordhouse.net | udp |
| US | 8.8.8.8:53 | hobbiesstore.net | udp |
| US | 8.8.8.8:53 | www.ma-pharmacie.net | udp |
| US | 8.8.8.8:53 | marcoantonio.net | udp |
| US | 8.8.8.8:53 | namensschild.net | udp |
| KR | 183.111.183.78:443 | patisseriekiho.com | tcp |
| US | 154.49.142.141:443 | pulp-ecodesign.com | tcp |
| DE | 35.246.171.25:443 | fundacioncle.org | tcp |
| US | 152.199.21.175:443 | www.pilzbioscience.com | tcp |
| US | 89.117.139.61:443 | openhearthands.com | tcp |
| BR | 154.49.247.71:443 | pequenoscheffs.com | tcp |
| FR | 51.91.236.193:443 | www.princessetatoo.com | tcp |
| IN | 154.41.233.71:443 | playboyblogger.com | tcp |
| US | 31.170.162.35:80 | politicasdocus.com | tcp |
| US | 104.245.36.128:443 | www.pronktech.com | tcp |
| US | 8.8.8.8:53 | offgridwater.net | udp |
| US | 8.8.8.8:53 | podersedutor.net | udp |
| US | 68.178.207.174:443 | internationalcollectionagencyservices-usa-ireland.com | tcp |
| US | 8.8.8.8:53 | samuelsantos.net | udp |
| US | 8.8.8.8:53 | lafayetteweb.net | udp |
| US | 68.178.207.174:443 | internationalcollectionagencyservices-usa-ireland.com | tcp |
| US | 68.178.207.174:443 | internationalcollectionagencyservices-usa-ireland.com | tcp |
| US | 8.8.8.8:53 | myhappypuppys.net | udp |
| US | 8.8.8.8:53 | mubarakclinic.net | udp |
| US | 8.8.8.8:53 | soultranscend.net | udp |
| US | 68.178.207.174:443 | internationalcollectionagencyservices-usa-ireland.com | tcp |
| US | 31.170.166.127:443 | efectoventas.net | tcp |
| US | 172.67.186.59:443 | cortexideals.net | tcp |
| US | 68.178.207.174:443 | internationalcollectionagencyservices-usa-ireland.com | tcp |
| IN | 3.109.84.85:443 | customisable.net | tcp |
| US | 104.21.12.125:443 | aimcarromapk.net | tcp |
| US | 172.67.165.145:443 | doctruyen14s.net | tcp |
| US | 172.67.173.152:443 | citytraveler.net | tcp |
| US | 162.144.13.43:443 | futbolablogs.net | tcp |
| FR | 109.234.164.103:443 | www.ma-pharmacie.net | tcp |
| US | 160.153.0.22:443 | harfordhouse.net | tcp |
| US | 8.8.8.8:53 | 21.203.182.209.in-addr.arpa | udp |
| BR | 154.49.247.253:443 | samuelsantos.net | tcp |
| US | 8.8.8.8:53 | 232.236.227.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.153.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sproutsgarden.net | udp |
| US | 8.8.8.8:53 | superpflaster.net | udp |
| DE | 45.153.58.158:443 | namensschild.net | tcp |
| US | 50.6.138.180:443 | marcoantonio.net | tcp |
| GB | 154.49.138.249:443 | hobbiesstore.net | tcp |
| US | 8.8.8.8:53 | thetimexperts.net | udp |
| US | 8.8.8.8:53 | www.pokraskadiskov.com | udp |
| US | 8.8.8.8:53 | vitababygotas.net | udp |
| US | 8.8.8.8:53 | it-richtlinien.de | udp |
| US | 8.8.8.8:53 | japanesefrench.net | udp |
| US | 8.8.8.8:53 | lovethemenough.net | udp |
| US | 8.8.8.8:53 | 65.16.68.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.216.136.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.142.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.236.91.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.162.170.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.183.111.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.139.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nhacaiuytin-vn.net | udp |
| US | 50.87.170.12:80 | lafayetteweb.net | tcp |
| LT | 185.229.114.10:443 | myhappypuppys.net | tcp |
| US | 74.208.236.120:80 | mubarakclinic.net | tcp |
| US | 8.8.8.8:53 | oyagame-kogame.net | udp |
| US | 8.8.8.8:53 | spiderclothing.net | udp |
| US | 8.8.8.8:53 | www.norofohamilton.com | udp |
| GB | 77.72.1.48:443 | offgridwater.net | tcp |
| DE | 217.160.0.229:443 | soultranscend.net | tcp |
| US | 50.6.138.176:443 | podersedutor.net | tcp |
| US | 8.8.8.8:53 | wildwildscience.net | udp |
| US | 8.8.8.8:53 | tcentertainment.net | udp |
| BR | 154.49.247.37:443 | vitababygotas.net | tcp |
| DE | 85.13.133.106:443 | it-richtlinien.de | tcp |
| UA | 185.68.16.65:443 | www.pokraskadiskov.com | tcp |
| US | 8.8.8.8:53 | creativecapsules.net | udp |
| CH | 83.166.133.59:443 | japanesefrench.net | tcp |
| US | 192.232.251.76:443 | lovethemenough.net | tcp |
| US | 72.52.196.145:443 | sproutsgarden.net | tcp |
| US | 8.8.8.8:53 | thawacreativeideas.net | udp |
| US | 149.100.151.230:443 | thetimexperts.net | tcp |
| US | 8.8.8.8:53 | 128.36.245.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.186.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.12.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.165.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.173.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.166.170.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.84.109.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.13.144.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.164.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.58.153.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.138.6.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.1.72.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.0.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.236.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.170.87.50.in-addr.arpa | udp |
| SG | 156.67.222.85:443 | oyagame-kogame.net | tcp |
| US | 8.8.8.8:53 | www.anlayarakhizliokuma.net | udp |
| US | 104.21.60.165:443 | spiderclothing.net | tcp |
| IT | 179.43.152.162:443 | www.norofohamilton.com | tcp |
| US | 172.67.153.80:80 | nhacaiuytin-vn.net | tcp |
| US | 8.8.8.8:53 | www.namensschild.net | udp |
| US | 8.8.8.8:53 | casinobahissiteleri.net | udp |
| US | 8.8.8.8:53 | healyourinnercritic.net | udp |
| US | 162.241.224.194:443 | wildwildscience.net | tcp |
| IN | 89.117.27.200:443 | tcentertainment.net | tcp |
| US | 8.8.8.8:53 | mountainviewcompany.net | udp |
| US | 8.8.8.8:53 | reinoanimalcanarias.net | udp |
| US | 8.8.8.8:53 | anaximandersfragment.net | udp |
| US | 8.8.8.8:53 | aktuelle-nachrichten.net | udp |
| BR | 45.152.44.133:443 | thawacreativeideas.net | tcp |
| US | 8.8.8.8:53 | chippewaequine.org | udp |
| US | 8.8.8.8:53 | dmccareexpress.org | udp |
| US | 8.8.8.8:53 | www.elleiraalecole.org | udp |
| US | 8.8.8.8:53 | gardnercollege.org | udp |
| US | 8.8.8.8:53 | kdm1aresources.org | udp |
| US | 8.8.8.8:53 | liftdetoxblack.org | udp |
| GB | 145.14.153.243:443 | healyourinnercritic.net | tcp |
| US | 8.8.8.8:53 | 176.138.6.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.247.49.154.in-addr.arpa | udp |
| DE | 45.153.58.158:443 | www.namensschild.net | tcp |
| US | 8.8.8.8:53 | 106.133.13.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.133.166.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.251.232.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.196.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.114.229.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | onthewaytowing.org | udp |
| US | 8.8.8.8:53 | get-more-sales.org | udp |
| US | 8.8.8.8:53 | miradasconalma.org | udp |
| US | 8.8.8.8:53 | sigarety-optom.org | udp |
| US | 162.241.22.14:443 | creativecapsules.net | tcp |
| US | 82.180.170.54:443 | mountainviewcompany.net | tcp |
| US | 172.67.165.116:443 | www.elleiraalecole.org | tcp |
| US | 104.21.54.63:443 | dmccareexpress.org | tcp |
| US | 104.21.67.163:443 | gardnercollege.org | tcp |
| US | 8.8.8.8:53 | stadepadouevdm.org | udp |
| US | 160.153.0.160:443 | chippewaequine.org | tcp |
| US | 162.241.63.15:443 | liftdetoxblack.org | tcp |
| US | 8.8.8.8:53 | stewardshipdev.org | udp |
| US | 8.8.8.8:53 | successsynergy.org | udp |
| US | 160.153.0.106:443 | kdm1aresources.org | tcp |
| US | 8.8.8.8:53 | thenepaldigest.org | udp |
| US | 8.8.8.8:53 | theologydegree.org | udp |
| US | 8.8.8.8:53 | thepeoplesrico.org | udp |
| US | 8.8.8.8:53 | tipslivecasino.org | udp |
| TR | 5.2.85.171:443 | www.anlayarakhizliokuma.net | tcp |
| US | 8.8.8.8:53 | 230.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.153.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.222.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.27.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.44.152.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.153.14.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.224.241.162.in-addr.arpa | udp |
| DE | 85.13.150.185:443 | aktuelle-nachrichten.net | tcp |
| US | 8.8.8.8:53 | umarfeminismos.org | udp |
| NL | 75.102.57.42:443 | reinoanimalcanarias.net | tcp |
| US | 104.21.63.6:443 | casinobahissiteleri.net | tcp |
| US | 172.67.186.31:443 | anaximandersfragment.net | tcp |
| DE | 85.13.164.226:443 | get-more-sales.org | tcp |
| NL | 198.20.105.89:80 | sigarety-optom.org | tcp |
| US | 172.67.130.83:443 | miradasconalma.org | tcp |
| US | 8.8.8.8:53 | wanderandabout.org | udp |
| US | 69.16.226.27:443 | onthewaytowing.org | tcp |
| US | 8.8.8.8:53 | adenabaecofrenz.org | udp |
| US | 8.8.8.8:53 | xylosemagazine.org | udp |
| US | 172.67.209.166:443 | umarfeminismos.org | tcp |
| US | 192.254.226.211:443 | stadepadouevdm.org | tcp |
| US | 8.8.8.8:53 | consciouslyfree.org | udp |
| US | 8.8.8.8:53 | creditoliberado.org | udp |
| US | 8.8.8.8:53 | www.gardnercollege.org | udp |
| US | 8.8.8.8:53 | www.dmccareexpress.org | udp |
| US | 8.8.8.8:53 | insulatorstoday.org | udp |
| US | 8.8.8.8:53 | lawilleywindows.org | udp |
| US | 8.8.8.8:53 | 63.54.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.67.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.22.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.170.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.63.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.186.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.57.102.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.150.13.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.85.2.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lyriquenaveyron.org | udp |
| US | 107.180.233.144:80 | stewardshipdev.org | tcp |
| US | 8.8.8.8:53 | melaninorganics.org | udp |
| US | 8.8.8.8:53 | megacasinoworld.org | udp |
| US | 104.21.63.6:80 | casinobahissiteleri.net | tcp |
| US | 8.8.8.8:53 | mpsecurityguard.org | udp |
| US | 8.8.8.8:53 | myschoolgoodies.org | udp |
| US | 8.8.8.8:53 | najmaldhahabihmovers.com | udp |
| US | 8.8.8.8:53 | prairieproudpainters.com | udp |
| US | 8.8.8.8:53 | www.berndhackl.de | udp |
| US | 8.8.8.8:53 | languageofquran.org | udp |
| US | 8.8.8.8:53 | www.dienmaygiangsonvandinh.com | udp |
| US | 192.254.237.107:80 | tipslivecasino.org | tcp |
| US | 216.246.46.85:443 | thenepaldigest.org | tcp |
| US | 162.247.75.107:443 | thepeoplesrico.org | tcp |
| US | 8.8.8.8:53 | www.krishnakumarassociates.com | udp |
| US | 8.8.8.8:53 | magnoliasflowersevents.com | udp |
| US | 8.8.8.8:53 | maryloucuellarforjudge.com | udp |
| US | 8.8.8.8:53 | mckeedigitalconsulting.com | udp |
| US | 104.26.12.235:443 | theologydegree.org | tcp |
| US | 50.87.220.24:443 | melaninorganics.org | tcp |
| US | 8.8.8.8:53 | mostazaagenciacreativa.com | udp |
| US | 8.8.8.8:53 | nyumbuluxurycollection.com | udp |
| US | 104.21.9.131:443 | wanderandabout.org | tcp |
| DE | 159.69.19.144:443 | www.berndhackl.de | tcp |
| US | 192.64.117.120:443 | prairieproudpainters.com | tcp |
| GB | 185.61.154.213:443 | languageofquran.org | tcp |
| IN | 217.21.91.251:443 | mpsecurityguard.org | tcp |
| GB | 145.14.153.156:443 | lyriquenaveyron.org | tcp |
| US | 66.45.248.110:443 | myschoolgoodies.org | tcp |
| US | 45.13.134.223:443 | xylosemagazine.org | tcp |
| US | 50.87.219.164:443 | lawilleywindows.org | tcp |
| US | 172.67.160.42:443 | creditoliberado.org | tcp |
| US | 8.8.8.8:53 | 226.164.13.85.in-addr.arpa | udp |
| US | 104.21.67.163:443 | www.gardnercollege.org | tcp |
| US | 172.67.136.8:443 | www.dmccareexpress.org | tcp |
| US | 50.62.222.232:80 | magnoliasflowersevents.com | tcp |
| VN | 103.28.36.122:443 | www.dienmaygiangsonvandinh.com | tcp |
| US | 8.8.8.8:53 | 83.130.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.105.20.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.226.16.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | paramount-landofficial.com | udp |
| US | 8.8.8.8:53 | pedigreerealtybuilders.com | udp |
| US | 173.201.252.240:443 | maryloucuellarforjudge.com | tcp |
| US | 8.8.8.8:53 | perfectskinnanomore230.com | udp |
| US | 172.67.130.54:443 | insulatorstoday.org | tcp |
| IN | 68.178.154.108:443 | www.krishnakumarassociates.com | tcp |
| US | 8.8.8.8:53 | imunify-alert.com | udp |
| US | 8.8.8.8:53 | www.umarfeminismos.org | udp |
| US | 8.8.8.8:53 | premiumtravelbysoledad.com | udp |
| US | 50.63.179.89:443 | mckeedigitalconsulting.com | tcp |
| GB | 37.61.232.138:443 | nyumbuluxurycollection.com | tcp |
| US | 66.29.146.44:443 | pedigreerealtybuilders.com | tcp |
| US | 8.8.8.8:53 | 166.209.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.226.254.192.in-addr.arpa | udp |
| SG | 206.189.35.25:443 | megacasinoworld.org | tcp |
| US | 8.8.8.8:53 | 144.233.180.107.in-addr.arpa | udp |
| US | 35.202.21.90:443 | consciouslyfree.org | tcp |
| US | 8.8.8.8:53 | 107.75.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.237.254.192.in-addr.arpa | udp |
| US | 198.54.119.221:443 | perfectskinnanomore230.com | tcp |
| US | 216.246.47.149:80 | mostazaagenciacreativa.com | tcp |
| US | 8.8.8.8:53 | shapesandstraightlines.com | udp |
| DE | 188.40.128.113:443 | najmaldhahabihmovers.com | tcp |
| ID | 103.247.8.66:443 | paramount-landofficial.com | tcp |
| US | 8.8.8.8:53 | sivakasidiwalicrackers.com | udp |
| US | 8.8.8.8:53 | thetalentconnectafrica.com | udp |
| US | 8.8.8.8:53 | winblezglobal-services.com | udp |
| US | 8.8.8.8:53 | alsafizhswitchgearinvco.com | udp |
| US | 8.8.8.8:53 | theaddictioncollective.com | udp |
| US | 8.8.8.8:53 | foothillsfamilycelebrations.com | udp |
| US | 8.8.8.8:53 | brooklynbridgeacademyhs.com | udp |
| US | 8.8.8.8:53 | 235.12.26.104.in-addr.arpa | udp |
| US | 104.21.31.97:443 | imunify-alert.com | tcp |
| US | 8.8.8.8:53 | 131.9.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.154.61.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.153.14.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.19.69.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.248.45.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.220.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.136.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.117.64.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.219.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.130.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.36.28.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gravelworldchampionship2023.com | udp |
| US | 8.8.8.8:53 | halibutkillaberingseacowboy.com | udp |
| US | 8.8.8.8:53 | www.interiordesignhochiminhcity.com | udp |
| US | 172.67.209.166:443 | www.umarfeminismos.org | tcp |
| US | 50.62.201.28:80 | premiumtravelbysoledad.com | tcp |
| US | 8.8.8.8:53 | www.theologydegree.org | udp |
| US | 8.8.8.8:53 | introductiontofantasysports.com | udp |
| US | 8.8.8.8:53 | abckitchenandcateringservice.com | udp |
| US | 8.8.8.8:53 | www.stewardshipdev.org | udp |
| US | 8.8.8.8:53 | accessmastergaragedoorrepair.com | udp |
| US | 8.8.8.8:53 | applevalleyprosealgaragedoor.com | udp |
| US | 132.148.78.182:443 | foothillsfamilycelebrations.com | tcp |
| US | 68.65.123.230:443 | alsafizhswitchgearinvco.com | tcp |
| SG | 184.168.110.97:443 | theaddictioncollective.com | tcp |
| US | 192.64.117.54:443 | brooklynbridgeacademyhs.com | tcp |
| US | 8.8.8.8:53 | assistinghandsfortlauderdale.com | udp |
| US | 8.8.8.8:53 | bayareai9immigrationservices.com | udp |
| US | 8.8.8.8:53 | baitfanaantechnologyservices.com | udp |
| US | 63.250.38.150:443 | thetalentconnectafrica.com | tcp |
| IN | 68.178.145.199:80 | sivakasidiwalicrackers.com | tcp |
| US | 199.192.16.240:443 | winblezglobal-services.com | tcp |
| BE | 213.158.94.166:443 | gravelworldchampionship2023.com | tcp |
| US | 76.223.67.189:443 | halibutkillaberingseacowboy.com | tcp |
| FR | 92.204.217.192:80 | shapesandstraightlines.com | tcp |
| US | 8.8.8.8:53 | 138.232.61.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.146.29.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.35.189.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.128.40.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.21.202.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.47.246.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.119.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.8.247.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | recaptcha.cloud | udp |
| US | 8.8.8.8:53 | breakonthroughtotheotherside.com | udp |
| US | 8.8.8.8:53 | centrosacademicosmartincodax.es | udp |
| US | 8.8.8.8:53 | centrodeaudiologiaybalancepr.com | udp |
| US | 8.8.8.8:53 | chennaiquickpackersandmovers.com | udp |
| US | 8.8.8.8:53 | cys-mudanzasytransportesezur.com | udp |
| US | 8.8.8.8:53 | encuentrodeeducacioninfantil.com | udp |
| US | 8.8.8.8:53 | fonterrafoodservicesthailand.com | udp |
| LU | 198.251.84.7:443 | www.interiordesignhochiminhcity.com | tcp |
| US | 172.67.75.12:443 | www.theologydegree.org | tcp |
| GB | 144.126.193.224:443 | introductiontofantasysports.com | tcp |
| IN | 89.117.157.174:443 | abckitchenandcateringservice.com | tcp |
| US | 8.8.8.8:53 | deluxeroofingandconstruction.com | udp |
| US | 8.8.8.8:53 | greencityhoustonhvacservices.com | udp |
| US | 8.8.8.8:53 | insulinweightlossmedications.com | udp |
| US | 8.8.8.8:53 | www.interiordesignjakartaselatan.com | udp |
| US | 8.8.8.8:53 | 97.31.21.104.in-addr.arpa | udp |
| IN | 89.117.27.246:443 | bayareai9immigrationservices.com | tcp |
| US | 107.180.233.144:80 | www.stewardshipdev.org | tcp |
| DE | 157.90.254.77:443 | recaptcha.cloud | tcp |
| US | 172.67.134.82:443 | assistinghandsfortlauderdale.com | tcp |
| SG | 156.67.222.42:443 | baitfanaantechnologyservices.com | tcp |
| US | 8.8.8.8:53 | jumelage-laturballecamarinas.com | udp |
| US | 8.8.8.8:53 | www.johnswoodfloorsinannapolismd.com | udp |
| US | 8.8.8.8:53 | introductiontoesportsbetting.com | udp |
| US | 172.67.151.219:443 | fonterrafoodservicesthailand.com | tcp |
| US | 162.240.107.139:80 | centrodeaudiologiaybalancepr.com | tcp |
| ES | 82.98.175.104:443 | cys-mudanzasytransportesezur.com | tcp |
| CA | 184.107.37.239:443 | encuentrodeeducacioninfantil.com | tcp |
| US | 149.100.151.107:443 | insulinweightlossmedications.com | tcp |
| US | 193.160.64.151:443 | deluxeroofingandconstruction.com | tcp |
| US | 8.8.8.8:53 | location-photobooth-bordeaux.com | udp |
| US | 15.204.182.80:443 | www.interiordesignjakartaselatan.com | tcp |
| US | 68.178.223.64:443 | greencityhoustonhvacservices.com | tcp |
| US | 146.190.115.37:443 | breakonthroughtotheotherside.com | tcp |
| IN | 154.41.233.100:443 | chennaiquickpackersandmovers.com | tcp |
| US | 8.8.8.8:53 | plantasconalmaescuelanatural.com | udp |
| US | 8.8.8.8:53 | madisonarenaalquileroficinas.com | udp |
| US | 8.8.8.8:53 | 166.94.158.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.117.64.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.123.65.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.38.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.16.192.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.67.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.84.251.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.157.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | reaperinteractiveproductions.com | udp |
| FR | 94.23.82.214:443 | centrosacademicosmartincodax.es | tcp |
| US | 141.193.213.11:443 | www.johnswoodfloorsinannapolismd.com | tcp |
| GB | 144.126.193.224:443 | introductiontoesportsbetting.com | tcp |
| US | 8.8.8.8:53 | reformasymantenimientosayago.com | udp |
| CH | 83.166.133.21:443 | location-photobooth-bordeaux.com | tcp |
| US | 8.8.8.8:53 | samutsongkhramfcfootballclub.com | udp |
| US | 8.8.8.8:53 | solucioninformaticacolectiva.com | udp |
| US | 8.8.8.8:53 | specialiste-education-canine.com | udp |
| US | 8.8.8.8:53 | www.studiogiovannellipietrasanta.com | udp |
| CH | 83.166.133.59:443 | jumelage-laturballecamarinas.com | tcp |
| FR | 37.187.222.56:443 | madisonarenaalquileroficinas.com | tcp |
| US | 63.250.43.8:443 | reaperinteractiveproductions.com | tcp |
| FR | 154.49.245.135:443 | plantasconalmaescuelanatural.com | tcp |
| US | 8.8.8.8:53 | weightedanxietystuffedanimal.com | udp |
| US | 8.8.8.8:53 | transformingmindsetswithfreda.com | udp |
| US | 8.8.8.8:53 | travelresortsofamericareviews.com | udp |
| US | 8.8.8.8:53 | vericatimplantologiainmediata.com | udp |
| US | 8.8.8.8:53 | 77.254.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.134.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.151.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.175.98.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.37.107.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.64.160.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.182.204.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.107.240.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.233.41.154.in-addr.arpa | udp |
| US | 104.21.49.210:443 | samutsongkhramfcfootballclub.com | tcp |
| DE | 62.171.188.96:443 | tylerthecreatormerchofficial.com | tcp |
| US | 8.8.8.8:53 | 42.222.67.156.in-addr.arpa | udp |
| US | 151.106.97.210:443 | specialiste-education-canine.com | tcp |
| IT | 89.46.108.71:443 | www.studiogiovannellipietrasanta.com | tcp |
| ES | 2.136.221.126:443 | reformasymantenimientosayago.com | tcp |
| US | 8.8.8.8:53 | 214.82.23.94.in-addr.arpa | udp |
| US | 23.239.27.53:443 | solucioninformaticacolectiva.com | tcp |
| US | 8.8.8.8:53 | 11.213.193.141.in-addr.arpa | udp |
| US | 104.130.29.165:443 | travelresortsofamericareviews.com | tcp |
| US | 8.8.8.8:53 | americanexpresscourierservice.com | udp |
| ES | 31.14.103.74:443 | vericatimplantologiainmediata.com | tcp |
| US | 8.8.8.8:53 | americanindustrialservicesinc.com | udp |
| US | 131.153.147.42:443 | americanexpresscourierservice.com | tcp |
| IN | 154.41.232.23:443 | aadianishwarnidhilimitedbetul.com | tcp |
| US | 172.67.154.95:443 | weightedanxietystuffedanimal.com | tcp |
| US | 8.8.8.8:53 | bbhartispecialitydentalclinic.com | udp |
| US | 8.8.8.8:53 | 21.133.166.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.222.187.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.245.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.49.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.188.171.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.108.46.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.221.136.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.97.106.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.27.239.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.29.130.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.103.14.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beginnersguidetoonlinecasinos.com | udp |
| US | 162.159.137.9:443 | americanindustrialservicesinc.com | tcp |
| US | 8.8.8.8:53 | biodiversityfuturesinitiative.com | udp |
| US | 160.153.0.81:443 | transformingmindsetswithfreda.com | tcp |
| IN | 154.41.233.79:443 | bbhartispecialitydentalclinic.com | tcp |
| US | 8.8.8.8:53 | beverlyhillspremiergaragedoor.com | udp |
| US | 8.8.8.8:53 | carpetcleaningsaintpetersburg.com | udp |
| GB | 144.126.193.224:443 | beginnersguidetoonlinecasinos.com | tcp |
| US | 8.8.8.8:53 | crystalbluemarketingsolutions.com | udp |
| US | 8.8.8.8:53 | festivalafrobeatinternational.com | udp |
| US | 8.8.8.8:53 | innovativebookkeepingsolution.com | udp |
| US | 8.8.8.8:53 | mairie-neufchatel-en-saosnois.com | udp |
| US | 8.8.8.8:53 | www.inversiones-johnson-y-godinez.com | udp |
| GB | 46.101.58.35:443 | biodiversityfuturesinitiative.com | tcp |
| US | 89.117.8.164:443 | carpetcleaningsaintpetersburg.com | tcp |
| FR | 83.229.19.78:443 | festivalafrobeatinternational.com | tcp |
| US | 208.109.58.44:443 | innovativebookkeepingsolution.com | tcp |
| US | 8.8.8.8:53 | 42.147.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.154.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.232.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.137.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.0.153.160.in-addr.arpa | udp |
| US | 72.167.33.128:443 | crystalbluemarketingsolutions.com | tcp |
| US | 8.8.8.8:53 | specialengagementssweepstakes.com | udp |
| US | 8.8.8.8:53 | swiftresponsegaragedoorrepair.com | udp |
| JP | 3.115.139.139:443 | mairie-neufchatel-en-saosnois.com | tcp |
| US | 8.8.8.8:53 | 4seasonsmasonryandconstruction.com | udp |
| US | 8.8.8.8:53 | americanindustrialsvcs.com | udp |
| US | 8.8.8.8:53 | test-site-web-av-consultation.com | udp |
| US | 8.8.8.8:53 | appletonsrottweilerpuppieshome.com | udp |
| US | 66.33.203.134:443 | www.inversiones-johnson-y-godinez.com | tcp |
| US | 89.117.139.195:443 | islamiccenterniagarafalls.com | tcp |
| US | 8.8.8.8:53 | bananapancaketrail-backpacking.com | udp |
| US | 8.8.8.8:53 | faqirchandjimarbleandtilehouse.com | udp |
| US | 8.8.8.8:53 | www.biodiversityfuturesinitiative.com | udp |
| US | 8.8.8.8:53 | kingpropertymanagementsolutions.com | udp |
| US | 72.167.102.111:443 | quantumbusinessconsultancyllc.com | tcp |
| US | 8.8.8.8:53 | leadersinstitutechildrenscentre.com | udp |
| US | 8.8.8.8:53 | online-medicijn-kopen-met-ideal.com | udp |
| US | 104.21.77.164:443 | specialengagementssweepstakes.com | tcp |
| US | 8.8.8.8:53 | 35.58.101.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.27.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.19.229.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.8.117.89.in-addr.arpa | udp |
| US | 193.160.64.151:443 | 4seasonsmasonryandconstruction.com | tcp |
| US | 195.35.33.234:443 | appletonsrottweilerpuppieshome.com | tcp |
| US | 149.100.151.247:443 | test-site-web-av-consultation.com | tcp |
| FR | 51.210.156.152:443 | faqirchandjimarbleandtilehouse.com | tcp |
| FR | 89.117.169.9:443 | bananapancaketrail-backpacking.com | tcp |
| US | 162.159.137.9:443 | americanindustrialsvcs.com | tcp |
| US | 89.117.139.85:443 | leadersinstitutechildrenscentre.com | tcp |
| US | 8.8.8.8:53 | responsiblegamblingandaddiction.com | udp |
| NL | 89.116.53.101:443 | online-medicijn-kopen-met-ideal.com | tcp |
| US | 8.8.8.8:53 | scottjacobsonairportadvertising.com | udp |
| US | 8.8.8.8:53 | singaporeonlinecasinofreecredit.com | udp |
| US | 8.8.8.8:53 | templatonianationalfootballteam.com | udp |
| US | 8.8.8.8:53 | venturasinner-circlemarketplace.com | udp |
| US | 8.8.8.8:53 | themooninternationaldevelopment.com | udp |
| US | 75.75.243.148:443 | kingpropertymanagementsolutions.com | tcp |
| GB | 46.101.58.35:443 | www.biodiversityfuturesinitiative.com | tcp |
| GB | 144.126.193.224:443 | responsiblegamblingandaddiction.com | tcp |
| US | 8.8.8.8:53 | 134.203.33.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.77.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.156.210.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.169.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.33.35.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.53.116.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.139.117.89.in-addr.arpa | udp |
| US | 104.130.29.165:443 | scottjacobsonairportadvertising.com | tcp |
| US | 8.8.8.8:53 | www.fisioterapiarehabilitacionactiva.com | udp |
| US | 8.8.8.8:53 | cys-procesoterapeuticopsicologia.com | udp |
| US | 8.8.8.8:53 | www.physicianscollaborativesolutions.com | udp |
| US | 8.8.8.8:53 | eastrutherfordwaterdamageservices.com | udp |
| US | 160.153.0.94:443 | singaporeonlinecasinofreecredit.com | tcp |
| US | 8.8.8.8:53 | uvicece499hfantennadesignforskyana.com | udp |
| US | 172.67.207.250:443 | templatonianationalfootballteam.com | tcp |
| US | 160.153.0.85:443 | www.fisioterapiarehabilitacionactiva.com | tcp |
| ES | 82.98.175.104:443 | cys-procesoterapeuticopsicologia.com | tcp |
| US | 8.8.8.8:53 | goldenenterprisestradingcorporation.com | udp |
| IN | 89.117.157.247:443 | themooninternationaldevelopment.com | tcp |
| US | 8.8.8.8:53 | introductiontovirtualrealitycasinos.com | udp |
| US | 160.153.0.102:443 | uvicece499hfantennadesignforskyana.com | tcp |
| US | 8.8.8.8:53 | thegaragedoorexpertsgaragedoorrepair.com | udp |
| US | 8.8.8.8:53 | boschwashingmachinerepairinhyderabad.com | udp |
| US | 141.193.213.10:443 | www.physicianscollaborativesolutions.com | tcp |
| US | 8.8.8.8:53 | secondincomehacks.com | udp |
| GB | 144.126.193.224:443 | introductiontovirtualrealitycasinos.com | tcp |
| DE | 144.76.3.17:443 | goldenenterprisestradingcorporation.com | tcp |
| US | 195.35.15.132:443 | boschwashingmachinerepairinhyderabad.com | tcp |
| US | 8.8.8.8:53 | 148.243.75.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.207.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.193.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.157.117.89.in-addr.arpa | udp |
| GB | 77.72.1.54:80 | secondincomehacks.com | tcp |
| US | 8.8.8.8:53 | sigarasarmakinesi.com | udp |
| US | 8.8.8.8:53 | serviceautovidele.com | udp |
| US | 8.8.8.8:53 | signsofprosperity.com | udp |
| TR | 94.73.151.170:80 | sigarasarmakinesi.com | tcp |
| US | 8.8.8.8:53 | sjpglobalservices.com | udp |
| US | 8.8.8.8:53 | sourstripsgummies.com | udp |
| US | 8.8.8.8:53 | nft-drops-calendar.com | udp |
| US | 8.8.8.8:53 | nilsonsalinasapolo.com | udp |
| US | 8.8.8.8:53 | www.ondemandstorageusa.com | udp |
| DE | 91.195.240.123:443 | signsofprosperity.com | tcp |
| RO | 89.41.38.60:443 | serviceautovidele.com | tcp |
| US | 8.8.8.8:53 | www.productivityjuices.com | udp |
| US | 8.8.8.8:53 | profitmaximizerhub.com | udp |
| US | 8.8.8.8:53 | productsmontgomery.com | udp |
| US | 8.8.8.8:53 | quadrolovememories.com | udp |
| US | 8.8.8.8:53 | rajasthandholamaru.com | udp |
| US | 8.8.8.8:53 | scholarshipguiders.com | udp |
| US | 66.29.132.229:443 | sjpglobalservices.com | tcp |
| US | 8.8.8.8:53 | www.sumberbarokahmotor.com | udp |
| US | 154.12.255.39:443 | nilsonsalinasapolo.com | tcp |
| US | 66.29.132.176:443 | sourstripsgummies.com | tcp |
| US | 8.8.8.8:53 | 17.3.76.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.1.72.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.151.73.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.240.195.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.38.41.89.in-addr.arpa | udp |
| US | 208.109.66.223:443 | www.ondemandstorageusa.com | tcp |
| CH | 80.74.142.130:443 | nft-drops-calendar.com | tcp |
| US | 8.8.8.8:53 | techtrendyboutique.com | udp |
| US | 8.8.8.8:53 | trekrinjanivolcano.com | udp |
| US | 8.8.8.8:53 | tucoachdeconfianza.com | udp |
| US | 8.8.8.8:53 | taxibentre71xedichvu24h.com | udp |
| IN | 103.212.121.91:443 | www.productivityjuices.com | tcp |
| US | 8.8.8.8:53 | www.missinternationalmalaysia.com | udp |
| US | 104.21.23.133:443 | rajasthandholamaru.com | tcp |
| US | 8.8.8.8:53 | produtossaudaveisparavoce.com | udp |
| US | 154.56.47.23:443 | profitmaximizerhub.com | tcp |
| BR | 89.117.7.121:443 | quadrolovememories.com | tcp |
| US | 8.8.8.8:53 | yochummanufacturing.com | udp |
| US | 8.8.8.8:53 | restaurant-vecchia-napoli.com | udp |
| US | 8.8.8.8:53 | nichesatshadowlandgallery.com | udp |
| SG | 5.181.216.121:443 | www.sumberbarokahmotor.com | tcp |
| US | 8.8.8.8:53 | specialopportunitylimited.com | udp |
| US | 8.8.8.8:53 | amplifyhearing-opportunity.com | udp |
| US | 162.241.230.122:443 | nichesatshadowlandgallery.com | tcp |
| GB | 185.199.220.39:443 | amplifyhearing-opportunity.com | tcp |
| DE | 51.195.4.52:443 | restaurant-vecchia-napoli.com | tcp |
| US | 8.8.8.8:53 | 229.132.29.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.142.74.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.255.12.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.132.29.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.23.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.47.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.121.212.103.in-addr.arpa | udp |
| US | 209.182.203.21:443 | techtrendyboutique.com | tcp |
| US | 8.8.8.8:53 | architectureinteriorstudio.com | udp |
| DE | 5.9.68.102:443 | tucoachdeconfianza.com | tcp |
| US | 208.91.197.132:443 | yochummanufacturing.com | tcp |
| US | 162.241.203.125:443 | specialopportunitylimited.com | tcp |
| MY | 218.208.91.145:443 | www.missinternationalmalaysia.com | tcp |
| US | 192.185.214.152:443 | produtossaudaveisparavoce.com | tcp |
| VN | 103.90.232.90:443 | taxibentre71xedichvu24h.com | tcp |
| US | 8.8.8.8:53 | doresnasarticulacoesjamais.com | udp |
| US | 8.8.8.8:53 | electlynnmellisworthington.com | udp |
| US | 8.8.8.8:53 | everlastingstrengthfitness.com | udp |
| US | 8.8.8.8:53 | internationalbankingonline.com | udp |
| ID | 103.247.8.65:443 | trekrinjanivolcano.com | tcp |
| ZA | 160.119.248.78:443 | scholarshipguiders.com | tcp |
| US | 8.8.8.8:53 | kansascityexteriorpainting.com | udp |
| US | 8.8.8.8:53 | lavistahometransformations.com | udp |
| US | 8.8.8.8:53 | mayoreoenelectronicostarmu.com | udp |
| US | 8.8.8.8:53 | lawofattractionruinedmylife.com | udp |
| US | 209.182.203.21:443 | everlastingstrengthfitness.com | tcp |
| US | 173.254.108.69:80 | internationalbankingonline.com | tcp |
| US | 8.8.8.8:53 | metabolixlabsketoacvgummies.com | udp |
| US | 50.6.138.114:443 | desconto-garantido-oficial.com | tcp |
| US | 108.179.242.219:443 | kansascityexteriorpainting.com | tcp |
| US | 8.8.8.8:53 | 121.7.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.230.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.216.181.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.220.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.4.195.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.68.9.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.197.91.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.203.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.214.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nexcarwestlakefinancialscam.com | udp |
| US | 50.87.146.132:443 | electlynnmellisworthington.com | tcp |
| US | 170.187.144.5:443 | lavistahometransformations.com | tcp |
| US | 8.8.8.8:53 | sikandarmudassirenterprises.com | udp |
| US | 8.8.8.8:53 | elevateaerialandphotography.com | udp |
| US | 8.8.8.8:53 | waterfronthealthandwellness.com | udp |
| IN | 119.18.54.99:443 | architectureinteriorstudio.com | tcp |
| US | 165.140.70.70:443 | lawofattractionruinedmylife.com | tcp |
| US | 204.93.224.165:443 | mayoreoenelectronicostarmu.com | tcp |
| US | 68.66.226.105:443 | nexcarwestlakefinancialscam.com | tcp |
| US | 162.144.1.188:443 | metabolixlabsketoacvgummies.com | tcp |
| US | 8.8.8.8:53 | agnmetalsandglobaltradingllc.com | udp |
| US | 8.8.8.8:53 | charitysroofanguttercleaning.com | udp |
| US | 8.8.8.8:53 | peakenergyperformancetherapy.com | udp |
| US | 8.8.8.8:53 | wordpresswebsitesmaintenance.com | udp |
| US | 8.8.8.8:53 | a-teclab-youtubechannel-style.com | udp |
| FR | 178.32.136.86:443 | waterfronthealthandwellness.com | tcp |
| US | 8.8.8.8:53 | down-to-earththerapysolutions.com | udp |
| US | 8.8.8.8:53 | cowboys-buckingbulls-8seconds.com | udp |
| US | 8.8.8.8:53 | 145.91.208.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.8.247.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.248.119.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.232.90.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.138.6.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.242.179.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.108.254.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.144.187.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | goldencoastgeneralcontractors.com | udp |
| US | 198.54.116.73:443 | sikandarmudassirenterprises.com | tcp |
| US | 8.8.8.8:53 | luxurycarrentalorlandoflorida.com | udp |
| US | 8.8.8.8:53 | www.marin-sonomaleadershipacademy.com | udp |
| US | 8.8.8.8:53 | www.bestecig.net | udp |
| US | 162.241.252.59:443 | elevateaerialandphotography.com | tcp |
| US | 8.8.8.8:53 | bet-slot.net | udp |
| US | 8.8.8.8:53 | testmbti.net | udp |
| US | 8.8.8.8:53 | www.rajasthandholamaru.com | udp |
| US | 162.241.2.20:443 | discount-official-sale-store.com | tcp |
| US | 198.54.115.86:443 | agnmetalsandglobaltradingllc.com | tcp |
| US | 173.254.30.233:443 | charitysroofanguttercleaning.com | tcp |
| US | 50.87.253.38:443 | cowboys-buckingbulls-8seconds.com | tcp |
| US | 162.144.12.170:443 | peakenergyperformancetherapy.com | tcp |
| US | 8.8.8.8:53 | monotown.net | udp |
| US | 8.8.8.8:53 | malicare.net | udp |
| NL | 64.46.118.22:443 | oostfamilyprotectionservices.com | tcp |
| US | 50.116.55.121:443 | luxurycarrentalorlandoflorida.com | tcp |
| US | 170.187.144.5:443 | goldencoastgeneralcontractors.com | tcp |
| US | 8.8.8.8:53 | sila-ksa.net | udp |
| US | 8.8.8.8:53 | tamerket.net | udp |
| US | 8.8.8.8:53 | phibetamutheta.org | udp |
| US | 8.8.8.8:53 | pierwszybiznes.org | udp |
| US | 8.8.8.8:53 | 165.224.93.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.70.140.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.1.144.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.226.66.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.136.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.116.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | scoutingheroes.org | udp |
| US | 8.8.8.8:53 | swisdermglobal.org | udp |
| US | 172.67.208.121:443 | www.bestecig.net | tcp |
| US | 184.154.2.146:443 | www.marin-sonomaleadershipacademy.com | tcp |
| US | 8.8.8.8:53 | www.viroquachamber.com | udp |
| US | 50.87.139.112:443 | down-to-earththerapysolutions.com | tcp |
| US | 8.8.8.8:53 | associationilef.org | udp |
| US | 8.8.8.8:53 | www.beatsfoundation.org | udp |
| US | 8.8.8.8:53 | bestelectriccar.org | udp |
| US | 8.8.8.8:53 | capecodredcross.org | udp |
| US | 104.21.23.133:443 | www.rajasthandholamaru.com | tcp |
| KR | 158.247.236.22:443 | testmbti.net | tcp |
| FR | 188.165.164.190:443 | bet-slot.net | tcp |
| US | 8.8.8.8:53 | covid-19library.org | udp |
| US | 8.8.8.8:53 | aquiemprendemos.org | udp |
| US | 8.8.8.8:53 | autonomyhealthi.org | udp |
| US | 8.8.8.8:53 | debtssettlement.org | udp |
| NL | 191.96.63.113:443 | tamerket.net | tcp |
| IN | 89.117.157.134:443 | sila-ksa.net | tcp |
| US | 151.101.194.159:443 | www.viroquachamber.com | tcp |
| US | 161.47.40.166:443 | scoutingheroes.org | tcp |
| US | 8.8.8.8:53 | destinationdays.org | udp |
| US | 8.8.8.8:53 | 59.252.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.2.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.118.46.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.115.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.30.254.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.55.116.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.253.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.12.144.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.208.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | preventchildhoodinfluenza.org | udp |
| PL | 94.152.152.84:443 | pierwszybiznes.org | tcp |
| US | 151.101.194.159:443 | www.viroquachamber.com | tcp |
| US | 104.243.32.71:443 | www.beatsfoundation.org | tcp |
| FR | 146.59.231.68:443 | associationilef.org | tcp |
| US | 149.100.151.128:443 | monotown.net | tcp |
| IN | 62.72.28.250:443 | bestelectriccar.org | tcp |
| US | 104.21.83.206:443 | capecodredcross.org | tcp |
| US | 165.22.47.132:443 | fivefoundations.org | tcp |
| US | 54.67.116.236:443 | debtssettlement.org | tcp |
| US | 8.8.8.8:53 | patriotbusinessassociation.org | udp |
| US | 8.8.8.8:53 | adarshsevakendrafoundation.org | udp |
| US | 8.8.8.8:53 | easypodmastermindfoundation.org | udp |
| US | 8.8.8.8:53 | eswatinipolygraphassociation.org | udp |
| US | 8.8.8.8:53 | srilankansocietybedfordshire.org | udp |
| US | 192.185.112.138:443 | aquiemprendemos.org | tcp |
| US | 8.8.8.8:53 | christianbusinessinternational.org | udp |
| US | 8.8.8.8:53 | estateplanningattorneypalmbeach.org | udp |
| US | 154.56.47.15:443 | destinationdays.org | tcp |
| US | 104.21.64.8:443 | preventchildhoodinfluenza.org | tcp |
| FR | 5.135.117.203:80 | covid-19library.org | tcp |
| ES | 185.250.202.183:443 | residenciasanjuanbautista.org | tcp |
| US | 89.116.239.7:443 | autonomyhealthi.org | tcp |
| ZA | 102.130.122.96:443 | swisdermglobal.org | tcp |
| US | 8.8.8.8:53 | 146.2.154.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.139.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.164.165.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.63.96.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.40.47.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.157.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.247.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.152.152.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.231.59.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.32.243.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cancerresearchtreatmentinstitute.org | udp |
| LT | 46.17.175.6:443 | srilankansocietybedfordshire.org | tcp |
| US | 64.202.190.151:443 | estateplanningattorneypalmbeach.org | tcp |
| NL | 162.0.217.168:443 | christianbusinessinternational.org | tcp |
| US | 8.8.8.8:53 | centrocomunitariopadremiguelangelbianchi.org | udp |
| US | 8.8.8.8:53 | www.capecodredcross.org | udp |
| US | 8.8.8.8:53 | caky.info | udp |
| US | 8.8.8.8:53 | bnrs.info | udp |
| US | 162.240.235.199:443 | adarshsevakendrafoundation.org | tcp |
| US | 184.171.244.231:443 | asociacionpsicoanaliticamexicana.org | tcp |
| ZA | 41.76.208.44:80 | eswatinipolygraphassociation.org | tcp |
| US | 8.8.8.8:53 | w550.info | udp |
| US | 8.8.8.8:53 | www.preventchildhoodinfluenza.org | udp |
| US | 8.8.8.8:53 | favoredvictoriouslyinternationalministriesincorporated.org | udp |
| US | 8.8.8.8:53 | 2bets.info | udp |
| US | 72.52.133.203:443 | easypodmastermindfoundation.org | tcp |
| BR | 154.49.247.112:443 | patriotbusinessassociation.org | tcp |
| US | 8.8.8.8:53 | 128.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.83.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.47.22.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.28.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.112.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.116.67.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.47.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.117.135.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.202.250.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.239.116.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.122.130.102.in-addr.arpa | udp |
| US | 160.153.0.56:443 | cancerresearchtreatmentinstitute.org | tcp |
| US | 8.8.8.8:53 | capac.info | udp |
| GB | 153.92.6.242:443 | caky.info | tcp |
| US | 104.21.83.206:80 | www.capecodredcross.org | tcp |
| US | 138.128.188.146:443 | centrocomunitariopadremiguelangelbianchi.org | tcp |
| US | 8.8.8.8:53 | chanh.info | udp |
| US | 8.8.8.8:53 | www.x-face.xyz | udp |
| US | 8.8.8.8:53 | anoboys.xyz | udp |
| US | 8.8.8.8:53 | www.srilankansocietybedfordshire.org | udp |
| US | 108.179.232.157:80 | bnrs.info | tcp |
| US | 172.67.173.187:443 | www.preventchildhoodinfluenza.org | tcp |
| US | 3.18.168.210:443 | favoredvictoriouslyinternationalministriesincorporated.org | tcp |
| US | 8.8.8.8:53 | bambarn.xyz | udp |
| SG | 95.111.202.25:443 | chanh.info | tcp |
| FR | 89.117.169.245:443 | capac.info | tcp |
| US | 8.8.8.8:53 | evalast.shop | udp |
| US | 8.8.8.8:53 | importados.shop | udp |
| US | 8.8.8.8:53 | jerseyposh.shop | udp |
| US | 8.8.8.8:53 | indobetz77.us | udp |
| US | 8.8.8.8:53 | fofogoo.xyz | udp |
| US | 8.8.8.8:53 | www.kinokokids.shop | udp |
| US | 8.8.8.8:53 | 168.217.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.175.17.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.244.171.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.235.240.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.208.76.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.133.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.6.92.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.247.49.154.in-addr.arpa | udp |
| US | 162.254.39.14:443 | anoboys.xyz | tcp |
| LT | 46.17.175.6:443 | www.srilankansocietybedfordshire.org | tcp |
| FR | 109.234.160.161:443 | www.x-face.xyz | tcp |
| US | 162.0.209.234:443 | zeloreo.shop | tcp |
| US | 8.8.8.8:53 | lealinvest.shop | udp |
| US | 162.213.251.196:443 | evalast.shop | tcp |
| US | 23.29.125.130:443 | bambarn.xyz | tcp |
| US | 172.67.180.103:443 | importados.shop | tcp |
| US | 63.250.43.134:443 | jerseyposh.shop | tcp |
| US | 172.67.191.120:443 | indobetz77.us | tcp |
| US | 104.21.23.55:443 | www.kinokokids.shop | tcp |
| US | 8.8.8.8:53 | lettersend.shop | udp |
| US | 8.8.8.8:53 | loveinhair.shop | udp |
| US | 8.8.8.8:53 | lyricswala.shop | udp |
| US | 8.8.8.8:53 | makinbugar.shop | udp |
| US | 8.8.8.8:53 | modegalore.shop | udp |
| US | 31.170.160.187:443 | fofogoo.xyz | tcp |
| US | 8.8.8.8:53 | www.motostares.shop | udp |
| US | 8.8.8.8:53 | nndrzuoflk.shop | udp |
| US | 104.21.83.206:443 | www.capecodredcross.org | tcp |
| US | 8.8.8.8:53 | www.testmbti.net | udp |
| US | 8.8.8.8:53 | 187.173.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.168.18.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.169.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.39.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.188.128.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.partything.shop | udp |
| US | 8.8.8.8:53 | pathpavers.shop | udp |
| US | 8.8.8.8:53 | pdjikgq20n.shop | udp |
| US | 8.8.8.8:53 | www.pushbikess.shop | udp |
| US | 172.67.218.15:443 | www.pushbikess.shop | tcp |
| BR | 154.49.247.184:443 | lealinvest.shop | tcp |
| US | 104.21.85.77:443 | lettersend.shop | tcp |
| US | 104.21.57.244:443 | www.partything.shop | tcp |
| US | 104.21.41.50:80 | pathpavers.shop | tcp |
| US | 195.35.33.127:443 | loveinhair.shop | tcp |
| US | 149.100.151.81:443 | lyricswala.shop | tcp |
| US | 104.21.40.124:443 | modegalore.shop | tcp |
| US | 104.21.69.46:443 | www.motostares.shop | tcp |
| US | 8.8.8.8:53 | ql8a8pgxyk.shop | udp |
| US | 8.8.8.8:53 | www.savannahss.shop | udp |
| US | 8.8.8.8:53 | www.shophearss.shop | udp |
| US | 8.8.8.8:53 | streamplus.shop | udp |
| KR | 158.247.242.163:80 | nndrzuoflk.shop | tcp |
| KR | 158.247.253.40:80 | ql8a8pgxyk.shop | tcp |
| KR | 158.247.242.163:80 | nndrzuoflk.shop | tcp |
| KR | 158.247.236.22:443 | www.testmbti.net | tcp |
| US | 8.8.8.8:53 | 161.160.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.23.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.191.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.125.29.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.160.170.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.209.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.251.213.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.218.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.racedawgrc.shop | udp |
| US | 8.8.8.8:53 | multivnet.ir | udp |
| US | 8.8.8.8:53 | tiendalego.shop | udp |
| US | 172.67.159.171:443 | www.savannahss.shop | tcp |
| US | 104.21.27.144:443 | www.racedawgrc.shop | tcp |
| US | 104.21.78.82:443 | www.shophearss.shop | tcp |
| US | 8.8.8.8:53 | topspecial.shop | udp |
| LT | 45.84.205.169:443 | streamplus.shop | tcp |
| US | 8.8.8.8:53 | trendshack.shop | udp |
| LT | 84.32.84.32:443 | nailli.org | tcp |
| US | 149.100.151.202:443 | tiendalego.shop | tcp |
| US | 8.8.8.8:53 | www.truphaeinc.shop | udp |
| KR | 158.247.253.40:80 | ql8a8pgxyk.shop | tcp |
| US | 172.67.183.52:443 | multivnet.ir | tcp |
| US | 8.8.8.8:53 | 77.85.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.41.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.33.35.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.69.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.40.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.159.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.78.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.205.84.45.in-addr.arpa | udp |
| US | 104.21.47.33:443 | trendshack.shop | tcp |
| BR | 149.100.155.212:443 | topspecial.shop | tcp |
| US | 8.8.8.8:53 | zp2nqtzn4o.shop | udp |
| US | 8.8.8.8:53 | y5jqfc8y4m.shop | udp |
| US | 8.8.8.8:53 | ajanmay1689.shop | udp |
| US | 8.8.8.8:53 | alldigitool.shop | udp |
| US | 8.8.8.8:53 | weartrendy.shop | udp |
| US | 8.8.8.8:53 | www.autoobsesse.shop | udp |
| US | 172.67.132.66:443 | www.truphaeinc.shop | tcp |
| US | 8.8.8.8:53 | www.bestfungear.shop | udp |
| US | 8.8.8.8:53 | buyendopump.shop | udp |
| US | 8.8.8.8:53 | drwolfstore.shop | udp |
| US | 8.8.8.8:53 | www.flyingrobot.shop | udp |
| US | 8.8.8.8:53 | www.goldfarbinc.shop | udp |
| US | 8.8.8.8:53 | kalraoffset.shop | udp |
| US | 8.8.8.8:53 | www.kantomarket.shop | udp |
| US | 8.8.8.8:53 | wscpqkmpnc.shop | udp |
| US | 8.8.8.8:53 | leaderbikes.shop | udp |
| US | 104.21.26.132:443 | www.autoobsesse.shop | tcp |
| US | 8.8.8.8:53 | www.madelinetos.shop | udp |
| US | 104.21.18.84:443 | www.bestfungear.shop | tcp |
| US | 173.236.195.217:443 | www.kantomarket.shop | tcp |
| US | 104.21.3.117:443 | kalraoffset.shop | tcp |
| FR | 89.116.147.65:443 | leaderbikes.shop | tcp |
| KR | 158.247.242.163:80 | wscpqkmpnc.shop | tcp |
| US | 104.21.28.78:443 | www.flyingrobot.shop | tcp |
| KR | 158.247.193.159:80 | y5jqfc8y4m.shop | tcp |
| KR | 158.247.193.159:80 | y5jqfc8y4m.shop | tcp |
| US | 8.8.8.8:53 | 52.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.27.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mobilrental.shop | udp |
| US | 8.8.8.8:53 | www.modernskate.shop | udp |
| US | 8.8.8.8:53 | mp3-ogg.site | udp |
| US | 104.21.28.122:443 | www.madelinetos.shop | tcp |
| US | 8.8.8.8:53 | fusionz.site | udp |
| US | 8.8.8.8:53 | gatross.site | udp |
| US | 8.8.8.8:53 | aagencia.site | udp |
| US | 8.8.8.8:53 | 33.47.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.132.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.155.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.26.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.18.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.195.236.173.in-addr.arpa | udp |
| US | 172.67.207.4:443 | mobilrental.shop | tcp |
| US | 172.67.144.186:443 | mp3-ogg.site | tcp |
| US | 8.8.8.8:53 | adreview.site | udp |
| US | 8.8.8.8:53 | x-things.site | udp |
| US | 8.8.8.8:53 | knowless.site | udp |
| US | 8.8.8.8:53 | playpixx.site | udp |
| CZ | 194.182.78.47:443 | gatross.site | tcp |
| US | 104.21.61.148:443 | fusionz.site | tcp |
| US | 194.195.84.241:443 | drwolfstore.shop | tcp |
| US | 8.8.8.8:53 | dolhpins.site | udp |
| US | 8.8.8.8:53 | dodgress.site | udp |
| US | 8.8.8.8:53 | hdis2002.site | udp |
| US | 8.8.8.8:53 | hidrapes.site | udp |
| US | 8.8.8.8:53 | tomykyara.site | udp |
| BR | 45.152.46.209:443 | aagencia.site | tcp |
| IN | 154.41.233.169:443 | alldigitool.shop | tcp |
| US | 104.21.1.101:443 | adreview.site | tcp |
| US | 172.67.192.127:443 | buyendopump.shop | tcp |
| LT | 84.32.84.32:443 | x-things.site | tcp |
| US | 8.8.8.8:53 | sbellezaa.site | udp |
| US | 8.8.8.8:53 | skarbnica.site | udp |
| US | 8.8.8.8:53 | coachable.site | udp |
| US | 8.8.8.8:53 | 117.3.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.147.116.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.28.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.193.247.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.28.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | niagamaya.site | udp |
| US | 8.8.8.8:53 | findawork.site | udp |
| IN | 154.41.233.156:443 | knowless.site | tcp |
| IN | 46.28.45.8:443 | weartrendy.shop | tcp |
| TH | 147.50.227.15:443 | ajanmay1689.shop | tcp |
| US | 104.21.39.75:443 | www.goldfarbinc.shop | tcp |
| US | 86.38.202.175:443 | gethotoffer.shop | tcp |
| US | 8.8.8.8:53 | vacatious.site | udp |
| US | 8.8.8.8:53 | smartzone.site | udp |
| US | 8.8.8.8:53 | www.videolive.gr | udp |
| KR | 49.247.4.52:443 | hdis2002.site | tcp |
| US | 8.8.8.8:53 | jeparainfo.site | udp |
| US | 31.170.161.104:443 | sbellezaa.site | tcp |
| BR | 62.72.62.162:443 | hidrapes.site | tcp |
| CZ | 194.182.78.47:443 | dodgress.site | tcp |
| US | 8.8.8.8:53 | mypetcare.site | udp |
| US | 8.8.8.8:53 | ll.movizzlandd.cam | udp |
| CZ | 194.182.78.47:443 | dodgress.site | tcp |
| US | 8.8.8.8:53 | 4.207.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.144.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.61.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.84.195.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | art-mebli.com | udp |
| US | 8.8.8.8:53 | revinylize.site | udp |
| US | 8.8.8.8:53 | vikna-lviv.site | udp |
| US | 172.67.137.187:443 | niagamaya.site | tcp |
| IN | 139.84.131.82:443 | smartzone.site | tcp |
| US | 8.8.8.8:53 | anaesthesia.site | udp |
| US | 8.8.8.8:53 | avalieganhe.site | udp |
| FR | 154.49.245.86:443 | vacatious.site | tcp |
| PL | 89.64.163.149:443 | skarbnica.site | tcp |
| GB | 77.68.77.214:443 | findawork.site | tcp |
| US | 8.8.8.8:53 | bengalanews.site | udp |
| US | 8.8.8.8:53 | beritautama.site | udp |
| US | 8.8.8.8:53 | bestusajobs.site | udp |
| US | 8.8.8.8:53 | bigdivaloop.site | udp |
| US | 8.8.8.8:53 | 101.1.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.192.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.46.152.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.39.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.45.28.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.202.38.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.227.50.147.in-addr.arpa | udp |
| UA | 185.230.88.203:443 | art-mebli.com | tcp |
| NL | 212.32.245.130:80 | www.videolive.gr | tcp |
| US | 31.170.167.55:443 | mypetcare.site | tcp |
| UA | 185.104.45.83:443 | vikna-lviv.site | tcp |
| US | 172.67.161.3:443 | ll.movizzlandd.cam | tcp |
| SG | 217.21.73.176:443 | jeparainfo.site | tcp |
| CA | 192.99.207.157:443 | anaesthesia.site | tcp |
| US | 162.243.186.219:443 | revinylize.site | tcp |
| DE | 136.243.50.232:80 | bengalanews.site | tcp |
| BR | 45.152.44.126:443 | avalieganhe.site | tcp |
| US | 8.8.8.8:53 | godlovesyou.site | udp |
| US | 8.8.8.8:53 | gudangharta.site | udp |
| LT | 84.32.84.32:443 | beritautama.site | tcp |
| US | 172.67.163.52:443 | bigdivaloop.site | tcp |
| US | 8.8.8.8:53 | tv-cdn.movizzlandd.cam | udp |
| US | 8.8.8.8:53 | kerjadibali.site | udp |
| US | 8.8.8.8:53 | 187.137.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.161.170.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.4.247.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.62.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.245.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.131.84.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.245.32.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.88.230.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.161.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.167.170.31.in-addr.arpa | udp |
| BR | 154.49.247.235:443 | brstreaming.site | tcp |
| US | 8.8.8.8:53 | oalessandro.site | udp |
| US | 8.8.8.8:53 | 9sport.biz | udp |
| US | 8.8.8.8:53 | gerardi.biz | udp |
| GB | 185.2.168.125:443 | godlovesyou.site | tcp |
| US | 8.8.8.8:53 | fojiao.biz | udp |
| US | 8.8.8.8:53 | phelpshomes.com | udp |
| US | 34.132.6.25:80 | bestusajobs.site | tcp |
| US | 8.8.8.8:53 | biggboss17.biz | udp |
| US | 8.8.8.8:53 | ru.best-prava-77.biz | udp |
| US | 172.67.130.224:443 | gudangharta.site | tcp |
| NL | 212.32.245.130:80 | www.videolive.gr | tcp |
| US | 172.67.155.31:443 | 9sport.biz | tcp |
| US | 104.21.93.144:443 | kerjadibali.site | tcp |
| US | 8.8.8.8:53 | atlasdesarrollos.com | udp |
| US | 8.8.8.8:53 | muyto.store | udp |
| US | 8.8.8.8:53 | tanel.store | udp |
| BR | 149.100.155.24:443 | oalessandro.site | tcp |
| US | 8.8.8.8:53 | moark.store | udp |
| US | 8.8.8.8:53 | 219.186.243.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.207.99.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.73.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.44.152.45.in-addr.arpa | udp |
| FR | 213.186.33.40:443 | gerardi.biz | tcp |
| US | 8.8.8.8:53 | www.marizialingerie.com | udp |
| US | 8.8.8.8:53 | 52.163.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.50.243.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rinrin.store | udp |
| DE | 3.124.227.217:80 | fojiao.biz | tcp |
| US | 8.8.8.8:53 | balvimexico.com | udp |
| US | 8.8.8.8:53 | banshanmeng.com | udp |
| US | 8.8.8.8:53 | baoxeditinh.com | udp |
| US | 8.8.8.8:53 | base3method.com | udp |
| US | 8.8.8.8:53 | www.benditasoho.com | udp |
| US | 8.8.8.8:53 | bassittsale.com | udp |
| US | 8.8.8.8:53 | berlinbites.com | udp |
| US | 8.8.8.8:53 | bertshop-de.com | udp |
| US | 35.197.39.205:443 | atlasdesarrollos.com | tcp |
| US | 63.250.43.139:80 | tanel.store | tcp |
| US | 104.21.53.108:443 | ekeys.store | tcp |
| CA | 159.203.25.60:443 | phelpshomes.com | tcp |
| US | 172.67.216.101:443 | biggboss17.biz | tcp |
| US | 172.67.177.79:443 | ru.best-prava-77.biz | tcp |
| BE | 213.158.94.167:443 | moark.store | tcp |
| US | 8.8.8.8:53 | 235.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.168.2.185.in-addr.arpa | udp |
| US | 146.190.219.226:443 | muyto.store | tcp |
| US | 8.8.8.8:53 | 224.130.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.155.67.172.in-addr.arpa | udp |
| US | 104.21.31.97:443 | imunify-alert.com | tcp |
| JP | 92.202.112.82:80 | rinrin.store | tcp |
| FR | 188.72.70.61:443 | www.marizialingerie.com | tcp |
| US | 8.8.8.8:53 | 144.93.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bestbedbuys.com | udp |
| GB | 154.49.138.165:443 | berlinbites.com | tcp |
| FR | 51.210.111.214:443 | www.benditasoho.com | tcp |
| US | 8.8.8.8:53 | bestteatalk.com | udp |
| US | 8.8.8.8:53 | www.bikeandback.com | udp |
| US | 8.8.8.8:53 | bioseratech.com | udp |
| US | 172.67.180.162:443 | bertshop-de.com | tcp |
| US | 104.21.29.118:443 | barswimsuit.com | tcp |
| CN | 139.196.252.232:80 | banshanmeng.com | tcp |
| US | 69.163.181.25:443 | balvimexico.com | tcp |
| VN | 103.90.228.18:80 | baoxeditinh.com | tcp |
| US | 151.101.130.159:443 | base3method.com | tcp |
| US | 104.21.19.18:443 | bassittsale.com | tcp |
| US | 8.8.8.8:53 | biotronikec.com | udp |
| US | 8.8.8.8:53 | 24.155.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.216.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.227.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.177.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.53.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.25.203.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.94.158.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.39.197.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.219.190.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.70.72.188.in-addr.arpa | udp |
| US | 45.40.154.139:443 | bestbedbuys.com | tcp |
| US | 8.8.8.8:53 | bishalnepal.com | udp |
| US | 104.21.61.43:443 | bestteatalk.com | tcp |
| FR | 185.154.136.56:443 | www.bikeandback.com | tcp |
| US | 172.67.201.77:443 | bioseratech.com | tcp |
| US | 8.8.8.8:53 | 40.33.186.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blackaraila.com | udp |
| US | 8.8.8.8:53 | www.bluesushinj.com | udp |
| GB | 185.77.97.122:443 | bishalnepal.com | tcp |
| US | 72.167.68.50:443 | biotronikec.com | tcp |
| US | 8.8.8.8:53 | bogorsolusi.com | udp |
| US | 8.8.8.8:53 | boganincnyc.com | udp |
| US | 8.8.8.8:53 | bollywoodia.com | udp |
| US | 8.8.8.8:53 | borrowshoes.com | udp |
| US | 8.8.8.8:53 | book-inline.com | udp |
| US | 54.236.120.104:443 | www.bluesushinj.com | tcp |
| US | 8.8.8.8:53 | brainbodyed.com | udp |
| US | 172.67.149.161:443 | bogorsolusi.com | tcp |
| US | 185.212.71.222:443 | bogotrading.com | tcp |
| US | 8.8.8.8:53 | 82.112.202.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.111.210.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.29.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.19.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.181.163.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.228.90.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.136.154.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.201.67.172.in-addr.arpa | udp |
| IN | 154.41.233.101:443 | bollywoodia.com | tcp |
| JP | 153.127.141.167:443 | blackaraila.com | tcp |
| VN | 103.57.221.31:80 | blogvieclam.com | tcp |
| FR | 51.91.236.193:80 | borrowshoes.com | tcp |
| US | 160.153.0.81:443 | book-inline.com | tcp |
| US | 137.184.122.8:443 | boganincnyc.com | tcp |
| US | 8.8.8.8:53 | www.belle-ile-en-mer.net | udp |
| US | 8.8.8.8:53 | bugattispot.com | udp |
| US | 8.8.8.8:53 | buildwithaj.com | udp |
| US | 8.8.8.8:53 | bybxdigital.com | udp |
| US | 8.8.8.8:53 | cameosalons.com | udp |
| US | 8.8.8.8:53 | campusbytap.com | udp |
| US | 86.38.202.116:443 | brainbodyed.com | tcp |
| US | 8.8.8.8:53 | buniqueshop.com | udp |
| US | 8.8.8.8:53 | canvastraps.com | udp |
| US | 8.8.8.8:53 | capcutedits.com | udp |
| US | 76.223.67.189:443 | bugattispot.com | tcp |
| US | 8.8.8.8:53 | 161.149.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.120.236.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.71.212.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.122.184.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.141.127.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.bassittsale.com | udp |
| FR | 213.186.33.40:443 | www.belle-ile-en-mer.net | tcp |
| US | 172.67.162.7:443 | bybxdigital.com | tcp |
| US | 154.49.142.72:443 | buildwithaj.com | tcp |
| US | 143.95.100.31:443 | campusbytap.com | tcp |
| US | 192.169.165.47:443 | cameosalons.com | tcp |
| US | 74.208.236.101:443 | buniqueshop.com | tcp |
| US | 8.8.8.8:53 | carederanas.com | udp |
| US | 8.8.8.8:53 | carlinoauto.com | udp |
| US | 8.8.8.8:53 | caroltienda.com | udp |
| US | 8.8.8.8:53 | www.balvimexico.com | udp |
| US | 8.8.8.8:53 | carwenworld.com | udp |
| US | 82.180.172.20:443 | capcutedits.com | tcp |
| US | 8.8.8.8:53 | casinosages.com | udp |
| US | 8.8.8.8:53 | casinoxtime.com | udp |
| US | 8.8.8.8:53 | castingabby.com | udp |
| US | 3.33.130.190:443 | canvastraps.com | tcp |
| US | 8.8.8.8:53 | catclean-us.com | udp |
| US | 8.8.8.8:53 | 116.202.38.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.221.57.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.162.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.142.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.100.95.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.236.208.74.in-addr.arpa | udp |
| IN | 154.41.233.77:443 | candescentt.com | tcp |
| US | 8.8.8.8:53 | cecileroger.com | udp |
| US | 8.8.8.8:53 | celebtattle.com | udp |
| US | 8.8.8.8:53 | central24x7.com | udp |
| US | 8.8.8.8:53 | cellamrecan.com | udp |
| US | 104.21.19.18:443 | www.bassittsale.com | tcp |
| BR | 154.49.247.183:443 | caroltienda.com | tcp |
| US | 8.8.8.8:53 | chasethewhy.com | udp |
| US | 69.163.181.25:443 | www.balvimexico.com | tcp |
| US | 172.67.183.224:443 | casinosages.com | tcp |
| TR | 178.18.193.143:80 | carwenworld.com | tcp |
| US | 8.8.8.8:53 | chatgptboom.com | udp |
| BR | 154.56.48.173:443 | carederanas.com | tcp |
| US | 8.8.8.8:53 | chatterease.com | udp |
| US | 154.56.47.16:443 | cellamrecan.com | tcp |
| IN | 82.180.142.114:443 | central24x7.com | tcp |
| US | 8.8.8.8:53 | chavanpatil.com | udp |
| US | 172.67.154.129:443 | cecileroger.com | tcp |
| US | 74.208.236.213:443 | celebtattle.com | tcp |
| US | 65.60.5.206:443 | castingabby.com | tcp |
| US | 149.100.151.33:443 | casinoxtime.com | tcp |
| US | 65.99.252.110:80 | catclean-us.com | tcp |
| NL | 185.182.56.58:80 | chasethewhy.com | tcp |
| US | 8.8.8.8:53 | 20.172.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.130.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chicvhairpr.com | udp |
| US | 8.8.8.8:53 | chessroyals.com | udp |
| US | 8.8.8.8:53 | chinaqiuzhi.com | udp |
| US | 8.8.8.8:53 | chosenesiwe.com | udp |
| US | 8.8.8.8:53 | cibertecpro.com | udp |
| IN | 62.72.28.35:443 | chatgptboom.com | tcp |
| US | 66.55.68.205:443 | chavanpatil.com | tcp |
| US | 165.140.70.70:443 | chatterease.com | tcp |
| US | 172.67.198.56:443 | chicvhairpr.com | tcp |
| US | 154.49.142.40:443 | cibertecpro.com | tcp |
| US | 143.198.60.17:443 | chessroyals.com | tcp |
| US | 82.180.138.52:443 | chosenesiwe.com | tcp |
| US | 8.8.8.8:53 | citytnews24.com | udp |
| US | 8.8.8.8:53 | clicktechon.com | udp |
| US | 38.47.254.94:80 | chinaqiuzhi.com | tcp |
| US | 8.8.8.8:53 | clothingaid.com | udp |
| IN | 46.28.45.31:443 | clicktechon.com | tcp |
| US | 8.8.8.8:53 | coachlennox.com | udp |
| US | 8.8.8.8:53 | 143.193.18.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.154.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.56.182.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.48.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.236.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.142.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.5.60.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.252.99.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.28.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.142.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.60.198.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.138.180.82.in-addr.arpa | udp |
| BR | 154.49.247.198:443 | clinicaguth.com | tcp |
| IN | 154.41.233.137:443 | citytnews24.com | tcp |
| US | 207.148.23.81:443 | clothingaid.com | tcp |
| US | 15.204.52.30:443 | coachlennox.com | tcp |
| US | 8.8.8.8:53 | codevertize.com | udp |
| US | 8.8.8.8:53 | codigolemor.com | udp |
| US | 8.8.8.8:53 | coeurdyport.com | udp |
| US | 8.8.8.8:53 | contentifyx.com | udp |
| US | 8.8.8.8:53 | commercemgt.com | udp |
| US | 8.8.8.8:53 | corpolegacy.com | udp |
| US | 8.8.8.8:53 | www.copt.com | udp |
| US | 8.8.8.8:53 | couples-hub.com | udp |
| US | 8.8.8.8:53 | crazyaimone.com | udp |
| IN | 154.41.233.199:443 | codevertize.com | tcp |
| US | 104.21.37.181:443 | contentifyx.com | tcp |
| DE | 217.160.0.29:443 | couples-hub.com | tcp |
| US | 160.153.0.181:443 | commercemgt.com | tcp |
| US | 190.8.176.49:443 | codigolemor.com | tcp |
| US | 8.8.8.8:53 | 94.254.47.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.45.28.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.23.148.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.52.204.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cryptomonit.com | udp |
| US | 34.123.8.175:443 | www.copt.com | tcp |
| US | 8.8.8.8:53 | cryptoneedy.com | udp |
| CA | 51.222.47.8:80 | corpolegacy.com | tcp |
| US | 34.120.137.41:443 | crazyaimone.com | tcp |
| US | 154.56.47.50:443 | creatinitty.com | tcp |
| BE | 213.158.94.176:443 | coeurdyport.com | tcp |
| US | 8.8.8.8:53 | cryptopalta.com | udp |
| US | 8.8.8.8:53 | csinstrumed.com | udp |
| US | 63.250.43.134:443 | cryptoneedy.com | tcp |
| US | 172.67.178.37:443 | cryptomonit.com | tcp |
| US | 8.8.8.8:53 | www.chessroyals.com | udp |
| US | 8.8.8.8:53 | cuentogroup.com | udp |
| US | 185.212.71.249:443 | cryptopalta.com | tcp |
| US | 8.8.8.8:53 | czcosmopack.com | udp |
| US | 8.8.8.8:53 | cys-urtegar.com | udp |
| US | 154.16.170.58:443 | csinstrumed.com | tcp |
| TR | 185.86.13.92:443 | cuentogroup.com | tcp |
| US | 143.198.60.17:443 | www.chessroyals.com | tcp |
| ES | 82.98.175.104:443 | cys-urtegar.com | tcp |
| US | 8.8.8.8:53 | dadanmarket.com | udp |
| US | 8.8.8.8:53 | daihatsutms.com | udp |
| US | 207.246.94.133:443 | czcosmopack.com | tcp |
| US | 8.8.8.8:53 | danialamari.com | udp |
| US | 8.8.8.8:53 | 199.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.0.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.137.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.94.158.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.47.222.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.176.8.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.47.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.178.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.71.212.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | daytonhoops.com | udp |
| US | 8.8.8.8:53 | decepticans.com | udp |
| IR | 88.135.68.70:443 | danialamari.com | tcp |
| US | 154.56.47.21:443 | dadanmarket.com | tcp |
| DE | 64.190.63.222:80 | decepticans.com | tcp |
| US | 8.8.8.8:53 | dedzacsacco.com | udp |
| US | 66.29.132.101:443 | daytonhoops.com | tcp |
| US | 8.8.8.8:53 | deirdreshop.com | udp |
| US | 8.8.8.8:53 | www.cecileroger.com | udp |
| US | 8.8.8.8:53 | denimsation.com | udp |
| US | 8.8.8.8:53 | destinatair.com | udp |
| US | 8.8.8.8:53 | dezhnevesht.com | udp |
| US | 8.8.8.8:53 | diepchiland.com | udp |
| US | 8.8.8.8:53 | digilandrix.com | udp |
| US | 8.8.8.8:53 | www.catclean-us.com | udp |
| SG | 45.13.133.8:443 | daihatsutms.com | tcp |
| US | 8.8.8.8:53 | 58.170.16.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.13.86.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.94.246.207.in-addr.arpa | udp |
| BG | 195.42.142.41:443 | destinatair.com | tcp |
| US | 8.8.8.8:53 | divinesetup.com | udp |
| US | 8.8.8.8:53 | digitalrais.com | udp |
| VN | 103.173.227.63:443 | diepchiland.com | tcp |
| US | 8.8.8.8:53 | www.dj-computer.com | udp |
| US | 217.196.54.139:443 | digilandrix.com | tcp |
| US | 8.8.8.8:53 | diya-studio.com | udp |
| US | 65.99.252.110:80 | www.catclean-us.com | tcp |
| US | 104.21.82.72:443 | www.cecileroger.com | tcp |
| US | 172.67.187.88:443 | deirdreshop.com | tcp |
| RO | 45.86.220.151:443 | dedzacsacco.com | tcp |
| US | 8.8.8.8:53 | djoyaschile.com | udp |
| US | 8.8.8.8:53 | dongwugouwu.com | udp |
| US | 8.8.8.8:53 | doktorbakri.com | udp |
| US | 8.8.8.8:53 | dralextosta.com | udp |
| US | 8.8.8.8:53 | dreamypages.com | udp |
| US | 8.8.8.8:53 | drhemsworth.com | udp |
| US | 8.8.8.8:53 | soluvione.com | udp |
| US | 8.8.8.8:53 | sonexmall.com | udp |
| US | 8.8.8.8:53 | shop-closhb.com | udp |
| US | 172.67.178.39:443 | denimsation.com | tcp |
| US | 8.8.8.8:53 | www.daytonhoops.com | udp |
| GB | 154.49.138.195:443 | divinesetup.com | tcp |
| IN | 154.41.233.99:443 | digitalrais.com | tcp |
| US | 8.8.8.8:53 | sleekscalps.com | udp |
| IR | 185.215.124.175:80 | dezhnevesht.com | tcp |
| US | 8.8.8.8:53 | 222.63.190.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.68.135.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.47.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.132.29.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.142.42.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.133.13.45.in-addr.arpa | udp |
| FR | 154.49.245.121:443 | diya-studio.com | tcp |
| US | 198.54.115.235:443 | sonexmall.com | tcp |
| GB | 154.49.138.253:443 | djoyaschile.com | tcp |
| US | 198.54.121.245:443 | shop-closhb.com | tcp |
| US | 195.35.10.42:443 | drhemsworth.com | tcp |
| IN | 154.41.233.176:443 | dreamypages.com | tcp |
| TR | 5.2.85.171:80 | soluvione.com | tcp |
| BR | 154.49.247.242:443 | dralextosta.com | tcp |
| ID | 103.180.162.166:443 | www.dj-computer.com | tcp |
| US | 8.8.8.8:53 | www.destinatair.com | udp |
| US | 8.8.8.8:53 | smithjacket.com | udp |
| US | 8.8.8.8:53 | slot-lounge.com | udp |
Files
memory/1560-1-0x0000000002D80000-0x0000000002E80000-memory.dmp
memory/1560-2-0x0000000004A80000-0x0000000004A8B000-memory.dmp
memory/1560-3-0x0000000000400000-0x0000000002D3F000-memory.dmp
memory/3376-4-0x0000000002250000-0x0000000002266000-memory.dmp
memory/1560-5-0x0000000000400000-0x0000000002D3F000-memory.dmp
memory/1560-8-0x0000000004A80000-0x0000000004A8B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\126A.exe
| MD5 | 4adf13b893f198838a7150f88b46c204 |
| SHA1 | c0bc7a99cc51311cd3957059a06aa7568429541e |
| SHA256 | f830cb6d74a22e6f522271812cd44d094334332597c1d0c98db17d988018d272 |
| SHA512 | 16a670af3bffcbf1b0e44a687135484f75036876af84eacaf857af815d5dae938f7abdab1cadb279a372179a31341fd36319ad06319dadf28ab236dbc4b9cc9e |
C:\Users\Admin\AppData\Local\Temp\126A.exe
| MD5 | ac4ee5899db51f8860de500b4990bc87 |
| SHA1 | 4dc6e098f7747e0d278e6d3fa9a2e2c5abbe3295 |
| SHA256 | 36dfe795243e8b5591c5caa72d42b6bf2cfb9ccfd6d4b882b1ee50e26aa94f66 |
| SHA512 | 588b88c6a67aa04e5051ec3f69d3b9fcfe84b1dfdaecda24b4ffbf5a3b088146dbc87d4b348391caef7ebbf08f320eb9492f3e6cec985418a9e740d43ea2f08d |
memory/1836-18-0x0000000004CB0000-0x0000000004E75000-memory.dmp
memory/1836-19-0x0000000004E80000-0x0000000005037000-memory.dmp
memory/2984-20-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\126A.exe
| MD5 | 147f5f5bbc80b2ad753993e15f3f32c2 |
| SHA1 | 16d73b4abeef12cf76414338901eb7bbef46775f |
| SHA256 | 40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990 |
| SHA512 | 9c43aaa68161ef04c60e3f64c3fd54426dfd387f0013f009f3da94d45f19e514cd41de7b95865c47f55e5800222fd74736659138bb96406aa37f9cdc8e5799b6 |
memory/2984-23-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2984-24-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1885.dll
| MD5 | 7f341437d787033f6b2e746037413de6 |
| SHA1 | 3c41114a7782cabc996183faae3c8be2fad4613b |
| SHA256 | de3307883a72f85e2f2caaa0a5dfa0e76f08136bfa7e2daf78e4b15cce4d0860 |
| SHA512 | 8ab0900bd5ed08a01fd997e8b8a106ba3d553081508d3c29f3f47965e538af4c8aee5af09cd1622ecf43da677136165b8a6b266fd574c1353de28d97f4dd5ee4 |
memory/2984-27-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2984-28-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1885.dll
| MD5 | cb0cc76e1fddd9e802cecb9e4eb24a83 |
| SHA1 | 787e93294471080886488bb11bcbfcee12928f8b |
| SHA256 | 00d0f0fc1184c034b6fde25559dad22785d9d38f9862f12d05c1c59e419c2a34 |
| SHA512 | e22f086ebfd2dbf1b13a94339ad2f68bf5c0933f2c0a131ae018d8f3c3005fcb3eb476c274e8fa8156291867d74a28bb2316185ff089f004e6077ecfa6e4e008 |
memory/3780-30-0x0000000010000000-0x000000001020C000-memory.dmp
memory/3780-31-0x0000000000DB0000-0x0000000000DB6000-memory.dmp
memory/2984-33-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1885.dll
| MD5 | b66379323022a073f1f7cdefed747401 |
| SHA1 | 14cfd615676b85960154df8273ca841f4a0e268b |
| SHA256 | 19a75f92a288042be52f1d38976909a22f81e92d22b69b6ab2f1f4d5856448db |
| SHA512 | 94b8dbe483f2f624723b831186bfcabc52eb74b8293f7acc4e3152ccdaef86885e2fb89453b91a78493795c99edc96e47dbbd489f92aec4cb30c21c064eb052b |
memory/2984-36-0x0000000000950000-0x0000000000956000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\28D2.exe
| MD5 | 78b81b03c4b6492b043b4af95130090b |
| SHA1 | 52ad61251d21e4e12c03eb847ff015c0f0b70db1 |
| SHA256 | 32ef3de273a37f7eaef212f935ece28b345d8c7e2a0fb471b84279c7533b2e43 |
| SHA512 | a4464670007aaebe530ff15279fd30e8c0a0900d03d8446ed4ddfef0c2b4b59aab84af93526152545a00d754b2ead16eb73f977e03a21bf34c9204be3a6da03b |
C:\Users\Admin\AppData\Local\Temp\28D2.exe
| MD5 | c5e7c791d25fe5795caf90493a00523e |
| SHA1 | 0547e7c55ddb9a0637c560dd345b8a370cfd434a |
| SHA256 | f853a4fd24b2f8f36e789304a651e4cc8b50751db69043f758ba5cbc9d8b9910 |
| SHA512 | d3d5bdcadb7ebeba345f2d1337c7ba4831faa3c093f7869dac1aedf80b1c8d2f41d496b4874754acb6612aedd2d2961793e38070800bd28804f51e5f5217bbd0 |
C:\Users\Admin\AppData\Local\Temp\2C8C.exe
| MD5 | e6dd149f484e5dd78f545b026f4a1691 |
| SHA1 | 3ea5d0fb2de5bfad3dc6dc1744708ccd31102df6 |
| SHA256 | 11243641663323721ba21494a394de70ae70d4ea23c23f2e2a397fcc3cfea1a7 |
| SHA512 | 0defb358d59221c56731745a25250dfea49ecbb411f11f31a92ec20fa2123646f4aaf9fd4999898c39e4674f616bc1bed7ef2368b61a29d595dc7b9340dd058b |
memory/1064-48-0x00000000006A0000-0x0000000000F4F000-memory.dmp
memory/1064-47-0x00000000012D0000-0x00000000012D1000-memory.dmp
memory/4436-50-0x0000000003000000-0x0000000003100000-memory.dmp
memory/4436-51-0x0000000002F30000-0x0000000002F9B000-memory.dmp
memory/4436-53-0x0000000000400000-0x0000000002D8C000-memory.dmp
memory/4436-54-0x0000000000400000-0x0000000002D8C000-memory.dmp
memory/1064-55-0x00000000012E0000-0x00000000012E1000-memory.dmp
memory/1064-56-0x00000000012E0000-0x00000000012E1000-memory.dmp
memory/1064-57-0x00000000012E0000-0x00000000012E1000-memory.dmp
memory/1064-58-0x00000000012E0000-0x00000000012E1000-memory.dmp
memory/1064-59-0x00000000012E0000-0x00000000012E1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3C5C.exe
| MD5 | 42a0156de35b24cf8ce87d3dfcccda2c |
| SHA1 | 191392dbe10a7724b19ec620ca69456edd6c45d5 |
| SHA256 | 8ee3334543d765b10a971c96d152ed465e0627b8bc61e320c836e71f253cc715 |
| SHA512 | cc2d4ef77e64c3dff7f45205ae4bab409f385b1e129bf521e6ffb202ae971f537dbdd43e0725bbc87f8c1334d79e9be9bc3e366f622b6fefeeb68fb9831a6e84 |
C:\Users\Admin\AppData\Local\Temp\3C5C.exe
| MD5 | a881652979eee07289d207b8d6aa958b |
| SHA1 | c8b4ec0f8bcb9818542867d9832fb001279259d0 |
| SHA256 | 2646e22fe4eb713a68db63fc7f49da97bb1c80cab18759f41e7e8da6eb9e21ce |
| SHA512 | bdc22a90419ab4187c5a9c11d66271308434da774ecc485b3d454d591ba9b2f2e2b4676ecb28911a955d12960ee4767e2cb562da671967c549aa8afa6014efa6 |
memory/4828-66-0x0000000000080000-0x0000000000936000-memory.dmp
memory/4828-67-0x0000000073670000-0x0000000073E20000-memory.dmp
memory/3780-68-0x0000000010000000-0x000000001020C000-memory.dmp
memory/2984-71-0x0000000002EC0000-0x0000000002FFC000-memory.dmp
memory/3780-70-0x0000000002EB0000-0x0000000002FEC000-memory.dmp
memory/2984-74-0x0000000003000000-0x000000000311B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 550ee7188c527b01bfa4d015377d121c |
| SHA1 | 44c45f90daaef2f68d08512a79d0efa86a748f4b |
| SHA256 | b236c2da74955dc9bcd4fc696ae78f49edbbc6f06aacaa80f0246da3deb3265d |
| SHA512 | 677f8a65ca34a290ce916d13966f0511875d5cfc12cc0983d7463a64047528a2407eb62ca8cae392452d06e756b9d07014af52c92d91ec61264c2005468f2a1a |
memory/2984-85-0x0000000003000000-0x000000000311B000-memory.dmp
memory/3780-81-0x0000000002FF0000-0x000000000310B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | f6bf5c21a8247203eb4280e83fba6664 |
| SHA1 | e7558d48e41f127dd779c35a7eb1613c74761249 |
| SHA256 | 0774c2e1349c193926417a5f1783ed1961111ab1d30d2383fca93e6525262a6f |
| SHA512 | 60da2899d4fbc8910a69eb3daad48f96bdd769178ccba6c55e640989514943897a2f9f6a355ed97cb16bacdcceb57eaa7eedacd6901242887c045ae4593f0817 |
memory/3780-91-0x0000000002FF0000-0x000000000310B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | f26249769d27c4988588974f0afc5ad0 |
| SHA1 | e8b18cd33637ba0baebb2e1e0140103debcc264a |
| SHA256 | 473cd36e397548c71f0dc65cfefaab1080f92dd29caf1f3ded7fe34e644aa363 |
| SHA512 | 805a479d4638968920c12dd139114e6741b0eea512fb1e68003a6497a3b0deb1ee0f704169a8e5a1932cb4e8a1a50ded1fb05fcc93ae778c93a1d3db6fcd8fcd |
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
| MD5 | 5e0ff36e0a47f07ce34aa4a6077205d8 |
| SHA1 | 684e8c7e575d7d88bb1d6ab0b16ae7503749fb4f |
| SHA256 | 5530c33905b04868e7521c68a52044b369d6d22c0272fa5480102147bdef305c |
| SHA512 | 5d11197f50fcd1354f14c63602a46b9484e6596dea160ef4f7e9a535004655603298cbcb64676852a64622305d258b9d6ae31eac58d269ac453a9d7e9af8d7c6 |
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
| MD5 | 43706993cce342c8b85b1b175f941c96 |
| SHA1 | d10587600a64da3210a83da771bd7b64d5b81e1f |
| SHA256 | bd7e266eea9db4686f795a0c2ae61684537ee997cdda24b9935e7c7af12d785c |
| SHA512 | 2180ff0458f547c3abb14e0089e7ab2f71d23ec4fe88d6a3596a76839d11dc180022520c0e61dff8b24c3e98dcf082df59279904b02ba3459b1e0298a10ea91d |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | aaf0bb37ae70edf36b650977fe25658f |
| SHA1 | dec39feae72f0c5ae84775303e543ca353de6256 |
| SHA256 | bb578336ff40082f50aa894cd7b33f4078d16277942c35b20da5da995fe21d06 |
| SHA512 | d0c8bbd2d0fbc4821c2ee12245aa9cd434c138256fc10b7c3717cd4988b3298a221c7da764a2bb67d511870dc9ae52cf018304bb04744212fac2461bd4a055e4 |
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | 2fe9860d62aeebd600e504a6b6c7a9d2 |
| SHA1 | edaa583ccc78d914c79389e69d24ce7264a813ef |
| SHA256 | 1a75104e58525eed39afac6c3de839e436f7e5212390c4b50c8d308c4d0090c7 |
| SHA512 | 5429b0f28ed8745eae7d6f2c517ec6c7fc53a48c04c420fb7fb46363d1a98cb239125cf356a8167f23c55a66bd4f3b2872e6e7d10274531179d91544e7cbef57 |
memory/4828-111-0x0000000073670000-0x0000000073E20000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4ECC.exe
| MD5 | 3893d9674f9791363d8f92edae4427a7 |
| SHA1 | 93603d9de7c259c8437f320f032ba171be67e200 |
| SHA256 | ad3a5d32351e9b26a5206751e45f27bf4def2890008e573dce58c4e9791fdcce |
| SHA512 | 9918357b96ea5af2ec3f056c0d7c41a025558fba88d6ada2ade153dc5b944670acdcc0e1abc76e52d9a9186abd15345519802f605473bf4fb59c81f972a3a6d6 |
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
| MD5 | 3cc7874e9ff2607460f01b5c05f89486 |
| SHA1 | 3e220dcda21c3613b84ff36bca9e6a69a05270ee |
| SHA256 | 55d9b6391e5ebbdd95c965ceb193f7de4801ebcfce47805214c3316f29cc7692 |
| SHA512 | ef787b1b9947712f1973b06299e3d97199ae7f904d900e16e1ce84bdbc80349293c8f1cd86083536702668b368a9087fa9472406ec6578bb561576a1168eb7b7 |
memory/244-117-0x0000000002F20000-0x0000000003020000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
| MD5 | 2d10422cc082b2dd3f472f025496790b |
| SHA1 | 52e7d946b7871c1d3da43669d6de722f0ed44b44 |
| SHA256 | 25be766594831d993389e55705da77af63a98a6ed6962fcf95d63969808fd37b |
| SHA512 | a49958c2bcb631fe84734e45b95af749f8f22d75deb124963ccb7e553c62a46686347cef06926936bbf2d663d3270611b54e2102e7bdf584109c38a2b07735c6 |
C:\Users\Admin\AppData\Local\Temp\nsa5281.tmp\INetC.dll
| MD5 | 40d7eca32b2f4d29db98715dd45bfac5 |
| SHA1 | 124df3f617f562e46095776454e1c0c7bb791cc7 |
| SHA256 | 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9 |
| SHA512 | 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d |
memory/244-119-0x0000000004840000-0x000000000484B000-memory.dmp
memory/1064-125-0x00000000006A0000-0x0000000000F4F000-memory.dmp
memory/2984-133-0x0000000003000000-0x000000000311B000-memory.dmp
memory/3780-132-0x0000000002FF0000-0x000000000310B000-memory.dmp
memory/4488-131-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5852.exe
| MD5 | 56fd240de5ac3777bf5df79c3d0219ee |
| SHA1 | 241db1c9c49076a4e0c8858d3a9db765f1e97a43 |
| SHA256 | e7a45ae5e9734a4670f1431c5e24e3c436cb6ef8bf92ab70d64cbe94b81fa49d |
| SHA512 | 0be5f9c82b12651116884bf39ba71c9b171e35c530d7c413c9cc867e22d7a5fd04d0ad0c4f3419778976a47f2a1ee8ca23435fe59e123003eb22598de36d085b |
memory/244-128-0x0000000000400000-0x0000000002D3E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5C8A.exe
| MD5 | 724ded619685ad37a52e4c5df67ed089 |
| SHA1 | e35e67dd8806a1e8683a44bbf7c2c7094361622b |
| SHA256 | b0219ae324f2acd400a39120087753eceb6d3f2e53ec5b46240bbe95b1b7bf6d |
| SHA512 | caa18e031e461d96c4e9abc5531a5d5157fef1bbf7c79477df421c76cdcac137be5efe2ca3ae5633eaf58c9dff2c51d867f895aa84e0de6935587914881397bc |
C:\Users\Admin\AppData\Local\Temp\5C8A.exe
| MD5 | df2076b7ede154d455fdd1035115de54 |
| SHA1 | 62df9325ff2fce5e5a2cf121e84065221a513d77 |
| SHA256 | 0730675048e9e0a97e9ad20f73712d7e3ba6ed114a7cdfbf8b50075656c4395c |
| SHA512 | 5f55d313b2451f14f101d7383e03cdc3a9b36a9f6487a7c164def8018b76983e6fe74288f4457a2f4273d117f1a10a886409f713173bb1f791e86205caf80430 |
memory/4436-135-0x0000000000400000-0x0000000002D8C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5852.exe
| MD5 | 5fc0ff9881728777458bbabb608f2bc8 |
| SHA1 | 5e9b9bc7c957ccd71575b83c5171e4e7fd55b99d |
| SHA256 | 85a211b99ff7cb2c92a967707ab525b32aa120825163a23dc779adde46746a5a |
| SHA512 | e79efc7e4a589f111777a8be0ac0589bd18985f515d33c005358bac3d131fa889f46f68965fbf54b0992bd32f8b97b9c5e876a4bb447ac6a4eb4252e22a60fd1 |
C:\Users\Admin\AppData\Local\Temp\is-PEBDU.tmp\5852.tmp
| MD5 | 539c3889efe7287cfac6602816434284 |
| SHA1 | c9ad3c6c9b4a92c65516408bebbde2b2d863b26e |
| SHA256 | 24f67a53989646e6ca6be9342b05cab88604328d2cb799075b4d32b053a88c12 |
| SHA512 | 033f1c22ebc388b18ebc95f008cd916693c1a18a13b728b7c6c252d4e8cd9da1cb1f14ba01672713c65fb03888e93fe3b2d64e3a984174f9fc21bc7b2153b56a |
memory/3668-153-0x0000000002EF0000-0x0000000002FF0000-memory.dmp
memory/3996-152-0x00000000009C0000-0x00000000009C1000-memory.dmp
memory/4488-150-0x0000000000400000-0x0000000000414000-memory.dmp
memory/3376-174-0x00000000074E0000-0x00000000074F6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsg608C.tmp
| MD5 | c875d231a0b8eae057b6abbe461bd952 |
| SHA1 | 8654ac42920ab3de9d254332309c107e9024aeaf |
| SHA256 | 9e9731e42833c1658f4d2f43e3e324bde110c93bca38b4d0b0e88233ff6c4d51 |
| SHA512 | fdbb2085d763ef4fe1eae1d2802bac86b1c8db3f16be87ec59acf28eea74feb32f5c33d0c4cfb393ccbd1eac007799c892377ea400982a9c4c2d1a98b8897d62 |
C:\Users\Admin\AppData\Local\Temp\nsg608C.tmp
| MD5 | 593c6bba2414d94e5e05d505074793dc |
| SHA1 | 1315c0ffbecf2e1eea0f5ac63adce7cc403ea9e8 |
| SHA256 | 44a0af487346e24e3a06361a917a81ec151ddb8b7a1c558294cfc283a35ce4ec |
| SHA512 | 6e9d0191723db1caf54f50d1ba249079f74c0b8cdb745fefb283a248279375248c6ddc27f70b1887678c5e5e22fc9a58cec1a613e758b3a96d2c72a5b7da5257 |
C:\Users\Admin\AppData\Local\Temp\is-AABQJ.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\AppData\Local\Temp\is-AABQJ.tmp\_isetup\_isdecmp.dll
| MD5 | a813d18268affd4763dde940246dc7e5 |
| SHA1 | c7366e1fd925c17cc6068001bd38eaef5b42852f |
| SHA256 | e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64 |
| SHA512 | b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4 |
memory/2984-215-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2184-216-0x0000000002FC0000-0x00000000030C0000-memory.dmp
memory/2184-217-0x0000000004980000-0x00000000049B4000-memory.dmp
memory/244-211-0x0000000000400000-0x0000000002D3E000-memory.dmp
C:\Users\Admin\AppData\Local\DVD Slow\dvdslow.exe
| MD5 | 7581c4af00e43a4fad80deee48f0ff33 |
| SHA1 | ee65b5c114936899e8a00eaee49b8719d82939e0 |
| SHA256 | e8b4fe594bbf6ba8c98edf6b49184e3a9496140b26e1b6befb7bd61a951208e4 |
| SHA512 | 913eb3974ab8eb5d22dbedde8678e4ece3280abe61a62086b0584cf3b368df8e707d54b762fab08ca7498d824eb6c667ed9b733bf44ceb6f237cb260c2c65d4a |
memory/1604-224-0x0000000000400000-0x000000000076F000-memory.dmp
C:\Users\Admin\AppData\Local\DVD Slow\dvdslow.exe
| MD5 | c2fd2b3871f260fb181b590de8d07c81 |
| SHA1 | 869269b2fb358ce1d0c276c643d289561cf3693a |
| SHA256 | 7dd4f9d2631b87895d1cc0f8499bff9dc230f7f319de12a21e0d23ae42ebaa93 |
| SHA512 | 106baba651ac09a7c0cbeaf780ea9ec4f24dc958dc544e8bfc836c026832406310a76b9daec23a377088e0a721f7025a63aeaedd96d5de8269b73aebf00db200 |
memory/1604-227-0x0000000000400000-0x000000000076F000-memory.dmp
memory/2184-228-0x0000000000400000-0x0000000002D41000-memory.dmp
memory/3668-145-0x0000000000400000-0x0000000002D8C000-memory.dmp
memory/1268-229-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/1268-231-0x0000000002900000-0x0000000002CFA000-memory.dmp
memory/1268-232-0x0000000002E00000-0x00000000036EB000-memory.dmp
memory/2984-236-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4768-241-0x0000000000400000-0x000000000076F000-memory.dmp
memory/3600-240-0x00000000020D0000-0x00000000020D1000-memory.dmp
memory/4768-243-0x0000000000400000-0x000000000076F000-memory.dmp
memory/2984-246-0x0000000000400000-0x0000000000848000-memory.dmp
memory/3996-247-0x0000000000400000-0x00000000008E2000-memory.dmp
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | d03cd811827942499c195254e51cc65f |
| SHA1 | 12b2b09ba4b89f0c21f81d44d1dc9d11831d2938 |
| SHA256 | df32828a12fd264bf35e9ac11c751d55bbc15f4e00ce4d9b112a163eb5acf7e5 |
| SHA512 | 5eb73e3e376e58d8386a31e21ab412a64d390f8ddc0474c65ebbe70724244ae1faef4751967e080be0a212ed65c60bacdf86ef390ab74ed798c47c2980c97afa |
memory/2184-250-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/4804-289-0x0000000004910000-0x0000000004946000-memory.dmp
memory/4804-290-0x0000000005070000-0x0000000005698000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nrjidxz2.3i4.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | 40d51ecea806d2eb4ba6692030a10bbe |
| SHA1 | 6a18cdf070707916f37b481c65e9318d4340b666 |
| SHA256 | 8c26d76e0736e6ba0d982edd06f5d913c2340849349a829903e42a8af700d4d3 |
| SHA512 | ce3c9bead20863253c8f015e69cc4136fbe23a49988f57cb325714bf922a6dc040690aef233a6d5c1da6f6b1a2dc25bbd4aa6cf81d284cb41c98e8bfb8b63a44 |
memory/4804-314-0x00000000058A0000-0x00000000058C2000-memory.dmp
memory/4804-317-0x0000000005980000-0x00000000059E6000-memory.dmp
memory/4804-318-0x00000000059F0000-0x0000000005A56000-memory.dmp
memory/4804-323-0x0000000005A60000-0x0000000005DB4000-memory.dmp
memory/4804-330-0x0000000004A30000-0x0000000004A40000-memory.dmp
memory/4804-328-0x0000000072020000-0x00000000727D0000-memory.dmp
memory/4804-329-0x0000000004A30000-0x0000000004A40000-memory.dmp
memory/4804-345-0x0000000005F00000-0x0000000005F1E000-memory.dmp
C:\ProgramData\nss3.dll
| MD5 | 0607cd187509fdce22e54c74956ba431 |
| SHA1 | 7956ad9007dbba05873848d9ef9f05e577fac4b1 |
| SHA256 | cb1080b50baa8c439799306d9d90819ff45352ae91e0b8424b61a0b9c2935b4c |
| SHA512 | eb60024e98f1bc839dbdba1c46a9976edaa01755adf7d3dc3908257ce03689e815f710d73019bdbe76acc5b50f529481fdcb59aba9320bc52809166425d02c4a |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/4804-353-0x0000000005F50000-0x0000000005F9C000-memory.dmp
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
memory/4804-373-0x0000000006390000-0x00000000063D4000-memory.dmp
memory/3668-379-0x0000000000400000-0x0000000002D8C000-memory.dmp
memory/1552-383-0x0000023C5FC00000-0x0000023C5FC22000-memory.dmp
memory/4804-394-0x0000000007230000-0x00000000072A6000-memory.dmp
memory/4804-400-0x0000000007930000-0x0000000007FAA000-memory.dmp
memory/4804-403-0x0000000004A30000-0x0000000004A40000-memory.dmp
memory/4436-404-0x0000000003000000-0x0000000003100000-memory.dmp
memory/4804-402-0x00000000072D0000-0x00000000072EA000-memory.dmp
memory/1552-406-0x0000023C78290000-0x0000023C782A0000-memory.dmp
memory/1552-407-0x00007FFA2C950000-0x00007FFA2D411000-memory.dmp
memory/1552-410-0x00007FFA2C950000-0x00007FFA2D411000-memory.dmp
memory/4436-414-0x0000000000400000-0x0000000002D8C000-memory.dmp
memory/4804-443-0x00000000707B0000-0x00000000707FC000-memory.dmp
memory/4804-439-0x00000000074A0000-0x00000000074D2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 8c9607a8c8359d15ec05a327be0b80a8 |
| SHA1 | 645ef703da82d57f169789d42c5c88625548bcc1 |
| SHA256 | 924f06d5c5dfa4ac57ea02f3899d9e083a61844d3e86372fc5d71e0e184df233 |
| SHA512 | 60880b8445341e3ad208977d2d328e497243dc6d5d51dc6a35923752f83cc8e621d6ca377d8638ef4415689f6e74e230bfa8a29953d639a5757bdf94a8d5dda1 |