Analysis Overview
SHA256
98c3d93eeb1c3139c530df4aa6270bb3df7c24148e71f195c929486136872eee
Threat Level: Known bad
The file 98c3d93eeb1c3139c530df4aa6270bb3df7c24148e71f195c929486136872eee.exe was found to be: Known bad.
Malicious Activity Summary
Stealc
Glupteba
Lumma Stealer
Glupteba payload
SmokeLoader
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Detects executables containing artifacts associated with disabling Widnows Defender
Detects executables packed with VMProtect.
Detects executables containing URLs to raw contents of a Github gist
Detect binaries embedding considerable number of MFA browser extension IDs.
Detects executables referencing many varying, potentially fake Windows User-Agents
Detects executables Discord URL observed in first stage droppers
UPX dump on OEP (original entry point)
Detects Windows executables referencing non-Windows User-Agents
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
Downloads MZ/PE file
Stops running service(s)
Modifies Windows Firewall
Creates new service(s)
Contacts a large (511) amount of remote hosts
Loads dropped DLL
Deletes itself
Checks computer location settings
Executes dropped EXE
UPX packed file
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Suspicious use of SetThreadContext
Launches sc.exe
Unsigned PE
Enumerates physical storage devices
Program crash
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Creates scheduled task(s)
Checks SCSI registry key(s)
Uses Task Scheduler COM API
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-25 05:07
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-25 05:07
Reported
2024-02-25 05:10
Platform
win7-20240221-en
Max time kernel
30s
Max time network
151s
Command Line
Signatures
SmokeLoader
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\692F.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\692F.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\81B0.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\692F.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\692F.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2560 set thread context of 2724 | N/A | C:\Users\Admin\AppData\Local\Temp\692F.exe | C:\Users\Admin\AppData\Local\Temp\692F.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\81B0.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\98c3d93eeb1c3139c530df4aa6270bb3df7c24148e71f195c929486136872eee.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\98c3d93eeb1c3139c530df4aa6270bb3df7c24148e71f195c929486136872eee.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\98c3d93eeb1c3139c530df4aa6270bb3df7c24148e71f195c929486136872eee.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\98c3d93eeb1c3139c530df4aa6270bb3df7c24148e71f195c929486136872eee.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\98c3d93eeb1c3139c530df4aa6270bb3df7c24148e71f195c929486136872eee.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\98c3d93eeb1c3139c530df4aa6270bb3df7c24148e71f195c929486136872eee.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\98c3d93eeb1c3139c530df4aa6270bb3df7c24148e71f195c929486136872eee.exe
"C:\Users\Admin\AppData\Local\Temp\98c3d93eeb1c3139c530df4aa6270bb3df7c24148e71f195c929486136872eee.exe"
C:\Users\Admin\AppData\Local\Temp\692F.exe
C:\Users\Admin\AppData\Local\Temp\692F.exe
C:\Users\Admin\AppData\Local\Temp\692F.exe
C:\Users\Admin\AppData\Local\Temp\692F.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6F76.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\6F76.dll
C:\Users\Admin\AppData\Local\Temp\81B0.exe
C:\Users\Admin\AppData\Local\Temp\81B0.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 124
C:\Users\Admin\AppData\Local\Temp\898D.exe
C:\Users\Admin\AppData\Local\Temp\898D.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| DE | 185.220.101.206:30206 | tcp | |
| DE | 167.86.94.107:9001 | tcp | |
| N/A | 127.0.0.1:49224 | tcp | |
| US | 38.145.200.61:443 | tcp | |
| DE | 5.181.51.52:9001 | tcp | |
| NL | 188.116.27.219:443 | tcp | |
| FI | 65.21.50.48:443 | tcp | |
| US | 82.165.215.64:443 | tcp | |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 82.165.215.64:443 | tcp | |
| FI | 65.21.50.48:443 | tcp | |
| US | 8.8.8.8:53 | metaltecsantos.com.br | udp |
| US | 8.8.8.8:53 | iccastelverde.it | udp |
| US | 8.8.8.8:53 | metaltecsantos.com.br | udp |
| US | 8.8.8.8:53 | caritasmbujimayi.org | udp |
| US | 8.8.8.8:53 | caritasmbujimayi.org | udp |
| US | 8.8.8.8:53 | iesjuanciudadduarte.es | udp |
| US | 8.8.8.8:53 | iccastelverde.it | udp |
| US | 8.8.8.8:53 | srisankara.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | prodesp1.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | alomedia.info | udp |
| US | 8.8.8.8:53 | mx-vip-02.uni5.net | udp |
| US | 8.8.8.8:53 | digitalsport.co.th | udp |
| US | 8.8.8.8:53 | iesjuanciudadduarte.es | udp |
| US | 8.8.8.8:53 | srisankara.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | digitalsport.co.th | udp |
| US | 8.8.8.8:53 | prodesp1.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | alomedia.info | udp |
| US | 8.8.8.8:53 | wp.https | udp |
| BR | 191.6.210.110:22 | metaltecsantos.com.br | tcp |
| US | 8.8.8.8:53 | wp.https | udp |
| BR | 191.6.210.110:21 | metaltecsantos.com.br | tcp |
| DE | 85.13.129.99:22 | alomedia.info | tcp |
| US | 8.8.8.8:53 | alunos.aepbs.ncom | udp |
| IT | 89.46.109.32:22 | caritasmbujimayi.org | tcp |
| US | 8.8.8.8:53 | gcorp.com | udp |
| US | 8.8.8.8:53 | musculacaoectomorfoo.com | udp |
| US | 8.8.8.8:53 | w0129fb0.kasserver.com | udp |
| DE | 85.13.129.99:143 | w0129fb0.kasserver.com | tcp |
| DE | 85.13.129.99:443 | w0129fb0.kasserver.com | tcp |
| US | 8.8.8.8:53 | mx.caritasmbujimayi.org | udp |
| IT | 62.149.128.151:143 | mx.caritasmbujimayi.org | tcp |
| IT | 62.149.128.163:143 | mx.caritasmbujimayi.org | tcp |
| US | 8.8.8.8:53 | ALT4.ASPMX.L.GOOGLE.COM | udp |
| US | 173.194.202.27:143 | ALT4.ASPMX.L.GOOGLE.COM | tcp |
| BR | 191.6.210.110:80 | metaltecsantos.com.br | tcp |
| DE | 85.13.129.99:80 | w0129fb0.kasserver.com | tcp |
| IT | 62.149.128.72:143 | mx.caritasmbujimayi.org | tcp |
| US | 8.8.8.8:53 | alunos.aepbs.ncom | udp |
| US | 8.8.8.8:53 | srisankara.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | srisankara.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | deloittil.com | udp |
| US | 8.8.8.8:53 | gmail.cohttps | udp |
| US | 8.8.8.8:53 | gmail.m.br | udp |
| US | 8.8.8.8:53 | clickspic.com | udp |
| US | 8.8.8.8:53 | hotmail.ctiscali.it | udp |
| US | 8.8.8.8:53 | gcorp.com | udp |
| US | 8.8.8.8:53 | my.ipleiria.pom | udp |
| US | 8.8.8.8:53 | helmoo.com | udp |
| US | 8.8.8.8:53 | musculacaoectomorfoo.com | udp |
| US | 8.8.8.8:53 | musculacaoectomorfoo.com | udp |
| US | 8.8.8.8:53 | musculacaoectomorfoo.com | udp |
| US | 8.8.8.8:53 | deloittil.com | udp |
| US | 8.8.8.8:53 | gmail.cohttps | udp |
| US | 8.8.8.8:53 | deloittil.com | udp |
| US | 8.8.8.8:53 | cust15051-2.in.mailcontrol.com | udp |
| US | 8.8.8.8:53 | cust15051-2.in.mailcontrol.com | udp |
| US | 8.8.8.8:53 | cust15051-2.in.mailcontrol.com | udp |
| US | 8.8.8.8:53 | gmail.m.br | udp |
| US | 8.8.8.8:53 | hotmail.ctiscali.it | udp |
| US | 8.8.8.8:53 | hotmail.ctiscali.it | udp |
| US | 8.8.8.8:53 | hotmail.ctiscali.it | udp |
| US | 8.8.8.8:53 | clickspic.com | udp |
| US | 8.8.8.8:53 | my.ipleiria.pom | udp |
| US | 8.8.8.8:53 | my.ipleiria.pom | udp |
| US | 8.8.8.8:53 | helmoo.com | udp |
| US | 8.8.8.8:53 | helmoo.com | udp |
| US | 8.8.8.8:53 | helmoo.com | udp |
| AT | 94.247.150.89:443 | helmoo.com | tcp |
| BR | 191.6.210.110:22 | metaltecsantos.com.br | tcp |
| IT | 89.46.109.32:22 | caritasmbujimayi.org | tcp |
| ES | 185.66.41.57:80 | iesjuanciudadduarte.es | tcp |
| DE | 85.13.129.99:143 | w0129fb0.kasserver.com | tcp |
| IT | 89.46.109.32:80 | caritasmbujimayi.org | tcp |
| IT | 89.46.109.32:21 | caritasmbujimayi.org | tcp |
| IT | 89.46.109.32:80 | caritasmbujimayi.org | tcp |
| DE | 85.13.129.99:21 | w0129fb0.kasserver.com | tcp |
| BR | 191.6.220.39:143 | mx-vip-02.uni5.net | tcp |
| AT | 94.247.150.89:21 | helmoo.com | tcp |
| US | 8.8.8.8:53 | mi6studios.com | udp |
| DE | 185.53.177.54:80 | ftp.iccastelverde.it | tcp |
| ES | 185.66.41.57:22 | iesjuanciudadduarte.es | tcp |
| DE | 85.13.129.99:443 | mi6studios.com | tcp |
| US | 8.8.8.8:53 | super-tangecollege.edu.np | udp |
| US | 8.8.8.8:53 | srisankara.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | www.caritasmbujimayi.org | udp |
| DE | 85.13.129.99:80 | mi6studios.com | tcp |
| US | 8.8.8.8:53 | mail.helmoo.com | udp |
| US | 8.8.8.8:53 | super-tangecollege.edu.np | udp |
| AT | 94.247.150.89:80 | mail.helmoo.com | tcp |
| IT | 89.46.109.32:443 | www.caritasmbujimayi.org | tcp |
| US | 173.194.202.27:465 | ALT4.ASPMX.L.GOOGLE.COM | tcp |
| BR | 191.6.210.110:443 | metaltecsantos.com.br | tcp |
| DE | 85.13.129.99:465 | mi6studios.com | tcp |
| DE | 85.13.129.99:990 | mi6studios.com | tcp |
| IT | 89.46.109.32:222 | www.caritasmbujimayi.org | tcp |
| DE | 85.13.129.99:143 | mi6studios.com | tcp |
| AT | 94.247.150.89:22 | mail.helmoo.com | tcp |
| AT | 94.247.150.89:995 | mail.helmoo.com | tcp |
| DE | 185.53.177.54:80 | ftp.iccastelverde.it | tcp |
| IT | 89.46.109.32:990 | www.caritasmbujimayi.org | tcp |
| BR | 191.6.220.39:993 | mx-vip-02.uni5.net | tcp |
| ES | 185.66.41.57:443 | iesjuanciudadduarte.es | tcp |
| AT | 94.247.150.89:80 | mail.helmoo.com | tcp |
| AT | 94.247.150.89:80 | mail.helmoo.com | tcp |
| BR | 191.6.210.110:80 | metaltecsantos.com.br | tcp |
| US | 8.8.8.8:53 | electrobotic.in | udp |
| US | 8.8.8.8:53 | janocolcerniani.com | udp |
| US | 8.8.8.8:53 | ferregave.net | udp |
| US | 8.8.8.8:53 | gmail.cotiongate.com | udp |
| US | 8.8.8.8:53 | electrobotic.in | udp |
| US | 8.8.8.8:53 | tunelscat.cat | udp |
| US | 8.8.8.8:53 | srisankara.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | srisankara.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ferregave.net | udp |
| US | 8.8.8.8:53 | janocolcerniani.com | udp |
| US | 8.8.8.8:53 | janocolcerniani.com | udp |
| US | 8.8.8.8:53 | gmail.cotiongate.com | udp |
| US | 8.8.8.8:53 | janocolcerniani.com | udp |
| US | 8.8.8.8:53 | tunelscat.cat | udp |
| DE | 85.13.129.99:80 | mi6studios.com | tcp |
| AT | 94.247.150.89:80 | mail.helmoo.com | tcp |
| ES | 185.66.41.57:443 | iesjuanciudadduarte.es | tcp |
| IT | 89.46.109.32:80 | www.caritasmbujimayi.org | tcp |
| AT | 94.247.150.89:80 | mail.helmoo.com | tcp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | traviss.co.nz | udp |
| US | 8.8.8.8:53 | servigenerales.com | udp |
| US | 8.8.8.8:53 | dreamyard.cttps | udp |
| US | 8.8.8.8:53 | srisankara.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | mail.tunelscat.cat | udp |
| US | 8.8.8.8:53 | ftp.alomedia.info | udp |
| US | 8.8.8.8:53 | ftp.srisankara.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | traviss.co.nz | udp |
| US | 8.8.8.8:53 | ftp.caritasmbujimayi.org | udp |
| US | 8.8.8.8:53 | ftp.digitalsport.co.th | udp |
| US | 8.8.8.8:53 | mail.tunelscat.cat | udp |
| US | 8.8.8.8:53 | ftp.prodesp1.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | servigenerales.com | udp |
| US | 8.8.8.8:53 | servigenerales.com | udp |
| BR | 191.6.210.110:80 | metaltecsantos.com.br | tcp |
| US | 3.33.130.190:21 | traviss.co.nz | tcp |
| US | 3.33.130.190:443 | traviss.co.nz | tcp |
| US | 15.197.148.33:21 | traviss.co.nz | tcp |
| US | 8.8.8.8:53 | dreamyard.cttps | udp |
| DE | 85.13.129.99:443 | ftp.alomedia.info | tcp |
| US | 8.8.8.8:53 | bp2c.com | udp |
| CA | 23.227.38.65:80 | electrobotic.in | tcp |
| US | 216.239.34.21:80 | janocolcerniani.com | tcp |
| FR | 176.31.240.71:80 | mail.tunelscat.cat | tcp |
| IT | 89.46.109.32:443 | www.caritasmbujimayi.org | tcp |
| AT | 94.247.150.89:80 | mail.helmoo.com | tcp |
| ES | 185.66.41.57:443 | iesjuanciudadduarte.es | tcp |
| US | 8.8.8.8:53 | zonadosconcursos.com | udp |
| US | 8.8.8.8:53 | bp2c.com | udp |
| US | 8.8.8.8:53 | zonadosconcursos.com | udp |
| US | 8.8.8.8:53 | ftp.alunos.aepbs.ncom | udp |
| DE | 85.13.129.99:443 | ftp.alomedia.info | tcp |
| BR | 191.6.220.39:25 | mx-vip-02.uni5.net | tcp |
| US | 8.8.8.8:53 | ftp.iesjuanciudadduarte.es | udp |
| US | 8.8.8.8:53 | www.janocolcerniani.com | udp |
| US | 8.8.8.8:53 | srisankara.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.prodesp1.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ftp.gmail.cohttps | udp |
| US | 8.8.8.8:53 | ftp.gmail.m.br | udp |
| US | 8.8.8.8:53 | mail.wp.https | udp |
| US | 8.8.8.8:53 | mail.digitalsport.co.th | udp |
| US | 8.8.8.8:53 | ftp.helmoo.com | udp |
| US | 8.8.8.8:53 | ALT2.ASPMX.L.GOOGLE.COM | udp |
| US | 8.8.8.8:53 | servigenerales-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ssh.srisankara.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ftp.hotmail.ctiscali.it | udp |
| US | 8.8.8.8:53 | cust15051-1.in.mailcontrol.com | udp |
| US | 8.8.8.8:53 | ftp.deloittil.com | udp |
| US | 8.8.8.8:53 | ftp.my.ipleiria.pom | udp |
| US | 8.8.8.8:53 | mail.musculacaoectomorfoo.com | udp |
| US | 8.8.8.8:53 | ftp.clickspic.com | udp |
| US | 8.8.8.8:53 | ftp.gcorp.com | udp |
| US | 52.101.9.11:995 | servigenerales-com.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gmublitz.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | market2ndlook.com | udp |
| US | 8.8.8.8:53 | mx-vip-01.uni5.net | udp |
| US | 8.8.8.8:53 | mx1.ovh.net | udp |
| US | 8.8.8.8:53 | mx1.ovh.net | udp |
| US | 52.101.11.7:995 | servigenerales-com.mail.protection.outlook.com | tcp |
| US | 52.101.9.0:995 | servigenerales-com.mail.protection.outlook.com | tcp |
| US | 52.101.42.10:995 | servigenerales-com.mail.protection.outlook.com | tcp |
| US | 52.101.11.2:995 | servigenerales-com.mail.protection.outlook.com | tcp |
| US | 52.101.10.8:995 | servigenerales-com.mail.protection.outlook.com | tcp |
| US | 52.101.40.4:995 | servigenerales-com.mail.protection.outlook.com | tcp |
| BR | 191.6.210.110:443 | metaltecsantos.com.br | tcp |
| GB | 142.250.200.19:80 | www.janocolcerniani.com | tcp |
| US | 15.197.142.173:80 | servigenerales.com | tcp |
| FR | 176.31.240.71:80 | mail.tunelscat.cat | tcp |
| US | 3.33.130.190:80 | traviss.co.nz | tcp |
| IT | 89.46.109.32:80 | www.caritasmbujimayi.org | tcp |
| AT | 94.247.150.89:80 | ftp.helmoo.com | tcp |
| ES | 185.66.41.57:443 | ftp.iesjuanciudadduarte.es | tcp |
| CA | 23.227.38.65:443 | electrobotic.in | tcp |
| US | 8.8.8.8:53 | tgtechseg.com.br | udp |
| US | 8.8.8.8:53 | market2ndlook.com | udp |
| US | 8.8.8.8:53 | gmublitz.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ttestech.edu | udp |
| US | 8.8.8.8:53 | mnnit.ac.i.com | udp |
| US | 8.8.8.8:53 | ssh.prodesp1.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ttestech.edu | udp |
| US | 8.8.8.8:53 | tgtechseg.com.br | udp |
| US | 8.8.8.8:53 | servigenerales-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ssh.caritasmbujimayi.org | udp |
| US | 8.8.8.8:53 | ftp.super-tangecollege.edu.np | udp |
| US | 8.8.8.8:53 | ssh.metaltecsantos.com.br | udp |
| US | 8.8.8.8:53 | mail.clickspic.com | udp |
| US | 8.8.8.8:53 | mail.deloittil.com | udp |
| US | 8.8.8.8:53 | ssh.iesjuanciudadduarte.es | udp |
| US | 8.8.8.8:53 | mail.gmail.m.br | udp |
| US | 8.8.8.8:53 | srisankara.mail.protection.outlook.com | udp |
Files
memory/1228-1-0x00000000002F0000-0x00000000003F0000-memory.dmp
memory/1228-2-0x00000000001B0000-0x00000000001BB000-memory.dmp
memory/1228-3-0x0000000000400000-0x0000000002D3E000-memory.dmp
memory/1204-4-0x0000000002D20000-0x0000000002D36000-memory.dmp
memory/1228-5-0x0000000000400000-0x0000000002D3E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\692F.exe
| MD5 | 6f6acad159c227395d99e3e777afe1bf |
| SHA1 | c50b629119f2a842f5926d1be2886a502bdae0f9 |
| SHA256 | 9c69bc44be42ab3766f48caf1de6b7ef8ee6849453e08af589b5879d8421ff08 |
| SHA512 | bdc7dfa1c78f11d66ce49ababb5f61e78514a8b7cfd4a0e0859d628d3ac92f8887a4b73eb80e99a9b75eb4e06b64455dcae05f47f0afc58a17a050af45b5dc67 |
C:\Users\Admin\AppData\Local\Temp\692F.exe
| MD5 | 359cb18b9b67dc44321d9c484c2710c9 |
| SHA1 | 3ffb07be9134cd76695325399efdc50630b507c9 |
| SHA256 | 5b3a3bb023581294b0122b707cb88639859a1e6d3a20abded74d5e9881341adc |
| SHA512 | 682d6e616251db541bec2cc6f4c4c8fa69969e0eb8fb30d0456f39b2ddc8a174e21336a2bcd9f331c5f8c428a7768739f2ab8426dff0befc079bec8f0d4cbe29 |
memory/2560-17-0x0000000004810000-0x00000000049C8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\692F.exe
| MD5 | 1cc2b5d0c9ea714d9778caaf467f02ff |
| SHA1 | 9d2533c822fae993be0b9960dfdd29f61f245689 |
| SHA256 | 1ecf64c2cb78ef255613e1c8a39542ce156e3af4f98bfc76c0cf29f1ac1abf37 |
| SHA512 | f8e070e8ee73eb0a0d5534cd8fb9e822d64d5fa64fad35f24e5e573ca5be3930f2e426d9f28251c370de5b03c575d982a1f9b1a40009422fcae1eff1fb77b70b |
\Users\Admin\AppData\Local\Temp\692F.exe
| MD5 | 3a94f99f05c2343e9c0351c607eae248 |
| SHA1 | 658b44f0b2ad93669154b9d4cd7c250a996f6bb0 |
| SHA256 | 933e7f4447169bb8960d8d8af29420c18871dce491510d24a02ff86e4eb43dd1 |
| SHA512 | 8b7c6b90f06df586fed0cb6ab2eaad128357c0bbbdfab61957cefa1a18041ade62d5a6d07d4dec51e4be5ec26a593546e11740555d14e869835ee04fda78b1d0 |
memory/2560-22-0x0000000004A00000-0x0000000004BB7000-memory.dmp
memory/2724-21-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2724-24-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\692F.exe
| MD5 | 147f5f5bbc80b2ad753993e15f3f32c2 |
| SHA1 | 16d73b4abeef12cf76414338901eb7bbef46775f |
| SHA256 | 40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990 |
| SHA512 | 9c43aaa68161ef04c60e3f64c3fd54426dfd387f0013f009f3da94d45f19e514cd41de7b95865c47f55e5800222fd74736659138bb96406aa37f9cdc8e5799b6 |
memory/2560-18-0x0000000004810000-0x00000000049C8000-memory.dmp
memory/2724-27-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-28-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-29-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-30-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-31-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\6F76.dll
| MD5 | a6e4c2197232278046c741c6128c72a2 |
| SHA1 | 600e1a6bb0bbf69e3b4533a5f8d8de9a53abc615 |
| SHA256 | c0d213f77d33b057da5fbfaa1847ecfd63a6284ff5a54a44157ae2379abf76e1 |
| SHA512 | 4e874dddaad2ea9c7c5b12d25c205464d35e60e7a5ddcc8eacef63db852312053c1ec048fbe43e19d87f5de7c7b0cfe9e436638904fe840e265ea3b3cdaa3010 |
\Users\Admin\AppData\Local\Temp\6F76.dll
| MD5 | e1837116bb692143a9d0f627f9ef5f32 |
| SHA1 | 5d9773739c2e8fdf8003a88fc8870068ad3d9d6a |
| SHA256 | 34f77d0a1abec4911f4a32a5b390181ca0b840edeea4eaf43a15a73324527ca7 |
| SHA512 | c16213503795772cca05fa621476e40d8a4592f458337022b4bdf34cb7f8adde627ac763663010fcb83344effc192200e63c415a191372ca53898afd7e0b21fe |
memory/2352-40-0x0000000010000000-0x000000001020C000-memory.dmp
memory/2352-39-0x00000000001C0000-0x00000000001C6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\81B0.exe
| MD5 | 6cc5e43d43a4f816dab267f271d508e7 |
| SHA1 | 1d4c9c1a4a371158afd6e0a3dbc61c8977a8184f |
| SHA256 | 89c6ae2f975f341e966d07b25b9a68db044c9f3da30bdc2040522ff4babd499b |
| SHA512 | 45f370fcb6a3b1c05f1afda3497065e70a8fc32a657ab189607bd0779190ed383f2dc81ce814ed1eed9d49ffebe7d31947b8a3028e6ba3f109eab8103bedb6b6 |
C:\Users\Admin\AppData\Local\Temp\81B0.exe
| MD5 | 8bf81aa03a788ed190e0e607425d0329 |
| SHA1 | be7ebc1dce27f2579ed86715dfa1783937d5b671 |
| SHA256 | 655f549e5bf785a06fcd9d20531f00fa3253f1049b4cd2a119ae67974d2cac37 |
| SHA512 | e1af6ad59a121db2a3b5a2632cb402fa6a1e47f8e6bdb479e70f5085c4ac181fc724146a5fe09796f82f584e25183f793b19a0cb6fdfedb213ca3d7d67b9af54 |
memory/2448-47-0x00000000000F0000-0x00000000000F1000-memory.dmp
memory/2448-48-0x0000000000930000-0x00000000011DF000-memory.dmp
memory/2448-50-0x00000000000F0000-0x00000000000F1000-memory.dmp
memory/2448-52-0x00000000000F0000-0x00000000000F1000-memory.dmp
memory/2352-56-0x00000000025A0000-0x00000000026DC000-memory.dmp
memory/2448-54-0x0000000077700000-0x0000000077701000-memory.dmp
memory/2448-59-0x0000000000100000-0x0000000000101000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | ed51aa2e212f72811969b0db8682131f |
| SHA1 | 9d23b08bc651d9f70e28174c0544b8aa92cadd4c |
| SHA256 | 68b03db481dde019b05d6c107fb796a29ae112b6872969ffba777617b4fbc396 |
| SHA512 | 5ba07ad7db42971467f18d384679cae8056a92fc81991bb427cab45087f29b7d552216d672f3c6bb3a0d551cf9681783c43e0acb9a386f175ab379944c9b334a |
\Users\Admin\AppData\Local\Temp\81B0.exe
| MD5 | 7380983b85caff05cb70683d9aed46f4 |
| SHA1 | 53fef1ba72de6e7f139f17b12a41cec7c81635ed |
| SHA256 | 9abacdd49ab8f8b12ee9165c73307947532ed155565fd436026c9c14fd3ea3cd |
| SHA512 | b6a2de423203aee43640a1383a9eca0b0541c30850ea1365e562954b7db72cb6ab6d7df3df17a4191fef70d988dcf7e9314030c72700037193a071f205d26db5 |
\Users\Admin\AppData\Local\Temp\81B0.exe
| MD5 | 44734c50fd10beb552a9fdf11c952801 |
| SHA1 | 56b57818d8dcec39be34de5423f1d69855bfc588 |
| SHA256 | dc989a510bed23c78295680ebc68aec334ac95a760591de31dfd2d0edd37be6d |
| SHA512 | e213acf8bffc2eed6f2d1c2b8fb310f3df5d05137957e00cb9bdec453242a4e90e0ff8b3560be587b592a4662cc98b7b8f8f6f885f5575c13652121a298a4e39 |
memory/2352-68-0x00000000026E0000-0x00000000027FB000-memory.dmp
memory/2352-71-0x00000000026E0000-0x00000000027FB000-memory.dmp
\Users\Admin\AppData\Local\Temp\81B0.exe
| MD5 | 1345d94a03d17599a3fc39776ece28b0 |
| SHA1 | 5d878eecbe2017deb757c9e22b1726aa53ec61c7 |
| SHA256 | caeea162992f298eeb25830241b72eeaf704418142102d194686f8a188c55e50 |
| SHA512 | 66147e8942816525269b4a7bbddc37fd00ebce289cfa500e5f64d4396da27245fae549f647be2220d7cbd72665721f08bb9cbb18d0d9e72a2f41249f033b1ecc |
C:\Users\Admin\AppData\Local\Temp\898D.exe
| MD5 | e6dd149f484e5dd78f545b026f4a1691 |
| SHA1 | 3ea5d0fb2de5bfad3dc6dc1744708ccd31102df6 |
| SHA256 | 11243641663323721ba21494a394de70ae70d4ea23c23f2e2a397fcc3cfea1a7 |
| SHA512 | 0defb358d59221c56731745a25250dfea49ecbb411f11f31a92ec20fa2123646f4aaf9fd4999898c39e4674f616bc1bed7ef2368b61a29d595dc7b9340dd058b |
memory/2700-80-0x0000000002E40000-0x0000000002F40000-memory.dmp
memory/2700-81-0x0000000002D90000-0x0000000002DFB000-memory.dmp
memory/2700-83-0x0000000000400000-0x0000000002D8C000-memory.dmp
memory/2700-82-0x0000000000400000-0x0000000002D8C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | 984e2050d12aaea6ea0512e832caf09c |
| SHA1 | b17f8ab9cc533dbba34bbc16fd6ff9de9105b172 |
| SHA256 | bd81b032b9c18e6886bc94f90da98ea6e35683cc8186824d8ea7f0f080478530 |
| SHA512 | 6d2d8a0751cf6180ffd6dd6371fbf3b8093d39dbd8e46a043afc928c4bb53b51ac8e9f082d461626410aeadf36e929b7eef35172b3eb9616dcb7d8054dbaf531 |
memory/2724-95-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2352-96-0x0000000010000000-0x000000001020C000-memory.dmp
memory/2700-97-0x0000000000400000-0x0000000002D8C000-memory.dmp
memory/2724-103-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-105-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-109-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-112-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-113-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-114-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-115-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-117-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-119-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-124-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-127-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-130-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-131-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-128-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-126-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-134-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-136-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-139-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-140-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-138-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-137-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-135-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-125-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-122-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-121-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-120-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-118-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2724-116-0x0000000000400000-0x0000000000848000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-25 05:07
Reported
2024-02-25 05:10
Platform
win10v2004-20240221-en
Max time kernel
38s
Max time network
155s
Command Line
Signatures
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
SmokeLoader
Stealc
Detect binaries embedding considerable number of MFA browser extension IDs.
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects Windows executables referencing non-Windows User-Agents
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects executables Discord URL observed in first stage droppers
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects executables containing URLs to raw contents of a Github gist
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects executables containing artifacts associated with disabling Widnows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects executables packed with VMProtect.
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects executables referencing many varying, potentially fake Windows User-Agents
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Contacts a large (511) amount of remote hosts
Creates new service(s)
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\E2C3.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B98C.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B98C.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\CC5A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\D0C0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E2C3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EF66.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FourthX.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B98C.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3116 set thread context of 396 | N/A | C:\Users\Admin\AppData\Local\Temp\B98C.exe | C:\Users\Admin\AppData\Local\Temp\B98C.exe |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\FE2D.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\nsxC51.tmp |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\98c3d93eeb1c3139c530df4aa6270bb3df7c24148e71f195c929486136872eee.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\98c3d93eeb1c3139c530df4aa6270bb3df7c24148e71f195c929486136872eee.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\98c3d93eeb1c3139c530df4aa6270bb3df7c24148e71f195c929486136872eee.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\EF66.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\EF66.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\EF66.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\98c3d93eeb1c3139c530df4aa6270bb3df7c24148e71f195c929486136872eee.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\98c3d93eeb1c3139c530df4aa6270bb3df7c24148e71f195c929486136872eee.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\98c3d93eeb1c3139c530df4aa6270bb3df7c24148e71f195c929486136872eee.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\98c3d93eeb1c3139c530df4aa6270bb3df7c24148e71f195c929486136872eee.exe
"C:\Users\Admin\AppData\Local\Temp\98c3d93eeb1c3139c530df4aa6270bb3df7c24148e71f195c929486136872eee.exe"
C:\Users\Admin\AppData\Local\Temp\B98C.exe
C:\Users\Admin\AppData\Local\Temp\B98C.exe
C:\Users\Admin\AppData\Local\Temp\B98C.exe
C:\Users\Admin\AppData\Local\Temp\B98C.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\BEAD.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\BEAD.dll
C:\Users\Admin\AppData\Local\Temp\CC5A.exe
C:\Users\Admin\AppData\Local\Temp\CC5A.exe
C:\Users\Admin\AppData\Local\Temp\D0C0.exe
C:\Users\Admin\AppData\Local\Temp\D0C0.exe
C:\Users\Admin\AppData\Local\Temp\E2C3.exe
C:\Users\Admin\AppData\Local\Temp\E2C3.exe
C:\Users\Admin\AppData\Local\Temp\EF66.exe
C:\Users\Admin\AppData\Local\Temp\EF66.exe
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\F860.exe
C:\Users\Admin\AppData\Local\Temp\F860.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
"C:\Users\Admin\AppData\Local\Temp\FourthX.exe"
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe"
C:\Users\Admin\AppData\Local\Temp\is-GNFNH.tmp\F860.tmp
"C:\Users\Admin\AppData\Local\Temp\is-GNFNH.tmp\F860.tmp" /SL5="$100052,4185251,54272,C:\Users\Admin\AppData\Local\Temp\F860.exe"
C:\Users\Admin\AppData\Local\Temp\FE2D.exe
C:\Users\Admin\AppData\Local\Temp\FE2D.exe
C:\Users\Admin\AppData\Local\DVD Slow\dvdslow.exe
"C:\Users\Admin\AppData\Local\DVD Slow\dvdslow.exe" -i
C:\Users\Admin\AppData\Local\DVD Slow\dvdslow.exe
"C:\Users\Admin\AppData\Local\DVD Slow\dvdslow.exe" -s
C:\Users\Admin\AppData\Local\Temp\nsxC51.tmp
C:\Users\Admin\AppData\Local\Temp\nsxC51.tmp
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2420 -ip 2420
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 540
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2264 -ip 2264
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 2400
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "UTIXDCVF"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "UTIXDCVF" binpath= "C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe" start= "auto"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "UTIXDCVF"
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Roaming\ggbtwia
C:\Users\Admin\AppData\Roaming\ggbtwia
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| US | 8.8.8.8:53 | 120.85.215.91.in-addr.arpa | udp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | 19.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | resergvearyinitiani.shop | udp |
| US | 104.21.94.2:443 | resergvearyinitiani.shop | tcp |
| US | 8.8.8.8:53 | 2.94.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| MX | 189.232.56.10:80 | trmpc.com | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 8.8.8.8:53 | 118.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.56.232.189.in-addr.arpa | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | en.bestsup.su | udp |
| US | 172.67.171.112:80 | en.bestsup.su | tcp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 8.8.8.8:53 | 92.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.171.67.172.in-addr.arpa | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.76.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| US | 8.8.8.8:53 | 242.10.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.128.172.185.in-addr.arpa | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 8.8.8.8:53 | 127.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| CA | 149.56.98.216:9001 | tcp | |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| DE | 185.220.101.145:10145 | tcp | |
| US | 8.8.8.8:53 | 145.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.101.220.185.in-addr.arpa | udp |
| NL | 5.2.78.69:9001 | tcp | |
| DE | 193.23.244.244:443 | tcp | |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| IT | 2.233.91.176:19001 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| CA | 198.245.61.196:443 | tcp | |
| DE | 131.188.40.189:443 | tcp | |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| US | 8.8.8.8:53 | 189.40.188.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.64.42.5.in-addr.arpa | udp |
| DE | 89.58.3.65:443 | tcp | |
| DE | 185.220.101.204:8443 | tcp | |
| US | 8.8.8.8:53 | 65.3.58.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.101.220.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xmr-eu2.nanopool.org | udp |
| GB | 51.195.138.197:14433 | xmr-eu2.nanopool.org | tcp |
| US | 8.8.8.8:53 | 197.138.195.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.67.143:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | 143.67.20.104.in-addr.arpa | udp |
| DE | 185.220.101.204:8443 | tcp | |
| DE | 89.58.3.65:443 | tcp | |
| DE | 142.132.204.112:4443 | tcp | |
| US | 8.8.8.8:53 | 112.204.132.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | topsendora.com | udp |
| US | 8.8.8.8:53 | tortxperts.com | udp |
| US | 8.8.8.8:53 | tripinesia.com | udp |
| US | 8.8.8.8:53 | trungmaieu.com | udp |
| US | 8.8.8.8:53 | tuseguromj.com | udp |
| MY | 185.93.167.13:443 | topsendora.com | tcp |
| US | 8.8.8.8:53 | upfluencia.com | udp |
| ID | 153.92.11.29:443 | tripinesia.com | tcp |
| US | 8.8.8.8:53 | veebhaexim.com | udp |
| IN | 119.18.54.125:443 | tortxperts.com | tcp |
| US | 8.8.8.8:53 | vinkoihome.com | udp |
| VN | 103.138.88.39:443 | trungmaieu.com | tcp |
| US | 162.241.80.15:443 | upfluencia.com | tcp |
| US | 192.232.218.240:443 | tuseguromj.com | tcp |
| US | 8.8.8.8:53 | worldpices.com | udp |
| US | 8.8.8.8:53 | zeexaymaca.com | udp |
| US | 50.87.179.245:443 | vinkoihome.com | tcp |
| US | 162.241.230.104:443 | worldpices.com | tcp |
| US | 162.241.226.82:443 | zeexaymaca.com | tcp |
| US | 8.8.8.8:53 | zibrospick.com | udp |
| IN | 111.118.212.158:443 | veebhaexim.com | tcp |
| US | 8.8.8.8:53 | zoom-impex.com | udp |
| US | 8.8.8.8:53 | 1movenation.com | udp |
| US | 8.8.8.8:53 | advocaciabt.com | udp |
| US | 172.104.7.246:443 | zibrospick.com | tcp |
| US | 8.8.8.8:53 | aktualtekno.com | udp |
| US | 8.8.8.8:53 | 13.167.93.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.11.92.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.54.18.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.80.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.218.232.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.88.138.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.179.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.230.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.226.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.212.118.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | alirezaanim.com | udp |
| US | 162.0.220.139:80 | zoom-impex.com | tcp |
| US | 8.8.8.8:53 | arabs-marca.com | udp |
| US | 8.8.8.8:53 | areosphagos.com | udp |
| US | 8.8.8.8:53 | badeschnurr.com | udp |
| US | 8.8.8.8:53 | www.avaluosmavi.com | udp |
| US | 8.8.8.8:53 | bawanigroup.com | udp |
| US | 8.8.8.8:53 | helloruchna.com | udp |
| US | 8.8.8.8:53 | idolconcept.com | udp |
| ID | 103.153.3.138:443 | aktualtekno.com | tcp |
| MY | 111.90.144.132:443 | 1movenation.com | tcp |
| US | 216.172.160.181:443 | advocaciabt.com | tcp |
| US | 8.8.8.8:53 | inconceptcr.com | udp |
| US | 162.241.253.231:443 | arabs-marca.com | tcp |
| IR | 5.144.130.56:443 | alirezaanim.com | tcp |
| US | 8.8.8.8:53 | 246.7.104.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.220.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | infopediarg.com | udp |
| US | 162.254.39.95:443 | helloruchna.com | tcp |
| US | 8.8.8.8:53 | inspect2fix.com | udp |
| GB | 109.70.148.67:443 | areosphagos.com | tcp |
| US | 8.8.8.8:53 | iptv-tooday.com | udp |
| DE | 81.169.145.148:443 | idolconcept.com | tcp |
| US | 50.87.253.11:443 | badeschnurr.com | tcp |
| US | 8.8.8.8:53 | inoxthanhha.com | udp |
| US | 162.241.61.123:443 | www.avaluosmavi.com | tcp |
| US | 8.8.8.8:53 | irancarehub.com | udp |
| US | 8.8.8.8:53 | induccionfa.com | udp |
| US | 207.174.214.247:443 | bawanigroup.com | tcp |
| CL | 138.117.148.158:443 | inconceptcr.com | tcp |
| US | 8.8.8.8:53 | www.isabellkoch.com | udp |
| BR | 149.100.155.250:443 | infopediarg.com | tcp |
| US | 8.8.8.8:53 | israescorts.com | udp |
| US | 8.8.8.8:53 | jankarivani.com | udp |
| US | 8.8.8.8:53 | jjmateriais.com | udp |
| US | 8.8.8.8:53 | 181.160.172.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.130.144.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.144.90.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.253.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.148.70.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.145.169.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.253.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.39.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.61.241.162.in-addr.arpa | udp |
| GB | 185.77.97.37:443 | induccionfa.com | tcp |
| GB | 141.136.33.45:443 | iptv-tooday.com | tcp |
| US | 8.8.8.8:53 | jockescorts.com | udp |
| US | 8.8.8.8:53 | jogodecrash.com | udp |
| DE | 217.160.0.195:443 | www.isabellkoch.com | tcp |
| DE | 78.159.108.71:443 | irancarehub.com | tcp |
| US | 173.236.199.93:443 | inspect2fix.com | tcp |
| VN | 103.154.177.139:443 | inoxthanhha.com | tcp |
| US | 8.8.8.8:53 | journeyoflc.com | udp |
| US | 8.8.8.8:53 | jtxgreenbay.com | udp |
| FR | 178.16.128.54:443 | jankarivani.com | tcp |
| BR | 149.100.155.230:443 | jjmateriais.com | tcp |
| US | 8.8.8.8:53 | jungle-guru.com | udp |
| US | 8.8.8.8:53 | junsixtyone.com | udp |
| US | 172.67.177.18:443 | jogodecrash.com | tcp |
| US | 8.8.8.8:53 | kaghanfoods.com | udp |
| US | 172.67.173.219:80 | israescorts.com | tcp |
| US | 8.8.8.8:53 | kartingcave.com | udp |
| US | 8.8.8.8:53 | www.karyasuites.com | udp |
| US | 8.8.8.8:53 | 247.214.174.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.148.117.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.155.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.97.77.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.33.136.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.108.159.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.0.160.217.in-addr.arpa | udp |
| US | 104.21.93.161:80 | jockescorts.com | tcp |
| US | 8.8.8.8:53 | kellyllanos.com | udp |
| US | 8.8.8.8:53 | kesiamiguel.com | udp |
| SG | 156.67.222.242:443 | journeyoflc.com | tcp |
| US | 8.8.8.8:53 | kevynmarter.com | udp |
| GB | 192.250.239.241:443 | kartingcave.com | tcp |
| SG | 156.67.222.39:443 | kaghanfoods.com | tcp |
| US | 162.241.224.146:443 | jtxgreenbay.com | tcp |
| FR | 89.117.169.183:443 | kellyllanos.com | tcp |
| TR | 85.95.237.66:443 | www.karyasuites.com | tcp |
| US | 104.21.80.52:443 | kesiamiguel.com | tcp |
| US | 8.8.8.8:53 | kfoodhealth.com | udp |
| US | 8.8.8.8:53 | www.jockescorts.com | udp |
| US | 8.8.8.8:53 | kiaralandon.com | udp |
| KR | 141.164.46.121:443 | junsixtyone.com | tcp |
| US | 8.8.8.8:53 | kissyescort.com | udp |
| US | 8.8.8.8:53 | kitchenzoes.com | udp |
| US | 8.8.8.8:53 | www.israescorts.com | udp |
| US | 8.8.8.8:53 | 93.199.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.177.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.128.16.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.173.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.177.154.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.93.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.155.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.239.250.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | koolakkaraj.com | udp |
| US | 8.8.8.8:53 | koregraphic.com | udp |
| US | 8.8.8.8:53 | kotaagencia.com | udp |
| FR | 51.91.236.255:443 | kevynmarter.com | tcp |
| US | 8.8.8.8:53 | kpgapparels.com | udp |
| US | 8.8.8.8:53 | www.lamermotors.com | udp |
| US | 8.8.8.8:53 | kivapodcast.com | udp |
| US | 8.8.8.8:53 | langeologie.com | udp |
| US | 8.8.8.8:53 | laurenhclay.com | udp |
| KR | 43.201.81.209:443 | kfoodhealth.com | tcp |
| US | 104.21.30.203:443 | www.israescorts.com | tcp |
| US | 104.21.89.15:443 | kitchenzoes.com | tcp |
| US | 72.167.204.198:80 | kiaralandon.com | tcp |
| US | 104.21.93.161:443 | www.jockescorts.com | tcp |
| US | 172.67.214.89:80 | kissyescort.com | tcp |
| US | 8.8.8.8:53 | laxmigirlpg.com | udp |
| US | 8.8.8.8:53 | lcafood2024.com | udp |
| FR | 188.130.25.102:80 | koregraphic.com | tcp |
| IR | 185.10.73.42:443 | koolakkaraj.com | tcp |
| US | 8.8.8.8:53 | 242.222.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.169.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.224.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.237.95.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.222.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.236.91.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | letsummerbe.com | udp |
| US | 8.8.8.8:53 | leatherbuyz.com | udp |
| US | 173.201.184.215:443 | www.lamermotors.com | tcp |
| US | 172.67.138.155:443 | kivapodcast.com | tcp |
| IN | 217.21.87.229:443 | kpgapparels.com | tcp |
| AR | 200.58.112.188:443 | kotaagencia.com | tcp |
| FR | 193.203.239.77:443 | langeologie.com | tcp |
| US | 8.8.8.8:53 | librarysage.com | udp |
| US | 8.8.8.8:53 | likehome-ua.com | udp |
| US | 8.8.8.8:53 | www.journeyoflc.com | udp |
| US | 8.8.8.8:53 | limpaenergy.com | udp |
| US | 172.67.167.84:443 | laurenhclay.com | tcp |
| US | 8.8.8.8:53 | www.linadamshop.com | udp |
| IN | 89.117.188.112:443 | laxmigirlpg.com | tcp |
| US | 8.8.8.8:53 | lindanewtee.com | udp |
| ES | 82.98.147.45:443 | lcafood2024.com | tcp |
| US | 86.38.202.178:443 | leatherbuyz.com | tcp |
| US | 8.8.8.8:53 | livebreking.com | udp |
| US | 8.8.8.8:53 | 203.30.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.89.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.214.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.25.130.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.138.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.73.10.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.81.201.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.87.21.217.in-addr.arpa | udp |
| US | 66.235.200.146:443 | letsummerbe.com | tcp |
| US | 8.8.8.8:53 | lizaseluler.com | udp |
| US | 8.8.8.8:53 | www.kissyescort.com | udp |
| FR | 109.234.165.172:443 | www.linadamshop.com | tcp |
| SG | 156.67.222.242:443 | www.journeyoflc.com | tcp |
| US | 172.67.188.170:443 | likehome-ua.com | tcp |
| US | 104.21.90.182:443 | lindanewtee.com | tcp |
| US | 89.117.139.101:443 | librarysage.com | tcp |
| US | 8.8.8.8:53 | localnibble.com | udp |
| US | 8.8.8.8:53 | logoescorts.com | udp |
| US | 8.8.8.8:53 | lola-lamour.com | udp |
| SG | 66.42.53.125:443 | lizaseluler.com | tcp |
| US | 104.21.37.226:443 | www.kissyescort.com | tcp |
| US | 8.8.8.8:53 | lotustablet.com | udp |
| US | 195.35.10.149:443 | livebreking.com | tcp |
| US | 8.8.8.8:53 | balloontutorial.com | udp |
| US | 8.8.8.8:53 | lucasamadeu.com | udp |
| US | 8.8.8.8:53 | 77.239.203.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.112.58.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.167.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.188.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.147.98.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.200.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.202.38.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.165.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.188.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.90.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.139.117.89.in-addr.arpa | udp |
| US | 104.26.6.146:443 | localnibble.com | tcp |
| US | 104.21.87.173:80 | logoescorts.com | tcp |
| US | 151.101.130.159:443 | lola-lamour.com | tcp |
| US | 8.8.8.8:53 | macanrokesh.com | udp |
| US | 8.8.8.8:53 | mahmudabbas.com | udp |
| US | 8.8.8.8:53 | malickshola.com | udp |
| US | 8.8.8.8:53 | maria-shopp.com | udp |
| US | 8.8.8.8:53 | mariseluler.com | udp |
| US | 8.8.8.8:53 | www.marvinguyot.com | udp |
| US | 8.8.8.8:53 | mbeusafaris.com | udp |
| US | 8.8.8.8:53 | meaterprobe.com | udp |
| US | 142.93.120.185:443 | balloontutorial.com | tcp |
| US | 8.8.8.8:53 | medulasport.com | udp |
| US | 8.8.8.8:53 | mentoruncle.com | udp |
| US | 104.21.36.121:443 | lotustablet.com | tcp |
| US | 8.8.8.8:53 | www.logoescorts.com | udp |
| US | 68.178.247.241:443 | lucasamadeu.com | tcp |
| US | 8.8.8.8:53 | 226.37.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.53.42.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.10.35.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mercato2023.com | udp |
| IN | 193.203.185.47:443 | mahmudabbas.com | tcp |
| FR | 91.234.195.123:443 | malickshola.com | tcp |
| US | 8.8.8.8:53 | www.metalvanllc.com | udp |
| US | 8.8.8.8:53 | www.mindlypeace.com | udp |
| US | 8.8.8.8:53 | minhtrifilm.com | udp |
| US | 8.8.8.8:53 | minimoohome.com | udp |
| IR | 185.237.85.9:443 | maria-shopp.com | tcp |
| FR | 109.234.165.172:443 | www.marvinguyot.com | tcp |
| US | 172.67.198.212:443 | meaterprobe.com | tcp |
| SG | 66.42.53.125:443 | mariseluler.com | tcp |
| ZA | 154.0.174.123:443 | mbeusafaris.com | tcp |
| US | 8.8.8.8:53 | mlbbesports.com | udp |
| US | 8.8.8.8:53 | www.laurenhclay.com | udp |
| US | 8.8.8.8:53 | mobiescorts.com | udp |
| US | 8.8.8.8:53 | momentodefe.com | udp |
| US | 8.8.8.8:53 | monarchword.com | udp |
| US | 8.8.8.8:53 | moneyguardx.com | udp |
| US | 8.8.8.8:53 | moontriumph.com | udp |
| US | 8.8.8.8:53 | mobilitygom.com | udp |
| US | 8.8.8.8:53 | 185.120.93.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.36.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | moss-agates.com | udp |
| US | 8.8.8.8:53 | mozarchives.com | udp |
| FR | 185.166.37.103:443 | medulasport.com | tcp |
| US | 82.180.138.150:443 | mercato2023.com | tcp |
| US | 8.8.8.8:53 | mrshempfire.com | udp |
| US | 8.8.8.8:53 | fsd52.site | udp |
| US | 8.8.8.8:53 | pix55.site | udp |
| US | 172.67.145.4:443 | www.logoescorts.com | tcp |
| US | 154.49.142.40:443 | minimoohome.com | tcp |
| US | 8.8.8.8:53 | ustts.site | udp |
| US | 8.8.8.8:53 | cricpk.site | udp |
| IN | 82.180.166.247:443 | mentoruncle.com | tcp |
| FI | 135.181.6.251:443 | www.mindlypeace.com | tcp |
| US | 8.8.8.8:53 | mysone6.site | udp |
| US | 8.8.8.8:53 | www.lindanewtee.com | udp |
| US | 104.21.11.86:443 | mlbbesports.com | tcp |
| US | 208.113.188.11:443 | www.metalvanllc.com | tcp |
| US | 172.67.183.97:80 | mobiescorts.com | tcp |
| US | 8.8.8.8:53 | www.glcblog.site | udp |
| US | 104.21.83.22:443 | www.laurenhclay.com | tcp |
| JP | 133.130.111.75:443 | minhtrifilm.com | tcp |
| US | 8.8.8.8:53 | al-banna.site | udp |
| US | 8.8.8.8:53 | 123.195.234.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.185.203.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.198.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.85.237.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.174.0.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.37.166.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hokusaifx.site | udp |
| US | 8.8.8.8:53 | tuimpulso.biz | udp |
| PT | 176.61.148.168:80 | mozarchives.com | tcp |
| US | 8.8.8.8:53 | abdomik.site | udp |
| NL | 89.116.53.56:443 | moneyguardx.com | tcp |
| IN | 89.117.157.175:443 | monarchword.com | tcp |
| JP | 45.76.49.196:443 | mobilitygom.com | tcp |
| US | 8.8.8.8:53 | jjcglobal.biz | udp |
| US | 162.254.39.101:443 | moss-agates.com | tcp |
| BR | 154.56.48.196:443 | momentodefe.com | tcp |
| US | 208.113.190.207:443 | ustts.site | tcp |
| US | 8.8.8.8:53 | iptvbit.store | udp |
| US | 209.172.2.100:443 | cricpk.site | tcp |
| US | 8.8.8.8:53 | macgyver.store | udp |
| US | 172.67.203.208:443 | www.lindanewtee.com | tcp |
| US | 8.8.8.8:53 | samaaalbda.store | udp |
| NZ | 103.250.233.242:443 | moontriumph.com | tcp |
| US | 173.236.242.120:443 | www.glcblog.site | tcp |
| US | 8.8.8.8:53 | haniherbals.store | udp |
| US | 8.8.8.8:53 | 150.138.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.145.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.142.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.6.181.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.83.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.166.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.188.113.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.148.61.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.53.116.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.111.130.133.in-addr.arpa | udp |
| SG | 194.163.41.8:80 | al-banna.site | tcp |
| US | 50.31.177.197:443 | tuimpulso.biz | tcp |
| US | 172.96.187.93:443 | mysone6.site | tcp |
| SG | 109.106.252.141:443 | hokusaifx.site | tcp |
| US | 8.8.8.8:53 | womenhealth.store | udp |
| US | 8.8.8.8:53 | gorkadinjaba.store | udp |
| US | 8.8.8.8:53 | iptvessentials.store | udp |
| US | 162.241.225.189:80 | jjcglobal.biz | tcp |
| US | 66.29.132.10:443 | iptvbit.store | tcp |
| US | 8.8.8.8:53 | ammorestrainarms.store | udp |
| US | 8.8.8.8:53 | entrenamientosonline.store | udp |
| US | 8.8.8.8:53 | judislotonlinejackpotterbesar.vip | udp |
| US | 8.8.8.8:53 | www.mobiescorts.com | udp |
| US | 8.8.8.8:53 | balto.live | udp |
| US | 8.8.8.8:53 | scb90.live | udp |
| US | 8.8.8.8:53 | thb99.live | udp |
| US | 8.8.8.8:53 | 2qlive.live | udp |
| US | 8.8.8.8:53 | 175.157.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.39.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.48.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.190.113.208.in-addr.arpa | udp |
| US | 198.54.114.183:443 | womenhealth.store | tcp |
| US | 8.8.8.8:53 | 208.203.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.2.172.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.242.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tv-hd.live | udp |
| US | 8.8.8.8:53 | amb456.live | udp |
| US | 8.8.8.8:53 | fin555.live | udp |
| US | 8.8.8.8:53 | grosir.live | udp |
| US | 8.8.8.8:53 | datboi.live | udp |
| US | 8.8.8.8:53 | mkslot.live | udp |
| US | 104.21.69.176:443 | judislotonlinejackpotterbesar.vip | tcp |
| US | 198.54.116.201:443 | iptvessentials.store | tcp |
| US | 198.54.114.183:80 | womenhealth.store | tcp |
| US | 160.153.0.51:443 | balto.live | tcp |
| US | 104.21.96.81:443 | 2qlive.live | tcp |
| US | 172.67.183.97:443 | www.mobiescorts.com | tcp |
| US | 8.8.8.8:53 | cimatun.live | udp |
| US | 8.8.8.8:53 | mybet56.live | udp |
| US | 8.8.8.8:53 | fifa797.live | udp |
| US | 8.8.8.8:53 | myib888.live | udp |
| US | 8.8.8.8:53 | ufa8888.live | udp |
| US | 8.8.8.8:53 | cairo987.live | udp |
| US | 67.223.118.19:443 | samaaalbda.store | tcp |
| US | 198.54.116.155:443 | ammorestrainarms.store | tcp |
| FI | 37.27.57.153:443 | haniherbals.store | tcp |
| US | 198.54.115.46:80 | gorkadinjaba.store | tcp |
| DE | 38.242.246.92:443 | tv-hd.live | tcp |
| US | 172.67.160.126:443 | scb90.live | tcp |
| US | 8.8.8.8:53 | 93.187.96.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.177.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.233.250.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.41.163.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.225.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.132.29.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.252.106.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.114.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.69.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cursofcv.live | udp |
| US | 8.8.8.8:53 | deshipku.live | udp |
| US | 8.8.8.8:53 | imunify-alert.com | udp |
| US | 162.0.229.227:443 | entrenamientosonline.store | tcp |
| LT | 84.32.84.32:443 | datboi.live | tcp |
| US | 198.252.106.251:443 | grosir.live | tcp |
| US | 8.8.8.8:53 | lsm99wow.live | udp |
| US | 8.8.8.8:53 | xxtikporn18.com | udp |
| SG | 104.248.147.52:443 | mkslot.live | tcp |
| US | 8.8.8.8:53 | casino-daddy.live | udp |
| US | 8.8.8.8:53 | fitehdstream.live | udp |
| US | 8.8.8.8:53 | trumpsecrets.live | udp |
| US | 8.8.8.8:53 | freetemplates.live | udp |
| US | 8.8.8.8:53 | www.ustts.site | udp |
| US | 104.21.7.71:443 | mybet56.live | tcp |
| US | 8.8.8.8:53 | recaptcha.cloud | udp |
| US | 8.8.8.8:53 | 201.116.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.0.153.160.in-addr.arpa | udp |
| US | 104.21.78.8:443 | cimatun.live | tcp |
| US | 8.8.8.8:53 | 81.96.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.57.27.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.118.223.67.in-addr.arpa | udp |
| US | 104.21.6.40:443 | cairo987.live | tcp |
| US | 8.8.8.8:53 | 155.116.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.115.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | istanbulpools.live | udp |
| US | 86.38.202.18:443 | deshipku.live | tcp |
| US | 8.8.8.8:53 | awesomewebsites.live | udp |
| US | 8.8.8.8:53 | noticiasdomundo.live | udp |
| US | 193.160.64.108:443 | cursofcv.live | tcp |
| US | 104.21.8.129:443 | ufa8888.live | tcp |
| US | 8.8.8.8:53 | glocaluniversity.live | udp |
| US | 8.8.8.8:53 | modernmen-association.live | udp |
| US | 104.21.7.117:443 | lsm99wow.live | tcp |
| US | 8.8.8.8:53 | azmi.app | udp |
| US | 8.8.8.8:53 | arxan.app | udp |
| US | 8.8.8.8:53 | www.anset.fr | udp |
| US | 8.8.8.8:53 | taxter.at | udp |
| US | 104.21.234.146:443 | xxtikporn18.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 8.8.8.8:53 | 1bet2u.app | udp |
| US | 8.8.8.8:53 | www.realia.app | udp |
| US | 8.8.8.8:53 | customersolution.live | udp |
| US | 8.8.8.8:53 | wing888.app | udp |
| US | 208.113.190.207:443 | www.ustts.site | tcp |
| US | 8.8.8.8:53 | 32.84.32.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.106.252.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.229.0.162.in-addr.arpa | udp |
| US | 104.21.234.146:443 | xxtikporn18.com | tcp |
| FI | 95.217.112.97:443 | freetemplates.live | tcp |
| US | 89.117.139.217:443 | modernmen-association.live | tcp |
| US | 199.188.200.104:443 | istanbulpools.live | tcp |
| US | 8.8.8.8:53 | dimzsky.app | udp |
| US | 162.210.101.174:443 | azmi.app | tcp |
| US | 8.8.8.8:53 | sky-deck.app | udp |
| US | 192.145.232.145:443 | awesomewebsites.live | tcp |
| IN | 82.180.142.193:443 | glocaluniversity.live | tcp |
| US | 8.8.8.8:53 | roman888.app | udp |
| US | 172.67.189.177:443 | casino-daddy.live | tcp |
| BR | 170.81.42.59:443 | noticiasdomundo.live | tcp |
| US | 162.0.215.54:443 | fitehdstream.live | tcp |
| US | 8.8.8.8:53 | pgslot5g.app | udp |
| FR | 109.234.162.14:443 | www.anset.fr | tcp |
| US | 8.8.8.8:53 | ufabet789.app | udp |
| AT | 91.220.179.9:443 | taxter.at | tcp |
| FI | 95.217.145.143:443 | arxan.app | tcp |
| US | 63.250.43.3:80 | trumpsecrets.live | tcp |
| US | 8.8.8.8:53 | vocabella.app | udp |
| US | 8.8.8.8:53 | cashprank.app | udp |
| US | 8.8.8.8:53 | ufaauto888.app | udp |
| IN | 62.72.28.164:443 | customersolution.live | tcp |
| IT | 89.46.107.229:443 | www.realia.app | tcp |
| FI | 95.217.5.229:443 | recaptcha.cloud | tcp |
| US | 104.21.65.135:443 | 1bet2u.app | tcp |
| US | 172.67.161.28:443 | wing888.app | tcp |
| US | 8.8.8.8:53 | 71.7.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.78.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.6.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.8.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.64.160.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.7.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.202.38.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.147.248.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.234.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.176.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tindergratis.app | udp |
| SG | 156.67.222.70:443 | sky-deck.app | tcp |
| US | 63.250.43.11:443 | cashprank.app | tcp |
| US | 104.21.23.114:443 | roman888.app | tcp |
| NL | 185.224.138.27:443 | vocabella.app | tcp |
| US | 172.67.205.50:443 | ufaauto888.app | tcp |
| SG | 23.106.53.137:443 | dimzsky.app | tcp |
| US | 8.8.8.8:53 | www.tennisanalyzer.app | udp |
| US | 8.8.8.8:53 | shadowfightmodapk.app | udp |
| US | 104.21.89.120:443 | pgslot5g.app | tcp |
| US | 8.8.8.8:53 | madart.club | udp |
| US | 8.8.8.8:53 | threadsvideodownload.app | udp |
| US | 50.31.177.136:443 | tindergratis.app | tcp |
| US | 8.8.8.8:53 | 77ball.club | udp |
| US | 8.8.8.8:53 | 97.112.217.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.139.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.189.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.101.210.162.in-addr.arpa | udp |
| US | 172.67.160.27:443 | shadowfightmodapk.app | tcp |
| US | 8.8.8.8:53 | 145.232.145.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.200.188.199.in-addr.arpa | udp |
| US | 172.67.132.6:443 | ufabet789.app | tcp |
| US | 8.8.8.8:53 | 14.162.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.179.220.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.142.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.145.217.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.65.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.107.46.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.161.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.5.217.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.215.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.42.81.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.28.72.62.in-addr.arpa | udp |
| US | 173.236.222.98:443 | www.tennisanalyzer.app | tcp |
| US | 8.8.8.8:53 | www.yeschad.club | udp |
| US | 8.8.8.8:53 | 2qlive.club | udp |
| US | 8.8.8.8:53 | newpoint.club | udp |
| US | 8.8.8.8:53 | wellways.ch | udp |
| US | 8.8.8.8:53 | vercalhit.club | udp |
| US | 8.8.8.8:53 | www.wycieczki.club | udp |
| US | 8.8.8.8:53 | planseeds.club | udp |
| US | 160.153.0.111:443 | madart.club | tcp |
| US | 172.67.128.82:443 | threadsvideodownload.app | tcp |
| SG | 172.96.191.158:443 | 77ball.club | tcp |
| US | 8.8.8.8:53 | sbobet168z.club | udp |
| US | 8.8.8.8:53 | ufa888club.club | udp |
| US | 8.8.8.8:53 | moda-verano.club | udp |
| US | 8.8.8.8:53 | waitamoment.club | udp |
| US | 8.8.8.8:53 | 27.138.224.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.205.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.89.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.222.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.53.106.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.132.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.177.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.222.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.0.153.160.in-addr.arpa | udp |
| US | 172.67.182.65:443 | xxxpornhub.club | tcp |
| FR | 87.98.236.253:443 | www.wycieczki.club | tcp |
| US | 104.21.35.138:443 | ufa888club.club | tcp |
| FR | 109.234.160.161:443 | www.yeschad.club | tcp |
| FR | 155.133.132.8:443 | wellways.ch | tcp |
| GB | 154.49.138.194:443 | newpoint.club | tcp |
| US | 172.67.200.223:443 | 2qlive.club | tcp |
| US | 104.21.59.177:443 | vercalhit.club | tcp |
| US | 104.21.90.86:80 | planseeds.club | tcp |
| US | 8.8.8.8:53 | 82.128.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xcolegialas.club | udp |
| US | 8.8.8.8:53 | woyaojianfei.club | udp |
| US | 8.8.8.8:53 | paddockracing.club | udp |
| US | 8.8.8.8:53 | kingkong89vip.club | udp |
| US | 8.8.8.8:53 | notgood.co | udp |
| US | 8.8.8.8:53 | tekno.cfd | udp |
| US | 8.8.8.8:53 | roxcasino-odin10.club | udp |
| US | 8.8.8.8:53 | syairsgp.life | udp |
| US | 8.8.8.8:53 | syairsdy.life | udp |
| US | 8.8.8.8:53 | uneminute.life | udp |
| US | 8.8.8.8:53 | 158.191.96.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.182.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.236.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.35.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.160.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.200.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.90.21.104.in-addr.arpa | udp |
| US | 104.21.53.102:443 | paddockracing.club | tcp |
| US | 8.8.8.8:53 | 8.132.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.138.49.154.in-addr.arpa | udp |
| US | 104.21.58.111:443 | waitamoment.club | tcp |
| US | 172.67.202.239:443 | kingkong89vip.club | tcp |
| US | 172.67.181.143:443 | moda-verano.club | tcp |
| US | 8.8.8.8:53 | healtheland.life | udp |
| US | 8.8.8.8:53 | 7thheavenclub.life | udp |
| US | 8.8.8.8:53 | lucidideastream.life | udp |
| US | 8.8.8.8:53 | rahasiaberuntung.life | udp |
| NL | 45.139.122.160:443 | xcolegialas.club | tcp |
| US | 104.21.90.86:443 | planseeds.club | tcp |
| US | 8.8.8.8:53 | casino-daddy.life | udp |
| US | 8.8.8.8:53 | flooringmaestro.com | udp |
| US | 8.8.8.8:53 | florespelomundo.com | udp |
| US | 216.239.38.21:443 | syairsdy.life | tcp |
| SG | 45.130.231.97:443 | tekno.cfd | tcp |
| US | 216.239.36.21:443 | syairsdy.life | tcp |
| US | 172.67.174.53:443 | roxcasino-odin10.club | tcp |
| US | 8.8.8.8:53 | fluencyinfrench.com | udp |
| US | 8.8.8.8:53 | fractionalboost.com | udp |
| US | 8.8.8.8:53 | www.vercalhit.club | udp |
| US | 8.8.8.8:53 | furin-interiors.com | udp |
| US | 8.8.8.8:53 | goodvibesdesign.com | udp |
| US | 8.8.8.8:53 | goldcleancarpet.com | udp |
| US | 63.250.38.139:443 | uneminute.life | tcp |
| US | 160.153.0.153:443 | notgood.co | tcp |
| US | 8.8.8.8:53 | greenandglowing.com | udp |
| ID | 103.189.235.224:80 | rahasiaberuntung.life | tcp |
| IN | 68.178.145.171:443 | 7thheavenclub.life | tcp |
| US | 172.67.182.67:443 | casino-daddy.life | tcp |
| US | 172.67.177.250:443 | lucidideastream.life | tcp |
| US | 50.87.173.197:80 | fluencyinfrench.com | tcp |
| US | 107.180.14.67:80 | fractionalboost.com | tcp |
| US | 162.241.224.62:443 | flooringmaestro.com | tcp |
| US | 8.8.8.8:53 | www.syairsgp.life | udp |
| US | 8.8.8.8:53 | www.syairsdy.life | udp |
| US | 104.21.29.168:443 | healtheland.life | tcp |
| US | 162.241.24.59:443 | goodvibesdesign.com | tcp |
| US | 192.185.223.167:443 | goldcleancarpet.com | tcp |
| US | 162.214.80.49:443 | furin-interiors.com | tcp |
| US | 104.21.59.177:443 | www.vercalhit.club | tcp |
| US | 192.185.213.244:443 | florespelomundo.com | tcp |
| US | 8.8.8.8:53 | hailreliefgroup.com | udp |
| US | 8.8.8.8:53 | 1830daytoniaroad.com | udp |
| US | 8.8.8.8:53 | hierofaniastore.com | udp |
| US | 8.8.8.8:53 | 102.53.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.58.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.202.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.181.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.122.139.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.38.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.231.130.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.waitamoment.club | udp |
| US | 8.8.8.8:53 | ballpythonforsale.com | udp |
| US | 8.8.8.8:53 | adicakobauschool.com | udp |
| US | 8.8.8.8:53 | adviseweightloss.com | udp |
| US | 162.241.225.171:443 | greenandglowing.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 8.8.8.8:53 | www.moda-verano.club | udp |
| NL | 45.139.122.160:80 | xcolegialas.club | tcp |
| US | 8.8.8.8:53 | analistademarcas.com | udp |
| GB | 142.250.200.19:443 | www.syairsdy.life | tcp |
| US | 8.8.8.8:53 | apphackerdotigre.com | udp |
| US | 162.241.252.44:443 | adicakobauschool.com | tcp |
| US | 162.241.252.110:443 | adviseweightloss.com | tcp |
| US | 8.8.8.8:53 | attaquranacademy.com | udp |
| US | 172.67.203.149:443 | www.waitamoment.club | tcp |
| US | 8.8.8.8:53 | augmenteddefence.com | udp |
| US | 8.8.8.8:53 | bkflooring-nl.com | udp |
| US | 8.8.8.8:53 | 139.38.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.182.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.177.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.173.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.224.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.29.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.223.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.213.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.24.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.80.214.162.in-addr.arpa | udp |
| US | 162.241.218.88:80 | 1830daytoniaroad.com | tcp |
| US | 8.8.8.8:53 | blazedvaperstore.com | udp |
| US | 8.8.8.8:53 | bloggary2success.com | udp |
| US | 8.8.8.8:53 | bomboragroupindo.com | udp |
| US | 8.8.8.8:53 | www.bookprizearchive.com | udp |
| US | 129.121.17.226:80 | hailreliefgroup.com | tcp |
| US | 108.167.183.71:443 | ballpythonforsale.com | tcp |
| GB | 142.250.200.19:443 | www.syairsdy.life | tcp |
| US | 108.179.193.4:443 | hierofaniastore.com | tcp |
| US | 104.21.18.98:443 | www.moda-verano.club | tcp |
| US | 8.8.8.8:53 | brownmarketing23.com | udp |
| US | 8.8.8.8:53 | bugbustersmyrtle.com | udp |
| US | 8.8.8.8:53 | burialcremations.com | udp |
| US | 8.8.8.8:53 | ftworthdetailing.com | udp |
| US | 8.8.8.8:53 | ganharcomchatgpt.com | udp |
| US | 8.8.8.8:53 | getperfectquotes.com | udp |
| US | 8.8.8.8:53 | gocebeseyirciler.com | udp |
| BR | 177.154.191.198:443 | apphackerdotigre.com | tcp |
| US | 192.185.129.61:443 | bkflooring-nl.com | tcp |
| US | 8.8.8.8:53 | hareshpadmanaban.com | udp |
| US | 8.8.8.8:53 | hassinakhanglass.com | udp |
| US | 8.8.8.8:53 | 19.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.203.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.252.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.252.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | health-gratitude.com | udp |
| US | 8.8.8.8:53 | homefinityafrica.com | udp |
| US | 8.8.8.8:53 | innovatemomentum.com | udp |
| US | 8.8.8.8:53 | 171.225.241.162.in-addr.arpa | udp |
| US | 143.95.228.27:443 | attaquranacademy.com | tcp |
| US | 162.241.253.126:443 | augmenteddefence.com | tcp |
| US | 8.8.8.8:53 | jangidmehandiart.com | udp |
| US | 8.8.8.8:53 | hulkorthorpedics.com | udp |
| US | 8.8.8.8:53 | kettlehauscoffee.com | udp |
| US | 173.254.30.127:443 | www.bookprizearchive.com | tcp |
| US | 8.8.8.8:53 | kingdom-blessing.com | udp |
| US | 50.6.138.155:443 | blazedvaperstore.com | tcp |
| US | 162.241.224.182:443 | bloggary2success.com | tcp |
| GB | 45.77.57.25:443 | bomboragroupindo.com | tcp |
| US | 198.57.151.25:443 | ftworthdetailing.com | tcp |
| US | 8.8.8.8:53 | tlcservicesclean.com | udp |
| US | 8.8.8.8:53 | vidacomabundancia.com | udp |
| US | 8.8.8.8:53 | vidaemequiolibrio.com | udp |
| US | 108.179.234.88:443 | getperfectquotes.com | tcp |
| US | 8.8.8.8:53 | wallaronfreelance.com | udp |
| US | 8.8.8.8:53 | 88.218.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.183.167.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.18.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.17.121.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.193.179.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | weekofsuperoffers.com | udp |
| US | 8.8.8.8:53 | jwbicyclerepairs.com | udp |
| US | 8.8.8.8:53 | wicamartartesanos.com | udp |
| US | 192.232.220.138:443 | burialcremations.com | tcp |
| US | 162.241.226.40:80 | brownmarketing23.com | tcp |
| US | 8.8.8.8:53 | 1mblueprintmethod.com | udp |
| US | 192.185.48.190:443 | hassinakhanglass.com | tcp |
| US | 162.241.216.74:443 | gocebeseyirciler.com | tcp |
| US | 8.8.8.8:53 | 48hourcashmachine.com | udp |
| US | 162.241.123.133:443 | hareshpadmanaban.com | tcp |
| US | 108.167.157.134:443 | innovatemomentum.com | tcp |
| US | 8.8.8.8:53 | aakraticonsultant.com | udp |
| US | 106.0.62.69:443 | homefinityafrica.com | tcp |
| US | 162.214.80.91:443 | jangidmehandiart.com | tcp |
| US | 50.87.253.32:443 | bugbustersmyrtle.com | tcp |
| US | 106.0.62.81:443 | health-gratitude.com | tcp |
| US | 8.8.8.8:53 | anticipatingmagic.com | udp |
| US | 66.235.200.147:443 | kettlehauscoffee.com | tcp |
| US | 8.8.8.8:53 | 198.191.154.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.228.95.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.253.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.57.77.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.30.254.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.138.6.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.224.241.162.in-addr.arpa | udp |
| DE | 81.169.145.92:80 | kingdom-blessing.com | tcp |
| US | 198.54.115.46:443 | tlcservicesclean.com | tcp |
| US | 70.32.23.113:443 | jwbicyclerepairs.com | tcp |
| US | 8.8.8.8:53 | ascending-therapy.com | udp |
| US | 162.241.217.204:80 | 1mblueprintmethod.com | tcp |
| US | 162.222.225.246:443 | hulkorthorpedics.com | tcp |
| US | 8.8.8.8:53 | assistprostaffing.com | udp |
| US | 162.241.2.61:443 | weekofsuperoffers.com | tcp |
| US | 108.167.149.240:443 | wicamartartesanos.com | tcp |
| US | 162.241.62.211:443 | vidacomabundancia.com | tcp |
| US | 104.26.2.65:443 | 48hourcashmachine.com | tcp |
| US | 8.8.8.8:53 | www.backbenchersmedia.com | udp |
| US | 8.8.8.8:53 | bandha-supermarkt.com | udp |
| US | 8.8.8.8:53 | bestsaleonlytoday.com | udp |
| US | 8.8.8.8:53 | anxietybotstudios.com | udp |
| US | 162.241.224.245:80 | wallaronfreelance.com | tcp |
| US | 8.8.8.8:53 | bibliotecadomundo.com | udp |
| US | 8.8.8.8:53 | beyondsightstudio.com | udp |
| US | 8.8.8.8:53 | blackdiamondherps.com | udp |
| US | 8.8.8.8:53 | bosiadventuretour.com | udp |
| US | 8.8.8.8:53 | brostableandchair.com | udp |
| IN | 119.18.49.69:443 | aakraticonsultant.com | tcp |
| US | 8.8.8.8:53 | 88.234.179.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.220.232.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.226.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.48.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.216.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.157.167.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.123.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.62.0.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.253.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.80.214.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.62.0.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bumblinforbourbon.com | udp |
| US | 8.8.8.8:53 | bunnydestinations.com | udp |
| US | 8.8.8.8:53 | business-fortress.com | udp |
| US | 8.8.8.8:53 | caesarimportacoes.com | udp |
| US | 8.8.8.8:53 | caicosenterprises.com | udp |
| US | 8.8.8.8:53 | canberrasolarguru.com | udp |
| US | 8.8.8.8:53 | caracterdomestico.com | udp |
| US | 8.8.8.8:53 | cardxwestpartners.com | udp |
| US | 8.8.8.8:53 | careathomenursing.com | udp |
| US | 162.241.218.136:80 | anticipatingmagic.com | tcp |
| US | 108.179.235.107:443 | ascending-therapy.com | tcp |
| US | 8.8.8.8:53 | careerpathway-llc.com | udp |
| US | 8.8.8.8:53 | www.cartowingkirkland.com | udp |
| US | 8.8.8.8:53 | carolinebattilani.com | udp |
| US | 8.8.8.8:53 | caseairpodsminion.com | udp |
| US | 8.8.8.8:53 | cchealthcaregroup.com | udp |
| US | 8.8.8.8:53 | celikinsaatiskele.com | udp |
| US | 8.8.8.8:53 | centroestudiosetl.com | udp |
| US | 50.116.87.224:443 | bestsaleonlytoday.com | tcp |
| US | 162.241.226.16:443 | anxietybotstudios.com | tcp |
| US | 162.241.244.16:443 | assistprostaffing.com | tcp |
| US | 8.8.8.8:53 | 147.200.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.145.169.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.23.32.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.149.167.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.2.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.217.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.225.222.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.224.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ceritachiisycheek.com | udp |
| US | 8.8.8.8:53 | www.chloeanddavid2024.com | udp |
| US | 8.8.8.8:53 | ceylangayrimenkul.com | udp |
| US | 8.8.8.8:53 | chocolateelpalmar.com | udp |
| US | 8.8.8.8:53 | www.chothuexemayhanoi.com | udp |
| US | 162.240.81.18:443 | bibliotecadomundo.com | tcp |
| US | 192.185.141.13:443 | blackdiamondherps.com | tcp |
| TR | 94.199.206.94:443 | brostableandchair.com | tcp |
| IT | 86.107.32.169:443 | bosiadventuretour.com | tcp |
| IN | 68.178.159.92:443 | www.backbenchersmedia.com | tcp |
| US | 8.8.8.8:53 | cmentarze-wojenne.com | udp |
| PL | 94.152.207.10:443 | bunnydestinations.com | tcp |
| US | 8.8.8.8:53 | clockworkcontacts.com | udp |
| DE | 81.169.145.160:443 | bandha-supermarkt.com | tcp |
| US | 132.148.237.122:80 | beyondsightstudio.com | tcp |
| US | 8.8.8.8:53 | coinpreconfinados.com | udp |
| US | 160.153.0.6:443 | canberrasolarguru.com | tcp |
| FR | 195.35.49.204:443 | caracterdomestico.com | tcp |
| US | 8.8.8.8:53 | collabresidential.com | udp |
| US | 3.33.130.190:443 | careathomenursing.com | tcp |
| US | 104.21.59.127:443 | cardxwestpartners.com | tcp |
| US | 66.81.203.198:443 | caicosenterprises.com | tcp |
| IN | 68.178.149.21:80 | business-fortress.com | tcp |
| US | 8.8.8.8:53 | 69.49.18.119.in-addr.arpa | udp |
| US | 204.44.192.78:443 | bumblinforbourbon.com | tcp |
| US | 89.117.8.121:443 | chocolateelpalmar.com | tcp |
| IE | 78.153.210.32:80 | www.chloeanddavid2024.com | tcp |
| US | 8.8.8.8:53 | www.comfymovementgear.com | udp |
| US | 8.8.8.8:53 | comunidadessalnes.com | udp |
| VN | 103.74.116.147:80 | caseairpodsminion.com | tcp |
| FR | 89.116.147.3:443 | ceylangayrimenkul.com | tcp |
| VN | 103.74.116.126:443 | www.chothuexemayhanoi.com | tcp |
| SG | 151.106.119.247:443 | ceritachiisycheek.com | tcp |
| FR | 54.36.145.173:80 | centroestudiosetl.com | tcp |
| TR | 104.247.165.146:443 | celikinsaatiskele.com | tcp |
| GB | 188.166.150.35:80 | cchealthcaregroup.com | tcp |
| FR | 92.204.218.255:443 | careerpathway-llc.com | tcp |
| US | 8.8.8.8:53 | conversationtopia.com | udp |
| FR | 213.32.10.111:80 | cmentarze-wojenne.com | tcp |
| US | 198.12.218.67:443 | www.cartowingkirkland.com | tcp |
| BR | 149.100.155.174:443 | coinpreconfinados.com | tcp |
| US | 8.8.8.8:53 | copenhagenshiatsu.com | udp |
| US | 8.8.8.8:53 | 107.235.179.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.218.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.87.116.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.32.107.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.226.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.244.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.141.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.207.152.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.145.169.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.49.35.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.130.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | corporacionlarson.com | udp |
| US | 104.21.7.25:443 | carolinebattilani.com | tcp |
| US | 8.8.8.8:53 | courseandproducts.com | udp |
| US | 151.101.130.159:443 | collabresidential.com | tcp |
| US | 8.8.8.8:53 | creativelycassidy.com | udp |
| US | 8.8.8.8:53 | cubicletoilettase.com | udp |
| US | 8.8.8.8:53 | cuocsongvietdalat.com | udp |
| US | 8.8.8.8:53 | www.dailybdcrimetimes.com | udp |
| US | 8.8.8.8:53 | dailyinfojunction.com | udp |
| US | 8.8.8.8:53 | daveedaaccounting.com | udp |
| US | 191.101.79.249:443 | conversationtopia.com | tcp |
| US | 8.8.8.8:53 | deportesgenerales.com | udp |
| US | 8.8.8.8:53 | deadamapeluqueria.com | udp |
| US | 107.150.82.83:443 | www.comfymovementgear.com | tcp |
| MX | 216.238.66.129:443 | corporacionlarson.com | tcp |
| DK | 81.7.161.163:80 | copenhagenshiatsu.com | tcp |
| BR | 185.239.210.134:443 | courseandproducts.com | tcp |
| US | 8.8.8.8:53 | wow99live.com | udp |
| US | 8.8.8.8:53 | 78.192.44.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.147.116.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.145.36.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.210.153.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.10.32.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.150.166.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.165.247.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.8.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.116.74.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.119.106.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.7.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.155.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xr4online.com | udp |
| US | 104.21.83.28:443 | cubicletoilettase.com | tcp |
| ES | 31.47.78.180:443 | comunidadessalnes.com | tcp |
| US | 149.100.151.34:443 | creativelycassidy.com | tcp |
| US | 8.8.8.8:53 | xtuevents.com | udp |
| FR | 89.117.116.190:443 | deadamapeluqueria.com | tcp |
| US | 204.93.224.55:80 | deportesgenerales.com | tcp |
| US | 8.8.8.8:53 | yerkinuly.com | udp |
| US | 8.8.8.8:53 | yincilang.com | udp |
| FI | 65.109.39.121:443 | www.dailybdcrimetimes.com | tcp |
| US | 172.67.209.193:443 | wow99live.com | tcp |
| CA | 149.56.133.72:443 | dailyinfojunction.com | tcp |
| US | 8.8.8.8:53 | yoscher-s.com | udp |
| US | 8.8.8.8:53 | yrruchome.com | udp |
| VN | 103.57.222.17:443 | cuocsongvietdalat.com | tcp |
| US | 8.8.8.8:53 | ys-events.com | udp |
| FR | 54.36.145.173:443 | centroestudiosetl.com | tcp |
| GB | 149.255.58.57:443 | yerkinuly.com | tcp |
| US | 8.8.8.8:53 | 83.82.150.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.161.7.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.79.101.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.66.238.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.210.239.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.83.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.78.47.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ytbuddies.com | udp |
| US | 8.8.8.8:53 | zaemchiki.com | udp |
| US | 8.8.8.8:53 | zbet88bet.com | udp |
| US | 8.8.8.8:53 | zecklance.com | udp |
| US | 8.8.8.8:53 | zuluposts.com | udp |
| ES | 134.0.10.50:80 | xtuevents.com | tcp |
| US | 8.8.8.8:53 | 1newsmedia.com | udp |
| US | 8.8.8.8:53 | 1xbetaktif.com | udp |
| ID | 103.247.8.35:443 | ys-events.com | tcp |
| US | 8.8.8.8:53 | 2bedtelbkk.com | udp |
| US | 8.8.8.8:53 | 2elurunsat.com | udp |
| US | 8.8.8.8:53 | 4markitect.com | udp |
| US | 8.8.8.8:53 | a1000month.com | udp |
| US | 149.100.151.235:443 | yrruchome.com | tcp |
| US | 104.21.68.166:443 | zaemchiki.com | tcp |
| FI | 65.108.198.252:443 | zuluposts.com | tcp |
| US | 104.21.70.156:443 | zbet88bet.com | tcp |
| US | 8.8.8.8:53 | 2033east70.com | udp |
| US | 31.220.48.75:443 | zecklance.com | tcp |
| US | 8.8.8.8:53 | 190.116.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.224.93.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.209.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.39.109.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.133.56.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.58.255.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.222.57.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aamchealth.com | udp |
| JP | 153.127.141.167:443 | yoscher-s.com | tcp |
| US | 8.8.8.8:53 | aarmubarok.com | udp |
| US | 8.8.8.8:53 | www.abelolotto.com | udp |
| US | 8.8.8.8:53 | acecourten.com | udp |
| US | 8.8.8.8:53 | www.bunnydestinations.com | udp |
| US | 199.188.206.68:443 | 1newsmedia.com | tcp |
| IN | 154.41.233.95:443 | ytbuddies.com | tcp |
| US | 173.236.152.242:443 | www.abelolotto.com | tcp |
| US | 172.67.128.112:443 | 1xbetaktif.com | tcp |
| US | 208.113.147.1:443 | 2033east70.com | tcp |
| US | 8.8.8.8:53 | abwraleigh.com | udp |
| DE | 2.58.82.72:443 | 4markitect.com | tcp |
| US | 8.8.8.8:53 | adoretours.com | udp |
| US | 8.8.8.8:53 | aecsworlds.com | udp |
| US | 8.8.8.8:53 | air-sealog.com | udp |
| SG | 178.128.118.97:443 | aarmubarok.com | tcp |
| SG | 68.183.226.120:443 | a1000month.com | tcp |
| US | 104.21.18.3:443 | aamchealth.com | tcp |
| US | 8.8.8.8:53 | agenciaylt.com | udp |
| US | 8.8.8.8:53 | www.xtuevents.com | udp |
| US | 8.8.8.8:53 | 166.68.21.104.in-addr.arpa | udp |
| SG | 156.67.222.25:443 | 2bedtelbkk.com | tcp |
| US | 8.8.8.8:53 | 156.70.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.198.108.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.151.100.149.in-addr.arpa | udp |
| TR | 45.84.189.3:443 | 2elurunsat.com | tcp |
| US | 8.8.8.8:53 | 35.8.247.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.48.220.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aisparklab.com | udp |
| US | 8.8.8.8:53 | www.alabeeregy.com | udp |
| US | 8.8.8.8:53 | alanfoushi.com | udp |
| US | 104.21.36.160:443 | acecourten.com | tcp |
| PL | 94.152.207.10:443 | www.bunnydestinations.com | tcp |
| US | 8.8.8.8:53 | albapagani.com | udp |
| US | 212.1.208.186:443 | air-sealog.com | tcp |
| US | 8.8.8.8:53 | alihuseman.com | udp |
| SG | 118.139.160.92:443 | aecsworlds.com | tcp |
| US | 8.8.8.8:53 | www.bosiadventuretour.com | udp |
| GB | 109.70.148.62:443 | adoretours.com | tcp |
| US | 50.6.138.179:443 | agenciaylt.com | tcp |
| US | 8.8.8.8:53 | www.4markitect.com | udp |
| US | 74.220.199.6:443 | www.alabeeregy.com | tcp |
| US | 149.100.151.233:443 | aisparklab.com | tcp |
| ES | 134.0.10.50:80 | www.xtuevents.com | tcp |
| US | 8.8.8.8:53 | 167.141.127.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.206.188.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.152.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.128.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.82.58.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.147.113.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.189.84.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.226.183.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.36.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.118.128.178.in-addr.arpa | udp |
| NL | 89.116.53.102:443 | alanfoushi.com | tcp |
| US | 173.236.137.134:443 | alihuseman.com | tcp |
| FR | 212.129.9.181:443 | albapagani.com | tcp |
| US | 209.145.49.186:443 | abwraleigh.com | tcp |
| CN | 139.9.5.28:443 | aitoooools.com | tcp |
| US | 8.8.8.8:53 | alladinapp.com | udp |
| US | 8.8.8.8:53 | sashimi-sp.com | udp |
| US | 8.8.8.8:53 | alqofashop.com | udp |
| IT | 86.107.32.169:443 | www.bosiadventuretour.com | tcp |
| US | 8.8.8.8:53 | www.altitud200.com | udp |
| US | 8.8.8.8:53 | amirmansha.com | udp |
| US | 8.8.8.8:53 | ampbozeman.com | udp |
| US | 8.8.8.8:53 | amstarpack.com | udp |
| US | 8.8.8.8:53 | annapakvis.com | udp |
| US | 8.8.8.8:53 | www.2033east70.com | udp |
| US | 8.8.8.8:53 | billlionair.app | udp |
| DE | 2.58.82.72:443 | www.4markitect.com | tcp |
| US | 8.8.8.8:53 | 25.222.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.208.1.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.148.70.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.138.6.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.53.116.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.9.129.212.in-addr.arpa | udp |
| US | 162.241.218.106:443 | alqofashop.com | tcp |
| US | 195.35.15.107:443 | amirmansha.com | tcp |
| US | 72.167.105.216:443 | www.altitud200.com | tcp |
| US | 162.241.24.41:443 | annapakvis.com | tcp |
| US | 172.67.191.105:443 | sashimi-sp.com | tcp |
| US | 8.8.8.8:53 | annkristen.com | udp |
| US | 8.8.8.8:53 | enaknyo.com | udp |
| US | 8.8.8.8:53 | antalyavix.com | udp |
| US | 8.8.8.8:53 | www.comunidadessalnes.com | udp |
| US | 8.8.8.8:53 | apenas1gol.com | udp |
| GB | 192.250.239.58:443 | alladinapp.com | tcp |
| US | 8.8.8.8:53 | ar-gravity.com | udp |
| SG | 149.28.139.72:443 | ampbozeman.com | tcp |
| US | 8.8.8.8:53 | arrvcursos.com | udp |
| US | 8.8.8.8:53 | artpadzone.com | udp |
| US | 8.8.8.8:53 | artsurania.com | udp |
| TH | 202.9.90.144:80 | amstarpack.com | tcp |
| US | 198.54.117.242:443 | billlionair.app | tcp |
| US | 8.8.8.8:53 | arufenacht.com | udp |
| US | 8.8.8.8:53 | asoulofart.com | udp |
| US | 208.113.147.1:443 | www.2033east70.com | tcp |
| US | 8.8.8.8:53 | 134.137.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.49.145.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ashiura-rv.com | udp |
| US | 63.250.43.10:443 | ar-gravity.com | tcp |
| US | 8.8.8.8:53 | astridlisa.com | udp |
| US | 108.179.252.47:443 | apenas1gol.com | tcp |
| US | 8.8.8.8:53 | avianbliss.com | udp |
| US | 8.8.8.8:53 | ayitibooks.com | udp |
| US | 8.8.8.8:53 | badasv9010.com | udp |
| US | 8.8.8.8:53 | bacsihabmt.com | udp |
| US | 104.21.95.31:80 | antalyavix.com | tcp |
| US | 62.106.90.75:443 | artpadzone.com | tcp |
| ES | 31.47.78.180:443 | www.comunidadessalnes.com | tcp |
| GB | 81.19.215.12:443 | arufenacht.com | tcp |
| US | 104.21.8.182:443 | asoulofart.com | tcp |
| US | 104.21.39.163:443 | annkristen.com | tcp |
| BR | 154.49.247.75:443 | arrvcursos.com | tcp |
| SG | 178.128.118.97:443 | enaknyo.com | tcp |
| US | 8.8.8.8:53 | badbunnyuk.com | udp |
| US | 162.241.225.102:80 | artsurania.com | tcp |
| US | 8.8.8.8:53 | bafaototal.com | udp |
| US | 8.8.8.8:53 | www.bagslegion.com | udp |
| US | 8.8.8.8:53 | 105.191.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.218.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.239.250.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.15.35.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.117.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.139.28.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.90.9.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bahadinler.com | udp |
| US | 104.21.6.38:443 | badasv9010.com | tcp |
| US | 8.8.8.8:53 | bakingchat.com | udp |
| US | 104.21.33.60:443 | astridlisa.com | tcp |
| US | 8.8.8.8:53 | balispa543.com | udp |
| US | 8.8.8.8:53 | ballhuddle.com | udp |
| US | 89.117.139.53:443 | badbunnyuk.com | tcp |
| US | 172.67.196.73:443 | avianbliss.com | tcp |
| US | 45.32.165.132:443 | ayitibooks.com | tcp |
| US | 8.8.8.8:53 | bamiglobal.com | udp |
| US | 8.8.8.8:53 | bananaquad.com | udp |
| US | 8.8.8.8:53 | antalyazoxs.com | udp |
| MY | 103.191.76.170:443 | www.bagslegion.com | tcp |
| VN | 112.213.88.148:443 | bacsihabmt.com | tcp |
| BR | 154.49.247.232:443 | bafaototal.com | tcp |
| TR | 5.2.85.161:80 | bahadinler.com | tcp |
| US | 8.8.8.8:53 | baylievike.com | udp |
| TH | 202.9.90.144:443 | amstarpack.com | tcp |
| US | 8.8.8.8:53 | 31.95.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.215.19.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.39.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.8.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.252.179.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.90.106.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.225.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bazarmovel.com | udp |
| TW | 103.153.177.35:443 | balispa543.com | tcp |
| US | 172.67.178.80:443 | ballhuddle.com | tcp |
| US | 8.8.8.8:53 | baramee365.com | udp |
| US | 8.8.8.8:53 | bcomhealth.com | udp |
| US | 8.8.8.8:53 | bellinnovo.com | udp |
| KR | 158.247.192.70:443 | bakingchat.com | tcp |
| US | 162.241.194.166:80 | bananaquad.com | tcp |
| DE | 88.198.22.18:443 | bamiglobal.com | tcp |
| US | 162.241.216.182:443 | baylievike.com | tcp |
| US | 50.6.138.101:443 | bazarmovel.com | tcp |
| US | 8.8.8.8:53 | bengalsnyc.com | udp |
| TH | 119.59.97.28:443 | baramee365.com | tcp |
| US | 162.241.244.49:443 | bellinnovo.com | tcp |
| US | 162.241.226.175:80 | bcomhealth.com | tcp |
| US | 172.67.209.194:80 | antalyazoxs.com | tcp |
| US | 8.8.8.8:53 | 38.6.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.196.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.33.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.165.32.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.139.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.85.2.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.178.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.76.191.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.88.213.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.177.153.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | betterrepo.com | udp |
| US | 8.8.8.8:53 | bevcraftla.com | udp |
| US | 8.8.8.8:53 | bhalnonesh.com | udp |
| US | 8.8.8.8:53 | www.annkristen.com | udp |
| US | 8.8.8.8:53 | birthdayle.com | udp |
| PL | 77.87.193.69:443 | bengalsnyc.com | tcp |
| DE | 185.30.32.165:443 | bensnotion.com | tcp |
| US | 8.8.8.8:53 | bendarumah.com | udp |
| US | 8.8.8.8:53 | biznectify.com | udp |
| US | 8.8.8.8:53 | blackycats.com | udp |
| US | 8.8.8.8:53 | blissjetva.com | udp |
| US | 8.8.8.8:53 | www.asoulofart.com | udp |
| KR | 183.111.183.76:443 | betterrepo.com | tcp |
| US | 8.8.8.8:53 | bloomleaks.com | udp |
| US | 8.8.8.8:53 | bobolife77.com | udp |
| US | 8.8.8.8:53 | boombet789.com | udp |
| US | 8.8.8.8:53 | 70.192.247.158.in-addr.arpa | udp |
| US | 160.153.0.60:443 | bevcraftla.com | tcp |
| US | 8.8.8.8:53 | 18.22.198.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.216.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.194.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.138.6.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.244.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.226.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.97.59.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.209.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | brainybubs.com | udp |
| US | 8.8.8.8:53 | boozhanteb.com | udp |
| US | 8.8.8.8:53 | brekamfarm.com | udp |
| US | 172.67.146.194:443 | www.annkristen.com | tcp |
| US | 8.8.8.8:53 | www.amstarpack.com | udp |
| US | 8.8.8.8:53 | budznbites.com | udp |
| US | 8.8.8.8:53 | bullionest.com | udp |
| US | 8.8.8.8:53 | buyweed-ge.com | udp |
| DE | 161.97.140.51:443 | bhalnonesh.com | tcp |
| FR | 46.105.204.30:443 | birthdayle.com | tcp |
| US | 172.67.157.164:443 | www.asoulofart.com | tcp |
| US | 3.33.130.190:443 | blackycats.com | tcp |
| US | 172.67.150.16:443 | bendarumah.com | tcp |
| SG | 128.199.150.69:443 | bobolife77.com | tcp |
| US | 8.8.8.8:53 | carryloots.com | udp |
| US | 8.8.8.8:53 | www.astridlisa.com | udp |
| US | 8.8.8.8:53 | carteteria.com | udp |
| US | 8.8.8.8:53 | 165.32.30.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.193.87.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.183.111.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | catfunfact.com | udp |
| US | 8.8.8.8:53 | chadfinllc.com | udp |
| US | 8.8.8.8:53 | bensventures.com | udp |
| US | 154.49.142.50:443 | biznectify.com | tcp |
| CA | 23.227.38.65:443 | brainybubs.com | tcp |
| US | 217.21.77.225:443 | brekamfarm.com | tcp |
| FI | 95.216.71.227:443 | boozhanteb.com | tcp |
| TH | 118.27.130.68:443 | boombet789.com | tcp |
| US | 8.8.8.8:53 | chakrabuzz.com | udp |
| FI | 135.181.226.231:443 | buyweed-ge.com | tcp |
| US | 63.250.43.135:80 | budznbites.com | tcp |
| US | 172.67.215.208:443 | carteteria.com | tcp |
| FR | 92.204.218.157:443 | chadfinllc.com | tcp |
| US | 104.21.81.116:443 | catfunfact.com | tcp |
| DE | 185.30.32.165:443 | bensventures.com | tcp |
| TH | 202.9.90.144:443 | www.amstarpack.com | tcp |
| US | 8.8.8.8:53 | chisamusic.com | udp |
| US | 149.100.151.143:443 | bullionest.com | tcp |
| US | 172.67.141.183:443 | www.astridlisa.com | tcp |
| US | 8.8.8.8:53 | 194.146.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.140.97.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.204.105.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.157.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.150.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.150.199.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.38.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.142.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.71.216.95.in-addr.arpa | udp |
| US | 54.186.244.192:443 | chakrabuzz.com | tcp |
| US | 66.235.200.112:443 | carryloots.com | tcp |
| US | 8.8.8.8:53 | clubetenis.com | udp |
| US | 8.8.8.8:53 | coreyscutz.com | udp |
| US | 8.8.8.8:53 | cortoformo.com | udp |
| US | 86.38.202.98:443 | chiconshop.com | tcp |
| US | 8.8.8.8:53 | max-multimedia.com | udp |
| US | 8.8.8.8:53 | mbrdigitalmart.com | udp |
| US | 8.8.8.8:53 | medconectindia.com | udp |
| US | 8.8.8.8:53 | www.bahadinler.com | udp |
| US | 8.8.8.8:53 | mycurvyfashion.com | udp |
| US | 8.8.8.8:53 | mymusicmytrack.com | udp |
| US | 8.8.8.8:53 | mysmdcproperty.com | udp |
| US | 8.8.8.8:53 | narutosenkipro.com | udp |
| US | 8.8.8.8:53 | navigategomaps.com | udp |
| US | 8.8.8.8:53 | nechama-neuman.com | udp |
| US | 8.8.8.8:53 | navroopdhillon.com | udp |
| US | 104.21.71.194:443 | clubetenis.com | tcp |
| US | 8.8.8.8:53 | 225.77.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.226.181.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.130.27.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.215.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.81.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.141.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.200.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.244.186.54.in-addr.arpa | udp |
| US | 172.67.173.112:443 | chisamusic.com | tcp |
| US | 8.8.8.8:53 | newsinthefield.com | udp |
| US | 104.21.71.199:443 | cortoformo.com | tcp |
| US | 172.67.202.128:443 | medconectindia.com | tcp |
| GB | 154.49.138.9:443 | coreyscutz.com | tcp |
| IN | 62.72.28.18:443 | mymusicmytrack.com | tcp |
| US | 34.120.137.41:443 | max-multimedia.com | tcp |
| TR | 5.2.85.161:80 | www.bahadinler.com | tcp |
| US | 162.241.123.158:443 | mycurvyfashion.com | tcp |
| US | 8.8.8.8:53 | nhaxethenguyen.com | udp |
| US | 149.100.151.124:443 | mysmdcproperty.com | tcp |
| US | 8.8.8.8:53 | ngcadvertising.com | udp |
| NL | 160.153.137.123:443 | navigategomaps.com | tcp |
| US | 172.67.198.158:443 | navroopdhillon.com | tcp |
| US | 8.8.8.8:53 | nitchaproperty.com | udp |
| US | 8.8.8.8:53 | norestefoodbar.com | udp |
| US | 8.8.8.8:53 | oficialsitebra.com | udp |
| US | 8.8.8.8:53 | olinger-marine.com | udp |
| US | 8.8.8.8:53 | www.omdistribucion.com | udp |
| US | 8.8.8.8:53 | newsiplcricket.com | udp |
| US | 8.8.8.8:53 | optimaxoficial.com | udp |
| US | 8.8.8.8:53 | 194.71.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oreillysnearme.com | udp |
| IN | 217.21.90.178:443 | narutosenkipro.com | tcp |
| IN | 154.41.233.197:443 | mbrdigitalmart.com | tcp |
| US | 8.8.8.8:53 | originalgrails.com | udp |
| US | 8.8.8.8:53 | onlinesnapseed.com | udp |
| US | 8.8.8.8:53 | www.palazzo-royale.com | udp |
| US | 8.8.8.8:53 | pandatoycenter.com | udp |
| US | 162.241.203.66:443 | newsinthefield.com | tcp |
| US | 172.67.169.123:443 | nechama-neuman.com | tcp |
| US | 8.8.8.8:53 | pdgpowersports.com | udp |
| TH | 203.170.129.119:443 | nitchaproperty.com | tcp |
| US | 8.8.8.8:53 | www.chisamusic.com | udp |
| US | 8.8.8.8:53 | peakvistatrips.com | udp |
| US | 75.98.174.27:443 | ngcadvertising.com | tcp |
| VN | 103.130.218.47:443 | nhaxethenguyen.com | tcp |
| US | 143.95.238.90:443 | www.omdistribucion.com | tcp |
| US | 34.125.57.24:443 | norestefoodbar.com | tcp |
| US | 172.67.199.236:443 | olinger-marine.com | tcp |
| US | 172.67.145.13:443 | newsiplcricket.com | tcp |
| BR | 154.49.247.171:443 | oficialsitebra.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 8.8.8.8:53 | personal-smart.com | udp |
| US | 8.8.8.8:53 | 112.173.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.71.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.202.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.28.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.123.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.198.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.151.100.149.in-addr.arpa | udp |
| FI | 65.21.238.170:443 | optimaxoficial.com | tcp |
| US | 172.67.131.31:443 | oreillysnearme.com | tcp |
| US | 141.193.213.10:443 | originalgrails.com | tcp |
| US | 104.21.32.38:80 | onlinesnapseed.com | tcp |
| US | 172.67.173.112:443 | www.chisamusic.com | tcp |
| IN | 154.41.233.113:443 | peakvistatrips.com | tcp |
| US | 104.21.93.21:443 | pandatoycenter.com | tcp |
| CA | 64.34.156.172:443 | www.palazzo-royale.com | tcp |
| DE | 199.247.17.135:443 | personal-smart.com | tcp |
| US | 8.8.8.8:53 | petra-schleier.com | udp |
| US | 8.8.8.8:53 | perthsportsuit.com | udp |
| US | 8.8.8.8:53 | phoneserviceyo.com | udp |
| US | 209.59.137.156:443 | pdgpowersports.com | tcp |
| US | 8.8.8.8:53 | www.navroopdhillon.com | udp |
| US | 8.8.8.8:53 | www.cortoformo.com | udp |
| US | 8.8.8.8:53 | 178.90.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.169.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.203.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.145.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.174.98.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.238.95.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.57.125.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.131.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.238.21.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.218.130.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.129.170.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.32.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | piposlotonline.com | udp |
| US | 8.8.8.8:53 | portelogistics.com | udp |
| US | 8.8.8.8:53 | portonamarillo.com | udp |
| US | 154.49.142.62:443 | phoneserviceyo.com | tcp |
| US | 8.8.8.8:53 | prconsultghana.com | udp |
| US | 104.21.32.166:443 | perthsportsuit.com | tcp |
| US | 104.21.13.235:443 | petra-schleier.com | tcp |
| FI | 95.217.5.229:443 | recaptcha.cloud | tcp |
| US | 8.8.8.8:53 | pro-roofinginc.com | udp |
| IN | 68.178.156.243:443 | prconsultghana.com | tcp |
| US | 8.8.8.8:53 | propertiesbygm.com | udp |
| US | 8.8.8.8:53 | publickgazette.com | udp |
| US | 8.8.8.8:53 | purehealthboss.com | udp |
| US | 8.8.8.8:53 | www.qualitareplica.com | udp |
| US | 8.8.8.8:53 | quangcaosukien.com | udp |
| US | 8.8.8.8:53 | queencontainer.com | udp |
| US | 8.8.8.8:53 | 21.93.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.156.34.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.17.247.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.137.59.209.in-addr.arpa | udp |
| DE | 199.247.17.135:80 | personal-smart.com | tcp |
| US | 143.95.84.35:80 | portonamarillo.com | tcp |
| US | 8.8.8.8:53 | quirkytechspot.com | udp |
| US | 8.8.8.8:53 | quinoadelights.com | udp |
| US | 8.8.8.8:53 | qunaibitrading.com | udp |
| US | 104.21.71.199:443 | www.cortoformo.com | tcp |
| US | 104.21.21.125:443 | www.navroopdhillon.com | tcp |
| US | 172.67.190.234:443 | piposlotonline.com | tcp |
| IN | 154.41.233.156:443 | portelogistics.com | tcp |
| US | 172.67.180.77:443 | purehealthboss.com | tcp |
| US | 172.67.179.191:443 | pro-roofinginc.com | tcp |
| US | 162.241.226.34:443 | publickgazette.com | tcp |
| US | 23.231.3.33:443 | propertiesbygm.com | tcp |
| US | 8.8.8.8:53 | www.rainbowelegant.com | udp |
| US | 8.8.8.8:53 | raodevprojects.com | udp |
| GB | 139.162.237.239:443 | verifymagically.com | tcp |
| LT | 46.17.175.229:443 | queencontainer.com | tcp |
| US | 142.171.138.19:443 | www.qualitareplica.com | tcp |
| US | 8.8.8.8:53 | 166.32.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.13.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.142.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.21.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.190.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raptorcontacts.com | udp |
| US | 8.8.8.8:53 | www.nechama-neuman.com | udp |
| FR | 91.234.195.40:443 | racineetsource.com | tcp |
| US | 149.100.151.21:443 | quirkytechspot.com | tcp |
| US | 162.241.216.17:443 | qunaibitrading.com | tcp |
| ES | 81.25.126.70:443 | quinoadelights.com | tcp |
| VN | 103.154.177.11:80 | quangcaosukien.com | tcp |
| US | 8.8.8.8:53 | rapturexgaming.com | udp |
| US | 8.8.8.8:53 | reaspecturself.com | udp |
| US | 199.231.93.236:443 | raodevprojects.com | tcp |
| US | 23.111.136.242:443 | www.rainbowelegant.com | tcp |
| US | 104.21.71.49:443 | www.nechama-neuman.com | tcp |
| IN | 49.50.111.55:443 | raptorcontacts.com | tcp |
| US | 8.8.8.8:53 | rechtsdokument.com | udp |
| US | 8.8.8.8:53 | refinadabeleza.com | udp |
| US | 8.8.8.8:53 | remotejobscity.com | udp |
| US | 8.8.8.8:53 | reformasmicasa.com | udp |
| US | 8.8.8.8:53 | www.replikauhrende.com | udp |
| US | 162.241.218.184:443 | reaspecturself.com | tcp |
| US | 8.8.8.8:53 | 77.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.179.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.84.95.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.226.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.175.17.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.126.25.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.138.171.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.216.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.93.231.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.177.154.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.136.111.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.111.50.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rhtrainingclub.com | udp |
| AU | 103.212.226.233:80 | rapturexgaming.com | tcp |
| US | 8.8.8.8:53 | ripenedamerica.com | udp |
| US | 8.8.8.8:53 | rolineswatches.com | udp |
| US | 8.8.8.8:53 | ronnycastelain.com | udp |
| US | 104.21.83.88:443 | rechtsdokument.com | tcp |
| US | 8.8.8.8:53 | romeoundjuliet.com | udp |
| US | 172.67.130.94:443 | www.replikauhrende.com | tcp |
| US | 8.8.8.8:53 | roselynetanguy.com | udp |
| US | 8.8.8.8:53 | saburateknikac.com | udp |
| US | 8.8.8.8:53 | sailmaststudio.com | udp |
| US | 8.8.8.8:53 | sadrainsurance.com | udp |
| US | 162.241.24.71:443 | remotejobscity.com | tcp |
| US | 8.8.8.8:53 | saleofproducts.com | udp |
| US | 8.8.8.8:53 | sandrinecoulon.com | udp |
| US | 8.8.8.8:53 | saludosdiarios.com | udp |
| US | 8.8.8.8:53 | sanskritibooks.com | udp |
| US | 8.8.8.8:53 | sartipilawfirm.com | udp |
| US | 8.8.8.8:53 | sarvamhomecare.com | udp |
| US | 8.8.8.8:53 | saudemulherfit.com | udp |
| US | 8.8.8.8:53 | www.savantshopping.com | udp |
| US | 8.8.8.8:53 | sayarlarinsaat.com | udp |
| US | 8.8.8.8:53 | 184.218.241.162.in-addr.arpa | udp |
| US | 162.241.2.49:443 | refinadabeleza.com | tcp |
| US | 45.138.107.40:443 | rhtrainingclub.com | tcp |
| US | 8.8.8.8:53 | scripts-buying.com | udp |
| US | 8.8.8.8:53 | searocketmedia.com | udp |
| US | 8.8.8.8:53 | selfcomplexity.com | udp |
| US | 172.67.191.87:443 | sandrinecoulon.com | tcp |
| BR | 35.247.239.165:443 | saludosdiarios.com | tcp |
| US | 8.8.8.8:53 | servicestraded.com | udp |
| US | 8.8.8.8:53 | sewantmushroom.com | udp |
| ES | 82.194.68.89:443 | reformasmicasa.com | tcp |
| US | 172.67.202.23:443 | sartipilawfirm.com | tcp |
| US | 8.8.8.8:53 | sheorantourism.com | udp |
| US | 8.8.8.8:53 | sharenewsindia.com | udp |
| US | 185.28.21.81:443 | sadrainsurance.com | tcp |
| US | 34.71.139.72:443 | sailmaststudio.com | tcp |
| US | 8.8.8.8:53 | shinehairstyle.com | udp |
| US | 8.8.8.8:53 | shineunmatched.com | udp |
| US | 104.21.86.235:443 | roselynetanguy.com | tcp |
| CA | 51.161.122.78:443 | roulette-elite.com | tcp |
| IN | 154.41.233.159:443 | sanskritibooks.com | tcp |
| US | 50.116.87.223:443 | saudemulherfit.com | tcp |
| US | 162.241.203.80:443 | saleofproducts.com | tcp |
| IN | 89.117.157.192:443 | sarvamhomecare.com | tcp |
| US | 208.97.150.60:443 | ripenedamerica.com | tcp |
| US | 67.205.15.4:443 | rolineswatches.com | tcp |
| TR | 213.238.168.220:443 | sayarlarinsaat.com | tcp |
| US | 104.21.57.189:443 | ronnycastelain.com | tcp |
| IN | 154.41.233.120:443 | scripts-buying.com | tcp |
| US | 8.8.8.8:53 | 88.83.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.130.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.226.212.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shinichiconsul.com | udp |
| US | 8.8.8.8:53 | www.shoppingvistar.com | udp |
| US | 8.8.8.8:53 | shopwithayesha.com | udp |
| US | 173.236.172.149:443 | www.savantshopping.com | tcp |
| CH | 149.126.4.119:80 | selfcomplexity.com | tcp |
| US | 8.8.8.8:53 | showtimerecaps.com | udp |
| US | 8.8.8.8:53 | sleepgoodguide.com | udp |
| IN | 154.41.233.152:443 | sharenewsindia.com | tcp |
| NL | 160.153.138.203:443 | shineunmatched.com | tcp |
| US | 8.8.8.8:53 | slotonlinepoke.com | udp |
| US | 149.100.151.36:443 | sheorantourism.com | tcp |
| US | 160.153.0.160:443 | searocketmedia.com | tcp |
| US | 8.8.8.8:53 | skyloftadvisor.com | udp |
| US | 8.8.8.8:53 | slotonlinexbit.com | udp |
| US | 82.180.172.197:443 | sewantmushroom.com | tcp |
| US | 8.8.8.8:53 | 49.2.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.191.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.86.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.68.194.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.57.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.122.161.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.21.28.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.87.116.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.139.71.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.15.205.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.150.97.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.168.238.213.in-addr.arpa | udp |
| JP | 54.168.135.96:443 | shinichiconsul.com | tcp |
| US | 8.8.8.8:53 | 80.203.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.157.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.239.247.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.233.41.154.in-addr.arpa | udp |
| DE | 185.185.83.24:443 | shinehairstyle.com | tcp |
| US | 8.8.8.8:53 | smartdronezone.com | udp |
| NL | 162.0.217.92:443 | shopwithayesha.com | tcp |
| US | 50.87.217.13:443 | servicestraded.com | tcp |
| US | 173.236.169.61:443 | www.shoppingvistar.com | tcp |
| US | 8.8.8.8:53 | www.petra-schleier.com | udp |
| US | 8.8.8.8:53 | smartcampervan.com | udp |
| US | 8.8.8.8:53 | soakinginprovo.com | udp |
| US | 149.100.151.229:443 | skyloftadvisor.com | tcp |
Files
memory/4468-1-0x0000000002DD0000-0x0000000002ED0000-memory.dmp
memory/4468-2-0x0000000004A80000-0x0000000004A8B000-memory.dmp
memory/4468-3-0x0000000000400000-0x0000000002D3E000-memory.dmp
memory/3440-4-0x0000000001E40000-0x0000000001E56000-memory.dmp
memory/4468-5-0x0000000000400000-0x0000000002D3E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\B98C.exe
| MD5 | f429714dc196a1ae2130f1996b4e2eaa |
| SHA1 | 2566af9b0eb1c3dc5d027de8491b124c230417ce |
| SHA256 | 684ec7eada428e6471fce207cbf42dade6cb9766e239c3fdbfb2a50d3332d3b0 |
| SHA512 | 21c87428593f3111f82610ea17a4755687e69c035ad14fc0b5e7da8d0d6c4fb8d59a71e28f70e66a7b93a38c937a9fbf9ecc68b985c41847b3fe9e33a7e27efc |
C:\Users\Admin\AppData\Local\Temp\B98C.exe
| MD5 | 48f0af43491eed7f840310fb65553692 |
| SHA1 | 99cba5c46a82516babb15dd53c9d8758ff9f3565 |
| SHA256 | c15a9e548052d6b547c165e8aae85580100c146c64398294aa8505ced9aec3bc |
| SHA512 | b81343c6e14cc8380150562714a31cb836da9896dcef00d08ec2111a90b8bbd95f68cb3402d5ea6a63698bec472edb0b3d4b4d9f1ac8d73b31ed72dbfd40ec97 |
memory/3116-16-0x0000000004CA0000-0x0000000004E61000-memory.dmp
memory/3116-17-0x0000000004E70000-0x0000000005027000-memory.dmp
memory/396-18-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\B98C.exe
| MD5 | 147f5f5bbc80b2ad753993e15f3f32c2 |
| SHA1 | 16d73b4abeef12cf76414338901eb7bbef46775f |
| SHA256 | 40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990 |
| SHA512 | 9c43aaa68161ef04c60e3f64c3fd54426dfd387f0013f009f3da94d45f19e514cd41de7b95865c47f55e5800222fd74736659138bb96406aa37f9cdc8e5799b6 |
memory/396-20-0x0000000000400000-0x0000000000848000-memory.dmp
memory/396-21-0x0000000000400000-0x0000000000848000-memory.dmp
memory/396-22-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BEAD.dll
| MD5 | b66379323022a073f1f7cdefed747401 |
| SHA1 | 14cfd615676b85960154df8273ca841f4a0e268b |
| SHA256 | 19a75f92a288042be52f1d38976909a22f81e92d22b69b6ab2f1f4d5856448db |
| SHA512 | 94b8dbe483f2f624723b831186bfcabc52eb74b8293f7acc4e3152ccdaef86885e2fb89453b91a78493795c99edc96e47dbbd489f92aec4cb30c21c064eb052b |
memory/396-25-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BEAD.dll
| MD5 | 26549a8766dbb7ec1e64503f0d80daeb |
| SHA1 | 45d6c219fdf7bd49f2fdd717bd2fe107272bd077 |
| SHA256 | 7d3760341cdf5dde2275cd545536336ea238028685aa368e859cda731d40984b |
| SHA512 | 0408bd1a3ceff935d063ad2d95c42d04822547f9e01e2a738108c8dc570173e7e59ce9c5a30c483cf812f82ebeaa4829a3fa55ccb4522e0d171aeb63db3fb3fc |
memory/2644-27-0x0000000000E40000-0x0000000000E46000-memory.dmp
memory/396-29-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2644-28-0x0000000010000000-0x000000001020C000-memory.dmp
memory/396-33-0x0000000000AE0000-0x0000000000AE6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CC5A.exe
| MD5 | f024b5c63f0be482106d561d9b0fcbf4 |
| SHA1 | 0273c450a41bf8df49eaae756fefc23d86c73d6d |
| SHA256 | e3345c4b6ffad6e8a7ad15b664d80bcda9c26cba46e1c30312eb6ee748464c8a |
| SHA512 | 4610e2a371cc39cf48835723a3320fe61bcc9ffa62973f3c22291cc9555cc531372a074c249b28ad933b60e8e638cdb19bf6ac44d8e578d9ee4f8e3400c680d0 |
C:\Users\Admin\AppData\Local\Temp\CC5A.exe
| MD5 | c2e793eade61c168412f8f2427721fe2 |
| SHA1 | 4473667cf6f5d77c9af242202b09774273951b7b |
| SHA256 | 9694672695c4168ad97cc476ec7e44fd75d8e4d0546c6f970945e342efe5eea0 |
| SHA512 | 1ce6b3d299f67def8e302226cbcba12183c2d7c3b46686d0c8cd45414de2fe71bde8457be12067fa7301495e0f318ed5a0f8ced9666e7e270d56296fc6f7af46 |
memory/2732-44-0x00000000015F0000-0x00000000015F1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\D0C0.exe
| MD5 | e6dd149f484e5dd78f545b026f4a1691 |
| SHA1 | 3ea5d0fb2de5bfad3dc6dc1744708ccd31102df6 |
| SHA256 | 11243641663323721ba21494a394de70ae70d4ea23c23f2e2a397fcc3cfea1a7 |
| SHA512 | 0defb358d59221c56731745a25250dfea49ecbb411f11f31a92ec20fa2123646f4aaf9fd4999898c39e4674f616bc1bed7ef2368b61a29d595dc7b9340dd058b |
memory/2732-45-0x0000000000CC0000-0x000000000156F000-memory.dmp
memory/1728-47-0x00000000030C0000-0x00000000031C0000-memory.dmp
memory/2732-46-0x0000000000CC0000-0x000000000156F000-memory.dmp
memory/1728-49-0x0000000002FF0000-0x000000000305B000-memory.dmp
memory/1728-48-0x0000000000400000-0x0000000002D8C000-memory.dmp
memory/2732-51-0x0000000000400000-0x0000000002D8C000-memory.dmp
memory/2732-52-0x0000000001A10000-0x0000000001A11000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E2C3.exe
| MD5 | 79b1c5df98d3810ec21749780349ffcf |
| SHA1 | 3cc7f65d34f769f69fb980cce070238911fbb886 |
| SHA256 | bd3facb8ea2d3515a83054f88dfa3588f47236e3773f5cb720c9cbf2e0e429de |
| SHA512 | 68c57dc48582ceb0bed781fbf91440694232be6d5e8ca24886dca13daffa1ef13663e56c18298c4a77e1d84903c251508ca7cae31b6ef94a2b45e814ab99b55e |
C:\Users\Admin\AppData\Local\Temp\E2C3.exe
| MD5 | aab7f7d28c9bef614cc2e65d139eaaf4 |
| SHA1 | 84138c677df38c85972fe71f9bd486f511a4c3b4 |
| SHA256 | 36ae09029b49edd53313b205d399e2b9848c63870edfbb2bf975e09329337985 |
| SHA512 | 3e47415b48b4db38b12611efe5a37559827deb246059119f87f48678825537639160ee3fd8e0acc16249fbad2c46a113b38b8ee3d7b6f3b3b132c754846259a6 |
memory/3604-59-0x0000000000B80000-0x0000000001436000-memory.dmp
memory/3604-60-0x00000000737D0000-0x0000000073F80000-memory.dmp
memory/396-63-0x0000000002E50000-0x0000000002F8C000-memory.dmp
memory/2644-64-0x0000000002CE0000-0x0000000002E1C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | f30b31cd985bb3b4c2dced17df5ed9fb |
| SHA1 | 94a2218267ddd03b538636ace0593e38f52c9b5a |
| SHA256 | b650d35b4c45c0ae9ff9a10df74e5d3c724a8e693a05706e61e798805a731645 |
| SHA512 | 648ae868eaf7473a7922796d1e1572df192a81dc7ee38c6ca17b3ca8c81dc6af7b3539564fce58ba8c220a3154618e45dfb79640a96a14c56a51123a339b2213 |
C:\Users\Admin\AppData\Local\Temp\EF66.exe
| MD5 | 3893d9674f9791363d8f92edae4427a7 |
| SHA1 | 93603d9de7c259c8437f320f032ba171be67e200 |
| SHA256 | ad3a5d32351e9b26a5206751e45f27bf4def2890008e573dce58c4e9791fdcce |
| SHA512 | 9918357b96ea5af2ec3f056c0d7c41a025558fba88d6ada2ade153dc5b944670acdcc0e1abc76e52d9a9186abd15345519802f605473bf4fb59c81f972a3a6d6 |
memory/396-79-0x0000000002F90000-0x00000000030AB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | fb8129e365391576bb219e9c32633d1e |
| SHA1 | 8bea7c52cfb0921c24446e00351d19c8a9cb8484 |
| SHA256 | 9e73f75e4b618189e5624f02c4cc5dfb810600181434ede34815a645cc4b24b1 |
| SHA512 | 941ab808da324d78f3aeef63e274994ff50d8d4270315fe9f3a4029ce86efe372c28b6ab6d39accb61f03eab27ae432fc11155d2dc2f74fe0fb621675016c93f |
memory/408-85-0x0000000002FB0000-0x0000000002FBB000-memory.dmp
memory/396-93-0x0000000002F90000-0x00000000030AB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
| MD5 | b45b646c5c3131dbbb69c15d98255ab1 |
| SHA1 | 391cb13c4a7d43b683444f6c3a87305de5004a37 |
| SHA256 | e107f6f456b4f9c1138e7e0f1c7d4b88db97f62cb5e624da3e574d59681dd7a1 |
| SHA512 | 13edee5cc6e7a05339aeb9ac4c91f7c787ba887192523f977a4eaac61aeecaccad01791ebee78ddf51196563397a3d52b064af0c897c241e6caf0466c9b7f479 |
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | e57b67d14aa175312da3f5a69294668e |
| SHA1 | 01618135f1a7177023c59fd8d1fed58e03c59945 |
| SHA256 | 170a9e9bf03a35b9d62cc43bcd485ca87482e0dab5ce1a6eaa1a38c0f73425da |
| SHA512 | 0fdcc9b5a2018c67c2cb7019e8684f9f44d5af83d36cde827d38c1fc35def799af6a056d0bf023a6f164f7b87a281cb7816c433221e3068357e7d65e96b4f299 |
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | 02df76a7b45d874395b4274c2e5b7b1f |
| SHA1 | 1b8d7060e9fa5204fa74efeb4192a168b778e9ca |
| SHA256 | 2f84a4b95126d6047929174a1d44106d9d4f62ba23c77e10218f79eca126d7a9 |
| SHA512 | 5675e3895878a8b558aa4a31e06ea9858ece0dde7eca67d7e80033a96571786790ddaa0a53859f84222eb87e6eaa451245e41b31b8b66ab946a50072d6ab249e |
memory/2644-105-0x0000000002E20000-0x0000000002F3B000-memory.dmp
memory/2644-114-0x0000000002E20000-0x0000000002F3B000-memory.dmp
memory/3604-111-0x00000000737D0000-0x0000000073F80000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
| MD5 | 7c09db9c2dacb9e2f18b225f9f204f7a |
| SHA1 | 8b2e2227f02371994fb1a5d3839568a713fa7600 |
| SHA256 | 2f0d802802e13e5208a8adf47fb03f66e2ba0625396220a2f6af920bd0fc6674 |
| SHA512 | ee6eb0cc2ccc30ebcb3a7b70e2bdbbbbaf17d8745576cc1eb5d80744118ac484e42eb202ff4b8c8a59aa380e95b2d5b09d1754d26c3d72bfb0c6f8ef4f85830b |
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | d36d5fcf6f7e6c67304fed7123a7f816 |
| SHA1 | e8fd7e15c0e589532c8c2f908f68db1c39b326c5 |
| SHA256 | 1a50d506c0ff940abf59a98a627d7be435a0cdd2f5beb9271a3c5a362ed76657 |
| SHA512 | 39927f760d26def097777f2db9f4267ea226f5c36ad96073572be241293975ccaade37b7d491b4894b748fcc2827a5e1152dfb7bef33eec9bc6b992ae00a02fa |
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
| MD5 | f75b9beec810c7d22ac06871935465cc |
| SHA1 | 02a949c1e44035114022079454555c9c145bf8fb |
| SHA256 | edbe5331590b5dd47a67f9546820b96f3f2b4590cd4444ec6e6185762c6a2182 |
| SHA512 | e2e8b13f7e69d46fd1d3a08e08ef0bf661dc690df37583ea653321ac05ccc717a716ec9ac1670e574a87e70c8096bce538b976d7fbb4af9f46cf5c1ad598a37c |
memory/408-80-0x0000000003050000-0x0000000003150000-memory.dmp
memory/1332-123-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsvF936.tmp\INetC.dll
| MD5 | 40d7eca32b2f4d29db98715dd45bfac5 |
| SHA1 | 124df3f617f562e46095776454e1c0c7bb791cc7 |
| SHA256 | 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9 |
| SHA512 | 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d |
C:\Users\Admin\AppData\Local\Temp\F860.exe
| MD5 | fe66dc5193082866daa3218bfc17e03e |
| SHA1 | 679fadc0836c53935a31c57610de66507e54cef6 |
| SHA256 | 415126f846f34d62f5e5e52c0439d130115360465e601c0a989143a8cc151e18 |
| SHA512 | eab939095c5b08a3ddbd73f640abc97b1c1ea9454d57113cfa3d39904d1fd33fe7b681407ad7ab8fadefeee836988115a48960eb44286acaeace3247f3a28cde |
C:\Users\Admin\AppData\Local\Temp\F860.exe
| MD5 | d15ce5a5cd29ede149385fcaa52326f9 |
| SHA1 | 65eb7a808da310db5f90ee98212c2c73dfc25a2a |
| SHA256 | 0b526714203552492e5a8b1f85529ad849c0018df153a82e9ef435f93b5c5317 |
| SHA512 | c12755280279c907552dfc2156158dbe1cd39fa8acaf92c9b21341c9f49c5c59b6ac8c82a9fcccd9c8384d353958770b3deb47ae91cfba4d446fba617c6b97b1 |
memory/408-115-0x0000000000400000-0x0000000002D3E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 0f68106658c054bde5c705e5b1f000e6 |
| SHA1 | 5cc1bb15c4dfd5ad0630ae0ae9ac2286f3050102 |
| SHA256 | 58d6747e01ef0fce7a9a53341707556e91276314acbae7f6228d782291686b3c |
| SHA512 | 30bbfc56175b7245acb175f85fc5023b497bb0ed26e6ccf6a585b408044b6adc8d165e1b6e797f1de1e5dd33806c14c9e3d5d818f5455ea0d7a2c381c269e59e |
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
| MD5 | c66156682cd08ea200547907b7e5e1ea |
| SHA1 | f6778e34905907b10fe0788e3ddd5e1766a7a205 |
| SHA256 | d1605c5bec82ffd54eeff6adfe5c1a700e4633232d27e903655adeadddab2347 |
| SHA512 | 1a3da2b1c45a1a1a698c55a1dd09e1c88e174e13b7ed40dbda41f6a69077d613b7758f380dd28f29ebd9a41bc95e13e13c6fecc49c61d120e6671a4ff7fd4e3d |
C:\Users\Admin\AppData\Local\Temp\is-GNFNH.tmp\F860.tmp
| MD5 | 2cdc1f1b74fdf3435106fc715a9a28f8 |
| SHA1 | aa65f3c6a6c9aee4183b9b17d0b3eb8c47c531b3 |
| SHA256 | f8baa0389f932a1c3999c756d6d860d13d1f343989963b5a620ba2f82c116e04 |
| SHA512 | 1e98aafc80ec47556175b634c2e1a6ee64b1cd59f631ea658619402fb111076c12e6ce49dd139f5ca93785c16411ec8e7581431edb819f8884dfc15aa5ff6640 |
C:\Users\Admin\AppData\Local\Temp\is-GNFNH.tmp\F860.tmp
| MD5 | 539c3889efe7287cfac6602816434284 |
| SHA1 | c9ad3c6c9b4a92c65516408bebbde2b2d863b26e |
| SHA256 | 24f67a53989646e6ca6be9342b05cab88604328d2cb799075b4d32b053a88c12 |
| SHA512 | 033f1c22ebc388b18ebc95f008cd916693c1a18a13b728b7c6c252d4e8cd9da1cb1f14ba01672713c65fb03888e93fe3b2d64e3a984174f9fc21bc7b2153b56a |
C:\Users\Admin\AppData\Local\Temp\FE2D.exe
| MD5 | df2076b7ede154d455fdd1035115de54 |
| SHA1 | 62df9325ff2fce5e5a2cf121e84065221a513d77 |
| SHA256 | 0730675048e9e0a97e9ad20f73712d7e3ba6ed114a7cdfbf8b50075656c4395c |
| SHA512 | 5f55d313b2451f14f101d7383e03cdc3a9b36a9f6487a7c164def8018b76983e6fe74288f4457a2f4273d117f1a10a886409f713173bb1f791e86205caf80430 |
C:\Users\Admin\AppData\Local\Temp\is-6I7LC.tmp\_isetup\_isdecmp.dll
| MD5 | a813d18268affd4763dde940246dc7e5 |
| SHA1 | c7366e1fd925c17cc6068001bd38eaef5b42852f |
| SHA256 | e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64 |
| SHA512 | b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4 |
C:\Users\Admin\AppData\Local\Temp\is-6I7LC.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
memory/396-155-0x0000000002F90000-0x00000000030AB000-memory.dmp
C:\Users\Admin\AppData\Local\DVD Slow\dvdslow.exe
| MD5 | c2fd2b3871f260fb181b590de8d07c81 |
| SHA1 | 869269b2fb358ce1d0c276c643d289561cf3693a |
| SHA256 | 7dd4f9d2631b87895d1cc0f8499bff9dc230f7f319de12a21e0d23ae42ebaa93 |
| SHA512 | 106baba651ac09a7c0cbeaf780ea9ec4f24dc958dc544e8bfc836c026832406310a76b9daec23a377088e0a721f7025a63aeaedd96d5de8269b73aebf00db200 |
memory/3440-154-0x0000000002510000-0x0000000002526000-memory.dmp
memory/3972-203-0x0000000000400000-0x000000000076F000-memory.dmp
memory/2732-199-0x0000000000CC0000-0x000000000156F000-memory.dmp
memory/2420-152-0x0000000002F50000-0x0000000003050000-memory.dmp
memory/2728-137-0x0000000002460000-0x0000000002461000-memory.dmp
memory/1728-126-0x0000000000400000-0x0000000002D8C000-memory.dmp
C:\ProgramData\PowerGo 65.0 Build 2191 Essential\PowerGo 65.0 Build 2191 Essential.exe
| MD5 | ec1396125cdd5bcbdd91c441b7e520ed |
| SHA1 | c2524cc2742692538cbcd9b695b64f51b4cc58c8 |
| SHA256 | d1c0c54b056959bae44e6476f8251dc980554a608c853ce70a8f317bb1ae6f13 |
| SHA512 | 497ca4e000aae3d2937c765d3c1325a572faa338af7ffac40a307b313b8ebb4e37408295cbd9d123a1d22ccccf3574c59326411e946f641ac75a0974facafb7d |
memory/408-188-0x0000000000400000-0x0000000002D3E000-memory.dmp
C:\Users\Admin\AppData\Local\DVD Slow\dvdslow.exe
| MD5 | c4f292bf2814791ebec3f38ef1562624 |
| SHA1 | 5979028e6efcdadf934dd1ab4e4bcedc5c2ae08e |
| SHA256 | 2363e6cbdce4dc1d6a2d3a2657a93fe881079e6db29993697635676997bd6009 |
| SHA512 | a2da2c6ec67dff35df920ed1a292830a55891d1328b4f64ab42337c0dab4ddf635a7676f61e310b611ea9ea4ef796de950e1abb0f075b988f3aa2bb32f7477c7 |
memory/396-208-0x0000000000400000-0x0000000000848000-memory.dmp
memory/3972-207-0x0000000000400000-0x000000000076F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsxC51.tmp
| MD5 | 97ef014b840482b8f70f7b5c4c1d2fae |
| SHA1 | cea6ff48552f7ec509160179ffda28ab4f26da0f |
| SHA256 | f910b7e8832dde437c7556a4c61c1eee980261ab474753c149987aa7bc03306e |
| SHA512 | e434df5878ed44d9ca445b0b82f7c45531349426e5251ab6a75e34fe6c01181eddb2ec857c250f0bb946bad974043e6ab1e6b50bf7fc67fc3d818cb9e4ef185c |
memory/2264-227-0x0000000002F20000-0x0000000002F54000-memory.dmp
memory/5012-224-0x0000000000400000-0x000000000076F000-memory.dmp
memory/5012-223-0x0000000000400000-0x000000000076F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsxC51.tmp
| MD5 | 593c6bba2414d94e5e05d505074793dc |
| SHA1 | 1315c0ffbecf2e1eea0f5ac63adce7cc403ea9e8 |
| SHA256 | 44a0af487346e24e3a06361a917a81ec151ddb8b7a1c558294cfc283a35ce4ec |
| SHA512 | 6e9d0191723db1caf54f50d1ba249079f74c0b8cdb745fefb283a248279375248c6ddc27f70b1887678c5e5e22fc9a58cec1a613e758b3a96d2c72a5b7da5257 |
C:\Users\Admin\AppData\Local\DVD Slow\dvdslow.exe
| MD5 | 511046a3e2eaff557688393ab156326c |
| SHA1 | 1225f137eed53202a39e2e37e55b518735af2f68 |
| SHA256 | 4219c43aa76caf222e68412ac96548573463829c34d0b362d41676225c66c2ff |
| SHA512 | 5d87a2917974461bf592a289543c17a160946ca79058c85858a2eea6829ad41b4fee264d174d4ca4d642cf14e42fa540932129c486a13e844f7f2de4f505b294 |
memory/2420-153-0x0000000000400000-0x0000000002D8C000-memory.dmp
memory/2644-206-0x0000000002E20000-0x0000000002F3B000-memory.dmp
memory/2264-228-0x0000000000400000-0x0000000002D41000-memory.dmp
memory/1332-229-0x0000000000400000-0x0000000000414000-memory.dmp
memory/4552-230-0x0000000000610000-0x0000000000611000-memory.dmp
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
memory/1728-232-0x0000000000400000-0x0000000002D8C000-memory.dmp
memory/2728-233-0x0000000000400000-0x00000000008E2000-memory.dmp
memory/4552-235-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/2420-236-0x0000000000400000-0x0000000002D8C000-memory.dmp
memory/2264-237-0x0000000002F90000-0x0000000003090000-memory.dmp
memory/4592-238-0x00000000029A0000-0x0000000002DA0000-memory.dmp
memory/4592-239-0x0000000002DA0000-0x000000000368B000-memory.dmp
memory/396-240-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4592-241-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/2264-242-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\ProgramData\nss3.dll
| MD5 | 0607cd187509fdce22e54c74956ba431 |
| SHA1 | 7956ad9007dbba05873848d9ef9f05e577fac4b1 |
| SHA256 | cb1080b50baa8c439799306d9d90819ff45352ae91e0b8424b61a0b9c2935b4c |
| SHA512 | eb60024e98f1bc839dbdba1c46a9976edaa01755adf7d3dc3908257ce03689e815f710d73019bdbe76acc5b50f529481fdcb59aba9320bc52809166425d02c4a |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/2420-314-0x0000000000400000-0x0000000002D8C000-memory.dmp
memory/4500-324-0x0000000004DF0000-0x0000000004E26000-memory.dmp
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
memory/4500-326-0x0000000005530000-0x0000000005B58000-memory.dmp
memory/4500-330-0x00000000054F0000-0x0000000005512000-memory.dmp
memory/4500-334-0x0000000005CD0000-0x0000000005D36000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_u4phro4f.l4u.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4500-345-0x0000000005EB0000-0x0000000005F16000-memory.dmp
memory/4500-346-0x0000000005F20000-0x0000000006274000-memory.dmp
memory/4492-352-0x0000026A3DF50000-0x0000026A3DF72000-memory.dmp
memory/4500-365-0x0000000005130000-0x000000000514E000-memory.dmp
memory/4500-366-0x0000000006990000-0x00000000069DC000-memory.dmp
memory/396-367-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4500-368-0x00000000723B0000-0x0000000072B60000-memory.dmp
memory/4500-370-0x0000000004EF0000-0x0000000004F00000-memory.dmp
memory/4500-369-0x0000000004EF0000-0x0000000004F00000-memory.dmp
memory/4492-371-0x00007FFF52D60000-0x00007FFF53821000-memory.dmp
memory/4492-372-0x0000026A3DF40000-0x0000026A3DF50000-memory.dmp
memory/4500-374-0x00000000068C0000-0x0000000006904000-memory.dmp
memory/4492-375-0x0000026A3DF40000-0x0000026A3DF50000-memory.dmp
memory/4492-379-0x00007FFF52D60000-0x00007FFF53821000-memory.dmp
memory/4500-381-0x0000000004EF0000-0x0000000004F00000-memory.dmp
memory/1728-380-0x00000000030C0000-0x00000000031C0000-memory.dmp
memory/4500-382-0x00000000074F0000-0x0000000007566000-memory.dmp
memory/2264-383-0x0000000000400000-0x0000000002D41000-memory.dmp
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
| MD5 | 339ae084992f79f0aef36344dd4e6025 |
| SHA1 | 272bbe16c5503a75ae76c151a643b7847b602d19 |
| SHA256 | 017b139ec9dc6ae5b6f2ebc0d3da651eafc97935433287ecbb2c2bc0d89bead2 |
| SHA512 | baab07bf7255fbefe2e6d8e7da7ee6cab618832aa998fe536c429b08ecbbd857fcd48f7382fb6815e2e60b7c7ed8f2d97745f7d393e68bf1cf35c11d6aaed426 |
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
| MD5 | 1a1eec858fdd4da30285232b6066970c |
| SHA1 | 8a08a7bda607d5cfe2355364c89ec6f350c7379b |
| SHA256 | 08168b7a1400c408d4822eaf88db0530ca98d25cd8c844c37c47da3ecdd79113 |
| SHA512 | fd44b927f7159407b667d9b832c12a3476dadc2dac8dc5f810bc1d30cc55ae46264eecabfa1b1eda67c9b238131627d7e32ac3b534838b2b47c29fa0d907c1ec |
memory/4500-393-0x0000000007E20000-0x000000000849A000-memory.dmp
memory/4072-396-0x000002101C630000-0x000002101C640000-memory.dmp
memory/4072-395-0x00007FFF52D60000-0x00007FFF53821000-memory.dmp
memory/4500-394-0x00000000077A0000-0x00000000077BA000-memory.dmp
memory/4072-399-0x000002101C630000-0x000002101C640000-memory.dmp
memory/2728-400-0x0000000002460000-0x0000000002461000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | 3735ecbf90e19e9f6b7756221a55023c |
| SHA1 | 932e703fe169090989804529e41939f876f1a309 |
| SHA256 | ce44187d859672c8f89a33d7e07d0cdc7ffa969191131fc84e74c7b249f20603 |
| SHA512 | dcd3e7530e707623b63231353bc8aa2a63a015ac2c33b0d572e1e648cc377eea78c13cc8eaf0fa31303551601d6d278ab07e84715d7015329bc854e68d92baca |
memory/5012-416-0x0000000000400000-0x000000000076F000-memory.dmp
memory/4072-417-0x000002101C630000-0x000002101C640000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 89848a95cf00ff11f64f2f17b36cf096 |
| SHA1 | 0b457b1790674539c7c8309ef7ed1c9751fbfdbb |
| SHA256 | 8d585e24302b62dc845fa00622dc2486f2927a4307f780096cbf049bb7d4d4c9 |
| SHA512 | 8ccdb4cb7359c5b3c73621a7ff556432a412fe7b9b3cc998312f80f11de3b3c2321c2f200bf13d56fec0829512a9b8caa031d8ccae04ab47dd01af8192fc87ab |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | a17ddf61e72d3aaf1a9c40d049b3effb |
| SHA1 | bf2928c97189ec8f1b13af877ff58229017ca1f4 |
| SHA256 | d3159b621c03b528b64bed80f78e9ae4cf8a12204ee5abc1f2c243dd64d8ccef |
| SHA512 | 7cb3b94ec807855050027105117c5c203be96e7ac1620a95d3a200d62e6aa4ae1e4c66fcd1d8f00200b3953b54851dc6285207aafd13ea09f32b8cbc7914128e |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | 3d086a433708053f9bf9523e1d87a4e8 |
| SHA1 | b3ab5d4f282a4c8fe8c3005b8a557ed5a0e37f28 |
| SHA256 | 6f8fd1b8d9788ad54eaeee329232187e24b7b43393a01aeba2d6e9675231fb69 |
| SHA512 | 931ae42b4c68a4507ff2342332b08eb407050d47cf4176137ea022d0f6e513c689e998445a04c6d18d4877391705c586bfce0234632b898d41aaed0957996dfd |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | d1c11cac3b28abfe10df6b810be74a77 |
| SHA1 | caaec56a8e10bb133551fa053a0216a709959b6e |
| SHA256 | 523efbb3f7660ba189376e1c90a135d20cae4c4492b54100031b4e8f1a1367fa |
| SHA512 | 6d4955585d979bba2d7d2b0155a458abce6b8a60b419ed1109467dc9f60e810f1b727ef640e8f04220ac7733f57a119851e8799daa9a34b8f141c64dab4b7bb9 |
C:\Users\Admin\AppData\Roaming\ggbtwia
| MD5 | ee10bfcf63cd0ff3316ed52b392b4052 |
| SHA1 | 2debffd971013ccb07fe705c79c3aae14bc21037 |
| SHA256 | 744daaf2fadeaba15a63e9e1d04fe6ce88520a72145e790badb0aa15ced1d6eb |
| SHA512 | 4c2a2672e54df03bcb8e14c80585fa361b58cf17e7c54a55f430fdcb58b50413710a0c7f71b98e17c73b9ecc7ef65803566a96a4befc5c15bbdf83ca5b73b774 |
C:\Users\Admin\AppData\Roaming\ggbtwia
| MD5 | c725af162ad3190c0b65770fb08fbe23 |
| SHA1 | 521eae0390bef9140f9a6e896066515ca7a98c5d |
| SHA256 | 98c3d93eeb1c3139c530df4aa6270bb3df7c24148e71f195c929486136872eee |
| SHA512 | 6fe7edc75ee4d52ace5450a211362808a4c24a41ae67d1e74dabd3adc687349dba35743acc4cd96e37c1d2701f03c6511a1127773f0aeb480f7025556bb3e59e |