Analysis Overview
SHA256
6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23
Threat Level: Known bad
The file 6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23 was found to be: Known bad.
Malicious Activity Summary
Glupteba
Pitou
Lumma Stealer
SmokeLoader
Glupteba payload
DcRat
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
Modifies Windows Firewall
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
Executes dropped EXE
Reads data files stored by FTP clients
Unexpected DNS network traffic destination
Deletes itself
Adds Run key to start application
Checks installed software on the system
Writes to the Master Boot Record (MBR)
Legitimate hosting services abused for malware hosting/C2
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Drops file in System32 directory
Launches sc.exe
Checks for VirtualBox DLLs, possible anti-VM trick
Unsigned PE
Enumerates physical storage devices
Program crash
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Creates scheduled task(s)
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Modifies data under HKEY_USERS
Checks SCSI registry key(s)
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-27 04:49
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-27 04:49
Reported
2024-02-27 04:54
Platform
win7-20240221-en
Max time kernel
69s
Max time network
302s
Command Line
Signatures
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Pitou
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Creates new service(s)
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B7BB.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C68C.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C68C.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\D4DF.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E3FD.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-99NQJ.tmp\E3FD.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Mario CD-DVD Speed\cddvdspeed.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Mario CD-DVD Speed\cddvdspeed.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\icvigau | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\42A1.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C68C.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C68C.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E3FD.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-99NQJ.tmp\E3FD.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-99NQJ.tmp\E3FD.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-99NQJ.tmp\E3FD.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-99NQJ.tmp\E3FD.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-99NQJ.tmp\E3FD.tmp | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 91.211.247.248 | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\C68C.exe | N/A |
Checks installed software on the system
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\D4DF.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2440 set thread context of 2908 | N/A | C:\Users\Admin\AppData\Local\Temp\C68C.exe | C:\Users\Admin\AppData\Local\Temp\C68C.exe |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\B7BB.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\9860.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\icvigau | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\icvigau | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\icvigau | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\icvigau | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-99NQJ.tmp\E3FD.tmp | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe
"C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe"
C:\Users\Admin\AppData\Local\Temp\B7BB.exe
C:\Users\Admin\AppData\Local\Temp\B7BB.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 124
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\C0D0.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\C0D0.dll
C:\Users\Admin\AppData\Local\Temp\C68C.exe
C:\Users\Admin\AppData\Local\Temp\C68C.exe
C:\Users\Admin\AppData\Local\Temp\C68C.exe
C:\Users\Admin\AppData\Local\Temp\C68C.exe
C:\Users\Admin\AppData\Local\Temp\D4DF.exe
C:\Users\Admin\AppData\Local\Temp\D4DF.exe
C:\Users\Admin\AppData\Local\Temp\E3FD.exe
C:\Users\Admin\AppData\Local\Temp\E3FD.exe
C:\Users\Admin\AppData\Local\Temp\is-99NQJ.tmp\E3FD.tmp
"C:\Users\Admin\AppData\Local\Temp\is-99NQJ.tmp\E3FD.tmp" /SL5="$40170,2349102,54272,C:\Users\Admin\AppData\Local\Temp\E3FD.exe"
C:\Users\Admin\AppData\Local\Mario CD-DVD Speed\cddvdspeed.exe
"C:\Users\Admin\AppData\Local\Mario CD-DVD Speed\cddvdspeed.exe" -i
C:\Windows\system32\taskeng.exe
taskeng.exe {C42C46F7-B3F8-42BF-9688-54C58CCC7CB9} S-1-5-21-406356229-2805545415-1236085040-1000:IKJSPGIM\Admin:Interactive:[1]
C:\Users\Admin\AppData\Roaming\icvigau
C:\Users\Admin\AppData\Roaming\icvigau
C:\Users\Admin\AppData\Local\Mario CD-DVD Speed\cddvdspeed.exe
"C:\Users\Admin\AppData\Local\Mario CD-DVD Speed\cddvdspeed.exe" -s
C:\Users\Admin\AppData\Local\Temp\42A1.exe
C:\Users\Admin\AppData\Local\Temp\42A1.exe
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe"
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
"C:\Users\Admin\AppData\Local\Temp\FourthX.exe"
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\66F3.exe
C:\Users\Admin\AppData\Local\Temp\66F3.exe
C:\Users\Admin\AppData\Local\Temp\nso760C.tmp
C:\Users\Admin\AppData\Local\Temp\nso760C.tmp
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Users\Admin\AppData\Local\Temp\9860.exe
C:\Users\Admin\AppData\Local\Temp\9860.exe
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\system32\makecab.exe
"C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20240227045046.log C:\Windows\Logs\CBS\CbsPersist_20240227045046.cab
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 124
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "UTIXDCVF"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "UTIXDCVF" binpath= "C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe" start= "auto"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "UTIXDCVF"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| US | 8.8.8.8:53 | joly.bestsup.su | udp |
| US | 172.67.171.112:80 | joly.bestsup.su | tcp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| BE | 109.236.63.122:9001 | tcp | |
| DE | 173.249.63.227:9001 | tcp | |
| NL | 94.142.241.226:9443 | tcp | |
| NL | 45.66.33.45:443 | tcp | |
| N/A | 127.0.0.1:49348 | tcp | |
| US | 8.8.8.8:53 | trmpc.com | udp |
| ET | 196.188.169.138:80 | trmpc.com | tcp |
| DE | 185.220.101.22:30022 | tcp | |
| DE | 131.188.40.189:443 | tcp | |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| PL | 45.141.0.102:9001 | tcp | |
| MD | 185.216.68.40:9001 | tcp | |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| MD | 185.216.68.40:9001 | tcp | |
| PL | 45.141.0.102:9001 | tcp | |
| US | 8.8.8.8:53 | gamivo.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | pia.uade.edu.ar | udp |
| US | 8.8.8.8:53 | account.shareasale.com | udp |
| US | 8.8.8.8:53 | dinerofacil.gratis | udp |
| US | 8.8.8.8:53 | account.shareasale.com | udp |
| US | 8.8.8.8:53 | dinerofacil.gratis | udp |
| US | 8.8.8.8:53 | pia.uade.edu.ar | udp |
| US | 8.8.8.8:53 | pia.uade.edu.ar | udp |
| US | 8.8.8.8:53 | gamivo.com | udp |
| US | 8.8.8.8:53 | gamivo.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | nfp.fazenda.sp.gov.br | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 104.16.99.120:22 | account.shareasale.com | tcp |
| AR | 170.239.168.94:22 | pia.uade.edu.ar | tcp |
| AR | 170.239.168.94:443 | pia.uade.edu.ar | tcp |
| US | 199.59.243.225:22 | dinerofacil.gratis | tcp |
| US | 199.59.243.225:443 | dinerofacil.gratis | tcp |
| GB | 23.214.154.77:21 | steamcommunity.com | tcp |
| US | 104.18.29.25:21 | gamivo.com | tcp |
| US | 104.16.99.120:21 | account.shareasale.com | tcp |
| GB | 23.214.154.77:22 | steamcommunity.com | tcp |
| US | 104.18.28.25:22 | gamivo.com | tcp |
| US | 8.8.8.8:53 | cursosonline.mte-thomson.com.br | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | nfp.fazenda.sp.gov.br | udp |
| US | 8.8.8.8:53 | nfp.fazenda.sp.gov.br | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | us-smtp-inbound-1.mimecast.com | udp |
| US | 8.8.8.8:53 | cursosonline.mte-thomson.com.br | udp |
| US | 8.8.8.8:53 | cursosonline.mte-thomson.com.br | udp |
| US | 8.8.8.8:53 | www8.receita.fazenda.gov.br | udp |
| US | 104.16.99.120:443 | account.shareasale.com | tcp |
| US | 199.59.243.225:21 | dinerofacil.gratis | tcp |
| US | 104.16.100.120:22 | account.shareasale.com | tcp |
| BE | 64.233.167.84:22 | accounts.google.com | tcp |
| BE | 64.233.167.84:21 | accounts.google.com | tcp |
| US | 207.211.30.242:143 | us-smtp-inbound-1.mimecast.com | tcp |
| US | 199.59.243.225:143 | dinerofacil.gratis | tcp |
| US | 104.18.29.25:443 | gamivo.com | tcp |
| US | 8.8.8.8:53 | account.amwayglobal.com | udp |
| US | 8.8.8.8:53 | www8.receita.fazenda.gov.br | udp |
| US | 8.8.8.8:53 | lycee.cned.fr | udp |
| US | 8.8.8.8:53 | lycee.cned.fr | udp |
| US | 8.8.8.8:53 | account.amwayglobal.com | udp |
| US | 199.59.243.225:465 | dinerofacil.gratis | tcp |
| BR | 201.55.62.85:21 | nfp.fazenda.sp.gov.br | tcp |
| US | 104.18.28.25:21 | gamivo.com | tcp |
| BR | 189.9.84.33:22 | www8.receita.fazenda.gov.br | tcp |
| US | 8.8.8.8:53 | itch.io | udp |
| AR | 170.239.168.94:143 | pia.uade.edu.ar | tcp |
| GB | 23.214.154.77:80 | steamcommunity.com | tcp |
| US | 199.59.243.225:995 | dinerofacil.gratis | tcp |
| US | 198.58.96.72:22 | cursosonline.mte-thomson.com.br | tcp |
| US | 199.59.243.225:80 | dinerofacil.gratis | tcp |
| US | 207.211.30.242:465 | us-smtp-inbound-1.mimecast.com | tcp |
| AR | 170.239.168.94:21 | pia.uade.edu.ar | tcp |
| GB | 23.214.154.77:443 | steamcommunity.com | tcp |
| US | 104.16.99.120:143 | account.shareasale.com | tcp |
| BE | 64.233.167.27:143 | aspmx.l.google.com | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 104.16.99.120:80 | account.shareasale.com | tcp |
| US | 104.16.100.120:21 | account.shareasale.com | tcp |
| US | 104.18.29.25:22 | gamivo.com | tcp |
| BE | 64.233.167.27:995 | aspmx.l.google.com | tcp |
| BR | 201.55.62.85:22 | nfp.fazenda.sp.gov.br | tcp |
| BE | 64.233.167.27:465 | aspmx.l.google.com | tcp |
| US | 104.18.29.25:80 | gamivo.com | tcp |
| US | 104.16.99.120:465 | account.shareasale.com | tcp |
| AR | 170.239.168.94:80 | pia.uade.edu.ar | tcp |
| AR | 170.239.168.94:465 | pia.uade.edu.ar | tcp |
| US | 198.58.96.72:21 | cursosonline.mte-thomson.com.br | tcp |
| US | 104.16.99.120:995 | account.shareasale.com | tcp |
| US | 8.8.8.8:53 | itch.io | udp |
| US | 8.8.8.8:53 | ticketpago.pdv.mobi | udp |
| US | 8.8.8.8:53 | alt2.gmr-smtp-in.l.google.com | udp |
| US | 205.139.110.141:143 | us-smtp-inbound-1.mimecast.com | tcp |
| BR | 201.55.62.85:143 | nfp.fazenda.sp.gov.br | tcp |
| US | 104.16.100.120:143 | account.shareasale.com | tcp |
| AR | 170.239.168.94:995 | pia.uade.edu.ar | tcp |
| US | 199.59.243.225:80 | dinerofacil.gratis | tcp |
| US | 207.211.30.242:995 | us-smtp-inbound-1.mimecast.com | tcp |
| US | 104.16.100.120:465 | account.shareasale.com | tcp |
| BR | 201.55.62.85:443 | nfp.fazenda.sp.gov.br | tcp |
| US | 198.58.96.72:443 | cursosonline.mte-thomson.com.br | tcp |
| GB | 18.245.162.15:22 | account.amwayglobal.com | tcp |
| US | 205.139.110.141:465 | us-smtp-inbound-1.mimecast.com | tcp |
| US | 173.255.250.29:22 | itch.io | tcp |
| GB | 18.245.162.15:21 | account.amwayglobal.com | tcp |
| US | 104.16.100.120:995 | account.shareasale.com | tcp |
| BR | 201.55.62.85:465 | nfp.fazenda.sp.gov.br | tcp |
| NL | 142.251.9.14:143 | alt2.gmr-smtp-in.l.google.com | tcp |
| BR | 201.55.62.85:995 | nfp.fazenda.sp.gov.br | tcp |
| NL | 142.251.9.14:465 | alt2.gmr-smtp-in.l.google.com | tcp |
| BR | 189.9.84.33:21 | www8.receita.fazenda.gov.br | tcp |
| BR | 201.55.62.85:80 | nfp.fazenda.sp.gov.br | tcp |
| US | 8.8.8.8:53 | becasprogresar.educacion.gob.ar | udp |
| US | 8.8.8.8:53 | visualcx.co | udp |
| US | 8.8.8.8:53 | ticketpago.pdv.mobi | udp |
| US | 8.8.8.8:53 | www.gamivo.com | udp |
| US | 8.8.8.8:53 | becasprogresar.educacion.gob.ar | udp |
| US | 8.8.8.8:53 | inbound-smtp.us-east-1.amazonaws.com | udp |
| GB | 18.245.162.110:21 | account.amwayglobal.com | tcp |
| AR | 170.239.168.94:80 | pia.uade.edu.ar | tcp |
| US | 173.255.250.29:21 | itch.io | tcp |
| US | 8.8.8.8:53 | visualcx.co | udp |
| US | 8.8.8.8:53 | visualcx.co | udp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| US | 104.16.99.120:22 | account.shareasale.com | tcp |
| US | 199.59.243.225:22 | dinerofacil.gratis | tcp |
| US | 199.59.243.225:80 | dinerofacil.gratis | tcp |
| AR | 170.239.168.94:22 | pia.uade.edu.ar | tcp |
| US | 104.18.29.25:21 | www.gamivo.com | tcp |
| AR | 190.210.224.217:22 | becasprogresar.educacion.gob.ar | tcp |
| US | 198.58.96.72:465 | cursosonline.mte-thomson.com.br | tcp |
| US | 104.18.29.25:443 | www.gamivo.com | tcp |
| GB | 23.214.154.77:80 | steamcommunity.com | tcp |
| NL | 142.251.9.14:995 | alt2.gmr-smtp-in.l.google.com | tcp |
| US | 198.58.96.72:80 | cursosonline.mte-thomson.com.br | tcp |
| AR | 170.239.168.94:21 | pia.uade.edu.ar | tcp |
| GB | 23.214.154.77:443 | steamcommunity.com | tcp |
| US | 199.59.243.225:80 | dinerofacil.gratis | tcp |
| BR | 189.9.84.33:143 | www8.receita.fazenda.gov.br | tcp |
| AR | 190.210.224.217:21 | becasprogresar.educacion.gob.ar | tcp |
| BE | 64.233.167.84:22 | accounts.google.com | tcp |
| BR | 201.55.62.85:22 | nfp.fazenda.sp.gov.br | tcp |
| US | 104.16.99.120:443 | account.shareasale.com | tcp |
| US | 198.58.96.72:995 | cursosonline.mte-thomson.com.br | tcp |
| AR | 170.239.168.94:143 | pia.uade.edu.ar | tcp |
| US | 207.211.30.242:143 | us-smtp-inbound-1.mimecast.com | tcp |
| US | 35.193.73.176:21 | visualcx.co | tcp |
| BR | 189.9.84.33:22 | www8.receita.fazenda.gov.br | tcp |
| US | 173.255.250.29:22 | itch.io | tcp |
| BE | 64.233.167.84:21 | accounts.google.com | tcp |
| AR | 190.210.224.217:443 | becasprogresar.educacion.gob.ar | tcp |
| BE | 64.233.167.27:465 | aspmx.l.google.com | tcp |
| BE | 64.233.167.27:143 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | remotedesktop.google.com | udp |
| US | 8.8.8.8:53 | router.miwifi.com | udp |
| US | 8.8.8.8:53 | store.xcbcolombia.com | udp |
| US | 8.8.8.8:53 | mx.zoho.com | udp |
| US | 8.8.8.8:53 | ticketpago.pdv.mobi | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | router.miwifi.com | udp |
| US | 8.8.8.8:53 | remotedesktop.google.com | udp |
| US | 8.8.8.8:53 | wsodownloads.co | udp |
| US | 8.8.8.8:53 | store.xcbcolombia.com | udp |
| US | 8.8.8.8:53 | wsodownloads.co | udp |
| GB | 18.245.162.15:80 | account.amwayglobal.com | tcp |
| US | 173.255.250.29:80 | itch.io | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| AR | 170.239.168.94:443 | pia.uade.edu.ar | tcp |
| BR | 201.55.62.85:443 | nfp.fazenda.sp.gov.br | tcp |
| US | 104.18.29.25:443 | www.gamivo.com | tcp |
| BR | 189.9.84.33:80 | www8.receita.fazenda.gov.br | tcp |
| US | 198.58.96.72:443 | cursosonline.mte-thomson.com.br | tcp |
| US | 104.18.29.25:443 | www.gamivo.com | tcp |
| BR | 23.97.96.32:80 | ticketpago.pdv.mobi | tcp |
| US | 199.59.243.225:80 | dinerofacil.gratis | tcp |
| US | 8.8.8.8:53 | inbound-smtp.us-east-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | 20220501.infonavit.org.mx | udp |
| US | 8.8.8.8:53 | 20220501.infonavit.org.mx | udp |
| US | 8.8.8.8:53 | civ.uap.edu.pe | udp |
| GB | 23.214.154.77:80 | steamcommunity.com | tcp |
| AR | 190.210.224.217:80 | becasprogresar.educacion.gob.ar | tcp |
| US | 104.16.99.120:80 | account.shareasale.com | tcp |
| US | 35.193.73.176:80 | visualcx.co | tcp |
| AR | 170.239.168.94:443 | pia.uade.edu.ar | tcp |
| BR | 201.55.62.85:443 | nfp.fazenda.sp.gov.br | tcp |
| US | 8.8.8.8:53 | deesms.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | www6.agenciatributaria.gob.es | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | civ.uap.edu.pe | udp |
| US | 8.8.8.8:53 | ticketpago.pdv.mobi | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | civ.uap.edu.pe | udp |
| US | 8.8.8.8:53 | deesms.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | _dc-mx.88b91f7335fe.wsodownloads.co | udp |
| US | 8.8.8.8:53 | deesms.com | udp |
| US | 8.8.8.8:53 | deesms.com | udp |
| US | 8.8.8.8:53 | www6.agenciatributaria.gob.es | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| AR | 190.210.224.217:443 | becasprogresar.educacion.gob.ar | tcp |
| US | 199.59.243.225:80 | dinerofacil.gratis | tcp |
| US | 173.255.250.29:443 | itch.io | tcp |
| US | 198.58.96.72:80 | cursosonline.mte-thomson.com.br | tcp |
| GB | 23.214.154.77:443 | help.steampowered.com | tcp |
| US | 200.62.7.115:80 | store.xcbcolombia.com | tcp |
| GB | 172.217.16.238:80 | remotedesktop.google.com | tcp |
| GB | 23.214.154.77:80 | help.steampowered.com | tcp |
| AR | 170.239.168.94:80 | pia.uade.edu.ar | tcp |
| US | 35.193.73.176:443 | visualcx.co | tcp |
| GB | 18.245.162.15:443 | account.amwayglobal.com | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| BR | 189.9.84.33:443 | www8.receita.fazenda.gov.br | tcp |
| US | 172.67.223.7:80 | wsodownloads.co | tcp |
| BR | 23.97.96.32:80 | ticketpago.pdv.mobi | tcp |
| US | 200.62.7.115:80 | store.xcbcolombia.com | tcp |
| US | 104.16.99.120:443 | account.shareasale.com | tcp |
| PE | 209.45.49.23:80 | civ.uap.edu.pe | tcp |
| BR | 201.55.62.85:80 | nfp.fazenda.sp.gov.br | tcp |
| US | 8.8.8.8:53 | atendimentolivetim.tim.com.br | udp |
| US | 8.8.8.8:53 | flooks.com | udp |
| US | 8.8.8.8:53 | atendimentolivetim.tim.com.br | udp |
| US | 8.8.8.8:53 | flooks.com | udp |
| BR | 189.9.84.33:443 | www8.receita.fazenda.gov.br | tcp |
| US | 8.8.8.8:53 | mail.deesms.com | udp |
| US | 35.193.73.176:80 | visualcx.co | tcp |
| US | 8.8.8.8:53 | us-smtp-inbound-1.mimecast.com | udp |
| US | 104.18.29.25:80 | www.gamivo.com | tcp |
| AR | 190.210.224.217:443 | becasprogresar.educacion.gob.ar | tcp |
| US | 8.8.8.8:53 | ftp.nfp.fazenda.sp.gov.br | udp |
| US | 8.8.8.8:53 | ticketpago.pdv.mobi | udp |
| US | 8.8.8.8:53 | alt4.gmr-smtp-in.l.google.com | udp |
| US | 8.8.8.8:53 | secure.alpha.gr | udp |
| US | 8.8.8.8:53 | ftp.account.shareasale.com | udp |
| US | 8.8.8.8:53 | ftp.dinerofacil.gratis | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | ftp.accounts.google.com | udp |
| US | 8.8.8.8:53 | ftp.gamivo.com | udp |
| US | 8.8.8.8:53 | ftp.steamcommunity.com | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | secure.alpha.gr | udp |
| GB | 23.214.154.77:80 | help.steampowered.com | tcp |
| US | 199.59.243.225:80 | ftp.dinerofacil.gratis | tcp |
| US | 8.8.8.8:53 | ftp.pia.uade.edu.ar | udp |
| GB | 172.217.16.238:80 | remotedesktop.google.com | tcp |
| GB | 23.214.154.77:443 | help.steampowered.com | tcp |
| IE | 20.190.159.4:80 | login.microsoftonline.com | tcp |
| GB | 18.245.162.15:80 | account.amwayglobal.com | tcp |
| US | 172.67.223.7:80 | wsodownloads.co | tcp |
| US | 198.58.96.72:443 | cursosonline.mte-thomson.com.br | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 104.16.99.120:80 | account.shareasale.com | tcp |
| US | 104.18.29.25:443 | www.gamivo.com | tcp |
| US | 173.255.250.29:80 | itch.io | tcp |
| US | 200.62.7.115:80 | store.xcbcolombia.com | tcp |
| TH | 43.229.149.4:80 | mail.deesms.com | tcp |
| PE | 209.45.49.23:443 | civ.uap.edu.pe | tcp |
| ES | 195.77.198.20:80 | www6.agenciatributaria.gob.es | tcp |
| US | 35.193.73.176:80 | visualcx.co | tcp |
| GB | 23.214.154.77:80 | help.steampowered.com | tcp |
| BR | 189.9.84.33:80 | www8.receita.fazenda.gov.br | tcp |
| US | 8.8.8.8:53 | app.fnartes.gob.ar | udp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| AR | 190.210.224.217:80 | becasprogresar.educacion.gob.ar | tcp |
| US | 200.62.7.115:80 | store.xcbcolombia.com | tcp |
| BR | 23.97.96.32:80 | ticketpago.pdv.mobi | tcp |
| PE | 209.45.49.23:80 | civ.uap.edu.pe | tcp |
| AR | 170.239.168.94:443 | pia.uade.edu.ar | tcp |
| US | 8.8.8.8:53 | flooks-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | nexusregedit.com | udp |
| US | 8.8.8.8:53 | ftp.itch.io | udp |
| US | 8.8.8.8:53 | mail.nfp.fazenda.sp.gov.br | udp |
| US | 8.8.8.8:53 | moodle.bezalel.ac.il | udp |
| US | 8.8.8.8:53 | us04web.zoom.us | udp |
| US | 8.8.8.8:53 | ticketpago.pdv.mobi | udp |
| US | 8.8.8.8:53 | ftp.cursosonline.mte-thomson.com.br | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | alt1.gmr-smtp-in.l.google.com | udp |
| US | 8.8.8.8:53 | thebestofgifs.com | udp |
| US | 8.8.8.8:53 | coaching.dolphinchessacademy.com | udp |
| US | 8.8.8.8:53 | app.fnartes.gob.ar | udp |
| US | 8.8.8.8:53 | account.amwayglobal.com | udp |
| US | 8.8.8.8:53 | nexusregedit.com | udp |
| GB | 35.178.221.201:80 | flooks.com | tcp |
| GB | 23.214.154.77:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | us-smtp-inbound-2.mimecast.com | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | ftp.ticketpago.pdv.mobi | udp |
| US | 8.8.8.8:53 | mail.pia.uade.edu.ar | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | ftp.visualcx.co | udp |
| US | 8.8.8.8:53 | mail.cursosonline.mte-thomson.com.br | udp |
| US | 8.8.8.8:53 | mail.account.shareasale.com | udp |
| US | 8.8.8.8:53 | mail.dinerofacil.gratis | udp |
| US | 8.8.8.8:53 | ftp.www8.receita.fazenda.gov.br | udp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | secure.alpha.gr | udp |
| US | 8.8.8.8:53 | ftp.account.amwayglobal.com | udp |
| US | 8.8.8.8:53 | ftp.lycee.cned.fr | udp |
| US | 8.8.8.8:53 | moodle.bezalel.ac.il | udp |
| US | 8.8.8.8:53 | us04web.zoom.us | udp |
| US | 8.8.8.8:53 | moodle.bezalel.ac.il | udp |
| US | 8.8.8.8:53 | flooks-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | eureka.smurfitkappa.com.co | udp |
| US | 8.8.8.8:53 | wwwn.bradescoseguros.com.br | udp |
| US | 8.8.8.8:53 | thebestofgifs.com | udp |
| GB | 172.217.16.238:80 | remotedesktop.google.com | tcp |
| IE | 20.190.159.4:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | coaching.dolphinchessacademy.com | udp |
| US | 8.8.8.8:53 | eureka.smurfitkappa.com.co | udp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| GB | 23.214.154.77:80 | help.steampowered.com | tcp |
| GB | 18.245.162.15:443 | account.amwayglobal.com | tcp |
| US | 199.59.243.225:80 | mail.dinerofacil.gratis | tcp |
| US | 8.8.8.8:53 | login.gsis.gr | udp |
| US | 8.8.8.8:53 | wwwn.bradescoseguros.com.br | udp |
| ES | 195.77.198.20:80 | www6.agenciatributaria.gob.es | tcp |
| GB | 35.178.221.201:80 | flooks.com | tcp |
| US | 173.255.250.29:443 | ftp.itch.io | tcp |
| US | 172.67.223.7:80 | wsodownloads.co | tcp |
| US | 200.62.7.115:80 | store.xcbcolombia.com | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| US | 104.18.29.25:443 | www.gamivo.com | tcp |
| BR | 189.9.84.33:443 | www8.receita.fazenda.gov.br | tcp |
| US | 104.21.17.133:80 | app.fnartes.gob.ar | tcp |
| US | 35.193.73.176:80 | visualcx.co | tcp |
| BR | 23.97.96.32:80 | ftp.ticketpago.pdv.mobi | tcp |
| AR | 170.239.168.94:80 | pia.uade.edu.ar | tcp |
| AR | 190.210.224.217:443 | becasprogresar.educacion.gob.ar | tcp |
| GB | 23.214.154.77:80 | help.steampowered.com | tcp |
| TH | 43.229.149.4:80 | mail.deesms.com | tcp |
| GB | 23.214.154.77:443 | help.steampowered.com | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | flooks-com.mail.protection.outlook.com | udp |
| US | 198.58.96.72:80 | cursosonline.mte-thomson.com.br | tcp |
| PE | 209.45.49.23:80 | civ.uap.edu.pe | tcp |
| US | 35.193.73.176:443 | visualcx.co | tcp |
| BR | 189.40.216.96:80 | atendimentolivetim.tim.com.br | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| GB | 23.48.165.139:80 | secure.alpha.gr | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| GB | 23.214.154.77:80 | help.steampowered.com | tcp |
| BR | 201.55.62.85:443 | nfp.fazenda.sp.gov.br | tcp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| TH | 43.229.149.4:443 | mail.deesms.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | inbound-smtp.us-east-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | ssh.account.shareasale.com | udp |
| US | 8.8.8.8:53 | login.gsis.gr | udp |
| BR | 189.40.216.96:80 | atendimentolivetim.tim.com.br | tcp |
| US | 8.8.8.8:53 | secure.alpha.gr | udp |
| US | 8.8.8.8:53 | recoverygods.xyz | udp |
| US | 8.8.8.8:53 | grandclick.com | udp |
| US | 8.8.8.8:53 | ssh.itch.io | udp |
| US | 8.8.8.8:53 | ticketpago.pdv.mobi | udp |
| US | 8.8.8.8:53 | mail.becasprogresar.educacion.gob.ar | udp |
| US | 8.8.8.8:53 | mail.www8.receita.fazenda.gov.br | udp |
| US | 8.8.8.8:53 | recoverygods.xyz | udp |
| US | 8.8.8.8:53 | ftp.ticketpago.pdv.mobi | udp |
| US | 8.8.8.8:53 | ssh.nfp.fazenda.sp.gov.br | udp |
| US | 8.8.8.8:53 | ftp.remotedesktop.google.com | udp |
| US | 8.8.8.8:53 | thebestofgifs.com | udp |
| US | 8.8.8.8:53 | thebestofgifs.com | udp |
| US | 8.8.8.8:53 | thebestofgifs.com | udp |
| US | 8.8.8.8:53 | ssh.accounts.google.com | udp |
| US | 8.8.8.8:53 | mx2.zoho.com | udp |
| US | 8.8.8.8:53 | flooks-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ssh.steamcommunity.com | udp |
| US | 8.8.8.8:53 | mail.lycee.cned.fr | udp |
| US | 8.8.8.8:53 | ftp.wsodownloads.co | udp |
| US | 8.8.8.8:53 | mail.ticketpago.pdv.mobi | udp |
| US | 8.8.8.8:53 | ssh.gamivo.com | udp |
| US | 8.8.8.8:53 | ssh.dinerofacil.gratis | udp |
| US | 8.8.8.8:53 | ftp.store.xcbcolombia.com | udp |
| US | 8.8.8.8:53 | ftp.router.miwifi.com | udp |
| US | 8.8.8.8:53 | grandclick.com | udp |
| US | 8.8.8.8:53 | ssh.www8.receita.fazenda.gov.br | udp |
| US | 8.8.8.8:53 | servicos.coelba.com.br | udp |
| GB | 172.217.16.238:80 | remotedesktop.google.com | tcp |
| GB | 23.214.154.77:80 | steamcommunity.com | tcp |
| LT | 91.211.247.248:53 | aiapewy.ru | udp |
| US | 3.33.130.190:80 | nexusregedit.com | tcp |
| US | 8.8.8.8:53 | bestminer.net | udp |
| US | 8.8.8.8:53 | servicos.coelba.com.br | udp |
| US | 8.8.8.8:53 | bestminer.net | udp |
| GB | 18.245.162.15:80 | account.amwayglobal.com | tcp |
| US | 200.62.7.115:80 | store.xcbcolombia.com | tcp |
| AR | 190.210.224.217:80 | becasprogresar.educacion.gob.ar | tcp |
| IL | 129.159.136.43:80 | moodle.bezalel.ac.il | tcp |
| NL | 20.190.160.17:80 | login.microsoftonline.com | tcp |
| US | 172.67.223.7:80 | wsodownloads.co | tcp |
| US | 170.114.52.4:80 | us04web.zoom.us | tcp |
| US | 52.86.6.113:80 | thebestofgifs.com | tcp |
| US | 173.255.250.29:80 | ssh.itch.io | tcp |
| BR | 189.9.84.33:80 | www8.receita.fazenda.gov.br | tcp |
| US | 104.21.63.98:80 | coaching.dolphinchessacademy.com | tcp |
| US | 104.18.29.25:80 | www.gamivo.com | tcp |
| GB | 35.178.221.201:80 | flooks.com | tcp |
| US | 192.139.132.44:80 | eureka.smurfitkappa.com.co | tcp |
| US | 104.16.99.120:80 | account.shareasale.com | tcp |
| GB | 23.214.154.77:80 | steamcommunity.com | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| GB | 35.178.221.201:80 | flooks.com | tcp |
| TH | 43.229.149.4:80 | mail.deesms.com | tcp |
| US | 8.8.8.8:53 | wwwn.bradescoseguros.com.br | udp |
| BR | 23.97.96.32:80 | mail.ticketpago.pdv.mobi | tcp |
| GB | 23.214.154.77:443 | steamcommunity.com | tcp |
| US | 35.193.73.176:80 | visualcx.co | tcp |
| PE | 209.45.49.23:80 | civ.uap.edu.pe | tcp |
| BR | 189.40.216.96:80 | atendimentolivetim.tim.com.br | tcp |
| GB | 23.214.154.77:80 | steamcommunity.com | tcp |
| BR | 200.152.237.90:80 | wwwn.bradescoseguros.com.br | tcp |
| US | 8.8.8.8:53 | phcorner.net | udp |
| US | 8.8.8.8:53 | app.myloft.xyz | udp |
| US | 8.8.8.8:53 | flooks-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | app.mymaths.co.uk | udp |
| US | 8.8.8.8:53 | bestminer.net | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | ftp.20220501.infonavit.org.mx | udp |
| US | 8.8.8.8:53 | servicos.coelba.com.br | udp |
| US | 8.8.8.8:53 | us-smtp-inbound-2.mimecast.com | udp |
| US | 8.8.8.8:53 | account.amwayglobal.com | udp |
| US | 8.8.8.8:53 | ftp.becasprogresar.educacion.gob.ar | udp |
| US | 8.8.8.8:53 | mail.remotedesktop.google.com | udp |
| US | 8.8.8.8:53 | mail.store.xcbcolombia.com | udp |
| US | 8.8.8.8:53 | mail.20220501.infonavit.org.mx | udp |
| US | 8.8.8.8:53 | phcorner.net | udp |
| US | 8.8.8.8:53 | ticketpago.pdv.mobi | udp |
| US | 8.8.8.8:53 | dc-46020b65d2be.recoverygods.xyz | udp |
| US | 8.8.8.8:53 | ssh.becasprogresar.educacion.gob.ar | udp |
| US | 8.8.8.8:53 | app.myloft.xyz | udp |
| US | 8.8.8.8:53 | ftp.ticketpago.pdv.mobi | udp |
| US | 8.8.8.8:53 | thebestofgifs.com | udp |
| US | 8.8.8.8:53 | ftp.deesms.com | udp |
| US | 8.8.8.8:53 | thebestofgifs.com | udp |
| US | 8.8.8.8:53 | mail.visualcx.co | udp |
| US | 8.8.8.8:53 | ftp.help.steampowered.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | ssh.ticketpago.pdv.mobi | udp |
| US | 8.8.8.8:53 | ftp.www6.agenciatributaria.gob.es | udp |
| US | 8.8.8.8:53 | mail.ticketpago.pdv.mobi | udp |
| US | 8.8.8.8:53 | secure.alpha.gr | udp |
| US | 8.8.8.8:53 | ssh.account.amwayglobal.com | udp |
| US | 8.8.8.8:53 | ftp.civ.uap.edu.pe | udp |
| US | 8.8.8.8:53 | ssh.cursosonline.mte-thomson.com.br | udp |
| US | 8.8.8.8:53 | ssh.lycee.cned.fr | udp |
| US | 8.8.8.8:53 | ssh.visualcx.co | udp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 8.8.8.8:53 | ftp.login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | mxa.mailgun.org | udp |
| BR | 189.40.216.96:80 | atendimentolivetim.tim.com.br | tcp |
| US | 8.8.8.8:53 | mail.router.miwifi.com | udp |
| BR | 200.152.237.90:80 | wwwn.bradescoseguros.com.br | tcp |
| BR | 201.55.62.85:80 | nfp.fazenda.sp.gov.br | tcp |
| IL | 129.159.136.43:80 | moodle.bezalel.ac.il | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| GB | 172.217.16.238:80 | remotedesktop.google.com | tcp |
| GB | 23.214.154.77:443 | steamcommunity.com | tcp |
| US | 104.21.17.133:443 | app.fnartes.gob.ar | tcp |
| US | 172.67.223.7:80 | wsodownloads.co | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| GR | 84.205.246.139:80 | login.gsis.gr | tcp |
| US | 198.58.96.72:80 | cursosonline.mte-thomson.com.br | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.nintendo.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | servicos.coelba.com.br | udp |
| US | 8.8.8.8:53 | lbrands.taleo.net | udp |
| US | 8.8.8.8:53 | app.mymaths.co.uk | udp |
| US | 8.8.8.8:53 | buystation.ink | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | accounts.nintendo.com | udp |
| GB | 35.178.221.201:80 | flooks.com | tcp |
| US | 173.255.250.29:80 | ssh.itch.io | tcp |
| US | 200.62.7.115:80 | store.xcbcolombia.com | tcp |
| US | 52.86.6.113:80 | thebestofgifs.com | tcp |
| BR | 23.97.96.32:80 | mail.ticketpago.pdv.mobi | tcp |
| US | 192.124.249.6:80 | recoverygods.xyz | tcp |
| ES | 195.77.198.20:80 | www6.agenciatributaria.gob.es | tcp |
| GB | 23.48.165.155:80 | servicos.coelba.com.br | tcp |
| GB | 23.48.165.139:443 | secure.alpha.gr | tcp |
| AR | 170.239.168.94:80 | pia.uade.edu.ar | tcp |
| US | 75.2.115.196:80 | grandclick.com | tcp |
| GB | 23.214.154.77:80 | help.steampowered.com | tcp |
| PE | 209.45.49.23:443 | civ.uap.edu.pe | tcp |
| TH | 43.229.149.4:80 | ftp.deesms.com | tcp |
| US | 8.8.8.8:53 | accounts.nintendo.com | udp |
| US | 8.8.8.8:53 | lbrands.taleo.net | udp |
| US | 8.8.8.8:53 | diariofronteira.com.br | udp |
| US | 8.8.8.8:53 | escapefromtarkov.com | udp |
| US | 8.8.8.8:53 | joker123.net | udp |
| US | 8.8.8.8:53 | serviciosempresa.personal.com.ar | udp |
| US | 8.8.8.8:53 | mail.ticketpago.pdv.mobi | udp |
| US | 8.8.8.8:53 | mail.www6.agenciatributaria.gob.es | udp |
| US | 8.8.8.8:53 | wwwn.bradescoseguros.com.br | udp |
| US | 8.8.8.8:53 | ftp.ticketpago.pdv.mobi | udp |
| US | 8.8.8.8:53 | us04web.zoom.us | udp |
| US | 8.8.8.8:53 | ticketpago.pdv.mobi | udp |
| US | 8.8.8.8:53 | pixel.mxrouting.net | udp |
| US | 8.8.8.8:53 | ftp.flooks.com | udp |
| US | 8.8.8.8:53 | ssh.20220501.infonavit.org.mx | udp |
| US | 8.8.8.8:53 | thebestofgifs.com | udp |
| US | 8.8.8.8:53 | ssh.remotedesktop.google.com | udp |
| US | 8.8.8.8:53 | secure.alpha.gr | udp |
| US | 8.8.8.8:53 | inbound-smtp.us-east-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | mail.login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | flooks-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | buystation.ink | udp |
| US | 8.8.8.8:53 | secure.alpha.gr | udp |
| US | 8.8.8.8:53 | ssh.router.miwifi.com | udp |
| US | 8.8.8.8:53 | joker123.net | udp |
| US | 8.8.8.8:53 | servicos.coelba.com.br | udp |
| US | 8.8.8.8:53 | ssh.wsodownloads.co | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | ftp.secure.alpha.gr | udp |
| US | 8.8.8.8:53 | servicos.coelba.com.br | udp |
| US | 8.8.8.8:53 | diariofronteira.com.br | udp |
| US | 8.8.8.8:53 | ssh.ticketpago.pdv.mobi | udp |
| US | 8.8.8.8:53 | diariofronteira.com.br | udp |
| US | 8.8.8.8:53 | escapefromtarkov.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | mail.help.steampowered.com | udp |
| US | 8.8.8.8:53 | ssh.store.xcbcolombia.com | udp |
| US | 8.8.8.8:53 | pop.nfp.fazenda.sp.gov.br | udp |
| US | 8.8.8.8:53 | ftp.atendimentolivetim.tim.com.br | udp |
| US | 8.8.8.8:53 | quotev.com | udp |
| US | 8.8.8.8:53 | serviciosempresa.personal.com.ar | udp |
| US | 8.8.8.8:53 | diariofronteira.com.br | udp |
Files
memory/2156-1-0x0000000002460000-0x0000000002560000-memory.dmp
memory/2156-2-0x0000000000220000-0x000000000022B000-memory.dmp
memory/2156-3-0x0000000000400000-0x00000000022D1000-memory.dmp
memory/1360-4-0x0000000002590000-0x00000000025A6000-memory.dmp
memory/2156-5-0x0000000000400000-0x00000000022D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\B7BB.exe
| MD5 | 0904e849f8483792ef67991619ece915 |
| SHA1 | 58d04535efa58effb3c5ed53a2462aa96d676b79 |
| SHA256 | fca631b3198194fcc0c619b5690dbde2e9f38afb1b978bab8ea3f92b572ce1ef |
| SHA512 | 258fc59050aa455ad56167dd1bbe5e098eefc0f3e950c90d89bac2aa74abb5cfa1710d866c0e28e58dcb2f914736470a4dd9838dd6412b633aee87d71b867cf5 |
memory/2596-16-0x0000000000080000-0x0000000000081000-memory.dmp
memory/2596-19-0x0000000000DA0000-0x000000000164F000-memory.dmp
memory/2596-18-0x0000000000080000-0x0000000000081000-memory.dmp
memory/2596-21-0x0000000000080000-0x0000000000081000-memory.dmp
memory/2596-23-0x0000000077DB0000-0x0000000077DB1000-memory.dmp
memory/2596-22-0x0000000000DA0000-0x000000000164F000-memory.dmp
memory/2596-25-0x0000000000090000-0x0000000000091000-memory.dmp
\Users\Admin\AppData\Local\Temp\B7BB.exe
| MD5 | 516389c097f850ed94fa59d330a8a3d5 |
| SHA1 | ce9252902e3422c9eb1adad2c2243dfe47af9643 |
| SHA256 | 588c9a115a1a0a439c77d244be9b192202a86950764b529b9e1f5bf23ec45add |
| SHA512 | ad4794fde7c9fa41b77a16a5b0b8a1ffd50767bbb2085e5044ef7fa08eee3d05db6bcbc1a74409f9c5173547f90f393325d33a6aa453a775a898b7f1ae573b13 |
\Users\Admin\AppData\Local\Temp\B7BB.exe
| MD5 | 1a1ac723245d8976ae6e50ff1bdbe1d1 |
| SHA1 | 2fa0f48783855c6f7491acf4d09b5f1cbc32e469 |
| SHA256 | 443e9bf125a23550d3dd70282492b9f9710d1143172d49d372716992e2b0a471 |
| SHA512 | c574719d280fe28340838a051bab8f66e5d133dc44bbd008cabf5ebef646b33e71ba6b6de079d7687f428ab811e080cdcda922056aef642fc561ef87e317f975 |
C:\Users\Admin\AppData\Local\Temp\C0D0.dll
| MD5 | 7aecbe510817ee9636a5bcbff0ee5fdd |
| SHA1 | 6a3f27f7789ccf1b19c948774d84c865a9ac6825 |
| SHA256 | b4ee4aa0b664fe673986399de8105c600330339971bd8583177fa38dddd13aac |
| SHA512 | a681efb97745aed5f73d197730049ff80798d133245d8e8bcb0faf3532a9ef440d1687016c9f666c1f56479c7db003b0388e0a69bb2626f34c86046bc477edae |
C:\Users\Admin\AppData\Local\Temp\C68C.exe
| MD5 | 14aa601b5ddbeab4253fa3893dc3a059 |
| SHA1 | 6924d2ba25c8a153b79a0c77723c37e5c3adbaca |
| SHA256 | 8449ec5969a1628c6589bef831a45de067a26db1223cb44ffa57799e12fef1dd |
| SHA512 | dec08a56664deb921e65e60f012378a96612e0da1311bdc18f4d3ba15abf9810e97cfb0588ca27e3c334478cbc911043c3ee5c07fd1b8eb63150919cb6556a05 |
C:\Users\Admin\AppData\Local\Temp\C68C.exe
| MD5 | 0642278745fba16597e65937093b4610 |
| SHA1 | 9409ea6dd562c7b66b1fbd73ba5af5974b21b4af |
| SHA256 | 040ae9c155ffde932d4c62f1334f4afcc6cabeb991b3602f8cea7747c64c1755 |
| SHA512 | b8560457bf9cc89ba39203476cbbe1c2a7e31ede4af0ff022c8fab232ad7b739b73ff4f02b9084dea147336d6e11e46940a985fbf2141280f4cf0716692ddca5 |
memory/2440-37-0x00000000034D0000-0x0000000003688000-memory.dmp
memory/2640-40-0x0000000010000000-0x000000001020A000-memory.dmp
\Users\Admin\AppData\Local\Temp\B7BB.exe
| MD5 | c7b647893b52c1b36181304002961423 |
| SHA1 | e43d7d3c3223134e57144ef90382f1c78217f6f1 |
| SHA256 | 6a84875c462e57fb65f7f34085d63b5a1eab2727d8d054f3729ce9aa018d7adc |
| SHA512 | 23bfe8eca534a96449d6f7608ae400f32a91ed9a007810d3f7c3c52cdd2ed3a383dae034e1b072e3754cc35cc3e4e2af1c719adf08056a1da6d0ea96d7c1a0e3 |
memory/2640-38-0x0000000000200000-0x0000000000206000-memory.dmp
memory/2440-42-0x00000000034D0000-0x0000000003688000-memory.dmp
memory/2440-43-0x0000000003690000-0x0000000003847000-memory.dmp
\Users\Admin\AppData\Local\Temp\C68C.exe
| MD5 | 7e0b0057bfa166c42bbcad570322ee7c |
| SHA1 | b57065cebd9402b43e63d6e331905407343b1e0f |
| SHA256 | 7cfac6497e8500a539b1531226c3f9dca7234db9bbc70f28f92da50177c9e65e |
| SHA512 | d8d3fdf7b6809aae33a433f267d53903a1a30729ffab72d7c0f5495ab1345d3eb31751e071c550840f9bae46b32a19cd95749bd0dda5909595ff763fafe343db |
C:\Users\Admin\AppData\Local\Temp\C68C.exe
| MD5 | b36162057140c2b4b0f863fc05179286 |
| SHA1 | a8391f0aa1c57af300bf6f7aab321587bb18bf09 |
| SHA256 | 5193bc8abdf519b4a1a5d4e743d761388596a31382fa9918ca623d889b6232e9 |
| SHA512 | ea208f87a7b23f39ab9425840c9ac6def918cb5b13bf00218da43d69d2ec5a8053c80cb72b8c7a60ae2a0780fcb36eed3ce470f9443da03ff9ad0a63642dd955 |
memory/2908-46-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C68C.exe
| MD5 | 398ab69b1cdc624298fbc00526ea8aca |
| SHA1 | b2c76463ae08bb3a08accfcbf609ec4c2a9c0821 |
| SHA256 | ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be |
| SHA512 | 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739 |
memory/2908-48-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2908-51-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2908-52-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2908-53-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2908-54-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2908-55-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\D4DF.exe
| MD5 | e6dd149f484e5dd78f545b026f4a1691 |
| SHA1 | 3ea5d0fb2de5bfad3dc6dc1744708ccd31102df6 |
| SHA256 | 11243641663323721ba21494a394de70ae70d4ea23c23f2e2a397fcc3cfea1a7 |
| SHA512 | 0defb358d59221c56731745a25250dfea49ecbb411f11f31a92ec20fa2123646f4aaf9fd4999898c39e4674f616bc1bed7ef2368b61a29d595dc7b9340dd058b |
\Users\Admin\AppData\Local\Temp\C0D0.dll
| MD5 | 211f5951914e1168dc9a7f06bc547261 |
| SHA1 | 0b210c617a0c6090d20094a1c4c3a55624f38686 |
| SHA256 | a900f70ea8413d953b26e241a8a5510e5d51607fd19a45a13b06c64585251f2f |
| SHA512 | 08be2fabab2f3412f5655b993f031dcdf3419c284ad7b414ba66407e04789d5b671bcb4cea7f099e7c0287c17ca253f5b940ae7d47f3893b4d0082cd736409f5 |
memory/2908-65-0x0000000000270000-0x0000000000276000-memory.dmp
memory/2684-67-0x0000000000300000-0x000000000036B000-memory.dmp
memory/2684-68-0x0000000002E00000-0x0000000002F00000-memory.dmp
memory/2684-70-0x0000000000400000-0x0000000002D8C000-memory.dmp
memory/2684-69-0x0000000000400000-0x0000000002D8C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E3FD.exe
| MD5 | 428ec09f0ea1ed4bbc27a740039a534e |
| SHA1 | 83304bf64a5b79c627042f3bea0b3aa8ffc2a215 |
| SHA256 | c2d5e6fe0ee8809d18a6b820caa4323e18d11803b737e74f2aa6049c9a93a8fe |
| SHA512 | e4375df044ca4e78e7657b5bc771998e9462ea4aa43ae9423cabd597ae419797419220a0626cae4999a00fce6f9e349dbc5d0533dd98cff47f863a9efebc8fc2 |
memory/456-75-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2596-77-0x0000000000DA0000-0x000000000164F000-memory.dmp
memory/456-80-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E3FD.exe
| MD5 | 66c0d775ccd1092d2dda5d5f7b51864b |
| SHA1 | 2c65bdffa5933c409e223b9827e59df7ae116711 |
| SHA256 | 67a571c66f9e203cf3119cc41e7c5190bedc47adc341fd5cbbc99793ca16836b |
| SHA512 | 8c278ad0bfed7c454424fb94fef14a1955ac88f05c8f6aed22defdb1f84585535e932463c102b3653605eff601e5ab489f458a8a6e5101e09f4a1c9a6206c1d3 |
\Users\Admin\AppData\Local\Temp\is-99NQJ.tmp\E3FD.tmp
| MD5 | 14db4253fd181e84e26eebc8f4150402 |
| SHA1 | 79e77f75b5b8b1386c1bb76324790caaa908ca8d |
| SHA256 | 65cc67e5c73ef94bcaa28719f3452756967f3e7461199fb7715000db90da6e28 |
| SHA512 | 9939fe82c087fcb38573efbc2692def67877063851c9a67400aba84085f7db4c2d2dcd7685200747f5da9a93f47f6e4ac202dcf1202976a57bcdd8d5b7426f1e |
\Users\Admin\AppData\Local\Temp\is-6011U.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
\Users\Admin\AppData\Local\Temp\is-6011U.tmp\_isetup\_isdecmp.dll
| MD5 | a813d18268affd4763dde940246dc7e5 |
| SHA1 | c7366e1fd925c17cc6068001bd38eaef5b42852f |
| SHA256 | e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64 |
| SHA512 | b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4 |
\Users\Admin\AppData\Local\Temp\is-6011U.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
memory/2380-86-0x0000000000240000-0x0000000000241000-memory.dmp
\Users\Admin\AppData\Local\Mario CD-DVD Speed\cddvdspeed.exe
| MD5 | 28f3935b98b29fa6e38f44ea1daaed75 |
| SHA1 | 2813b52c3e1e736d3d5d714162ae839464c8ceeb |
| SHA256 | 17471952cddc510b8868a575569158e867cc14f0a15302c8124aaf59c449787b |
| SHA512 | abefa66f36c30197d8e0769913d15d0bcf42bec4e26c3ea0895354357984611e13b378d1c74cb44c9007a70999e18698344aff11e40304def55acc1c4cef96a3 |
memory/2380-131-0x0000000003120000-0x0000000003408000-memory.dmp
memory/2788-132-0x0000000000400000-0x00000000006E8000-memory.dmp
C:\Users\Admin\AppData\Local\Mario CD-DVD Speed\cddvdspeed.exe
| MD5 | e05f1f4e63a21361a5cdc7c2b87c594a |
| SHA1 | 7d9b632642543193b569594fb12b39657033a777 |
| SHA256 | 77d6a92a4d439a6d2f95e5c6d0d62f95588b1809113a7cb3f5dae099c0c1b9e0 |
| SHA512 | 049fd3739bbc2bc3634e82b763ee4fa7765a0bfde6e4d231bbea335aceccd504c66a16637abb59b38d5f99500eb594202fd0a5c40b2dd87e49de139661f81d9c |
C:\Users\Admin\AppData\Roaming\icvigau
| MD5 | 5cddaacf9782c030db128e3ebfd8f301 |
| SHA1 | 71bae291b66ecfad6ee79ab150c9b4bdc676f06c |
| SHA256 | 6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23 |
| SHA512 | bee3cbdeac5a317f58ebb2d621740f8b7e81e47db236327cb0e908bc49886e320e30a95191470953177740f702adfe704a626325ddd2a33f10c8ec3060059797 |
memory/2908-134-0x0000000002AB0000-0x0000000002BD9000-memory.dmp
memory/2788-135-0x0000000000400000-0x00000000006E8000-memory.dmp
memory/2908-137-0x0000000010000000-0x000000001020A000-memory.dmp
C:\Users\Admin\AppData\Local\Mario CD-DVD Speed\cddvdspeed.exe
| MD5 | 503f87d057e3bd844c5f727563fb4d4e |
| SHA1 | 8bb830b52010112d506859336a7303b61e5bf77b |
| SHA256 | 1ab3830a6de31d5ef053a82668e79edde0c1d2d4e0c8a3dc670029a2b97198d5 |
| SHA512 | 91ed11662f84fd262997d456101378b4c9a33d24027fd2b7457b623a41fa3e89557eec6f695e777dbdc6230508f78c556540c587443640faabcba3a642aa639a |
memory/2788-141-0x0000000000400000-0x00000000006E8000-memory.dmp
memory/2684-138-0x0000000000400000-0x0000000002D8C000-memory.dmp
C:\Users\Admin\AppData\Local\Mario CD-DVD Speed\cddvdspeed.exe
| MD5 | 77f24aabc4c058726eb79e2e7fb25d34 |
| SHA1 | 6d22b2430c1686422f943111653a6927512c81b6 |
| SHA256 | ec1db0f9668fec40d5b47073a3c02ac7b6fddce5df252e1410e4d73cc44741bf |
| SHA512 | 9201a579ead02a956966cd24d7bbd23e825e8cea10f28ba22d1b8e925979d93ece672dc69c382b2ec37a061850d2db5fd5f25cd0fad2c9297e789eab079da4f7 |
memory/3024-143-0x0000000000400000-0x00000000006E8000-memory.dmp
memory/2908-144-0x0000000002BE0000-0x0000000002CEE000-memory.dmp
memory/2908-145-0x0000000002BE0000-0x0000000002CEE000-memory.dmp
memory/2908-147-0x0000000002BE0000-0x0000000002CEE000-memory.dmp
memory/2640-148-0x00000000021D0000-0x00000000022F9000-memory.dmp
memory/2908-149-0x0000000002BE0000-0x0000000002CEE000-memory.dmp
memory/2640-154-0x0000000002300000-0x000000000240E000-memory.dmp
memory/2640-158-0x0000000002300000-0x000000000240E000-memory.dmp
memory/2908-162-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2380-164-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/456-163-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2640-160-0x0000000002300000-0x000000000240E000-memory.dmp
memory/3024-165-0x0000000000400000-0x00000000006E8000-memory.dmp
memory/2292-168-0x0000000000400000-0x00000000022D1000-memory.dmp
memory/3024-169-0x0000000000400000-0x00000000006E8000-memory.dmp
memory/2684-171-0x0000000000300000-0x000000000036B000-memory.dmp
memory/2292-172-0x0000000002420000-0x0000000002520000-memory.dmp
memory/2684-174-0x0000000002E00000-0x0000000002F00000-memory.dmp
memory/2908-175-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\42A1.exe
| MD5 | d5438d553a11792c3fdadcf594d38f5e |
| SHA1 | 3e8d12875e2aedc7fe792d2ff1acedef123b48c4 |
| SHA256 | 4fcfb681e2fb0a502858c5470b675538d343380a6c977bdfdf71ac7c1218e5d8 |
| SHA512 | cfad94fdad88f1144276dc2f59df865b27f3282b998af3956a233f082dced86445c83d0d8333000eecf1b22388e3d161136723a853fc2aedf9a2aa929d852568 |
C:\Users\Admin\AppData\Local\Temp\42A1.exe
| MD5 | db97755c3ac7e2a18aa83688668b021e |
| SHA1 | 1c017c1d22f3dfdbe8ac3fb69456ec159e421d9c |
| SHA256 | 9d4508745d026c75a2aa397f70371e4dddd14ddc3cbcb232dc19e26e95ad9db2 |
| SHA512 | 8092c19f827a6f9897d083ee5eb7f039fb94a3b1161047f5dc67b15c8d108a1ca04c3c638e1b6cd2d1ef2795a7fc14c963e215bf91781df18f36ad835ad6c631 |
memory/1360-181-0x0000000003D60000-0x0000000003D76000-memory.dmp
memory/2292-182-0x0000000000400000-0x00000000022D1000-memory.dmp
memory/1912-185-0x00000000739B0000-0x000000007409E000-memory.dmp
memory/1912-187-0x0000000000090000-0x0000000000946000-memory.dmp
memory/3024-189-0x0000000000400000-0x00000000006E8000-memory.dmp
memory/2380-190-0x0000000000240000-0x0000000000241000-memory.dmp
\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | d122f827c4fc73f9a06d7f6f2d08cd95 |
| SHA1 | cd1d1dc2c79c0ee394b72efc264cfd54d96e1ee5 |
| SHA256 | b7a6dcfdd64173ecbcef562fd74aee07f3639fa863bd5740c7e72ddc0592b4fc |
| SHA512 | 8755979d7383d6cb5e7d63798c9ca8b9c0faeec1fe81907fc75bbbb7be6754ab7b5a09a98492a27f90e3f26951b6891c43d8acd21414fb603cd86a4e10dac986 |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | a97b7709ded87e52ee06c4b8b181034c |
| SHA1 | b9d7b8477766d6316329c395eb38cc9fd914a00a |
| SHA256 | 9f470f144df5ad788b012450bdb5ae2007221434974ae64390081ec523e30169 |
| SHA512 | b8b9af25459da9e60935a0ffb807d8e3df291e7003f18f1b904817562c345c7652f249121d4ceed48c2d3d013a72393ed3637b74f91f602a6105ac60e55e53f0 |
\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | cc31a037b7ea6a678eb7aee3fb24d21b |
| SHA1 | 7ffb7b668874b6ea6c05a82d59a78104f8ad2d50 |
| SHA256 | 98a5e9a1e5e0ab06a485040bb2406ac3240a9848994fe33830318f8f8fb26bd3 |
| SHA512 | 3c49ff27370be3481da1bff827bab866c1b2e6c332e1080b783d9c187e7f2de910116fd04e9a0210868ef195e4856b89bc3c09c4b3924e6faaa19b33329cb9c1 |
memory/928-199-0x0000000002740000-0x0000000002B38000-memory.dmp
\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
| MD5 | 28b72e7425d6d224c060d3cf439c668c |
| SHA1 | a0a14c90e32e1ffd82558f044c351ad785e4dcd8 |
| SHA256 | 460ba492fbc3163b80bc40813d840e50feb84166db7a300392669afd21132d98 |
| SHA512 | 3e0696b4135f3702da054b80d98a8485fb7f3002c4148a327bc790b0d33c62d442c01890cc047af19a17a149c8c8eb84777c4ff313c95ec6af64a8bf0b2d54b6 |
\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | 0b5ed34f6d958857a8aed0c090358ff4 |
| SHA1 | 5954283ec26e51f322593e53b6b32e3f70d43ac3 |
| SHA256 | 4301f0bd33640a1b767e4d605bbbaf78567091e51019f132fb06558127f4acb3 |
| SHA512 | 2bec28c4eeba2f75b9a5280c457fb1220d13d829905b6f0bac8fcd64bee791557cc38e38610f5e9a3478ad0a76d9d9a3bd36f3496ad1e3785376df7140ef8c9c |
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | 147b6aa5bd0222e5d58af8984b073c56 |
| SHA1 | 399923e38ba252bffbe5c13b39bcbf41798e15f5 |
| SHA256 | 6a2447d974f6eeaaa5ad420a24faa13417df7ebd5c76d0b872a11183d29c5bd9 |
| SHA512 | c0002076c0eed73addcaee17d389293eee9b462d02187944ad7c5a5235b78265257efc958473d91bd5e63f3b0a8ed7ed166a550f311c348170914620da519d70 |
\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | 03cba695cb947c2a4bce01e454744abb |
| SHA1 | ad5f55ede43e7ee9eb7521b72d1e61f9b782adb6 |
| SHA256 | 35c52b1030b5f89daa39175ef6e31350ea2844eb263de25b53bf3803d0453892 |
| SHA512 | 619d83221ce3fad744c686ccb8764475d3cb9e7d7892e3f1c0a1e87eccdff5f796e3ab1bdb94ba8c00d2707bf60c66b2fd178c3030cf18b4b3a7f4da6b47bec4 |
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | 2894bac8eef6977463a9b6b2b4ebfb45 |
| SHA1 | 24e371157c3114cd29a54cd635ddb884046a3f6b |
| SHA256 | d880568ca69cbd902df113d63331abce86cc5f454ceadac09c5cee53942a5762 |
| SHA512 | 903c63b84eb3f5c8dabe8e95388779fb50408eb58f80c8fdbfaec363fdaaff921089d00c117636304eaa2602c76ed53667472c6a983e9fcfd19d1b8b103a92a6 |
memory/2380-216-0x0000000003120000-0x0000000003408000-memory.dmp
memory/928-217-0x0000000002740000-0x0000000002B38000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
| MD5 | 682fc35530a6dc6f2bdfad98ecd7eae2 |
| SHA1 | 10666b26129587b4a564fb59d367539f57c76ca3 |
| SHA256 | 83414b912a4ba1cbfea8b625890291ae866860408ed45da5923d1a67ea7c4101 |
| SHA512 | ea68038310a51b183dfee7acabd61cad8d93372f30321ec0ed9ccf53016c82b7133b90930fcff107f42582f7a65315f2cf5ba8078597cf275fb45c6881da25da |
memory/928-219-0x0000000002B40000-0x000000000342B000-memory.dmp
memory/928-220-0x0000000000400000-0x0000000000D1C000-memory.dmp
\Users\Admin\AppData\Local\Temp\BroomSetup.exe
| MD5 | c81e019872b9eeb2eb1af0a2c3bb02ce |
| SHA1 | 8b237d384b62f1787308fb3532ef4a354867eb9b |
| SHA256 | 5fc65f7985de4da2a5ce8cfe833c3e42fc63996f7f16f624e67c8788388fbc7c |
| SHA512 | 6b20dabaff6cf614d65cbb486047c1aad7d542b1afc5b53c91a0fe3610e50ed9e86f86ade51e7e22241bcea08f05e3d322002ed33862f57d8520c6344bd34b11 |
C:\Users\Admin\AppData\Local\Temp\66F3.exe
| MD5 | 0ca68f13f3db569984dbcc9c0be6144a |
| SHA1 | 8c53b9026e3c34bcf20f35af15fc6545cb337936 |
| SHA256 | 9cd86fa59ea2d10f9b9f3293c132f158fcb7dd993fdb706944f9fe9fa409504a |
| SHA512 | 4c3a3be5fda0f9060a08b95383b5260e4079dbcff73849d2fac88520ae625c33a73c5858b25b717fcccebf03c3ad9b19807de8bcfa7ea22be6648cc965072b7d |
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
| MD5 | 5e94f0f6265f9e8b2f706f1d46bbd39e |
| SHA1 | d0189cba430f5eea07efe1ab4f89adf5ae2453db |
| SHA256 | 50a46b3120da828502ef0caba15defbad004a3adb88e6eacf1f9604572e2d503 |
| SHA512 | 473dfa66a36feed9b29a43245074141478327ce22ba7cce512599379dcb783b4d665e2d65c5e9750b988c7ed8f6c3349a7a12d4b8b57c89840eee6ca6e1a30cd |
memory/1912-226-0x00000000739B0000-0x000000007409E000-memory.dmp
\Users\Admin\AppData\Local\Temp\nso6411.tmp\INetC.dll
| MD5 | 40d7eca32b2f4d29db98715dd45bfac5 |
| SHA1 | 124df3f617f562e46095776454e1c0c7bb791cc7 |
| SHA256 | 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9 |
| SHA512 | 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | be4e08adb67b58113b8ffe1893c6f321 |
| SHA1 | fd32e0a3ccf052472630ce59ea134b03aecb0f58 |
| SHA256 | dfade7a38e519c11f4b001bfab3f4c9eeb6f7f077a0533c35a2c2f6820695421 |
| SHA512 | 8bce21d8995e6f8d7a3e0632bfd891206c91be1d77c3db0eff61a15b07f7a58ebfb997b9a6bd9306b5722922136175e7b38d8382766ecc56fc77444c443d393b |
\Users\Admin\AppData\Local\Temp\nso760C.tmp
| MD5 | 9089c5ddf54262d275ab0ea6ceaebcba |
| SHA1 | 4796313ad8d780936e549ea509c1932deb41e02a |
| SHA256 | 96766ea71dc59a5b1734aba76c1ab1cbc8459a9ee023e9875359667dbf51ea4a |
| SHA512 | ec71801feccd0c900132425d6bc601bcae6e78702b708df80783a752d08c8bdc49f0b0c8e7c37b15a02b381369b8a3c1114d7385796316b834738045f7dc053c |
memory/3024-263-0x0000000000400000-0x00000000006E8000-memory.dmp
memory/1060-264-0x0000000002370000-0x0000000002470000-memory.dmp
memory/1060-265-0x0000000000220000-0x000000000022B000-memory.dmp
memory/1060-267-0x0000000000400000-0x00000000022D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | ca9734e19aeaf7163521b9295f4b4d76 |
| SHA1 | c2331675f632c7460e92e9985aa3a35080db214b |
| SHA256 | c7de130afb59fbf5873e40e3679c03aca104c47fa0f9f24fd8bb9d85ccf1a361 |
| SHA512 | 0b6b290a3ac0821e5ce88c98dd2b89aad5b66905fd8628dfb5a00d02b9dedeefed72b4aa605e2d470adf49ee80170dd60bf6af6d1e5484672b603928721408f5 |
memory/1060-286-0x0000000000400000-0x00000000022D1000-memory.dmp
memory/3024-296-0x0000000000400000-0x00000000006E8000-memory.dmp
memory/2584-297-0x0000000000250000-0x0000000000350000-memory.dmp
memory/2584-299-0x00000000003C0000-0x00000000003E7000-memory.dmp
memory/2584-301-0x0000000000400000-0x00000000022D9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | c7fe878e6fc3be20c84b5e85b97efe17 |
| SHA1 | 51ebfabdef927465e68c5843ae4f2a930b82a24b |
| SHA256 | a4a662c0c92c27d74fc00f6f5e24b1b4116da7d582607161f0570cdfcc0a6040 |
| SHA512 | 24f2fd40425ce1a1585157255b0dbb856635fa2fb08f00419693ebf8e0c774d47890aad7b69adee08b315607b0bc68375421737f4785b577110894028a013289 |
C:\Users\Admin\AppData\Local\Temp\9860.exe
| MD5 | e2a0aa9443dfae2ccdf679f768afea10 |
| SHA1 | 9f0f137f9d1c5f01ef8581561bd824f06c525bef |
| SHA256 | 40f50514f3006b6e11f878b48285f5e1544c79a363a1a974ca9f73ead3d79e6b |
| SHA512 | e62ed9854cd3d5c0fb434e5a4d79dc6e774109e323776549b96b38f8c51591c0a43dc8872ac17aeab08b66cd220a8fbfad5b0ce2d52678b7e1c3956d9b0ac65b |
C:\Users\Admin\AppData\Local\Temp\9860.exe
| MD5 | 83bc564a1f87d0e3bf339172152761f3 |
| SHA1 | 490a365cafefbe57966ccd604c5d061c57721b31 |
| SHA256 | 4bbad5daa194c085913bfe28af016f6c21ee0a3137ca956d8fadbe3db0d15b24 |
| SHA512 | 68b1c37aa3a337b01cbd98d0296fbc9adbf9cb960514e715981771cf6d270cd9ddcf3319052400638b5d75442fae279a9a2702226600506f450e9278ff28d6c1 |
memory/1252-376-0x00000000011F0000-0x0000000001C9D000-memory.dmp
memory/1252-397-0x0000000077DB0000-0x0000000077DB1000-memory.dmp
memory/1252-398-0x0000000000150000-0x0000000000151000-memory.dmp
memory/1252-400-0x0000000000160000-0x0000000000161000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\Users\Admin\AppData\Local\Temp\9860.exe
| MD5 | abdb0fc1589c9e4b85abd90c4aeaadd8 |
| SHA1 | c34042fc0a4ca9a0c85c2d97b3b38adcf3dcb1fb |
| SHA256 | 6354a8d08b1cfd002a89ee919f9561adae52d886aeb506d6ade6600b492b01d4 |
| SHA512 | 3d8351d6ba9945301c189dab8bda2218fd60db25a28a5bdf6e519b28b64d51bd9fbc83504e9da5d59b26deb34ea7c91b88a23e5fe93f8a8e076ed17b240162c8 |
\Users\Admin\AppData\Local\Temp\9860.exe
| MD5 | edfc2d5dd23f6b6a79a3cf0fa465841b |
| SHA1 | 4d49eafa2ec01caf5366b368ba08745fa0fdcb0e |
| SHA256 | 977171fcfa92c0cbca821a0a812b7e76cc3a1b8ef21ed1bdfdf93dda563abd32 |
| SHA512 | 34fd9b817e476e801d31a3eaac7fae99f267fadebc31d9d2d3435d7fc4998e4d1cc2bbe0e049e5cc0cf3e0597d6afc91286d970b95c5aa7ed537a0fc281dba0a |
\Users\Admin\AppData\Local\Temp\9860.exe
| MD5 | e2e72850cd8cb2e9e1d25276b097b4b1 |
| SHA1 | dfcc53d6f6dce8a7239d2e60c8314cfb2447f447 |
| SHA256 | c5526ce4c6edb5a574750fe7b446e92dd591cb1226f168e2b128c84b82b47484 |
| SHA512 | 5681d2c73d083dcb7105db3e1e623013a4cf85e696105b916dcd51f6580710c9e91bc800357dcd2ccf32edb655230c1276a33576032b6e5c96a52e7be4071cc0 |
memory/928-417-0x0000000000400000-0x0000000000D1C000-memory.dmp
\Users\Admin\AppData\Local\Temp\9860.exe
| MD5 | 0df5a7dfe70377a12ff756cc94d58f74 |
| SHA1 | b3a7875a676bdff82c90df9c0387083b981d817b |
| SHA256 | 2ef4171ff38cbc98e2a6641d949d88704fddb1a05402ff262fc64f91e9654e39 |
| SHA512 | f2dafef94ad9ed81e0e8078512b4ab961546baf32d4c95b19a6e25715392cf03c5ebf4926a75fcdd0a220d1e8ede888ed6eeda355c5afdc35f0db3103fdae523 |
\ProgramData\nss3.dll
| MD5 | 92e5f6a64266ce3a926f1bcd6b9fcd2d |
| SHA1 | a561d0e62c251b6d0cbf0d36f71a66e5b589f89c |
| SHA256 | 6f66acfd55991de446ce7cdb0922c38fdf3e78456009c29030dc8308a9ce531b |
| SHA512 | 88fb1027709b7c90a6b28bd1b7e5447264fb8afedd6da33cb25ed40bbd2c935297378ed0c536537e65083d3af6ab27b66597ed6f51c002f0a9b32a480ea078c6 |
\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/3040-445-0x0000000002680000-0x0000000002A78000-memory.dmp
memory/3040-446-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/608-646-0x000000001B160000-0x000000001B442000-memory.dmp
memory/608-677-0x0000000001DB0000-0x0000000001DB8000-memory.dmp
memory/2584-1477-0x0000000000400000-0x00000000022D9000-memory.dmp
memory/608-2350-0x000000000269B000-0x0000000002702000-memory.dmp
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
| MD5 | be6df3d38e61bcc99c41c4f80aa3ef48 |
| SHA1 | 02de2f7ef9d2f9e83b19f37b67fd0bdd1825832f |
| SHA256 | ab3ab0bac897a52314b6239cdf59973c80ccd15d54750ceb5a6b8a0212483b76 |
| SHA512 | 796fbf4c2bdce2ba8f16f7206d4c9fbbf59832fb93d98b99e476bb587db95348b6f77b368cf29bc6c763c245fbce7866bb711e0f7304a0dfed3ebfb4ce702494 |
\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
| MD5 | 2fe9860d62aeebd600e504a6b6c7a9d2 |
| SHA1 | edaa583ccc78d914c79389e69d24ce7264a813ef |
| SHA256 | 1a75104e58525eed39afac6c3de839e436f7e5212390c4b50c8d308c4d0090c7 |
| SHA512 | 5429b0f28ed8745eae7d6f2c517ec6c7fc53a48c04c420fb7fb46363d1a98cb239125cf356a8167f23c55a66bd4f3b2872e6e7d10274531179d91544e7cbef57 |
\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
| MD5 | 93df53829d7ff15b36cca0997bdf9523 |
| SHA1 | 85961b7b321c9492e276ada800debaa55c9c1d59 |
| SHA256 | 107f6e6bf02253e4453b28539faa31bbcdd8c7048373fd3678aeec3e4faf2e5c |
| SHA512 | 37edf278c32461498cf9fb723806553f8f99f00eda1e8fd3b314733759f249cc9db11db400b0a2e8985b1bdbb31749f80e4608f03c783e95fe5a144437337f16 |
memory/3060-4154-0x000007FEF54C0000-0x000007FEF5E5D000-memory.dmp
memory/608-4174-0x000007FEF54C0000-0x000007FEF5E5D000-memory.dmp
memory/608-4226-0x0000000002694000-0x0000000002697000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-27 04:49
Reported
2024-02-27 04:54
Platform
win10-20240221-en
Max time kernel
214s
Max time network
300s
Command Line
Signatures
DcRat
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
Pitou
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Creates new service(s)
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\D9B8.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-PUJTF.tmp\E737.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-PUJTF.tmp\E737.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-PUJTF.tmp\E737.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsj434F.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsj434F.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\D9B8.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\DDA1.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\Users\Admin\AppData\Local\Temp\FourthX.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2080 set thread context of 4268 | N/A | C:\Users\Admin\AppData\Local\Temp\D9B8.exe | C:\Users\Admin\AppData\Local\Temp\D9B8.exe |
| PID 3324 set thread context of 3184 | N/A | C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe | C:\Windows\system32\conhost.exe |
| PID 3324 set thread context of 780 | N/A | C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe | C:\Windows\explorer.exe |
Checks for VirtualBox DLLs, possible anti-VM trick
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\39CE.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\39CE.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\39CE.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\nsj434F.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\nsj434F.tmp | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2431 = "Cuba Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1862 = "Russia TZ 6 Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-202 = "US Mountain Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-449 = "Azerbaijan Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-192 = "Mountain Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-831 = "SA Eastern Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-214 = "Pacific Daylight Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\System\CurrentControlSet | C:\Windows\system32\netsh.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-272 = "Greenwich Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-721 = "Central Pacific Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-672 = "AUS Eastern Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2002 = "Cabo Verde Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Control\NetTrace\Session | C:\Windows\system32\netsh.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2041 = "Eastern Daylight Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-792 = "SA Western Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-671 = "AUS Eastern Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-434 = "Georgian Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1471 = "Magadan Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-334 = "Jordan Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-982 = "Kamchatka Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1722 = "Libya Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-501 = "Nepal Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-131 = "US Eastern Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-361 = "GTB Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-231 = "Hawaiian Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-215 = "Pacific Standard Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-662 = "Cen. Australia Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-331 = "E. Europe Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-491 = "India Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-365 = "Middle East Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-571 = "China Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-332 = "E. Europe Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-531 = "Sri Lanka Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2772 = "Omsk Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-211 = "Pacific Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-342 = "Egypt Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-771 = "Montevideo Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-632 = "Tokyo Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\39CE.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: 34 | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: 35 | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: 36 | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-PUJTF.tmp\E737.tmp | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe
"C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe"
C:\Users\Admin\AppData\Local\Temp\C9D8.exe
C:\Users\Admin\AppData\Local\Temp\C9D8.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\CF09.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\CF09.dll
C:\Users\Admin\AppData\Local\Temp\D9B8.exe
C:\Users\Admin\AppData\Local\Temp\D9B8.exe
C:\Users\Admin\AppData\Local\Temp\D9B8.exe
C:\Users\Admin\AppData\Local\Temp\D9B8.exe
C:\Users\Admin\AppData\Local\Temp\DDA1.exe
C:\Users\Admin\AppData\Local\Temp\DDA1.exe
C:\Users\Admin\AppData\Local\Temp\E737.exe
C:\Users\Admin\AppData\Local\Temp\E737.exe
C:\Users\Admin\AppData\Local\Temp\is-PUJTF.tmp\E737.tmp
"C:\Users\Admin\AppData\Local\Temp\is-PUJTF.tmp\E737.tmp" /SL5="$15003A,2349102,54272,C:\Users\Admin\AppData\Local\Temp\E737.exe"
C:\Users\Admin\AppData\Roaming\wsiwgaa
C:\Users\Admin\AppData\Roaming\wsiwgaa
C:\Users\Admin\AppData\Local\Temp\28B6.exe
C:\Users\Admin\AppData\Local\Temp\28B6.exe
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe"
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
"C:\Users\Admin\AppData\Local\Temp\FourthX.exe"
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\39CE.exe
C:\Users\Admin\AppData\Local\Temp\39CE.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Users\Admin\AppData\Local\Temp\nsj434F.tmp
C:\Users\Admin\AppData\Local\Temp\nsj434F.tmp
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Users\Admin\AppData\Local\Temp\7532.exe
C:\Users\Admin\AppData\Local\Temp\7532.exe
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "UTIXDCVF"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "UTIXDCVF" binpath= "C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe" start= "auto"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "UTIXDCVF"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\System32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| US | 8.8.8.8:53 | 120.85.215.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | resergvearyinitiani.shop | udp |
| US | 172.67.217.100:443 | resergvearyinitiani.shop | tcp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | 100.217.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | 118.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 191.202.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.10.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | joly.bestsup.su | udp |
| US | 172.67.171.112:80 | joly.bestsup.su | tcp |
| US | 8.8.8.8:53 | 112.171.67.172.in-addr.arpa | udp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | 19.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| MX | 187.134.82.150:80 | trmpc.com | tcp |
| US | 8.8.8.8:53 | 150.82.134.187.in-addr.arpa | udp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| US | 8.8.8.8:53 | 90.128.172.185.in-addr.arpa | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 8.8.8.8:53 | 127.128.172.185.in-addr.arpa | udp |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| US | 8.8.8.8:53 | 145.128.172.185.in-addr.arpa | udp |
| US | 172.67.217.100:443 | resergvearyinitiani.shop | tcp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| US | 8.8.8.8:53 | 33.64.42.5.in-addr.arpa | udp |
| CA | 198.245.61.196:443 | tcp | |
| US | 198.98.52.143:9001 | tcp | |
| DE | 87.118.96.154:9001 | tcp | |
| GB | 185.65.205.10:443 | tcp | |
| US | 8.8.8.8:53 | xmr-eu2.nanopool.org | udp |
| DE | 51.195.43.17:14433 | xmr-eu2.nanopool.org | tcp |
| US | 8.8.8.8:53 | 10.205.65.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.68.143:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | 17.43.195.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.68.20.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:50281 | tcp | |
| US | 8.8.8.8:53 | 106.246.116.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kamsmad.com | udp |
| MK | 95.86.30.3:80 | kamsmad.com | tcp |
| MK | 95.86.30.3:80 | kamsmad.com | tcp |
| MK | 95.86.30.3:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | 3.30.86.95.in-addr.arpa | udp |
| MK | 95.86.30.3:80 | kamsmad.com | tcp |
| MK | 95.86.30.3:80 | kamsmad.com | tcp |
| MK | 95.86.30.3:80 | kamsmad.com | tcp |
| MK | 95.86.30.3:80 | kamsmad.com | tcp |
| MK | 95.86.30.3:80 | kamsmad.com | tcp |
| MK | 95.86.30.3:80 | kamsmad.com | tcp |
| MK | 95.86.30.3:80 | kamsmad.com | tcp |
| DK | 130.225.244.90:443 | tcp | |
| US | 204.13.164.118:443 | tcp | |
| US | 8.8.8.8:53 | 90.244.225.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.164.13.204.in-addr.arpa | udp |
| DE | 144.91.90.86:443 | tcp | |
| DE | 45.141.57.69:9001 | tcp | |
| US | 8.8.8.8:53 | 69.57.141.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.90.91.144.in-addr.arpa | udp |
| DE | 45.141.57.69:9001 | tcp | |
| DE | 144.91.90.86:443 | tcp | |
| N/A | 127.0.0.1:53819 | tcp | |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | sjudezj.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | sjudezj.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | sjudezj.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | sbcglebbl.zej | udp |
| US | 8.8.8.8:53 | sbcglebbl.zej | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | sjudezj.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | sbcglebbl.zej | udp |
| US | 8.8.8.8:53 | sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | ybhee.es | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.es | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | sbcglebbl.zej | udp |
| US | 8.8.8.8:53 | sjudezj.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | ftp.sjudezj.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | rdjelecemcb.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ftp.hejmbol.cem | udp |
| US | 8.8.8.8:53 | rdjelecemcb.cem | udp |
| US | 8.8.8.8:53 | ybhee.es | udp |
| US | 8.8.8.8:53 | ftp.sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | sjudezj.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| N/A | 127.0.0.1:53819 | tcp | |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.es | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | mail.hejmbol.cem | udp |
| US | 8.8.8.8:53 | ftp.sjudezj.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | sjudezj.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | sbcglebbl.zej | udp |
| US | 8.8.8.8:53 | ybhee.es | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | rdjelecemcb.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | sbcglebbl.zej | udp |
| US | 8.8.8.8:53 | ftp.hejmbol.cem | udp |
| US | 8.8.8.8:53 | sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | ftp.sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| N/A | 127.0.0.1:53819 | tcp | |
| N/A | 127.0.0.1:53819 | tcp | |
| N/A | 127.0.0.1:53819 | tcp | |
| N/A | 127.0.0.1:51418 | tcp | |
| N/A | 127.0.0.1:51423 | tcp | |
| N/A | 127.0.0.1:51429 | tcp | |
| N/A | 127.0.0.1:51434 | tcp | |
| N/A | 127.0.0.1:51438 | tcp | |
| N/A | 127.0.0.1:51442 | tcp | |
| N/A | 127.0.0.1:51447 | tcp | |
| N/A | 127.0.0.1:51451 | tcp | |
| N/A | 127.0.0.1:51454 | tcp | |
| N/A | 127.0.0.1:51461 | tcp | |
| N/A | 127.0.0.1:51467 | tcp | |
| N/A | 127.0.0.1:51471 | tcp | |
| N/A | 127.0.0.1:51475 | tcp | |
| N/A | 127.0.0.1:51481 | tcp | |
| N/A | 127.0.0.1:51485 | tcp | |
| N/A | 127.0.0.1:51489 | tcp | |
| N/A | 127.0.0.1:51492 | tcp | |
| N/A | 127.0.0.1:51495 | tcp | |
| N/A | 127.0.0.1:51499 | tcp | |
| N/A | 127.0.0.1:51503 | tcp | |
| N/A | 127.0.0.1:51508 | tcp | |
| N/A | 127.0.0.1:51510 | tcp | |
| N/A | 127.0.0.1:51514 | tcp | |
| N/A | 127.0.0.1:51518 | tcp | |
| N/A | 127.0.0.1:51520 | tcp | |
| N/A | 127.0.0.1:51524 | tcp | |
| N/A | 127.0.0.1:51528 | tcp | |
| N/A | 127.0.0.1:51532 | tcp | |
| N/A | 127.0.0.1:51536 | tcp | |
| N/A | 127.0.0.1:51540 | tcp | |
| N/A | 127.0.0.1:51544 | tcp | |
| N/A | 127.0.0.1:51548 | tcp | |
| N/A | 127.0.0.1:51555 | tcp | |
| N/A | 127.0.0.1:51559 | tcp | |
| N/A | 127.0.0.1:51562 | tcp | |
| N/A | 127.0.0.1:51567 | tcp | |
| N/A | 127.0.0.1:51573 | tcp | |
| N/A | 127.0.0.1:51575 | tcp | |
| N/A | 127.0.0.1:51589 | tcp | |
| N/A | 127.0.0.1:51594 | tcp | |
| N/A | 127.0.0.1:51597 | tcp | |
| N/A | 127.0.0.1:51600 | tcp | |
| N/A | 127.0.0.1:51603 | tcp | |
| N/A | 127.0.0.1:51606 | tcp | |
| N/A | 127.0.0.1:51609 | tcp | |
| N/A | 127.0.0.1:51613 | tcp | |
| N/A | 127.0.0.1:51621 | tcp | |
| N/A | 127.0.0.1:51624 | tcp | |
| N/A | 127.0.0.1:51627 | tcp | |
| N/A | 127.0.0.1:51630 | tcp | |
| N/A | 127.0.0.1:51633 | tcp | |
| N/A | 127.0.0.1:51635 | tcp | |
| N/A | 127.0.0.1:51640 | tcp | |
| N/A | 127.0.0.1:51642 | tcp | |
| N/A | 127.0.0.1:51646 | tcp | |
| N/A | 127.0.0.1:51649 | tcp | |
| N/A | 127.0.0.1:51652 | tcp | |
| N/A | 127.0.0.1:51655 | tcp | |
| N/A | 127.0.0.1:51659 | tcp | |
| N/A | 127.0.0.1:51662 | tcp | |
| N/A | 127.0.0.1:51664 | tcp | |
| N/A | 127.0.0.1:51666 | tcp | |
| N/A | 127.0.0.1:51674 | tcp | |
| N/A | 127.0.0.1:51681 | tcp | |
| N/A | 127.0.0.1:51684 | tcp | |
| N/A | 127.0.0.1:51689 | tcp | |
| N/A | 127.0.0.1:51693 | tcp | |
| US | 8.8.8.8:53 | mail.hejmbol.cem | udp |
| N/A | 127.0.0.1:51697 | tcp | |
| N/A | 127.0.0.1:51709 | tcp | |
| N/A | 127.0.0.1:51712 | tcp | |
| N/A | 127.0.0.1:51715 | tcp | |
| N/A | 127.0.0.1:51718 | tcp | |
| N/A | 127.0.0.1:51720 | tcp | |
| N/A | 127.0.0.1:51723 | tcp | |
| N/A | 127.0.0.1:51729 | tcp | |
| N/A | 127.0.0.1:51733 | tcp | |
| N/A | 127.0.0.1:51737 | tcp | |
| N/A | 127.0.0.1:51743 | tcp | |
| N/A | 127.0.0.1:51747 | tcp | |
| N/A | 127.0.0.1:51748 | tcp | |
| N/A | 127.0.0.1:51753 | tcp | |
| N/A | 127.0.0.1:51756 | tcp | |
| N/A | 127.0.0.1:51761 | tcp | |
| N/A | 127.0.0.1:51764 | tcp | |
| N/A | 127.0.0.1:51770 | tcp | |
| N/A | 127.0.0.1:51773 | tcp | |
| N/A | 127.0.0.1:51776 | tcp | |
| N/A | 127.0.0.1:51778 | tcp | |
| N/A | 127.0.0.1:51780 | tcp | |
| N/A | 127.0.0.1:51787 | tcp | |
| N/A | 127.0.0.1:51797 | tcp | |
| N/A | 127.0.0.1:51800 | tcp | |
| N/A | 127.0.0.1:51805 | tcp | |
| N/A | 127.0.0.1:51809 | tcp | |
| N/A | 127.0.0.1:51811 | tcp | |
| N/A | 127.0.0.1:51819 | tcp | |
| N/A | 127.0.0.1:51825 | tcp | |
| N/A | 127.0.0.1:51829 | tcp | |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | rdjelecemcb.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| N/A | 127.0.0.1:51832 | tcp | |
| N/A | 127.0.0.1:51837 | tcp | |
| N/A | 127.0.0.1:51843 | tcp | |
| N/A | 127.0.0.1:51847 | tcp | |
| N/A | 127.0.0.1:51849 | tcp | |
| N/A | 127.0.0.1:51851 | tcp | |
| N/A | 127.0.0.1:51853 | tcp | |
| N/A | 127.0.0.1:51855 | tcp | |
| N/A | 127.0.0.1:51857 | tcp | |
| N/A | 127.0.0.1:51867 | tcp | |
| N/A | 127.0.0.1:51870 | tcp | |
| N/A | 127.0.0.1:51872 | tcp | |
| N/A | 127.0.0.1:51877 | tcp | |
| N/A | 127.0.0.1:51879 | tcp | |
| N/A | 127.0.0.1:51881 | tcp | |
| N/A | 127.0.0.1:51883 | tcp | |
| N/A | 127.0.0.1:51886 | tcp | |
| N/A | 127.0.0.1:51889 | tcp | |
| N/A | 127.0.0.1:51891 | tcp | |
| N/A | 127.0.0.1:51895 | tcp | |
| N/A | 127.0.0.1:51897 | tcp | |
| N/A | 127.0.0.1:51901 | tcp | |
| N/A | 127.0.0.1:51910 | tcp | |
| N/A | 127.0.0.1:51915 | tcp | |
| N/A | 127.0.0.1:51926 | tcp | |
| N/A | 127.0.0.1:51929 | tcp | |
| N/A | 127.0.0.1:51931 | tcp | |
| N/A | 127.0.0.1:51933 | tcp | |
| N/A | 127.0.0.1:51935 | tcp | |
| N/A | 127.0.0.1:51937 | tcp | |
| N/A | 127.0.0.1:51956 | tcp | |
| N/A | 127.0.0.1:51961 | tcp | |
| N/A | 127.0.0.1:51965 | tcp | |
| N/A | 127.0.0.1:51969 | tcp | |
| N/A | 127.0.0.1:51972 | tcp | |
| N/A | 127.0.0.1:51974 | tcp | |
| N/A | 127.0.0.1:51976 | tcp | |
| N/A | 127.0.0.1:51979 | tcp | |
| N/A | 127.0.0.1:51981 | tcp | |
| N/A | 127.0.0.1:51985 | tcp | |
| N/A | 127.0.0.1:51987 | tcp | |
| N/A | 127.0.0.1:51989 | tcp | |
| N/A | 127.0.0.1:51992 | tcp | |
| N/A | 127.0.0.1:52004 | tcp | |
| N/A | 127.0.0.1:52014 | tcp | |
| N/A | 127.0.0.1:52016 | tcp | |
| N/A | 127.0.0.1:52018 | tcp | |
| N/A | 127.0.0.1:52020 | tcp | |
| N/A | 127.0.0.1:52024 | tcp | |
| N/A | 127.0.0.1:52026 | tcp | |
| N/A | 127.0.0.1:52028 | tcp | |
| N/A | 127.0.0.1:52032 | tcp | |
| N/A | 127.0.0.1:52034 | tcp | |
| N/A | 127.0.0.1:52037 | tcp | |
| N/A | 127.0.0.1:52041 | tcp | |
| N/A | 127.0.0.1:52046 | tcp | |
| N/A | 127.0.0.1:52053 | tcp | |
| N/A | 127.0.0.1:52056 | tcp | |
| N/A | 127.0.0.1:52059 | tcp | |
| N/A | 127.0.0.1:52061 | tcp | |
| N/A | 127.0.0.1:52068 | tcp | |
| N/A | 127.0.0.1:52071 | tcp | |
| N/A | 127.0.0.1:52076 | tcp | |
| N/A | 127.0.0.1:52078 | tcp | |
| N/A | 127.0.0.1:52080 | tcp | |
| N/A | 127.0.0.1:52082 | tcp | |
| N/A | 127.0.0.1:52084 | tcp | |
| N/A | 127.0.0.1:52086 | tcp | |
| N/A | 127.0.0.1:52088 | tcp | |
| N/A | 127.0.0.1:52092 | tcp | |
| N/A | 127.0.0.1:52095 | tcp | |
| N/A | 127.0.0.1:52102 | tcp | |
| N/A | 127.0.0.1:52104 | tcp | |
| N/A | 127.0.0.1:52112 | tcp | |
| N/A | 127.0.0.1:52132 | tcp | |
| N/A | 127.0.0.1:52137 | tcp | |
| N/A | 127.0.0.1:52143 | tcp | |
| N/A | 127.0.0.1:52146 | tcp | |
| N/A | 127.0.0.1:52150 | tcp | |
| N/A | 127.0.0.1:52153 | tcp | |
| N/A | 127.0.0.1:52156 | tcp | |
| N/A | 127.0.0.1:52167 | tcp | |
| N/A | 127.0.0.1:52171 | tcp | |
| N/A | 127.0.0.1:52188 | tcp | |
| N/A | 127.0.0.1:52190 | tcp | |
| N/A | 127.0.0.1:52192 | tcp | |
| N/A | 127.0.0.1:52194 | tcp | |
| N/A | 127.0.0.1:52197 | tcp | |
| N/A | 127.0.0.1:52200 | tcp | |
| N/A | 127.0.0.1:52202 | tcp | |
| N/A | 127.0.0.1:52204 | tcp | |
| N/A | 127.0.0.1:52206 | tcp | |
| N/A | 127.0.0.1:52208 | tcp | |
| N/A | 127.0.0.1:52209 | tcp | |
| N/A | 127.0.0.1:52212 | tcp | |
| N/A | 127.0.0.1:52214 | tcp | |
| N/A | 127.0.0.1:52216 | tcp | |
| N/A | 127.0.0.1:52218 | tcp | |
| N/A | 127.0.0.1:52221 | tcp | |
| N/A | 127.0.0.1:52223 | tcp | |
| N/A | 127.0.0.1:52225 | tcp | |
| N/A | 127.0.0.1:52227 | tcp | |
| N/A | 127.0.0.1:52229 | tcp | |
| N/A | 127.0.0.1:52234 | tcp | |
| US | 8.8.8.8:53 | mail.sjudezj.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | sbcglebbl.zej | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| N/A | 127.0.0.1:52238 | tcp | |
| N/A | 127.0.0.1:52244 | tcp | |
| N/A | 127.0.0.1:52247 | tcp | |
| N/A | 127.0.0.1:52249 | tcp | |
| N/A | 127.0.0.1:52255 | tcp | |
| N/A | 127.0.0.1:53819 | tcp | |
| N/A | 127.0.0.1:52261 | tcp | |
| N/A | 127.0.0.1:52264 | tcp | |
| N/A | 127.0.0.1:52266 | tcp | |
| N/A | 127.0.0.1:52268 | tcp | |
| N/A | 127.0.0.1:52270 | tcp | |
| N/A | 127.0.0.1:52273 | tcp | |
| N/A | 127.0.0.1:52275 | tcp | |
| N/A | 127.0.0.1:52277 | tcp | |
| N/A | 127.0.0.1:52279 | tcp | |
| N/A | 127.0.0.1:52281 | tcp | |
| N/A | 127.0.0.1:52309 | tcp | |
| N/A | 127.0.0.1:52324 | tcp | |
| N/A | 127.0.0.1:52329 | tcp | |
| N/A | 127.0.0.1:52334 | tcp | |
| N/A | 127.0.0.1:52336 | tcp | |
| N/A | 127.0.0.1:52343 | tcp | |
| N/A | 127.0.0.1:52346 | tcp | |
| N/A | 127.0.0.1:52350 | tcp | |
| N/A | 127.0.0.1:52356 | tcp | |
| N/A | 127.0.0.1:52359 | tcp | |
| N/A | 127.0.0.1:52368 | tcp | |
| N/A | 127.0.0.1:52373 | tcp | |
| N/A | 127.0.0.1:52375 | tcp | |
| N/A | 127.0.0.1:52377 | tcp | |
| N/A | 127.0.0.1:52379 | tcp | |
| N/A | 127.0.0.1:52381 | tcp | |
| N/A | 127.0.0.1:52383 | tcp | |
| N/A | 127.0.0.1:52385 | tcp | |
| N/A | 127.0.0.1:52387 | tcp | |
| N/A | 127.0.0.1:52389 | tcp | |
| N/A | 127.0.0.1:52391 | tcp | |
| N/A | 127.0.0.1:52392 | tcp | |
| N/A | 127.0.0.1:52395 | tcp | |
| N/A | 127.0.0.1:52398 | tcp | |
| N/A | 127.0.0.1:52400 | tcp | |
| N/A | 127.0.0.1:52402 | tcp | |
| N/A | 127.0.0.1:52404 | tcp | |
| N/A | 127.0.0.1:52406 | tcp | |
| N/A | 127.0.0.1:52408 | tcp | |
| N/A | 127.0.0.1:52410 | tcp | |
| N/A | 127.0.0.1:52412 | tcp | |
| N/A | 127.0.0.1:52432 | tcp | |
| N/A | 127.0.0.1:52435 | tcp | |
| N/A | 127.0.0.1:52440 | tcp | |
| N/A | 127.0.0.1:52442 | tcp | |
| N/A | 127.0.0.1:52447 | tcp | |
| N/A | 127.0.0.1:52449 | tcp | |
| N/A | 127.0.0.1:52457 | tcp | |
| N/A | 127.0.0.1:52460 | tcp | |
| N/A | 127.0.0.1:52465 | tcp | |
| N/A | 127.0.0.1:52469 | tcp | |
| N/A | 127.0.0.1:52484 | tcp | |
| N/A | 127.0.0.1:52489 | tcp | |
| N/A | 127.0.0.1:52497 | tcp | |
| N/A | 127.0.0.1:52499 | tcp | |
| N/A | 127.0.0.1:52501 | tcp | |
| N/A | 127.0.0.1:52503 | tcp | |
| N/A | 127.0.0.1:52505 | tcp | |
| N/A | 127.0.0.1:52507 | tcp | |
| N/A | 127.0.0.1:52509 | tcp | |
| US | 8.8.8.8:53 | ybhee.es | udp |
| US | 8.8.8.8:53 | sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | ftp.sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | ftp.ybhee.cem | udp |
| N/A | 127.0.0.1:52512 | tcp | |
| N/A | 127.0.0.1:52514 | tcp | |
| N/A | 127.0.0.1:52516 | tcp | |
| N/A | 127.0.0.1:52518 | tcp | |
| N/A | 127.0.0.1:52520 | tcp | |
| N/A | 127.0.0.1:52521 | tcp | |
| N/A | 127.0.0.1:52525 | tcp | |
| N/A | 127.0.0.1:52524 | tcp | |
| N/A | 127.0.0.1:52528 | tcp | |
| N/A | 127.0.0.1:52530 | tcp | |
| N/A | 127.0.0.1:52534 | tcp | |
| N/A | 127.0.0.1:52536 | tcp | |
| N/A | 127.0.0.1:52540 | tcp | |
| N/A | 127.0.0.1:52551 | tcp | |
| N/A | 127.0.0.1:52567 | tcp | |
| N/A | 127.0.0.1:52570 | tcp | |
| N/A | 127.0.0.1:52573 | tcp | |
| N/A | 127.0.0.1:52578 | tcp | |
| N/A | 127.0.0.1:52581 | tcp | |
| N/A | 127.0.0.1:52590 | tcp | |
| N/A | 127.0.0.1:52603 | tcp | |
| N/A | 127.0.0.1:52607 | tcp | |
| N/A | 127.0.0.1:52619 | tcp | |
| N/A | 127.0.0.1:52621 | tcp | |
| N/A | 127.0.0.1:52623 | tcp | |
| N/A | 127.0.0.1:52625 | tcp | |
| N/A | 127.0.0.1:52627 | tcp | |
| N/A | 127.0.0.1:52629 | tcp | |
| N/A | 127.0.0.1:52631 | tcp | |
| N/A | 127.0.0.1:52634 | tcp | |
| N/A | 127.0.0.1:52636 | tcp | |
| N/A | 127.0.0.1:52638 | tcp | |
| N/A | 127.0.0.1:52640 | tcp | |
| N/A | 127.0.0.1:52642 | tcp | |
| N/A | 127.0.0.1:52644 | tcp | |
| N/A | 127.0.0.1:52646 | tcp | |
| N/A | 127.0.0.1:52648 | tcp | |
| N/A | 127.0.0.1:52650 | tcp | |
| N/A | 127.0.0.1:52652 | tcp | |
| N/A | 127.0.0.1:52654 | tcp | |
| N/A | 127.0.0.1:52656 | tcp | |
| N/A | 127.0.0.1:52657 | tcp | |
| N/A | 127.0.0.1:52660 | tcp | |
| N/A | 127.0.0.1:52678 | tcp | |
| N/A | 127.0.0.1:52683 | tcp | |
| N/A | 127.0.0.1:52687 | tcp | |
| N/A | 127.0.0.1:52692 | tcp | |
| N/A | 127.0.0.1:52697 | tcp | |
| N/A | 127.0.0.1:52721 | tcp | |
| N/A | 127.0.0.1:52724 | tcp | |
| N/A | 127.0.0.1:52726 | tcp | |
| N/A | 127.0.0.1:52728 | tcp | |
| N/A | 127.0.0.1:52730 | tcp | |
| N/A | 127.0.0.1:52732 | tcp | |
| N/A | 127.0.0.1:52734 | tcp | |
| N/A | 127.0.0.1:52736 | tcp | |
| N/A | 127.0.0.1:52738 | tcp | |
| N/A | 127.0.0.1:52756 | tcp | |
| N/A | 127.0.0.1:52776 | tcp | |
| N/A | 127.0.0.1:52779 | tcp | |
| N/A | 127.0.0.1:52781 | tcp | |
| N/A | 127.0.0.1:52783 | tcp | |
| N/A | 127.0.0.1:52786 | tcp | |
| N/A | 127.0.0.1:52788 | tcp | |
| N/A | 127.0.0.1:52793 | tcp | |
| N/A | 127.0.0.1:52797 | tcp | |
| N/A | 127.0.0.1:52799 | tcp | |
| N/A | 127.0.0.1:52802 | tcp | |
| N/A | 127.0.0.1:52804 | tcp | |
| US | 8.8.8.8:53 | sjudezj.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| N/A | 127.0.0.1:52822 | tcp | |
| N/A | 127.0.0.1:52824 | tcp | |
| N/A | 127.0.0.1:52827 | tcp | |
| N/A | 127.0.0.1:52829 | tcp | |
| N/A | 127.0.0.1:52831 | tcp | |
| N/A | 127.0.0.1:52833 | tcp | |
| N/A | 127.0.0.1:52835 | tcp | |
| N/A | 127.0.0.1:52837 | tcp | |
| N/A | 127.0.0.1:52839 | tcp | |
| N/A | 127.0.0.1:52841 | tcp | |
| N/A | 127.0.0.1:52843 | tcp | |
| N/A | 127.0.0.1:52845 | tcp | |
| N/A | 127.0.0.1:52847 | tcp | |
| N/A | 127.0.0.1:52849 | tcp | |
| N/A | 127.0.0.1:52851 | tcp | |
| N/A | 127.0.0.1:52853 | tcp | |
| N/A | 127.0.0.1:52856 | tcp | |
| N/A | 127.0.0.1:52858 | tcp | |
| N/A | 127.0.0.1:52860 | tcp | |
| N/A | 127.0.0.1:52862 | tcp | |
| N/A | 127.0.0.1:52864 | tcp | |
| N/A | 127.0.0.1:52866 | tcp | |
| N/A | 127.0.0.1:52868 | tcp | |
| N/A | 127.0.0.1:52870 | tcp | |
| N/A | 127.0.0.1:52872 | tcp | |
| N/A | 127.0.0.1:52874 | tcp | |
| N/A | 127.0.0.1:52876 | tcp | |
| N/A | 127.0.0.1:52878 | tcp | |
| N/A | 127.0.0.1:52880 | tcp | |
| N/A | 127.0.0.1:52882 | tcp | |
| N/A | 127.0.0.1:52884 | tcp | |
| N/A | 127.0.0.1:52886 | tcp | |
| N/A | 127.0.0.1:52890 | tcp | |
| N/A | 127.0.0.1:52922 | tcp | |
| N/A | 127.0.0.1:52926 | tcp | |
| N/A | 127.0.0.1:52930 | tcp | |
| N/A | 127.0.0.1:52934 | tcp | |
| N/A | 127.0.0.1:52941 | tcp | |
| N/A | 127.0.0.1:52945 | tcp | |
| N/A | 127.0.0.1:52948 | tcp | |
| N/A | 127.0.0.1:52956 | tcp | |
| N/A | 127.0.0.1:52960 | tcp | |
| N/A | 127.0.0.1:52965 | tcp | |
| US | 8.8.8.8:53 | rdjelecemcb.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.es | udp |
| US | 8.8.8.8:53 | sjudezjs.rophbh.edu.pk | udp |
| N/A | 127.0.0.1:52994 | tcp | |
| N/A | 127.0.0.1:52996 | tcp | |
| N/A | 127.0.0.1:52998 | tcp | |
| N/A | 127.0.0.1:53000 | tcp | |
| N/A | 127.0.0.1:53002 | tcp | |
| N/A | 127.0.0.1:53004 | tcp | |
| N/A | 127.0.0.1:53006 | tcp | |
| US | 8.8.8.8:53 | mail.sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | ftp.hejmbol.cem | udp |
| US | 8.8.8.8:53 | rdjelecemcb.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| N/A | 127.0.0.1:53008 | tcp | |
| N/A | 127.0.0.1:53010 | tcp | |
| N/A | 127.0.0.1:53012 | tcp | |
| N/A | 127.0.0.1:53014 | tcp | |
| N/A | 127.0.0.1:53016 | tcp | |
| N/A | 127.0.0.1:53018 | tcp | |
| N/A | 127.0.0.1:53020 | tcp | |
| N/A | 127.0.0.1:53022 | tcp | |
| N/A | 127.0.0.1:53024 | tcp | |
| N/A | 127.0.0.1:53026 | tcp | |
| N/A | 127.0.0.1:53028 | tcp | |
| N/A | 127.0.0.1:53031 | tcp | |
| N/A | 127.0.0.1:53030 | tcp | |
| N/A | 127.0.0.1:53034 | tcp | |
| N/A | 127.0.0.1:53036 | tcp | |
| N/A | 127.0.0.1:53038 | tcp | |
| N/A | 127.0.0.1:53040 | tcp | |
| N/A | 127.0.0.1:53042 | tcp | |
| N/A | 127.0.0.1:53048 | tcp | |
| N/A | 127.0.0.1:53060 | tcp | |
| N/A | 127.0.0.1:53063 | tcp | |
| N/A | 127.0.0.1:53067 | tcp | |
| N/A | 127.0.0.1:53069 | tcp | |
| N/A | 127.0.0.1:53072 | tcp | |
| N/A | 127.0.0.1:53075 | tcp | |
| N/A | 127.0.0.1:53078 | tcp | |
| N/A | 127.0.0.1:53087 | tcp | |
| N/A | 127.0.0.1:53089 | tcp | |
| N/A | 127.0.0.1:53119 | tcp | |
| N/A | 127.0.0.1:53122 | tcp | |
| N/A | 127.0.0.1:53124 | tcp | |
| N/A | 127.0.0.1:53127 | tcp | |
| N/A | 127.0.0.1:53129 | tcp | |
| N/A | 127.0.0.1:53131 | tcp | |
| N/A | 127.0.0.1:53133 | tcp | |
| N/A | 127.0.0.1:53135 | tcp | |
| N/A | 127.0.0.1:53137 | tcp | |
| N/A | 127.0.0.1:53139 | tcp | |
| N/A | 127.0.0.1:53141 | tcp | |
| N/A | 127.0.0.1:53143 | tcp | |
| N/A | 127.0.0.1:53150 | tcp | |
| N/A | 127.0.0.1:53154 | tcp | |
| N/A | 127.0.0.1:53156 | tcp | |
| N/A | 127.0.0.1:53162 | tcp | |
| N/A | 127.0.0.1:53168 | tcp | |
| N/A | 127.0.0.1:53188 | tcp | |
| N/A | 127.0.0.1:53194 | tcp | |
| N/A | 127.0.0.1:53196 | tcp | |
| N/A | 127.0.0.1:53200 | tcp | |
| N/A | 127.0.0.1:53207 | tcp | |
| N/A | 127.0.0.1:53210 | tcp | |
| N/A | 127.0.0.1:53215 | tcp | |
| N/A | 127.0.0.1:53218 | tcp | |
| N/A | 127.0.0.1:53227 | tcp | |
| N/A | 127.0.0.1:53231 | tcp | |
| N/A | 127.0.0.1:53234 | tcp | |
| N/A | 127.0.0.1:53238 | tcp | |
| N/A | 127.0.0.1:53240 | tcp | |
| N/A | 127.0.0.1:53245 | tcp | |
| N/A | 127.0.0.1:53256 | tcp | |
| N/A | 127.0.0.1:53258 | tcp | |
| N/A | 127.0.0.1:53262 | tcp | |
| US | 8.8.8.8:53 | gbmol.cem | udp |
| US | 8.8.8.8:53 | ssh.hejmbol.cem | udp |
| US | 8.8.8.8:53 | gbmol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| N/A | 127.0.0.1:53269 | tcp | |
| N/A | 127.0.0.1:53274 | tcp | |
| N/A | 127.0.0.1:53277 | tcp | |
| N/A | 127.0.0.1:53280 | tcp | |
| N/A | 127.0.0.1:53285 | tcp | |
| N/A | 127.0.0.1:53289 | tcp | |
| N/A | 127.0.0.1:53294 | tcp | |
| N/A | 127.0.0.1:53298 | tcp | |
| N/A | 127.0.0.1:53300 | tcp | |
| N/A | 127.0.0.1:53308 | tcp | |
| N/A | 127.0.0.1:53313 | tcp | |
| N/A | 127.0.0.1:53316 | tcp | |
| N/A | 127.0.0.1:53319 | tcp | |
| N/A | 127.0.0.1:53325 | tcp | |
| N/A | 127.0.0.1:53819 | tcp | |
| N/A | 127.0.0.1:53333 | tcp | |
| N/A | 127.0.0.1:53336 | tcp | |
| N/A | 127.0.0.1:53339 | tcp | |
| N/A | 127.0.0.1:53344 | tcp | |
| N/A | 127.0.0.1:53351 | tcp | |
| N/A | 127.0.0.1:53354 | tcp | |
| N/A | 127.0.0.1:53359 | tcp | |
| N/A | 127.0.0.1:53368 | tcp | |
| N/A | 127.0.0.1:53372 | tcp | |
| N/A | 127.0.0.1:53375 | tcp | |
| N/A | 127.0.0.1:53384 | tcp | |
| N/A | 127.0.0.1:53386 | tcp | |
| N/A | 127.0.0.1:53389 | tcp | |
| N/A | 127.0.0.1:53394 | tcp | |
| N/A | 127.0.0.1:53400 | tcp | |
| N/A | 127.0.0.1:53404 | tcp | |
| N/A | 127.0.0.1:53407 | tcp | |
| N/A | 127.0.0.1:53410 | tcp | |
| N/A | 127.0.0.1:53415 | tcp | |
| N/A | 127.0.0.1:53425 | tcp | |
| N/A | 127.0.0.1:53428 | tcp | |
| N/A | 127.0.0.1:53432 | tcp | |
| N/A | 127.0.0.1:53435 | tcp | |
| N/A | 127.0.0.1:53441 | tcp | |
| N/A | 127.0.0.1:53444 | tcp | |
| N/A | 127.0.0.1:53446 | tcp | |
| N/A | 127.0.0.1:53449 | tcp | |
| N/A | 127.0.0.1:53453 | tcp | |
| N/A | 127.0.0.1:53456 | tcp | |
| N/A | 127.0.0.1:53460 | tcp | |
| N/A | 127.0.0.1:53471 | tcp | |
| N/A | 127.0.0.1:53474 | tcp | |
| N/A | 127.0.0.1:53477 | tcp | |
| N/A | 127.0.0.1:53484 | tcp | |
| N/A | 127.0.0.1:53490 | tcp | |
| N/A | 127.0.0.1:53493 | tcp | |
| N/A | 127.0.0.1:53496 | tcp | |
| N/A | 127.0.0.1:53500 | tcp | |
| N/A | 127.0.0.1:53502 | tcp | |
| N/A | 127.0.0.1:53508 | tcp | |
| N/A | 127.0.0.1:53511 | tcp | |
| N/A | 127.0.0.1:53515 | tcp | |
| N/A | 127.0.0.1:53526 | tcp | |
| N/A | 127.0.0.1:53530 | tcp | |
| N/A | 127.0.0.1:53534 | tcp | |
| N/A | 127.0.0.1:53540 | tcp | |
| N/A | 127.0.0.1:53544 | tcp | |
| N/A | 127.0.0.1:53547 | tcp | |
| N/A | 127.0.0.1:53552 | tcp | |
| N/A | 127.0.0.1:53555 | tcp | |
| N/A | 127.0.0.1:53563 | tcp | |
| N/A | 127.0.0.1:53567 | tcp | |
| N/A | 127.0.0.1:53571 | tcp | |
| N/A | 127.0.0.1:53575 | tcp | |
| N/A | 127.0.0.1:53580 | tcp | |
| N/A | 127.0.0.1:53584 | tcp | |
| N/A | 127.0.0.1:53589 | tcp | |
| N/A | 127.0.0.1:53593 | tcp | |
| N/A | 127.0.0.1:53599 | tcp | |
| N/A | 127.0.0.1:53602 | tcp | |
| N/A | 127.0.0.1:53608 | tcp | |
| N/A | 127.0.0.1:53612 | tcp | |
| N/A | 127.0.0.1:53616 | tcp | |
| N/A | 127.0.0.1:53618 | tcp | |
| N/A | 127.0.0.1:53627 | tcp | |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| N/A | 127.0.0.1:53631 | tcp | |
| N/A | 127.0.0.1:53634 | tcp | |
| N/A | 127.0.0.1:53640 | tcp | |
| N/A | 127.0.0.1:53642 | tcp | |
| N/A | 127.0.0.1:53644 | tcp | |
| N/A | 127.0.0.1:53650 | tcp | |
| N/A | 127.0.0.1:53653 | tcp | |
| N/A | 127.0.0.1:53657 | tcp | |
| N/A | 127.0.0.1:53662 | tcp | |
| N/A | 127.0.0.1:53668 | tcp | |
| N/A | 127.0.0.1:53672 | tcp | |
| N/A | 127.0.0.1:53677 | tcp | |
| N/A | 127.0.0.1:53681 | tcp | |
| N/A | 127.0.0.1:53685 | tcp | |
| N/A | 127.0.0.1:53688 | tcp | |
| N/A | 127.0.0.1:53693 | tcp | |
| N/A | 127.0.0.1:53703 | tcp | |
| N/A | 127.0.0.1:53706 | tcp | |
| N/A | 127.0.0.1:53709 | tcp | |
| N/A | 127.0.0.1:53712 | tcp | |
| N/A | 127.0.0.1:53720 | tcp | |
| N/A | 127.0.0.1:53725 | tcp | |
| N/A | 127.0.0.1:53728 | tcp | |
| N/A | 127.0.0.1:53732 | tcp | |
| N/A | 127.0.0.1:53736 | tcp | |
| N/A | 127.0.0.1:53741 | tcp | |
| N/A | 127.0.0.1:53743 | tcp | |
| N/A | 127.0.0.1:53747 | tcp | |
| N/A | 127.0.0.1:53750 | tcp | |
| N/A | 127.0.0.1:53753 | tcp | |
| N/A | 127.0.0.1:53761 | tcp | |
| N/A | 127.0.0.1:53766 | tcp | |
| N/A | 127.0.0.1:53771 | tcp | |
| N/A | 127.0.0.1:53774 | tcp | |
| N/A | 127.0.0.1:53779 | tcp | |
| N/A | 127.0.0.1:53783 | tcp | |
| N/A | 127.0.0.1:53786 | tcp | |
| N/A | 127.0.0.1:53798 | tcp | |
| N/A | 127.0.0.1:53800 | tcp | |
| N/A | 127.0.0.1:53803 | tcp | |
| N/A | 127.0.0.1:53806 | tcp | |
| N/A | 127.0.0.1:53811 | tcp | |
| N/A | 127.0.0.1:53816 | tcp | |
| N/A | 127.0.0.1:53822 | tcp | |
| N/A | 127.0.0.1:53826 | tcp | |
| N/A | 127.0.0.1:53835 | tcp | |
| N/A | 127.0.0.1:53837 | tcp | |
| N/A | 127.0.0.1:53839 | tcp | |
| N/A | 127.0.0.1:53844 | tcp | |
| N/A | 127.0.0.1:53846 | tcp | |
| N/A | 127.0.0.1:53850 | tcp | |
| N/A | 127.0.0.1:53856 | tcp | |
| N/A | 127.0.0.1:53860 | tcp | |
| N/A | 127.0.0.1:53864 | tcp | |
| N/A | 127.0.0.1:53868 | tcp | |
| N/A | 127.0.0.1:53871 | tcp | |
| N/A | 127.0.0.1:53875 | tcp | |
| N/A | 127.0.0.1:53881 | tcp | |
| N/A | 127.0.0.1:53884 | tcp | |
| N/A | 127.0.0.1:53890 | tcp | |
| N/A | 127.0.0.1:53894 | tcp | |
| N/A | 127.0.0.1:53898 | tcp | |
| N/A | 127.0.0.1:53903 | tcp | |
| N/A | 127.0.0.1:53907 | tcp | |
| N/A | 127.0.0.1:53910 | tcp | |
| N/A | 127.0.0.1:53915 | tcp | |
| N/A | 127.0.0.1:53924 | tcp | |
| N/A | 127.0.0.1:53926 | tcp | |
| N/A | 127.0.0.1:53931 | tcp | |
| N/A | 127.0.0.1:53938 | tcp | |
| N/A | 127.0.0.1:53942 | tcp | |
| N/A | 127.0.0.1:53945 | tcp | |
| N/A | 127.0.0.1:53952 | tcp | |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ssh.hejmbol.cem | udp |
| N/A | 127.0.0.1:53954 | tcp | |
| N/A | 127.0.0.1:53956 | tcp | |
| N/A | 127.0.0.1:53960 | tcp | |
| N/A | 127.0.0.1:53963 | tcp | |
| N/A | 127.0.0.1:53966 | tcp | |
| N/A | 127.0.0.1:53973 | tcp | |
| N/A | 127.0.0.1:53979 | tcp | |
| N/A | 127.0.0.1:53984 | tcp | |
| N/A | 127.0.0.1:53992 | tcp | |
| N/A | 127.0.0.1:53995 | tcp | |
| N/A | 127.0.0.1:53998 | tcp | |
| N/A | 127.0.0.1:54004 | tcp | |
| N/A | 127.0.0.1:54006 | tcp | |
| US | 8.8.8.8:53 | ybhee.es | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | mail.hejmbol.cem | udp |
| US | 8.8.8.8:53 | ftp.hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | gmbol.vem | udp |
| US | 8.8.8.8:53 | gmbol.vem | udp |
| US | 8.8.8.8:53 | mcredoj.cem.vz | udp |
| US | 8.8.8.8:53 | mcredoj.cem.vz | udp |
| US | 8.8.8.8:53 | sjudezj.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ftp.sjudezj.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | ssh.sjudezj.rophbh.edu.pk | udp |
| N/A | 127.0.0.1:54011 | tcp | |
| N/A | 127.0.0.1:54015 | tcp | |
| N/A | 127.0.0.1:54019 | tcp | |
| N/A | 127.0.0.1:54022 | tcp | |
| N/A | 127.0.0.1:54031 | tcp | |
| N/A | 127.0.0.1:54033 | tcp | |
| N/A | 127.0.0.1:54037 | tcp | |
| N/A | 127.0.0.1:54040 | tcp | |
| N/A | 127.0.0.1:54048 | tcp | |
| N/A | 127.0.0.1:54051 | tcp | |
| N/A | 127.0.0.1:54054 | tcp | |
| N/A | 127.0.0.1:54064 | tcp | |
| N/A | 127.0.0.1:54066 | tcp | |
| N/A | 127.0.0.1:54070 | tcp | |
| N/A | 127.0.0.1:54075 | tcp | |
| N/A | 127.0.0.1:54077 | tcp | |
| N/A | 127.0.0.1:54082 | tcp | |
| N/A | 127.0.0.1:54088 | tcp | |
| N/A | 127.0.0.1:54093 | tcp | |
| N/A | 127.0.0.1:54098 | tcp | |
| N/A | 127.0.0.1:54100 | tcp | |
| N/A | 127.0.0.1:54105 | tcp | |
| N/A | 127.0.0.1:54109 | tcp | |
| N/A | 127.0.0.1:54112 | tcp | |
| N/A | 127.0.0.1:54117 | tcp | |
| N/A | 127.0.0.1:54122 | tcp | |
| N/A | 127.0.0.1:54131 | tcp | |
| N/A | 127.0.0.1:54134 | tcp | |
| N/A | 127.0.0.1:54137 | tcp | |
| N/A | 127.0.0.1:54140 | tcp | |
| N/A | 127.0.0.1:54144 | tcp | |
| N/A | 127.0.0.1:54147 | tcp | |
| N/A | 127.0.0.1:54152 | tcp | |
| US | 8.8.8.8:53 | sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | sbcglebbl.zej | udp |
| N/A | 127.0.0.1:54157 | tcp | |
| N/A | 127.0.0.1:54166 | tcp | |
| N/A | 127.0.0.1:54168 | tcp | |
| N/A | 127.0.0.1:54171 | tcp | |
| N/A | 127.0.0.1:54173 | tcp | |
| N/A | 127.0.0.1:54175 | tcp | |
| N/A | 127.0.0.1:54181 | tcp | |
| N/A | 127.0.0.1:54188 | tcp | |
| N/A | 127.0.0.1:54191 | tcp | |
| N/A | 127.0.0.1:54197 | tcp | |
| N/A | 127.0.0.1:54200 | tcp | |
| N/A | 127.0.0.1:54203 | tcp | |
| N/A | 127.0.0.1:54207 | tcp | |
| N/A | 127.0.0.1:53819 | tcp | |
| N/A | 127.0.0.1:54210 | tcp | |
| N/A | 127.0.0.1:54221 | tcp | |
| N/A | 127.0.0.1:54224 | tcp | |
| N/A | 127.0.0.1:54228 | tcp | |
| N/A | 127.0.0.1:54232 | tcp | |
| N/A | 127.0.0.1:54238 | tcp | |
| N/A | 127.0.0.1:54242 | tcp | |
| N/A | 127.0.0.1:54246 | tcp | |
| N/A | 127.0.0.1:54249 | tcp | |
| N/A | 127.0.0.1:54255 | tcp | |
| N/A | 127.0.0.1:54258 | tcp | |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | dhecezsuljerob.cem.br | udp |
| US | 8.8.8.8:53 | dhecezsuljerob.cem.br | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| N/A | 127.0.0.1:54263 | tcp | |
| US | 8.8.8.8:53 | ybhee.es | udp |
| US | 8.8.8.8:53 | dhecezsuljerob.cem.br | udp |
| US | 8.8.8.8:53 | rdjelecemcb.cem | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | sjudezj.bbhrob.edu.pk | udp |
| US | 8.8.8.8:53 | ftp.hejmbol.cem | udp |
| US | 8.8.8.8:53 | sjudezj.bbhrob.edu.pk | udp |
| US | 8.8.8.8:53 | mail.sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | ftp.sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | zhwjrbders.cem | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | zhwjrbders.cem | udp |
| US | 8.8.8.8:53 | sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | deperjovejbchorb.cem | udp |
| US | 8.8.8.8:53 | deperjovejbchorb.cem | udp |
| US | 8.8.8.8:53 | jjdecer.zej | udp |
| US | 8.8.8.8:53 | jjdecer.zej | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | superoer.edu.pk | udp |
| US | 8.8.8.8:53 | superoer.edu.pk | udp |
| US | 8.8.8.8:53 | mail.hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | zmbkbdemojb.lj | udp |
| US | 8.8.8.8:53 | zmbkbdemojb.lj | udp |
| US | 8.8.8.8:53 | cbhsp.cem.pk | udp |
| US | 8.8.8.8:53 | cbhsp.cem.pk | udp |
| US | 8.8.8.8:53 | supbbejs.ce.zw | udp |
| US | 8.8.8.8:53 | supbbejs.ce.zw | udp |
| US | 8.8.8.8:53 | cerjofocbjoez.pk | udp |
| US | 8.8.8.8:53 | cerjofocbjoez.pk | udp |
| N/A | 127.0.0.1:54266 | tcp | |
| N/A | 127.0.0.1:54275 | tcp | |
| N/A | 127.0.0.1:54277 | tcp | |
| N/A | 127.0.0.1:54281 | tcp | |
| N/A | 127.0.0.1:54285 | tcp | |
| US | 8.8.8.8:53 | cbhsp.cem.pk | udp |
| N/A | 127.0.0.1:54291 | tcp | |
| N/A | 127.0.0.1:54294 | tcp | |
| N/A | 127.0.0.1:54297 | tcp | |
| N/A | 127.0.0.1:54302 | tcp | |
| US | 8.8.8.8:53 | cerjofocbjoez.pk | udp |
| US | 8.8.8.8:53 | cbhsp.cem.pk | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | mail.sjudezj.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | sbcglebbl.zej | udp |
| US | 8.8.8.8:53 | ybhee.es | udp |
| US | 8.8.8.8:53 | ftp.ybhee.cem | udp |
| US | 8.8.8.8:53 | sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | ftp.sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | mail.ybhee.cem | udp |
| US | 8.8.8.8:53 | sjudezj.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | ftp.sbcglebbl.zej | udp |
| US | 8.8.8.8:53 | rdjelecemcb.cem | udp |
| US | 8.8.8.8:53 | cerjofocbjoez.pk | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | wolcede.cem | udp |
| US | 8.8.8.8:53 | ssh.sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | wolcede.cem | udp |
| US | 8.8.8.8:53 | mail.hejmbol.cem | udp |
| US | 8.8.8.8:53 | gmbol.ce | udp |
| US | 8.8.8.8:53 | gmbol.ce | udp |
| US | 8.8.8.8:53 | mail.sjudezjs.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | ftp.hejmbol.cem | udp |
| US | 8.8.8.8:53 | gbmol.cem | udp |
| US | 8.8.8.8:53 | ssh.hejmbol.cem | udp |
| US | 8.8.8.8:53 | gmbol.vem | udp |
| US | 8.8.8.8:53 | mcredoj.cem.vz | udp |
| US | 8.8.8.8:53 | ftp.sjudezj.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | ssh.sjudezj.rophbh.edu.pk | udp |
| US | 8.8.8.8:53 | dhecezsuljerob.cem.br | udp |
| US | 8.8.8.8:53 | sjudezj.bbhrob.edu.pk | udp |
| US | 8.8.8.8:53 | ssh.ybhee.cem | udp |
| US | 8.8.8.8:53 | zhwjrbders.cem | udp |
| US | 8.8.8.8:53 | deperjovejbchorb.cem | udp |
| US | 8.8.8.8:53 | jjdecer.zej | udp |
| US | 8.8.8.8:53 | superoer.edu.pk | udp |
| US | 8.8.8.8:53 | zmbkbdemojb.lj | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | supbbejs.ce.zw | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| N/A | 127.0.0.1:54310 | tcp | |
| N/A | 127.0.0.1:54314 | tcp | |
| N/A | 127.0.0.1:54320 | tcp | |
| N/A | 127.0.0.1:54322 | tcp | |
| N/A | 127.0.0.1:54325 | tcp | |
| N/A | 127.0.0.1:54328 | tcp | |
| N/A | 127.0.0.1:54334 | tcp | |
| N/A | 127.0.0.1:54337 | tcp | |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | supbbejs.ce.zw | udp |
| US | 8.8.8.8:53 | dhecezsuljerob.cem.br | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | sjudezj.bbhrob.edu.pk | udp |
| US | 8.8.8.8:53 | zhwjrbders.cem | udp |
| US | 8.8.8.8:53 | deperjovejbchorb.cem | udp |
| US | 8.8.8.8:53 | jjdecer.zej | udp |
| US | 8.8.8.8:53 | ssh.hejmbol.cem | udp |
| US | 8.8.8.8:53 | superoer.edu.pk | udp |
| US | 8.8.8.8:53 | zmbkbdemojb.lj | udp |
| US | 8.8.8.8:53 | cbhsp.cem.pk | udp |
| US | 8.8.8.8:53 | cerjofocbjoez.pk | udp |
| N/A | 127.0.0.1:54342 | tcp | |
| N/A | 127.0.0.1:54345 | tcp | |
| N/A | 127.0.0.1:54349 | tcp | |
| N/A | 127.0.0.1:54353 | tcp | |
| N/A | 127.0.0.1:54357 | tcp | |
| N/A | 127.0.0.1:54359 | tcp | |
| N/A | 127.0.0.1:54363 | tcp | |
| N/A | 127.0.0.1:54367 | tcp | |
| N/A | 127.0.0.1:54376 | tcp | |
| N/A | 127.0.0.1:54379 | tcp | |
| N/A | 127.0.0.1:54382 | tcp | |
| N/A | 127.0.0.1:54384 | tcp | |
| N/A | 127.0.0.1:54392 | tcp | |
| N/A | 127.0.0.1:54397 | tcp | |
| N/A | 127.0.0.1:54402 | tcp | |
| N/A | 127.0.0.1:54404 | tcp | |
| N/A | 127.0.0.1:54406 | tcp |
Files
memory/364-1-0x0000000002440000-0x0000000002540000-memory.dmp
memory/364-2-0x0000000002420000-0x000000000242B000-memory.dmp
memory/364-3-0x0000000000400000-0x00000000022D1000-memory.dmp
memory/3420-4-0x0000000000F10000-0x0000000000F26000-memory.dmp
memory/364-5-0x0000000000400000-0x00000000022D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C9D8.exe
| MD5 | 0904e849f8483792ef67991619ece915 |
| SHA1 | 58d04535efa58effb3c5ed53a2462aa96d676b79 |
| SHA256 | fca631b3198194fcc0c619b5690dbde2e9f38afb1b978bab8ea3f92b572ce1ef |
| SHA512 | 258fc59050aa455ad56167dd1bbe5e098eefc0f3e950c90d89bac2aa74abb5cfa1710d866c0e28e58dcb2f914736470a4dd9838dd6412b633aee87d71b867cf5 |
memory/5116-16-0x0000000000C60000-0x000000000150F000-memory.dmp
memory/5116-15-0x0000000000C50000-0x0000000000C51000-memory.dmp
memory/5116-17-0x0000000000C60000-0x000000000150F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CF09.dll
| MD5 | 7aecbe510817ee9636a5bcbff0ee5fdd |
| SHA1 | 6a3f27f7789ccf1b19c948774d84c865a9ac6825 |
| SHA256 | b4ee4aa0b664fe673986399de8105c600330339971bd8583177fa38dddd13aac |
| SHA512 | a681efb97745aed5f73d197730049ff80798d133245d8e8bcb0faf3532a9ef440d1687016c9f666c1f56479c7db003b0388e0a69bb2626f34c86046bc477edae |
memory/600-22-0x0000000000790000-0x0000000000796000-memory.dmp
memory/600-23-0x0000000010000000-0x000000001020A000-memory.dmp
memory/5116-25-0x0000000000C60000-0x000000000150F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\D9B8.exe
| MD5 | 398ab69b1cdc624298fbc00526ea8aca |
| SHA1 | b2c76463ae08bb3a08accfcbf609ec4c2a9c0821 |
| SHA256 | ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be |
| SHA512 | 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739 |
memory/2080-31-0x0000000003940000-0x0000000003B00000-memory.dmp
memory/2080-32-0x0000000003B00000-0x0000000003CB7000-memory.dmp
memory/4268-33-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4268-36-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4268-35-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4268-37-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4268-38-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4268-42-0x00000000009E0000-0x00000000009E6000-memory.dmp
memory/4268-39-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DDA1.exe
| MD5 | e6dd149f484e5dd78f545b026f4a1691 |
| SHA1 | 3ea5d0fb2de5bfad3dc6dc1744708ccd31102df6 |
| SHA256 | 11243641663323721ba21494a394de70ae70d4ea23c23f2e2a397fcc3cfea1a7 |
| SHA512 | 0defb358d59221c56731745a25250dfea49ecbb411f11f31a92ec20fa2123646f4aaf9fd4999898c39e4674f616bc1bed7ef2368b61a29d595dc7b9340dd058b |
memory/3248-49-0x0000000002F30000-0x0000000003030000-memory.dmp
memory/3248-50-0x00000000049D0000-0x0000000004A3B000-memory.dmp
memory/3248-51-0x0000000000400000-0x0000000002D8C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E737.exe
| MD5 | e4a41feae8a0ea34b8318bf3ddafded3 |
| SHA1 | 1234026e5d8872a8b7022850ea889f55370a3ff5 |
| SHA256 | be482bb853fccfef39948f3b2a01773cb2236dc512cf9cd61e7fdfe26687bcb6 |
| SHA512 | d825e42389ccfda3e11b30948f44d001710d2ea69b43402f1240f06671621f26499ca4ef1e69d25bea706e5baaf14a8ddfae145d409a9680c413b39f9586c903 |
memory/4404-57-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-PUJTF.tmp\E737.tmp
| MD5 | 14db4253fd181e84e26eebc8f4150402 |
| SHA1 | 79e77f75b5b8b1386c1bb76324790caaa908ca8d |
| SHA256 | 65cc67e5c73ef94bcaa28719f3452756967f3e7461199fb7715000db90da6e28 |
| SHA512 | 9939fe82c087fcb38573efbc2692def67877063851c9a67400aba84085f7db4c2d2dcd7685200747f5da9a93f47f6e4ac202dcf1202976a57bcdd8d5b7426f1e |
\Users\Admin\AppData\Local\Temp\is-UBGUM.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
\Users\Admin\AppData\Local\Temp\is-UBGUM.tmp\_isetup\_isdecmp.dll
| MD5 | a813d18268affd4763dde940246dc7e5 |
| SHA1 | c7366e1fd925c17cc6068001bd38eaef5b42852f |
| SHA256 | e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64 |
| SHA512 | b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4 |
memory/4568-78-0x00000000001F0000-0x00000000001F1000-memory.dmp
memory/600-87-0x0000000004550000-0x0000000004679000-memory.dmp
memory/600-88-0x0000000004680000-0x000000000478E000-memory.dmp
memory/600-89-0x0000000004680000-0x000000000478E000-memory.dmp
memory/600-91-0x0000000004680000-0x000000000478E000-memory.dmp
memory/4268-92-0x0000000002D90000-0x0000000002EB9000-memory.dmp
memory/4268-94-0x0000000002EC0000-0x0000000002FCE000-memory.dmp
memory/4268-96-0x0000000002EC0000-0x0000000002FCE000-memory.dmp
memory/600-97-0x0000000010000000-0x000000001020A000-memory.dmp
memory/3248-100-0x0000000000400000-0x0000000002D8C000-memory.dmp
memory/4404-101-0x0000000000400000-0x0000000000414000-memory.dmp
memory/4568-102-0x0000000000400000-0x00000000004BC000-memory.dmp
C:\Users\Admin\AppData\Roaming\wsiwgaa
| MD5 | 5cddaacf9782c030db128e3ebfd8f301 |
| SHA1 | 71bae291b66ecfad6ee79ab150c9b4bdc676f06c |
| SHA256 | 6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23 |
| SHA512 | bee3cbdeac5a317f58ebb2d621740f8b7e81e47db236327cb0e908bc49886e320e30a95191470953177740f702adfe704a626325ddd2a33f10c8ec3060059797 |
C:\Users\Admin\AppData\Local\Temp\28B6.exe
| MD5 | 09daace6074ca06ea3737d622083d5dd |
| SHA1 | eb5e13591e3e86cfd51c0f284ca323aace0d1501 |
| SHA256 | bb7d28c3a4d3efc1b473a7b07c4d4af8ce775d1461eae61f6913c81b745997b2 |
| SHA512 | b5eff759b219614869d18b50fe80490a75a76db474f5f55d783b991f7fb5ecbc7b904a956a42badb6e6b9b08921b9dc00e567ff786b7ea315a9222c6944cc541 |
C:\Users\Admin\AppData\Local\Temp\28B6.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1064-109-0x0000000000580000-0x0000000000E36000-memory.dmp
memory/1064-114-0x00000000727A0000-0x0000000072E8E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 550ee7188c527b01bfa4d015377d121c |
| SHA1 | 44c45f90daaef2f68d08512a79d0efa86a748f4b |
| SHA256 | b236c2da74955dc9bcd4fc696ae78f49edbbc6f06aacaa80f0246da3deb3265d |
| SHA512 | 677f8a65ca34a290ce916d13966f0511875d5cfc12cc0983d7463a64047528a2407eb62ca8cae392452d06e756b9d07014af52c92d91ec61264c2005468f2a1a |
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
| MD5 | f75b9beec810c7d22ac06871935465cc |
| SHA1 | 02a949c1e44035114022079454555c9c145bf8fb |
| SHA256 | edbe5331590b5dd47a67f9546820b96f3f2b4590cd4444ec6e6185762c6a2182 |
| SHA512 | e2e8b13f7e69d46fd1d3a08e08ef0bf661dc690df37583ea653321ac05ccc717a716ec9ac1670e574a87e70c8096bce538b976d7fbb4af9f46cf5c1ad598a37c |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | d847dbfee9bfc8426168aad888ede9bd |
| SHA1 | f8b60258c711d19ea1d5413a3aee21262d8b8db7 |
| SHA256 | fbdbcee82d428a818977ef77349eb7ebcb45b205751547ba4c6df3d0e8bffc07 |
| SHA512 | 4c4f542caa52c03f319698aeb7e05d29c1d13a8a0fed7fbde00ecfd5bf6a033c2be8d6b517f59a46ea66cb182995c6bece0e1ee002b3724e40f5286b700ee9a1 |
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
| MD5 | 28b72e7425d6d224c060d3cf439c668c |
| SHA1 | a0a14c90e32e1ffd82558f044c351ad785e4dcd8 |
| SHA256 | 460ba492fbc3163b80bc40813d840e50feb84166db7a300392669afd21132d98 |
| SHA512 | 3e0696b4135f3702da054b80d98a8485fb7f3002c4148a327bc790b0d33c62d442c01890cc047af19a17a149c8c8eb84777c4ff313c95ec6af64a8bf0b2d54b6 |
memory/1064-129-0x00000000727A0000-0x0000000072E8E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | ebb513d4d6d769ae21e14c45f491ca1b |
| SHA1 | 5f97e01f98b58a17e538a71b81b7a24c999c1859 |
| SHA256 | 5e467197e806babc85b146d0456992a2a72060494e4dd0a00dc05813f71381c6 |
| SHA512 | 6e28db09bb87188eeb331f695e9505e80a06286191c29599d0d113e64013a818c0d537040eb527a5da4298adac057ae08928e84cca85d08301c9312e5da36a21 |
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | ae6091485f322e8f312636bff904b057 |
| SHA1 | ce30c0bdd9938cbdda665a1ee4c14e55c9d30c37 |
| SHA256 | 82115b3ae69efdd2d5ea779f9ea2e6d6a38215feb9ffe8c2391a7cec969ecf32 |
| SHA512 | d22a538ebe10525053217764c1f1340731228cae0ac5d782fc54a8797fe546429f232789b7023ca8113e7c71d8f270ef5173734bbbf11b21759c9a856aeee2ff |
\Users\Admin\AppData\Local\Temp\nsj364E.tmp\INetC.dll
| MD5 | 40d7eca32b2f4d29db98715dd45bfac5 |
| SHA1 | 124df3f617f562e46095776454e1c0c7bb791cc7 |
| SHA256 | 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9 |
| SHA512 | 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d |
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
| MD5 | 1ec1291e83f28fdf8fb4e264d8f4348c |
| SHA1 | 42ee5f14acbc586461b4a6ed75cc1c527119bc27 |
| SHA256 | 4099ec6dba9b3cc9682431c9aaa48b88b29efc8000524929018eecd1211d5ca9 |
| SHA512 | a2bd83e207e08fc653d3793f5c5db9f37416d31b75fb61020c0f470135301338947ad36ee5318922cd77cceddfe582c1435dbaf0de25d909b635503b42ef79f2 |
C:\Users\Admin\AppData\Local\Temp\39CE.exe
| MD5 | 0ca68f13f3db569984dbcc9c0be6144a |
| SHA1 | 8c53b9026e3c34bcf20f35af15fc6545cb337936 |
| SHA256 | 9cd86fa59ea2d10f9b9f3293c132f158fcb7dd993fdb706944f9fe9fa409504a |
| SHA512 | 4c3a3be5fda0f9060a08b95383b5260e4079dbcff73849d2fac88520ae625c33a73c5858b25b717fcccebf03c3ad9b19807de8bcfa7ea22be6648cc965072b7d |
memory/1004-146-0x00000000028E0000-0x0000000002CD9000-memory.dmp
memory/1004-147-0x0000000002DE0000-0x00000000036CB000-memory.dmp
memory/1128-149-0x0000000000940000-0x0000000000941000-memory.dmp
memory/1004-148-0x0000000000400000-0x0000000000D1C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsj434F.tmp
| MD5 | 0ab522cd9cc4a004d8b7b21445b58132 |
| SHA1 | 62da3b22a7ef628712fc771cd10fac96bafb558f |
| SHA256 | 4e6080d8571cd53972a0dfa4f383d61ee95efef520988cf50a17bd569beb6486 |
| SHA512 | 7cc4575c6746eaa92ab837c38203deed2c4beaff6aae6bd60e68edd0a197091695be68f968289db6892f3a96425c334771673daa08c3d8a51be8deb56e75dfc9 |
C:\Users\Admin\AppData\Local\Temp\nsj434F.tmp
| MD5 | 9089c5ddf54262d275ab0ea6ceaebcba |
| SHA1 | 4796313ad8d780936e549ea509c1932deb41e02a |
| SHA256 | 96766ea71dc59a5b1734aba76c1ab1cbc8459a9ee023e9875359667dbf51ea4a |
| SHA512 | ec71801feccd0c900132425d6bc601bcae6e78702b708df80783a752d08c8bdc49f0b0c8e7c37b15a02b381369b8a3c1114d7385796316b834738045f7dc053c |
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
memory/1128-170-0x0000000000400000-0x00000000008E2000-memory.dmp
memory/1004-169-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/4716-171-0x0000000000400000-0x00000000022D1000-memory.dmp
memory/4716-172-0x0000000002320000-0x0000000002420000-memory.dmp
memory/4716-173-0x0000000002300000-0x000000000230B000-memory.dmp
memory/3248-176-0x0000000002F30000-0x0000000003030000-memory.dmp
memory/992-178-0x0000000002420000-0x0000000002447000-memory.dmp
memory/992-177-0x0000000002500000-0x0000000002600000-memory.dmp
memory/992-179-0x0000000000400000-0x00000000022D9000-memory.dmp
memory/3420-181-0x00000000027D0000-0x00000000027E6000-memory.dmp
memory/4716-183-0x0000000000400000-0x00000000022D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7532.exe
| MD5 | 807dbd255743cdb219cf957247bfb1e6 |
| SHA1 | cfad1089d95afedb21cc386b383508689db0a98b |
| SHA256 | 31beab3ec8f7bd24285387e7fbee7c3212b093a3e59e639aa08c10387ba09e86 |
| SHA512 | d213e01f6b0385771fbf757bfa335399d4ead1a0575e24ffb30866c8d8686f12fb3e1d50b45c234765d2b66316ec443c628f1010ce4c2aaa5c9200f6d71899a9 |
C:\Users\Admin\AppData\Local\Temp\7532.exe
| MD5 | 5dac4c5f4289f817e0c7892c76a0aab1 |
| SHA1 | 13477d501e005148f8eb2a3b456b41b0f29d058b |
| SHA256 | e2b88e200808b33ed0f7c104a2df705c0aa6ce2d97fdd1303a065a45507c8807 |
| SHA512 | 6599db9c89507a285647b2d24521900117c6ef3e14dfd2e72358bdc1f7a0a003ed86888c0d59df4650a6bd18d62a42d1e84abd5dd24294924982ab2606523260 |
memory/4192-189-0x0000000000BD0000-0x0000000000BD1000-memory.dmp
memory/4192-193-0x0000000000BF0000-0x0000000000BF1000-memory.dmp
memory/4192-191-0x0000000000BE0000-0x0000000000BE1000-memory.dmp
memory/4192-196-0x00000000030E0000-0x00000000030E1000-memory.dmp
memory/4192-195-0x0000000001AC0000-0x0000000001AC1000-memory.dmp
memory/4192-197-0x00000000030F0000-0x00000000030F1000-memory.dmp
memory/4192-203-0x0000000000E50000-0x00000000018FD000-memory.dmp
memory/4192-204-0x0000000003100000-0x0000000003101000-memory.dmp
memory/4192-206-0x0000000003110000-0x0000000003150000-memory.dmp
memory/4192-205-0x0000000003110000-0x0000000003150000-memory.dmp
memory/4192-207-0x0000000003110000-0x0000000003150000-memory.dmp
memory/4192-208-0x0000000003110000-0x0000000003150000-memory.dmp
memory/4192-210-0x0000000003110000-0x0000000003150000-memory.dmp
memory/4192-213-0x0000000003290000-0x0000000003390000-memory.dmp
memory/4192-249-0x0000000000E50000-0x00000000018FD000-memory.dmp
\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
\ProgramData\nss3.dll
| MD5 | 936cd56662a1d626a89a41623fc216b2 |
| SHA1 | c5d69ce27ecbf1f92d79f204786ac088df741a69 |
| SHA256 | 27e8206a2cd1eb494909d58b1e22fbfd02cace1d03cebb98784711a3345e3da6 |
| SHA512 | dce4dfa8102416a9049f2e30c876ccfb5e8bd235219d81411c89daf196e175e8c1a3c12b59fa18c1ef04f31277f8f0bc6f141ed15340130dffbf1554431dba1b |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
memory/2228-296-0x000001EADFAD0000-0x000001EADFAE0000-memory.dmp
memory/2228-295-0x00007FFEE58E0000-0x00007FFEE62CC000-memory.dmp
memory/2228-298-0x000001EADFAD0000-0x000001EADFAE0000-memory.dmp
memory/2228-299-0x000001EADFB10000-0x000001EADFB32000-memory.dmp
memory/992-301-0x0000000000400000-0x00000000022D9000-memory.dmp
memory/2228-309-0x000001EADFCC0000-0x000001EADFD36000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_czsyknq3.ege.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/2228-338-0x000001EADFAD0000-0x000001EADFAE0000-memory.dmp
memory/1004-351-0x00000000028E0000-0x0000000002CD9000-memory.dmp
memory/2228-352-0x000001EADFAD0000-0x000001EADFAE0000-memory.dmp
memory/3768-358-0x00000000046D0000-0x0000000004706000-memory.dmp
memory/3768-359-0x0000000006DE0000-0x0000000007408000-memory.dmp
memory/3768-362-0x0000000071B60000-0x000000007224E000-memory.dmp
memory/1004-361-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/3768-363-0x0000000004620000-0x0000000004630000-memory.dmp
memory/3768-364-0x0000000004620000-0x0000000004630000-memory.dmp
memory/1128-367-0x0000000000940000-0x0000000000941000-memory.dmp
memory/3768-368-0x0000000007410000-0x0000000007432000-memory.dmp
memory/3768-369-0x00000000076E0000-0x0000000007746000-memory.dmp
memory/3768-371-0x00000000077A0000-0x0000000007AF0000-memory.dmp
memory/3768-370-0x00000000074B0000-0x0000000007516000-memory.dmp
memory/3768-372-0x0000000007620000-0x000000000763C000-memory.dmp
memory/3768-373-0x0000000008110000-0x000000000815B000-memory.dmp
memory/3768-394-0x0000000008C40000-0x0000000008C7C000-memory.dmp
memory/3768-425-0x0000000008DC0000-0x0000000008E36000-memory.dmp
memory/3768-436-0x0000000009B30000-0x0000000009B63000-memory.dmp
memory/3768-438-0x0000000072B80000-0x0000000072BCB000-memory.dmp
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
| MD5 | b03886cb64c04b828b6ec1b2487df4a4 |
| SHA1 | a7b9a99950429611931664950932f0e5525294a4 |
| SHA256 | 5dfaa8987f5d0476b835140d8a24fb1d9402e390bbe92b8565da09581bd895fc |
| SHA512 | 21d1a5a4a218411c2ec29c9ca34ce321f6514e7ca3891eded8c3274aeb230051661a86eda373b9a006554e067de89d816aa1fa864acf0934bbb16a6034930659 |
memory/3768-442-0x0000000009B10000-0x0000000009B2E000-memory.dmp
memory/3768-439-0x0000000070480000-0x00000000707D0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 7a80cd42234506c4eca04b6a54d5bf7f |
| SHA1 | b571f657031f54fc5c733759b558d43bdf88eedb |
| SHA256 | 3084537f35cd8e74646264612514628aa49ddda9c1fd79894c8641a9b7768df9 |
| SHA512 | 88e692b05423c082b7fea2a8de7440a035d94af4cabab28ac07c6bb19be2ac3c57d2e05a9a321ca512098786b942ed2f60d4fd13a100fa7832b10d327a78c5a7 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | 1c19c16e21c97ed42d5beabc93391fc5 |
| SHA1 | 8ad83f8e0b3acf8dfbbf87931e41f0d664c4df68 |
| SHA256 | 1bcd97396c83babfe6c5068ba590d7a3f8b70e72955a9d1e4070648e404cbf05 |
| SHA512 | 7d18776d8f649b3d29c182ff03efc6cea8b527542ee55304980f24577aae8b64e37044407776e220984346c3998ace5f8853afa58c8b38407482a728e9495e0c |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | a0eca20ab85d5bb841117922f97e12b2 |
| SHA1 | ab79e31c385bbb32dc5f2fc6fa335293f2d504b7 |
| SHA256 | bf25de7df6bcb6ae5e313d2493be42140d59391edd15e5bf0b59bc26d1c523ad |
| SHA512 | d6e204f0dfe0f440c94dbccade9a501a91a676f483933e9ba2ec90118652af2a2be979be1d82c14be1c7eb0c3617ec416696b7f7cb8beea17ed8d41a93871e94 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | be4e08adb67b58113b8ffe1893c6f321 |
| SHA1 | fd32e0a3ccf052472630ce59ea134b03aecb0f58 |
| SHA256 | dfade7a38e519c11f4b001bfab3f4c9eeb6f7f077a0533c35a2c2f6820695421 |
| SHA512 | 8bce21d8995e6f8d7a3e0632bfd891206c91be1d77c3db0eff61a15b07f7a58ebfb997b9a6bd9306b5722922136175e7b38d8382766ecc56fc77444c443d393b |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | 03b56deb0a19574e78dd6a5b9a699c61 |
| SHA1 | 440396534b1507f7c80cccd199c00b59081e79e5 |
| SHA256 | b096e3c3326f1cfe59153b6e5f0702a5fb75519fb055937f76598e451817cb4c |
| SHA512 | 0144924dc8fd7472108df9154c1dcc671d9e31bfa44a199d0f6cab58cb24c2daf56fac6a4760265e66a949d5bb58a7df8d0c270284f7df56c029cbbe7fe871a5 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | fd8efeaa917d4b4daff90c39b149b694 |
| SHA1 | 61ca1b1fe37dc2abcc102133240ee8f2c9c0ba25 |
| SHA256 | e1621df8f186669e4d8d8653b6361322e4cc4b2dccb2eb2d1bd9c63232e6ccbe |
| SHA512 | d17a121a2e37d93db9d35c9b476e8bb1276df043114d9ee3f96151215bc6126c6655685abb433d8ae3a790e0ad62e7c974b69a8f10d65f9873c164c649765e3a |
C:\Windows\rss\csrss.exe
| MD5 | b8c50d741d429e4cd6210293c0f0d881 |
| SHA1 | 059f1aa663f344b66b7ab96bd092bfd08ef6b091 |
| SHA256 | 862a2046656a5a5dc1638c6b9ac7c751b90fceae08d37b4e2702b73c45278a8b |
| SHA512 | b7e6e142048371568ecdc9bc10c0da83c73125bdff1964839244f0b95eb7fd08a34f42f4fcd26ff5fac52f4350fb28c2505df2ce69c51a2fd0ff76a903d83096 |