Malware Analysis Report

2024-11-30 05:06

Sample ID 240229-bvyn2sab71
Target 5c666aed70980ea1d08ad44459eaacaa.bin
SHA256 7cac55dcd6c4c1501b91d4e3571e8a376a111cefd1b5e9875a8799bece882d44
Tags
glupteba smokeloader pub1 backdoor dropper loader persistence trojan upx dcrat lumma bootkit discovery evasion infostealer rat spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7cac55dcd6c4c1501b91d4e3571e8a376a111cefd1b5e9875a8799bece882d44

Threat Level: Known bad

The file 5c666aed70980ea1d08ad44459eaacaa.bin was found to be: Known bad.

Malicious Activity Summary

glupteba smokeloader pub1 backdoor dropper loader persistence trojan upx dcrat lumma bootkit discovery evasion infostealer rat spyware stealer

Lumma Stealer

Glupteba

Glupteba payload

SmokeLoader

DcRat

Downloads MZ/PE file

Modifies Windows Firewall

Contacts a large (658) amount of remote hosts

Reads data files stored by FTP clients

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

Deletes itself

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Adds Run key to start application

Writes to the Master Boot Record (MBR)

Suspicious use of SetThreadContext

Enumerates physical storage devices

Unsigned PE

Program crash

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious behavior: MapViewOfSection

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Checks processor information in registry

Creates scheduled task(s)

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-29 01:28

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-29 01:28

Reported

2024-02-29 01:31

Platform

win7-20240221-en

Max time kernel

136s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe"

Signatures

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Downloads MZ/PE file

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\65C5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\65C5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7E37.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\65C5.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\65C5.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2616 set thread context of 2980 N/A C:\Users\Admin\AppData\Local\Temp\65C5.exe C:\Users\Admin\AppData\Local\Temp\65C5.exe

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7E37.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1204 wrote to memory of 2616 N/A N/A C:\Users\Admin\AppData\Local\Temp\65C5.exe
PID 1204 wrote to memory of 2616 N/A N/A C:\Users\Admin\AppData\Local\Temp\65C5.exe
PID 1204 wrote to memory of 2616 N/A N/A C:\Users\Admin\AppData\Local\Temp\65C5.exe
PID 1204 wrote to memory of 2616 N/A N/A C:\Users\Admin\AppData\Local\Temp\65C5.exe
PID 2616 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\65C5.exe C:\Users\Admin\AppData\Local\Temp\65C5.exe
PID 2616 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\65C5.exe C:\Users\Admin\AppData\Local\Temp\65C5.exe
PID 2616 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\65C5.exe C:\Users\Admin\AppData\Local\Temp\65C5.exe
PID 2616 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\65C5.exe C:\Users\Admin\AppData\Local\Temp\65C5.exe
PID 2616 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\65C5.exe C:\Users\Admin\AppData\Local\Temp\65C5.exe
PID 2616 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\65C5.exe C:\Users\Admin\AppData\Local\Temp\65C5.exe
PID 2616 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\65C5.exe C:\Users\Admin\AppData\Local\Temp\65C5.exe
PID 2616 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\65C5.exe C:\Users\Admin\AppData\Local\Temp\65C5.exe
PID 2616 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\65C5.exe C:\Users\Admin\AppData\Local\Temp\65C5.exe
PID 1204 wrote to memory of 2208 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1204 wrote to memory of 2208 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1204 wrote to memory of 2208 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1204 wrote to memory of 2208 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1204 wrote to memory of 2208 N/A N/A C:\Windows\system32\regsvr32.exe
PID 2208 wrote to memory of 2464 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2208 wrote to memory of 2464 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2208 wrote to memory of 2464 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2208 wrote to memory of 2464 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2208 wrote to memory of 2464 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2208 wrote to memory of 2464 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2208 wrote to memory of 2464 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1204 wrote to memory of 1036 N/A N/A C:\Users\Admin\AppData\Local\Temp\7E37.exe
PID 1204 wrote to memory of 1036 N/A N/A C:\Users\Admin\AppData\Local\Temp\7E37.exe
PID 1204 wrote to memory of 1036 N/A N/A C:\Users\Admin\AppData\Local\Temp\7E37.exe
PID 1204 wrote to memory of 1036 N/A N/A C:\Users\Admin\AppData\Local\Temp\7E37.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe

"C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe"

C:\Users\Admin\AppData\Local\Temp\65C5.exe

C:\Users\Admin\AppData\Local\Temp\65C5.exe

C:\Users\Admin\AppData\Local\Temp\65C5.exe

C:\Users\Admin\AppData\Local\Temp\65C5.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6CF7.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\6CF7.dll

C:\Users\Admin\AppData\Local\Temp\7E37.exe

C:\Users\Admin\AppData\Local\Temp\7E37.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 124

C:\Users\Admin\AppData\Local\Temp\8672.exe

C:\Users\Admin\AppData\Local\Temp\8672.exe

C:\Users\Admin\AppData\Local\Temp\A20D.exe

C:\Users\Admin\AppData\Local\Temp\A20D.exe

C:\Users\Admin\AppData\Local\Temp\B705.exe

C:\Users\Admin\AppData\Local\Temp\B705.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"

C:\Users\Admin\AppData\Local\Temp\u1mg.0.exe

"C:\Users\Admin\AppData\Local\Temp\u1mg.0.exe"

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Windows\system32\taskeng.exe

taskeng.exe {1306C29E-18E0-4817-A946-4641537DDDE3} S-1-5-21-2297530677-1229052932-2803917579-1000:HKULBIBU\Admin:Interactive:[1]

C:\Users\Admin\AppData\Local\Temp\u1mg.1.exe

"C:\Users\Admin\AppData\Local\Temp\u1mg.1.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
N/A 127.0.0.1:49224 tcp
US 147.135.64.217:443 tcp
DE 162.19.244.234:443 tcp
FR 51.159.195.41:993 tcp
FR 51.159.195.41:993 tcp
DE 162.19.244.234:443 tcp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 trmpc.com udp
KR 211.119.84.111:80 trmpc.com tcp
US 8.8.8.8:53 joly.bestsup.su udp
US 104.21.29.103:80 joly.bestsup.su tcp
DE 185.172.128.90:80 185.172.128.90 tcp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 gmbol.pl udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 ybhee.fr udp
US 8.8.8.8:53 verozez.zej udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 ybhee.fr udp
US 8.8.8.8:53 gmbol.pl udp
US 8.8.8.8:53 mobmo.edu udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 gmbol.pl udp
US 8.8.8.8:53 verozez.zej udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 mobmo.edu udp
US 8.8.8.8:53 mbxb.bsob udp
US 8.8.8.8:53 sjudezjs.dkuj.bc.ke udp
US 8.8.8.8:53 jblezje.jls.edu.pe udp
US 8.8.8.8:53 sjudezjs.dkuj.bc.ke udp
US 8.8.8.8:53 bzdremedbbpps.cem.mx udp
DE 185.172.128.127:80 185.172.128.127 tcp
US 8.8.8.8:53 jblezje.jls.edu.pe udp
US 8.8.8.8:53 mbxb.bsob udp
US 8.8.8.8:53 jblezje.jls.edu.pe udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 jbblom.mb udp
US 8.8.8.8:53 ozjerob.cem udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 obrzy.cem udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 jbblom.mb udp
US 8.8.8.8:53 bzdremedbbpps.cem.mx udp
US 8.8.8.8:53 jbblom.mb udp
US 8.8.8.8:53 ozjerob.cem udp
US 8.8.8.8:53 bzdremedbbpps.cem.mx udp
US 8.8.8.8:53 ozjerob.cem udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 bzdremedbbpps.cem.mx udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 eujleek.cem udp
US 8.8.8.8:53 eujleek.fr udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 uoewb.edu udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 obrzy.cem udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 eujleek.cem udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 eujleek.cem udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 orbzmbrcepele.cem udp
US 8.8.8.8:53 eujleek.fr udp
US 8.8.8.8:53 uoewb.edu udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 deureluz.cem udp
US 8.8.8.8:53 ocleud.cem udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 orbzmbrcepele.cem udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 deureluz.cem udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 ocleud.cem udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 gmbol.cem.br udp
DE 185.172.128.127:80 185.172.128.127 tcp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 sel8.cem udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 sel8.cem udp
US 8.8.8.8:53 ybhee.cem.jw udp
DE 185.172.128.109:80 185.172.128.109 tcp
US 8.8.8.8:53 blu.cbjmbrobzosjes.cem udp
US 8.8.8.8:53 msz.cem udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 jhejbxselujoez.cb udp
US 8.8.8.8:53 ybhee.cem.jw udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 msz.cem udp
US 8.8.8.8:53 ftp.verozez.zej udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 ftp.mobmo.edu udp
US 8.8.8.8:53 ftp.sjudezjs.dkuj.bc.ke udp
US 8.8.8.8:53 blu.cbjmbrobzosjes.cem udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 mail.ybhee.cem udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 ftp.ybhee.fr udp
US 8.8.8.8:53 ftp.gmbol.pl udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 ftp.jblezje.jls.edu.pe udp
US 8.8.8.8:53 cbzlv.cem udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 jhejbxselujoez.cb udp
US 8.8.8.8:53 ybhee.fr udp
US 8.8.8.8:53 efppj-edu.mb udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 mail.bzdremedbbpps.cem.mx udp
US 8.8.8.8:53 ybhee.fr udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 efppj-edu.mb udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 ftp.bzdremedbbpps.cem.mx udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 ftp.obrzy.cem udp
US 8.8.8.8:53 ftp.gmbol.cem.br udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 mail.sjudezjs.dkuj.bc.ke udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 mail.ybhee.fr udp
US 8.8.8.8:53 ftp.jbblom.mb udp
US 8.8.8.8:53 ftp.eujleek.cem udp
US 8.8.8.8:53 whu.edu.cz udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 whu.edu.cz udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 ftp.mbxb.bsob udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 educbcoez.zbvbrrb.es udp
US 8.8.8.8:53 ftp.ybhee.cem udp
US 8.8.8.8:53 mail.jblezje.jls.edu.pe udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 blremejers.ce.zb udp
US 8.8.8.8:53 educbcoez.zbvbrrb.es udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 mail.gmbol.cem.br udp
US 8.8.8.8:53 blremejers.ce.zb udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 blremejers.ce.zb udp
US 8.8.8.8:53 ssh.gmbol.cem.br udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 myzej.cem udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 educbcoez.zbvbrrb.es udp
US 8.8.8.8:53 gmbol.cem.br udp
US 8.8.8.8:53 ftp.eujleek.fr udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 myzej.cem udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 ftp.orbzmbrcepele.cem udp
US 8.8.8.8:53 ftp.gmbol.cem.br udp

Files

memory/2412-1-0x0000000001E90000-0x0000000001F90000-memory.dmp

memory/2412-2-0x0000000000220000-0x000000000022B000-memory.dmp

memory/2412-3-0x0000000000400000-0x0000000001A2B000-memory.dmp

memory/2412-5-0x0000000000400000-0x0000000001A2B000-memory.dmp

memory/1204-4-0x0000000002DD0000-0x0000000002DE6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\65C5.exe

MD5 398ab69b1cdc624298fbc00526ea8aca
SHA1 b2c76463ae08bb3a08accfcbf609ec4c2a9c0821
SHA256 ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be
SHA512 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739

memory/2616-17-0x0000000003650000-0x0000000003808000-memory.dmp

memory/2616-20-0x0000000003650000-0x0000000003808000-memory.dmp

memory/2980-21-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2616-23-0x0000000003810000-0x00000000039C7000-memory.dmp

memory/2980-24-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2616-27-0x0000000003650000-0x0000000003808000-memory.dmp

memory/2980-28-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-29-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-30-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-31-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-32-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\6CF7.dll

MD5 9b1697d40dfd386fdd7e9327844f301a
SHA1 e75defb119e2c7b7d3f75ab70a100ec504af5ebf
SHA256 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d
SHA512 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69

memory/2464-40-0x0000000010000000-0x0000000010202000-memory.dmp

memory/2464-41-0x0000000000130000-0x0000000000136000-memory.dmp

memory/2464-45-0x0000000002740000-0x0000000002868000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 7dbfa1014c5d83d171026c54b1c3872f
SHA1 98c29ab8c6ccca393af0b89edd7fc340af0d226f
SHA256 e3d18d030e30992deb1bd00a8021f22b887a4e09d9d40f576be6dc583ad0812b
SHA512 ff11b7a300f7e0cf2138322bd4fda2a8cd4e49ed9ebb553cbd5dfaaae2069ae003f3eef1f72d46faa60523693f58b6ff48d0fb34c408605500b246df7020926b

memory/2464-52-0x0000000002870000-0x000000000297D000-memory.dmp

memory/2464-55-0x0000000002870000-0x000000000297D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7E37.exe

MD5 eb334ecb58d60de1fc5f84762b4a944f
SHA1 64609fbf3ed3e5e5d9500d44934457ad2e382a4c
SHA256 d57a503efdb28c8db382ad35f3be89deba4ed87f1d3c2e55643490ca283f595d
SHA512 bedc8e8c12dbcd2186f1a284cbeb12f18e3dc882da92af0b11ae157ab6e20686ba67c72808aa8aa3899cef45e03f9287ee524ad7c3450855476a4dbf1f6d929f

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 36ed652e39edf9a056a6e1d570cd3c60
SHA1 f3b2b26a5c0319224a85ea3e3d05ced852ca21ba
SHA256 52d4a2c30a5a79c0a587c5d79fc2b4e1a762071a56718ba4cbd7225716d3659f
SHA512 44970121d5e86dac797667ec6081d3f7a8a18552fb6c5212b80eb1743b0fca94edb9e2d67ba20b890fcedd3f56f0f4520ea9c9879a0d5aee5d437fda1a1ab7e5

memory/1036-68-0x00000000001C0000-0x00000000001C1000-memory.dmp

memory/1036-69-0x0000000000220000-0x0000000000B11000-memory.dmp

memory/1036-71-0x00000000001C0000-0x00000000001C1000-memory.dmp

memory/1036-73-0x00000000001C0000-0x00000000001C1000-memory.dmp

memory/1036-74-0x0000000077840000-0x0000000077841000-memory.dmp

memory/1036-77-0x00000000001D0000-0x00000000001D1000-memory.dmp

\Users\Admin\AppData\Local\Temp\7E37.exe

MD5 d689d942a645a468007b85fdf9413de9
SHA1 c94e0a7ff515c05a73048f3c6d2dd0c95071c4b6
SHA256 82177bd7ae6c995aa53d63d21e5c53883af16f3b84832d5557fe3dfce3cf58cd
SHA512 525184773ae2e1642e05bee15b58457a995a3225f417a8b26580d306bd292ab880d9768187b6e5c144bf9d4eb3f95f2a2b82f7402eb11b3239740f5412f7608c

C:\Users\Admin\AppData\Local\Temp\8672.exe

MD5 a1b5ee1b9649ab629a7ac257e2392f8d
SHA1 dc1b14b6d57589440fb3021c9e06a3e3191968dc
SHA256 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65
SHA512 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b

memory/1760-88-0x0000000001B40000-0x0000000001C40000-memory.dmp

memory/1760-89-0x00000000002F0000-0x000000000035B000-memory.dmp

memory/1760-93-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/1760-91-0x0000000000400000-0x0000000001A77000-memory.dmp

\Users\Admin\AppData\Local\Temp\7E37.exe

MD5 422db637dbf50842dd07e17ee94816f3
SHA1 60e6cd9c324737ccec09e8a1db38d87af9d28ab8
SHA256 4a9704a22b1a4dd8902bb3f11c1358f6a84962c0296c38cb1e8453abc24351ce
SHA512 124a61f149c30951a6b2f8ee5d4653a961d23fbf3aed416605f2f0594af8c2c8909af811f21cf5c74341a4d632ca4c3ff54caa5089965447928209778f69b6d7

C:\Users\Admin\AppData\Local\Temp\A20D.exe

MD5 0454be875081197247dcb6b0eb540d30
SHA1 b650269a1f4e64d0e74d4d36c772b3ce35e7115f
SHA256 acdbc17774b694869a0fbcdc3bad6821440efee1ab74636525c2c3e55a4f402d
SHA512 a236f0864fca7abe73f202ecb8431daa12ed6d0884bc6969570b1180a571983db0263c725cc0ca6cb1f1552fc9a0726aa6f7686bf4d23fa14c9696c965bdadab

memory/2980-106-0x0000000000400000-0x0000000000848000-memory.dmp

memory/788-108-0x0000000000150000-0x00000000005DC000-memory.dmp

memory/2980-109-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2464-107-0x0000000010000000-0x0000000010202000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\A20D.exe

MD5 2c7078b90caee9d791dd338c2441ca32
SHA1 56901d99127fd701353ab7c68e66c94c49eb507c
SHA256 8ad20c4b4c312feb468a58d1748c0d7abba3dd2d0fb8e6bfbee837c47a0e8c5a
SHA512 000d81908bc2df1f09fcbf0ac50c72079064923f23fbea2ee0868590eaf693dff4246bb0090083aaec6f031b11353147393b710f72cd1e3630c2ecd071401ef6

memory/788-113-0x0000000073540000-0x0000000073C2E000-memory.dmp

memory/1760-114-0x0000000000400000-0x0000000001A77000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\B705.exe

MD5 38617539f3925b6017474f088cc3769a
SHA1 c689b57ab62eac790a204c8231b02bfe0bc243a6
SHA256 defe2d4c932a7ef607e8ef1a643fb57b9c69cbc53b52bf802f9471aae5caef49
SHA512 15d87c6231a8f2115ae3f0f021949d175d3f36735637c7b508a229af5b2a93f70f32e19d9b8e3d1e0fa41bd21ee46ab5d9c6ef630c826afe2210a789e5da53e7

\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

MD5 0564a9bf638169a89ccb3820a6b9a58e
SHA1 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb
SHA256 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058
SHA512 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6

memory/2980-128-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-130-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2104-132-0x00000000031E0000-0x0000000003247000-memory.dmp

memory/2104-131-0x0000000000290000-0x0000000000390000-memory.dmp

memory/2104-133-0x0000000000400000-0x0000000001A4B000-memory.dmp

memory/2980-136-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-137-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-138-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-139-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-146-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-151-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-157-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-162-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-170-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-176-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2136-180-0x0000000003CB0000-0x000000000459B000-memory.dmp

memory/1972-185-0x0000000000230000-0x000000000023B000-memory.dmp

memory/2980-173-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2136-172-0x00000000038B0000-0x0000000003CA8000-memory.dmp

memory/2980-171-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1972-208-0x0000000000400000-0x00000000022D3000-memory.dmp

memory/2980-168-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-167-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-166-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2136-263-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/2980-164-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-161-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-158-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-154-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-153-0x0000000000400000-0x0000000000848000-memory.dmp

memory/788-152-0x0000000073540000-0x0000000073C2E000-memory.dmp

memory/1972-410-0x0000000002495000-0x00000000024A3000-memory.dmp

memory/2980-150-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2980-149-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1972-445-0x0000000000400000-0x00000000022D3000-memory.dmp

memory/2136-148-0x00000000038B0000-0x0000000003CA8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 277d1546b36f954f6e2a2849b42a411c
SHA1 90a47d719732fd029402e4fa95d664b615a259ff
SHA256 c2f32201946d6de15605ba78b7ee026373185839af2421b66e787fe859d8faac
SHA512 11ed096c0b1642d7136628e543ee6b89bf023b2b79b51e3b960967ed9595c852291f700676c7a9e3d0966e00c256d796ee6ee07c77c6a363d925ad658b2ec166

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 d935a508089b9cfa5dff650e0617106d
SHA1 9d921ddc1602abef9683651af16fd7ea8b41dcf2
SHA256 faf86926b1a67f57829139fd3262a0c008ce51e770955e737fde5d930cd42f6c
SHA512 f26dd07cd6c8b7566375f9c9dde3f70ff3a50e0fd8e35f07b60106a8a89c75cbd89dfcae66b0c96b76e4ed6ca1a0d947d9ac482194dabd05d248c73ce8f2356a

\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 df62820e41acc522e7f3b5d1f351ba48
SHA1 d691f914102065321a68f34b64d818037e1ad3ec
SHA256 e813b8e6cb0deb1629c03f9f556e36090ffb9e52f4875c40712f9e3c60b5a3a1
SHA512 a4f9fdbba7320ef8ffe45565b6ed248efa54669585b4ee3ad806b258a021208e4bb505d3b324730ee28a4007fbd1c020901b2129df0498a0039fa9fad3704155

\Users\Admin\AppData\Local\Temp\u1mg.0.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\u1mg.0.exe

MD5 fca19f7c9ce9bb2e1e66dfd64e93cff2
SHA1 14b630aa974ecac0a110c0e9c403e9fef4a865fb
SHA256 f7dc2384f8350d7817ba36e537045a2f2823680872bc9662c681eba7fec46a48
SHA512 61c8163e98a3db57189aa63194cf6851cc0de182c884b39915d9f7da347033cd9085cf0139ab88aceb713d27a8bd63f25ca9343c195e5e8b6270784d8659053d

C:\Users\Admin\AppData\Local\Temp\u1mg.0.exe

MD5 9138b3911de9fd72e602a79fb607ab98
SHA1 50c2245a5c17d1dbadec43e026ddb21603834e36
SHA256 c02d1221a17d8502c86709708e98056afad9dbf01e6351b509fdb46a706a094c
SHA512 3af4f1f1f07a92a60acbb0921e4ffb5516942f61d71132c695afb96fb447175d0be66ae7a2e508d5439fcf857b99de85f41f872894810594448d6f97caedc7b0

\Users\Admin\AppData\Local\Temp\u1mg.0.exe

MD5 5c47e4602163dd29a39294b7192f0658
SHA1 268d1bf1f4c8c8b696298f802b95af8bd3891c10
SHA256 5c0b29d51d9b148c8c19ce0efca365ccb1bbe720f634a15897684abbd1dc5d76
SHA512 7baa0359781ba21c378a0fbd37dfcde2d1b0c5a9ce3afcf8db0617f91a49dd552416c90963731798669002eda0a15f2296120cb9307c8cafef18dfdb4a52ad91

\Users\Admin\AppData\Local\Temp\u1mg.1.exe

MD5 0fb85b1e7ed30de7956b2462e114974d
SHA1 6e970eeb401f8d57dfdae81b98ee518a577c2186
SHA256 fd40333f3dd43a6b42f605cac5a8ee7fa8609513b14569268ec22d7ee460b195
SHA512 a29c38c2ac1cea89926cc7779efb261b1823ee3ecdf6e8584f792a182e13931ea00dd4c1e38f83fb49a1cc239dfff1b1892947d468b2c7325fc0d2ee26319d9e

\Users\Admin\AppData\Local\Temp\u1mg.1.exe

MD5 0de2159cf8712f4064b2da3bc11755f4
SHA1 7c20b9adf1a257be15c29e2090023b97760ca18d
SHA256 ea0fe5e472a2c3412cc703348c797bece948256f1e6ff9c37bd4fe07c885e2ab
SHA512 874b83556bb1bb25d832ae16ad7b419faa88c5a8a370da5cba2d4bd97c201cf3322a036fc94a7a3fc85ddf917ecb240203aef18bf2bfece54c13ff900605b5f0

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-29 01:28

Reported

2024-02-29 01:31

Platform

win10v2004-20240226-en

Max time kernel

73s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe"

Signatures

DcRat

rat infostealer dcrat

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

SmokeLoader

trojan backdoor smokeloader

Contacts a large (658) amount of remote hosts

discovery

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\F5CE.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\C505.exe N/A

Checks installed software on the system

discovery

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\AppData\Local\Temp\E811.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4544 set thread context of 2216 N/A C:\Users\Admin\AppData\Local\Temp\C505.exe C:\Users\Admin\AppData\Local\Temp\C505.exe

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\FF16.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\FF16.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\FF16.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\u3v0.0.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\u3v0.0.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\u3v0.1.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3472 wrote to memory of 4544 N/A N/A C:\Users\Admin\AppData\Local\Temp\C505.exe
PID 3472 wrote to memory of 4544 N/A N/A C:\Users\Admin\AppData\Local\Temp\C505.exe
PID 3472 wrote to memory of 4544 N/A N/A C:\Users\Admin\AppData\Local\Temp\C505.exe
PID 4544 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\C505.exe C:\Users\Admin\AppData\Local\Temp\C505.exe
PID 4544 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\C505.exe C:\Users\Admin\AppData\Local\Temp\C505.exe
PID 4544 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\C505.exe C:\Users\Admin\AppData\Local\Temp\C505.exe
PID 4544 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\C505.exe C:\Users\Admin\AppData\Local\Temp\C505.exe
PID 4544 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\C505.exe C:\Users\Admin\AppData\Local\Temp\C505.exe
PID 4544 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\C505.exe C:\Users\Admin\AppData\Local\Temp\C505.exe
PID 4544 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\C505.exe C:\Users\Admin\AppData\Local\Temp\C505.exe
PID 4544 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\C505.exe C:\Users\Admin\AppData\Local\Temp\C505.exe
PID 3472 wrote to memory of 2392 N/A N/A C:\Windows\system32\regsvr32.exe
PID 3472 wrote to memory of 2392 N/A N/A C:\Windows\system32\regsvr32.exe
PID 2392 wrote to memory of 1472 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2392 wrote to memory of 1472 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2392 wrote to memory of 1472 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3472 wrote to memory of 756 N/A N/A C:\Users\Admin\AppData\Local\Temp\E37C.exe
PID 3472 wrote to memory of 756 N/A N/A C:\Users\Admin\AppData\Local\Temp\E37C.exe
PID 3472 wrote to memory of 756 N/A N/A C:\Users\Admin\AppData\Local\Temp\E37C.exe
PID 3472 wrote to memory of 4156 N/A N/A C:\Users\Admin\AppData\Local\Temp\E811.exe
PID 3472 wrote to memory of 4156 N/A N/A C:\Users\Admin\AppData\Local\Temp\E811.exe
PID 3472 wrote to memory of 4156 N/A N/A C:\Users\Admin\AppData\Local\Temp\E811.exe
PID 3472 wrote to memory of 4852 N/A N/A C:\Users\Admin\AppData\Local\Temp\F5CE.exe
PID 3472 wrote to memory of 4852 N/A N/A C:\Users\Admin\AppData\Local\Temp\F5CE.exe
PID 3472 wrote to memory of 4852 N/A N/A C:\Users\Admin\AppData\Local\Temp\F5CE.exe
PID 3472 wrote to memory of 4556 N/A N/A C:\Users\Admin\AppData\Local\Temp\FF16.exe
PID 3472 wrote to memory of 4556 N/A N/A C:\Users\Admin\AppData\Local\Temp\FF16.exe
PID 3472 wrote to memory of 4556 N/A N/A C:\Users\Admin\AppData\Local\Temp\FF16.exe
PID 4852 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\F5CE.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 4852 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\F5CE.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 4852 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\F5CE.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 4852 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\F5CE.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 4852 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\F5CE.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 4852 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\F5CE.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 5004 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u3v0.0.exe
PID 5004 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u3v0.0.exe
PID 5004 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u3v0.0.exe
PID 5004 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u3v0.1.exe
PID 5004 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u3v0.1.exe
PID 5004 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u3v0.1.exe
PID 4700 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\u3v0.1.exe C:\Windows\SysWOW64\cmd.exe
PID 4700 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\u3v0.1.exe C:\Windows\SysWOW64\cmd.exe
PID 4700 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\u3v0.1.exe C:\Windows\SysWOW64\cmd.exe
PID 3236 wrote to memory of 3560 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 3236 wrote to memory of 3560 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 3236 wrote to memory of 3560 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 3236 wrote to memory of 3364 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3236 wrote to memory of 3364 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3236 wrote to memory of 3364 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2340 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2340 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2340 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe

"C:\Users\Admin\AppData\Local\Temp\b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107.exe"

C:\Users\Admin\AppData\Local\Temp\C505.exe

C:\Users\Admin\AppData\Local\Temp\C505.exe

C:\Users\Admin\AppData\Local\Temp\C505.exe

C:\Users\Admin\AppData\Local\Temp\C505.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\CD82.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\CD82.dll

C:\Users\Admin\AppData\Local\Temp\E37C.exe

C:\Users\Admin\AppData\Local\Temp\E37C.exe

C:\Users\Admin\AppData\Local\Temp\E811.exe

C:\Users\Admin\AppData\Local\Temp\E811.exe

C:\Users\Admin\AppData\Local\Temp\F5CE.exe

C:\Users\Admin\AppData\Local\Temp\F5CE.exe

C:\Users\Admin\AppData\Local\Temp\FF16.exe

C:\Users\Admin\AppData\Local\Temp\FF16.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Users\Admin\AppData\Local\Temp\u3v0.0.exe

"C:\Users\Admin\AppData\Local\Temp\u3v0.0.exe"

C:\Users\Admin\AppData\Local\Temp\u3v0.1.exe

"C:\Users\Admin\AppData\Local\Temp\u3v0.1.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5004 -ip 5004

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 692

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 2340 -ip 2340

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 900

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3092 -ip 3092

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 2400

C:\Users\Admin\AppData\Roaming\reivsgs

C:\Users\Admin\AppData\Roaming\reivsgs

C:\Windows\system32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\rss\csrss.exe

C:\Windows\rss\csrss.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
US 8.8.8.8:53 120.85.215.91.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 resergvearyinitiani.shop udp
US 104.21.94.2:443 resergvearyinitiani.shop tcp
US 8.8.8.8:53 19.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 2.94.21.104.in-addr.arpa udp
US 8.8.8.8:53 trmpc.com udp
MK 95.86.30.3:80 trmpc.com tcp
US 8.8.8.8:53 3.30.86.95.in-addr.arpa udp
DE 185.172.128.90:80 185.172.128.90 tcp
US 8.8.8.8:53 joly.bestsup.su udp
US 172.67.171.112:80 joly.bestsup.su tcp
US 8.8.8.8:53 90.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 112.171.67.172.in-addr.arpa udp
DE 185.172.128.127:80 185.172.128.127 tcp
US 8.8.8.8:53 127.128.172.185.in-addr.arpa udp
DE 185.172.128.127:80 185.172.128.127 tcp
US 23.129.64.239:443 tcp
DE 185.172.128.109:80 185.172.128.109 tcp
US 8.8.8.8:53 109.128.172.185.in-addr.arpa udp
US 199.249.230.115:443 tcp
GB 109.150.12.235:443 tcp
AT 86.59.21.38:443 tcp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 38.21.59.86.in-addr.arpa udp
SE 213.113.1.191:6881 tcp
FI 95.217.112.218:80 tcp
US 8.8.8.8:53 218.112.217.95.in-addr.arpa udp
US 8.8.8.8:53 191.1.113.213.in-addr.arpa udp
DE 185.172.128.145:80 185.172.128.145 tcp
US 8.8.8.8:53 145.128.172.185.in-addr.arpa udp
SE 213.113.1.191:6881 tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 technologyenterdo.shop udp
US 104.21.80.118:443 technologyenterdo.shop tcp
FI 95.217.112.218:80 tcp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 detectordiscusser.shop udp
US 104.21.60.92:443 detectordiscusser.shop tcp
US 8.8.8.8:53 118.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 92.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 associationokeo.shop udp
US 172.67.147.18:443 associationokeo.shop tcp
US 8.8.8.8:53 191.202.67.172.in-addr.arpa udp
US 8.8.8.8:53 18.147.67.172.in-addr.arpa udp
N/A 127.0.0.1:55765 tcp
N/A 127.0.0.1:34513 tcp
US 8.8.8.8:53 infoparole.com udp
US 8.8.8.8:53 inforetech.com udp
US 8.8.8.8:53 innovessio.com udp
US 8.8.8.8:53 inoxtanphu.com udp
US 108.167.141.125:443 infoparole.com tcp
US 8.8.8.8:53 invdymport.com udp
US 192.190.221.188:443 innovessio.com tcp
US 8.8.8.8:53 investix24.com udp
SG 172.96.191.101:443 inoxtanphu.com tcp
US 8.8.8.8:53 ioctrading.com udp
KR 141.164.58.218:443 inforetech.com tcp
US 8.8.8.8:53 iptvqatare.com udp
LT 84.32.84.32:443 investix24.com tcp
US 8.8.8.8:53 iptvstarup.com udp
IN 103.129.97.166:443 ioctrading.com tcp
US 8.8.8.8:53 irongym-tr.com udp
US 8.8.8.8:53 islameshop.com udp
LT 46.17.175.37:443 iptvqatare.com tcp
US 8.8.8.8:53 istra-medd.com udp
US 8.8.8.8:53 it-rayanco.com udp
US 195.179.238.167:443 iptvstarup.com tcp
US 104.21.38.22:443 irongym-tr.com tcp
US 8.8.8.8:53 itbreakers.com udp
US 8.8.8.8:53 upccecbasak.com udp
DE 37.60.237.114:443 islameshop.com tcp
US 8.8.8.8:53 125.141.167.108.in-addr.arpa udp
US 8.8.8.8:53 188.221.190.192.in-addr.arpa udp
US 8.8.8.8:53 101.191.96.172.in-addr.arpa udp
US 8.8.8.8:53 218.58.164.141.in-addr.arpa udp
US 8.8.8.8:53 166.97.129.103.in-addr.arpa udp
US 8.8.8.8:53 37.175.17.46.in-addr.arpa udp
US 8.8.8.8:53 32.84.32.84.in-addr.arpa udp
DE 89.238.65.181:443 istra-medd.com tcp
DE 46.4.96.88:80 it-rayanco.com tcp
US 8.8.8.8:53 www.uptondillon.com udp
US 8.8.8.8:53 ur1lifeshop.com udp
US 89.116.192.41:443 upccecbasak.com tcp
US 173.236.212.205:443 itbreakers.com tcp
US 8.8.8.8:53 urbanotales.com udp
ES 185.162.54.12:443 ur1lifeshop.com tcp
US 8.8.8.8:53 usanewsdeal.com udp
US 8.8.8.8:53 sashimi-sp.com udp
US 172.67.220.101:443 www.uptondillon.com tcp
US 8.8.8.8:53 ustedi-ulje.com udp
US 8.8.8.8:53 vacgetaways.com udp
US 8.8.8.8:53 vaknus-wood.com udp
US 8.8.8.8:53 vamosabolsa.com udp
US 8.8.8.8:53 vamoshiking.com udp
US 104.21.76.79:443 sashimi-sp.com tcp
IN 89.117.27.77:443 urbanotales.com tcp
US 104.234.134.10:443 usanewsdeal.com tcp
US 8.8.8.8:53 vankieptong.com udp
US 8.8.8.8:53 vatlieulabo.com udp
US 8.8.8.8:53 22.38.21.104.in-addr.arpa udp
US 8.8.8.8:53 167.238.179.195.in-addr.arpa udp
US 8.8.8.8:53 114.237.60.37.in-addr.arpa udp
US 8.8.8.8:53 88.96.4.46.in-addr.arpa udp
US 8.8.8.8:53 205.212.236.173.in-addr.arpa udp
US 8.8.8.8:53 41.192.116.89.in-addr.arpa udp
US 8.8.8.8:53 12.54.162.185.in-addr.arpa udp
US 8.8.8.8:53 101.220.67.172.in-addr.arpa udp
DE 185.216.203.181:443 ustedi-ulje.com tcp
BR 89.117.7.83:443 vamosabolsa.com tcp
FR 154.49.245.61:443 vaknus-wood.com tcp
US 8.8.8.8:53 veloblareix.com udp
GB 141.136.43.108:443 vamoshiking.com tcp
US 23.231.0.115:443 vacgetaways.com tcp
US 8.8.8.8:53 vencerdores.com udp
US 8.8.8.8:53 vibesmodern.com udp
US 8.8.8.8:53 vicsuraisne.com udp
US 8.8.8.8:53 vidasanavip.com udp
VN 42.112.16.146:443 vatlieulabo.com tcp
VN 45.252.251.31:443 vankieptong.com tcp
ES 134.0.11.125:80 veloblareix.com tcp
US 108.167.188.45:443 vencerdores.com tcp
US 108.62.0.232:443 vibesmodern.com tcp
US 8.8.8.8:53 vigorinvest.com udp
US 8.8.8.8:53 viptourcebu.com udp
US 8.8.8.8:53 vision-opti.com udp
US 8.8.8.8:53 virtualvaxx.com udp
FR 54.36.91.62:80 vicsuraisne.com tcp
FR 54.38.122.177:443 vidasanavip.com tcp
US 8.8.8.8:53 79.76.21.104.in-addr.arpa udp
US 8.8.8.8:53 77.27.117.89.in-addr.arpa udp
US 8.8.8.8:53 10.134.234.104.in-addr.arpa udp
US 8.8.8.8:53 181.203.216.185.in-addr.arpa udp
US 8.8.8.8:53 61.245.49.154.in-addr.arpa udp
US 8.8.8.8:53 108.43.136.141.in-addr.arpa udp
US 8.8.8.8:53 115.0.231.23.in-addr.arpa udp
US 8.8.8.8:53 83.7.117.89.in-addr.arpa udp
US 172.67.176.133:443 vigorinvest.com tcp
US 8.8.8.8:53 visitukland.com udp
US 8.8.8.8:53 vividvertex.com udp
US 8.8.8.8:53 imunify-alert.com udp
SG 156.67.222.241:443 viptourcebu.com tcp
GB 195.110.59.53:80 virtualvaxx.com tcp
US 8.8.8.8:53 vstaragency.com udp
US 8.8.8.8:53 www.vacgetaways.com udp
US 8.8.8.8:53 vtcchartres.com udp
FR 51.91.236.193:80 vision-opti.com tcp
US 8.8.8.8:53 vulcano-bet.com udp
US 8.8.8.8:53 vuniktravel.vn udp
US 8.8.8.8:53 www.walkleyhalo.com udp
US 8.8.8.8:53 wealthpyvot.com udp
US 198.252.98.73:443 vividvertex.com tcp
US 104.21.31.97:443 imunify-alert.com tcp
US 8.8.8.8:53 wearengaged.com udp
US 172.67.148.137:443 visitukland.com tcp
US 8.8.8.8:53 wikidormamu.com udp
US 8.8.8.8:53 weddinghara.com udp
US 8.8.8.8:53 125.11.0.134.in-addr.arpa udp
US 8.8.8.8:53 232.0.62.108.in-addr.arpa udp
US 8.8.8.8:53 45.188.167.108.in-addr.arpa udp
US 8.8.8.8:53 62.91.36.54.in-addr.arpa udp
US 8.8.8.8:53 146.16.112.42.in-addr.arpa udp
US 8.8.8.8:53 31.251.252.45.in-addr.arpa udp
US 8.8.8.8:53 177.122.38.54.in-addr.arpa udp
US 8.8.8.8:53 133.176.67.172.in-addr.arpa udp
US 8.8.8.8:53 53.59.110.195.in-addr.arpa udp
US 8.8.8.8:53 wordpressjy.com udp
US 8.8.8.8:53 wowfactorqc.com udp
US 23.231.0.115:443 www.vacgetaways.com tcp
DE 217.160.0.193:443 vtcchartres.com tcp
SG 104.248.152.137:443 vuniktravel.vn tcp
US 89.117.139.157:443 wealthpyvot.com tcp
US 8.8.8.8:53 wphighlevel.com udp
US 172.67.180.55:443 weddinghara.com tcp
US 107.154.160.13:80 vstaragency.com tcp
US 8.8.8.8:53 wtpro-group.com udp
IS 185.165.170.250:443 vulcano-bet.com tcp
US 8.8.8.8:53 yatikitchen.com udp
US 208.113.188.130:443 www.walkleyhalo.com tcp
US 104.18.211.89:443 wearengaged.com tcp
US 8.8.8.8:53 youngwonbiz.com udp
US 8.8.8.8:53 yssyogawear.com udp
US 8.8.8.8:53 zantesunset.com udp
US 8.8.8.8:53 zawajfinder.com udp
US 8.8.8.8:53 www.vigorinvest.com udp
US 8.8.8.8:53 241.222.67.156.in-addr.arpa udp
US 8.8.8.8:53 193.236.91.51.in-addr.arpa udp
US 172.67.222.9:443 wowfactorqc.com tcp
KR 183.111.183.76:443 wikidormamu.com tcp
US 8.8.8.8:53 97.31.21.104.in-addr.arpa udp
US 8.8.8.8:53 73.98.252.198.in-addr.arpa udp
US 8.8.8.8:53 137.148.67.172.in-addr.arpa udp
SG 23.106.53.146:80 wordpressjy.com tcp
US 8.8.8.8:53 www.yolyardim24.com udp
US 35.224.194.103:443 wphighlevel.com tcp
US 8.8.8.8:53 zuleimamelo.com udp
US 8.8.8.8:53 www.veloblareix.com udp
US 8.8.8.8:53 zinmangaapk.com udp
US 8.8.8.8:53 irisreviews.com udp
DE 46.4.69.115:443 zantesunset.com tcp
US 66.235.200.145:443 zawajfinder.com tcp
US 8.8.8.8:53 islanderfit.com udp
US 8.8.8.8:53 isseoagency.com udp
US 104.21.5.18:443 youngwonbiz.com tcp
US 185.230.63.171:443 yatikitchen.com tcp
US 86.38.202.131:443 yssyogawear.com tcp
UA 176.111.63.142:80 wtpro-group.com tcp
US 8.8.8.8:53 www.itmafiatech.com udp
TR 31.186.11.142:443 www.yolyardim24.com tcp
US 8.8.8.8:53 itphanthiet.com udp
US 104.21.31.126:443 www.vigorinvest.com tcp
US 8.8.8.8:53 193.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 55.180.67.172.in-addr.arpa udp
US 8.8.8.8:53 13.160.154.107.in-addr.arpa udp
US 8.8.8.8:53 157.139.117.89.in-addr.arpa udp
US 8.8.8.8:53 250.170.165.185.in-addr.arpa udp
US 8.8.8.8:53 137.152.248.104.in-addr.arpa udp
US 8.8.8.8:53 130.188.113.208.in-addr.arpa udp
US 8.8.8.8:53 89.211.18.104.in-addr.arpa udp
US 8.8.8.8:53 9.222.67.172.in-addr.arpa udp
US 8.8.8.8:53 76.183.111.183.in-addr.arpa udp
US 162.159.137.9:443 zuleimamelo.com tcp
US 8.8.8.8:53 itrepair247.com udp
US 8.8.8.8:53 ivanwooddop.com udp
US 104.21.12.225:443 isseoagency.com tcp
ZA 102.222.124.14:443 www.itmafiatech.com tcp
ES 134.0.11.125:80 www.veloblareix.com tcp
SG 109.106.254.39:443 zinmangaapk.com tcp
US 8.8.8.8:53 jacktaillie.com udp
US 104.219.248.24:443 islanderfit.com tcp
US 8.8.8.8:53 jaderferraz.com udp
US 8.8.8.8:53 www.yatikitchen.com udp
US 8.8.8.8:53 jakunamusic.com udp
US 8.8.8.8:53 jantetravel.com udp
US 8.8.8.8:53 jbeachamlaw.com udp
US 8.8.8.8:53 jedrekparzy.com udp
VN 112.213.89.73:80 itphanthiet.com tcp
US 8.8.8.8:53 146.53.106.23.in-addr.arpa udp
US 8.8.8.8:53 145.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 115.69.4.46.in-addr.arpa udp
US 8.8.8.8:53 18.5.21.104.in-addr.arpa udp
US 8.8.8.8:53 171.63.230.185.in-addr.arpa udp
US 8.8.8.8:53 142.63.111.176.in-addr.arpa udp
US 8.8.8.8:53 142.11.186.31.in-addr.arpa udp
US 8.8.8.8:53 131.202.38.86.in-addr.arpa udp
US 8.8.8.8:53 126.31.21.104.in-addr.arpa udp
US 8.8.8.8:53 9.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 103.194.224.35.in-addr.arpa udp
US 8.8.8.8:53 jejakkabar7.com udp
US 8.8.8.8:53 jijholdings.com udp
US 8.8.8.8:53 jobifyindia.com udp
US 8.8.8.8:53 jleyvasolar.com udp
US 103.181.98.8:443 ivanwooddop.com tcp
US 34.149.87.45:443 www.yatikitchen.com tcp
US 8.8.8.8:53 joeysnysubs.com udp
US 8.8.8.8:53 www.jsmoothlife.com udp
US 194.195.84.215:443 itrepair247.com tcp
US 208.113.188.116:443 jakunamusic.com tcp
US 162.241.230.123:443 jbeachamlaw.com tcp
US 104.21.46.5:443 jacktaillie.com tcp
US 74.208.160.65:443 jantetravel.com tcp
ID 103.234.210.238:443 jejakkabar7.com tcp
US 8.8.8.8:53 judaberlian.com udp
US 8.8.8.8:53 juguetisexy.com udp
US 192.185.177.230:443 jaderferraz.com tcp
US 8.8.8.8:53 juridico-ec.com udp
US 8.8.8.8:53 www.itbreakers.com udp
US 8.8.8.8:53 k-jjang2023.com udp
US 8.8.8.8:53 maduraperkasa.com udp
US 8.8.8.8:53 kabineconde.com udp
US 8.8.8.8:53 kaikasaisei.com udp
US 8.8.8.8:53 225.12.21.104.in-addr.arpa udp
US 8.8.8.8:53 14.124.222.102.in-addr.arpa udp
US 8.8.8.8:53 24.248.219.104.in-addr.arpa udp
US 8.8.8.8:53 39.254.106.109.in-addr.arpa udp
US 8.8.8.8:53 73.89.213.112.in-addr.arpa udp
US 8.8.8.8:53 karmaotomat.com udp
US 8.8.8.8:53 www.kasihsyurga.com udp
DE 5.9.68.102:443 jedrekparzy.com tcp
US 75.102.22.216:443 jleyvasolar.com tcp
FI 65.109.175.204:443 jijholdings.com tcp
IN 217.21.87.95:443 jobifyindia.com tcp
US 8.8.8.8:53 kasyno-news.com udp
US 8.8.8.8:53 katie-loans.com udp
US 8.8.8.8:53 kausafinita.com udp
US 8.8.8.8:53 kawandesain.com udp
US 165.140.69.238:443 joeysnysubs.com tcp
US 108.178.7.22:443 www.jsmoothlife.com tcp
US 8.8.8.8:53 kfmcatering.com udp
US 8.8.8.8:53 khelogamess.com udp
US 8.8.8.8:53 kinhmatstar.com udp
US 8.8.8.8:53 www.kittygarcia.com udp
US 162.241.2.162:443 juguetisexy.com tcp
US 8.8.8.8:53 45.87.149.34.in-addr.arpa udp
US 8.8.8.8:53 8.98.181.103.in-addr.arpa udp
US 8.8.8.8:53 5.46.21.104.in-addr.arpa udp
US 8.8.8.8:53 116.188.113.208.in-addr.arpa udp
US 8.8.8.8:53 215.84.195.194.in-addr.arpa udp
US 8.8.8.8:53 65.160.208.74.in-addr.arpa udp
US 8.8.8.8:53 230.177.185.192.in-addr.arpa udp
US 173.236.212.205:443 www.itbreakers.com tcp
US 104.21.11.136:443 kaikasaisei.com tcp
NL 213.5.71.103:443 kabineconde.com tcp
ID 45.66.153.74:80 judaberlian.com tcp
US 143.198.61.132:443 k-jjang2023.com tcp
TR 94.199.200.244:443 karmaotomat.com tcp
ID 203.175.9.116:443 maduraperkasa.com tcp
US 8.8.8.8:53 kizzygeorge.com udp
US 172.67.152.199:443 katie-loans.com tcp
IS 82.221.136.40:443 kasyno-news.com tcp
US 8.8.8.8:53 kmsliftbaan.com udp
US 8.8.8.8:53 kokowebsite.com udp
US 8.8.8.8:53 kombuchakai.com udp
US 8.8.8.8:53 ufa9000autobet.com udp
US 8.8.8.8:53 kontrolle-k.com udp
US 8.8.8.8:53 knittywomen.com udp
US 8.8.8.8:53 urbanphnompenh.com udp
US 173.254.29.38:443 juridico-ec.com tcp
SG 156.67.213.88:443 kawandesain.com tcp
US 8.8.8.8:53 ustrendinginfo.com udp
MY 103.122.164.9:443 www.kasihsyurga.com tcp
US 50.87.253.44:443 kfmcatering.com tcp
US 104.21.38.25:443 www.kittygarcia.com tcp
US 8.8.8.8:53 102.68.9.5.in-addr.arpa udp
US 8.8.8.8:53 238.210.234.103.in-addr.arpa udp
US 8.8.8.8:53 216.22.102.75.in-addr.arpa udp
US 8.8.8.8:53 204.175.109.65.in-addr.arpa udp
US 8.8.8.8:53 95.87.21.217.in-addr.arpa udp
US 8.8.8.8:53 22.7.178.108.in-addr.arpa udp
US 8.8.8.8:53 238.69.140.165.in-addr.arpa udp
US 8.8.8.8:53 uwaomajennifer.com udp
US 8.8.8.8:53 valiantbeavers.com udp
US 8.8.8.8:53 utmopharmacorp.com udp
US 8.8.8.8:53 valleyofdrones.com udp
VN 202.92.7.54:443 kinhmatstar.com tcp
US 104.21.88.25:443 kizzygeorge.com tcp
EE 193.228.128.67:443 khelogamess.com tcp
US 8.8.8.8:53 www.victoriagodart.com udp
US 8.8.8.8:53 vigilancehallal.com udp
US 172.67.215.28:443 kmsliftbaan.com tcp
US 104.21.64.62:443 ufa9000autobet.com tcp
IN 154.41.233.119:443 universalrenew.com tcp
NL 89.38.98.88:443 kontrolle-k.com tcp
US 8.8.8.8:53 vincentaussems.com udp
US 154.49.142.137:443 ustrendinginfo.com tcp
LU 198.251.88.24:443 kombuchakai.com tcp
US 8.8.8.8:53 www.jakunamusic.com udp
ID 153.92.10.177:80 kokowebsite.com tcp
US 8.8.8.8:53 vinpearlcuahoi.com udp
US 8.8.8.8:53 visionitwithus.com udp
US 8.8.8.8:53 virtualcardgen.com udp
US 8.8.8.8:53 vitalityxperts.com udp
US 104.156.226.237:443 urbanphnompenh.com tcp
US 8.8.8.8:53 162.2.241.162.in-addr.arpa udp
US 8.8.8.8:53 136.11.21.104.in-addr.arpa udp
US 8.8.8.8:53 103.71.5.213.in-addr.arpa udp
US 8.8.8.8:53 132.61.198.143.in-addr.arpa udp
US 8.8.8.8:53 199.152.67.172.in-addr.arpa udp
US 8.8.8.8:53 74.153.66.45.in-addr.arpa udp
US 8.8.8.8:53 40.136.221.82.in-addr.arpa udp
US 8.8.8.8:53 116.9.175.203.in-addr.arpa udp
US 8.8.8.8:53 38.29.254.173.in-addr.arpa udp
US 8.8.8.8:53 25.38.21.104.in-addr.arpa udp
US 8.8.8.8:53 88.213.67.156.in-addr.arpa udp
US 8.8.8.8:53 44.253.87.50.in-addr.arpa udp
US 162.241.225.129:80 knittywomen.com tcp
US 8.8.8.8:53 www.vivi-logistics.com udp
US 192.200.117.92:443 utmopharmacorp.com tcp
US 66.85.47.62:443 uwaomajennifer.com tcp
IN 89.117.188.246:443 valleyofdrones.com tcp
US 8.8.8.8:53 www.wacotxdumpster.com udp
US 8.8.8.8:53 wavynarratives.com udp
US 8.8.8.8:53 wealthfocusing.com udp
US 8.8.8.8:53 wellnessgolden.com udp
US 8.8.8.8:53 wdwattractions.com udp
NL 185.220.172.4:443 www.victoriagodart.com tcp
GB 192.250.239.193:443 valiantbeavers.com tcp
US 8.8.8.8:53 autocompleteus.com udp
US 8.8.8.8:53 www.jacktaillie.com udp
US 8.8.8.8:53 averynormalguy.com udp
DE 217.160.0.23:443 vigilancehallal.com tcp
US 8.8.8.8:53 axieinfinity20.com udp
US 191.101.13.234:443 vitalityxperts.com tcp
FR 51.91.236.193:443 vincentaussems.com tcp
US 208.113.188.116:443 www.jakunamusic.com tcp
US 68.178.245.137:443 visionitwithus.com tcp
US 8.8.8.8:53 barrosoherrera.com udp
US 8.8.8.8:53 9.164.122.103.in-addr.arpa udp
US 8.8.8.8:53 25.88.21.104.in-addr.arpa udp
US 8.8.8.8:53 54.7.92.202.in-addr.arpa udp
US 8.8.8.8:53 28.215.67.172.in-addr.arpa udp
US 8.8.8.8:53 62.64.21.104.in-addr.arpa udp
US 8.8.8.8:53 88.98.38.89.in-addr.arpa udp
US 8.8.8.8:53 24.88.251.198.in-addr.arpa udp
US 8.8.8.8:53 119.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 137.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 177.10.92.153.in-addr.arpa udp
US 8.8.8.8:53 batteryanalyze.com udp
SG 95.111.202.25:443 vinpearlcuahoi.com tcp
US 104.21.50.244:443 virtualcardgen.com tcp
HK 43.159.192.148:443 www.vivi-logistics.com tcp
US 66.29.153.80:443 wealthfocusing.com tcp
BR 154.49.247.12:443 wellnessgolden.com tcp
US 170.39.76.35:443 www.wacotxdumpster.com tcp
US 104.21.46.5:443 www.jacktaillie.com tcp
US 8.8.8.8:53 behradsabateng.com udp
US 8.8.8.8:53 bekabooseason2.com udp
US 8.8.8.8:53 benoitfrerotte.com udp
US 8.8.8.8:53 baccarat888-th.com udp
US 8.8.8.8:53 besidesmusichk.com udp
US 8.8.8.8:53 bestdealsamigo.com udp
US 8.8.8.8:53 binksofamerica.com udp
US 8.8.8.8:53 www.biosanitafrica.com udp
US 34.120.137.41:443 wavynarratives.com tcp
US 8.8.8.8:53 birthdaycovers.com udp
US 141.193.213.11:443 autocompleteus.com tcp
IT 129.152.30.187:443 averynormalguy.com tcp
US 8.8.8.8:53 237.226.156.104.in-addr.arpa udp
US 8.8.8.8:53 129.225.241.162.in-addr.arpa udp
US 8.8.8.8:53 62.47.85.66.in-addr.arpa udp
US 8.8.8.8:53 92.117.200.192.in-addr.arpa udp
US 8.8.8.8:53 246.188.117.89.in-addr.arpa udp
US 8.8.8.8:53 4.172.220.185.in-addr.arpa udp
US 8.8.8.8:53 193.239.250.192.in-addr.arpa udp
US 8.8.8.8:53 23.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 blaxemediatech.com udp
US 8.8.8.8:53 booktaxiwithus.com udp
US 8.8.8.8:53 brokerwatchers.com udp
US 8.8.8.8:53 browardlocator.com udp
US 3.129.177.166:80 batteryanalyze.com tcp
US 8.8.8.8:53 cakeshopsqatar.com udp
US 172.67.147.131:443 barrosoherrera.com tcp
US 8.8.8.8:53 campingtoursca.com udp
US 3.33.130.190:80 birthdaycovers.com tcp
FR 46.182.4.115:80 binksofamerica.com tcp
US 159.223.186.29:443 besidesmusichk.com tcp
US 104.21.11.220:443 baccarat888-th.com tcp
DE 84.16.249.34:443 www.biosanitafrica.com tcp
US 8.8.8.8:53 www.kizzygeorge.com udp
US 8.8.8.8:53 candidinterior.com udp
IN 89.117.27.203:443 blaxemediatech.com tcp
IN 89.117.27.58:443 booktaxiwithus.com tcp
LT 45.84.205.250:443 browardlocator.com tcp
US 154.49.142.247:443 bestdealsamigo.com tcp
US 8.8.8.8:53 234.13.101.191.in-addr.arpa udp
US 8.8.8.8:53 244.50.21.104.in-addr.arpa udp
US 8.8.8.8:53 35.76.39.170.in-addr.arpa udp
US 8.8.8.8:53 80.153.29.66.in-addr.arpa udp
US 8.8.8.8:53 12.247.49.154.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 41.137.120.34.in-addr.arpa udp
US 8.8.8.8:53 11.213.193.141.in-addr.arpa udp
US 8.8.8.8:53 148.192.159.43.in-addr.arpa udp
US 8.8.8.8:53 187.30.152.129.in-addr.arpa udp
US 104.21.22.111:443 cakeshopsqatar.com tcp
US 8.8.8.8:53 caracoisdesign.com udp
US 8.8.8.8:53 canzanelliboat.com udp
US 8.8.8.8:53 cartowingalain.com udp
US 8.8.8.8:53 www.carinocatering.com udp
US 8.8.8.8:53 casadoconhijos.com udp
US 151.106.98.32:443 campingtoursca.com tcp
US 8.8.8.8:53 cassandralotus.com udp
US 8.8.8.8:53 cendanamassage.com udp
US 8.8.8.8:53 centrekenbugul.com udp
US 8.8.8.8:53 changthong2022.com udp
US 8.8.8.8:53 chantalmonette.com udp
US 8.8.8.8:53 chiplunkartech.com udp
US 8.8.8.8:53 checklescobill.com udp
US 8.8.8.8:53 cigaronlineusa.com udp
US 8.8.8.8:53 cindysmoothies.com udp
US 8.8.8.8:53 celebsnewslive.com udp
US 8.8.8.8:53 131.147.67.172.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 190.130.33.3.in-addr.arpa udp
US 8.8.8.8:53 115.4.182.46.in-addr.arpa udp
US 8.8.8.8:53 220.11.21.104.in-addr.arpa udp
US 8.8.8.8:53 34.249.16.84.in-addr.arpa udp
US 8.8.8.8:53 29.186.223.159.in-addr.arpa udp
US 8.8.8.8:53 111.22.21.104.in-addr.arpa udp
US 8.8.8.8:53 250.205.84.45.in-addr.arpa udp
US 8.8.8.8:53 203.27.117.89.in-addr.arpa udp
US 8.8.8.8:53 58.27.117.89.in-addr.arpa udp
US 8.8.8.8:53 247.142.49.154.in-addr.arpa udp
US 108.162.195.36:443 candidinterior.com tcp
US 8.8.8.8:53 classiczonellc.com udp
BE 213.158.94.166:443 canzanelliboat.com tcp
US 156.67.67.196:443 cartowingalain.com tcp
US 8.8.8.8:53 cliquebemviver.com udp
US 8.8.8.8:53 codemasterdeal.com udp
US 8.8.8.8:53 cogdilllawfirm.com udp
GB 154.49.138.166:443 caracoisdesign.com tcp
US 8.8.8.8:53 consermafeeirl.com udp
US 3.33.130.190:443 birthdaycovers.com tcp
US 172.67.150.74:443 www.kizzygeorge.com tcp
US 192.249.116.52:443 www.carinocatering.com tcp
CA 199.59.247.183:443 chantalmonette.com tcp
US 104.21.80.249:443 cassandralotus.com tcp
IN 217.21.87.23:443 chiplunkartech.com tcp
GB 109.70.148.39:80 centrekenbugul.com tcp
US 104.21.28.72:443 cigaronlineusa.com tcp
US 8.8.8.8:53 canopy-collective.com udp
US 154.49.142.155:443 classiczonellc.com tcp
US 151.106.103.13:443 cindysmoothies.com tcp
US 172.67.211.66:80 celebsnewslive.com tcp
TH 103.208.27.192:443 changthong2022.com tcp
US 8.8.8.8:53 capoeirabarcelona.com udp
US 8.8.8.8:53 diamondlinks.com udp
US 8.8.8.8:53 littlebuddhacorner.com udp
US 8.8.8.8:53 maamamtafoundation.com udp
US 8.8.8.8:53 magesticbuckgaming.com udp
US 8.8.8.8:53 malgorzatajasiniak.com udp
US 8.8.8.8:53 32.98.106.151.in-addr.arpa udp
US 141.193.213.10:443 cogdilllawfirm.com tcp
US 8.8.8.8:53 36.195.162.108.in-addr.arpa udp
US 8.8.8.8:53 166.94.158.213.in-addr.arpa udp
US 8.8.8.8:53 marathinewstracker.com udp
US 8.8.8.8:53 marianoelrequesens.com udp
US 8.8.8.8:53 melbournesalsascene.com udp
US 8.8.8.8:53 menopausaharmoniosa.com udp
US 8.8.8.8:53 www.megaworldfortcondos.com udp
US 8.8.8.8:53 menuelpolloinkaperu.com udp
US 8.8.8.8:53 mermaid-masterclass.com udp
US 8.8.8.8:53 mesosettlementclaim.com udp
BR 45.152.46.160:443 cliquebemviver.com tcp
US 8.8.8.8:53 miconeinternational.com udp
US 8.8.8.8:53 micromobilityrepair.com udp
US 104.21.36.144:443 checklescobill.com tcp
US 8.8.8.8:53 166.138.49.154.in-addr.arpa udp
US 199.188.201.192:443 codemasterdeal.com tcp
US 198.23.62.250:443 consermafeeirl.com tcp
US 8.8.8.8:53 74.150.67.172.in-addr.arpa udp
US 8.8.8.8:53 249.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 183.247.59.199.in-addr.arpa udp
US 8.8.8.8:53 39.148.70.109.in-addr.arpa udp
US 8.8.8.8:53 72.28.21.104.in-addr.arpa udp
US 8.8.8.8:53 52.116.249.192.in-addr.arpa udp
US 8.8.8.8:53 23.87.21.217.in-addr.arpa udp
US 8.8.8.8:53 66.211.67.172.in-addr.arpa udp
US 8.8.8.8:53 13.103.106.151.in-addr.arpa udp
US 8.8.8.8:53 155.142.49.154.in-addr.arpa udp
US 104.21.85.77:443 canopy-collective.com tcp
PL 85.128.144.130:80 malgorzatajasiniak.com tcp
US 104.21.74.129:443 capoeirabarcelona.com tcp
FR 89.117.169.223:443 magesticbuckgaming.com tcp
IN 89.117.157.105:443 maamamtafoundation.com tcp
US 35.239.245.242:443 diamondlinks.com tcp
GB 185.77.97.141:443 littlebuddhacorner.com tcp
FR 188.165.132.18:443 marianoelrequesens.com tcp
US 8.8.8.8:53 mohammadrezaghasemi.com udp
IN 89.117.157.78:443 marathinewstracker.com tcp
US 8.8.8.8:53 montagestudioafrica.com udp
US 8.8.8.8:53 news.celebsnewslive.com udp
US 3.33.130.190:443 mesosettlementclaim.com tcp
US 208.109.213.34:443 mermaid-masterclass.com tcp
US 198.20.92.86:443 www.megaworldfortcondos.com tcp
CA 70.33.246.91:443 melbournesalsascene.com tcp
US 199.250.206.147:443 micromobilityrepair.com tcp
US 68.178.221.187:443 menuelpolloinkaperu.com tcp
US 8.8.8.8:53 moreexclusiveoffers.com udp
US 8.8.8.8:53 msglobalengineering.com udp
US 8.8.8.8:53 mskconstructionswll.com udp
US 162.241.252.17:443 menopausaharmoniosa.com tcp
US 8.8.8.8:53 multipliquesolution.com udp
US 8.8.8.8:53 192.27.208.103.in-addr.arpa udp
US 8.8.8.8:53 144.36.21.104.in-addr.arpa udp
US 8.8.8.8:53 77.85.21.104.in-addr.arpa udp
US 8.8.8.8:53 250.62.23.198.in-addr.arpa udp
US 8.8.8.8:53 129.74.21.104.in-addr.arpa udp
US 8.8.8.8:53 130.144.128.85.in-addr.arpa udp
US 8.8.8.8:53 192.201.188.199.in-addr.arpa udp
US 8.8.8.8:53 223.169.117.89.in-addr.arpa udp
US 8.8.8.8:53 160.46.152.45.in-addr.arpa udp
US 8.8.8.8:53 10.213.193.141.in-addr.arpa udp
IR 5.144.131.240:443 mohammadrezaghasemi.com tcp
US 192.124.249.162:443 miconeinternational.com tcp
US 172.67.211.66:443 news.celebsnewslive.com tcp
US 8.8.8.8:53 nabaa-adeemhospital.com udp
US 8.8.8.8:53 ontargeteducational.com udp
US 8.8.8.8:53 nevaltingayrimenkul.com udp
US 8.8.8.8:53 offerzonechandigarh.com udp
BR 149.100.155.198:443 moreexclusiveoffers.com tcp
US 155.138.175.184:443 montagestudioafrica.com tcp
US 8.8.8.8:53 pan-africanmaritime.com udp
US 162.241.252.221:443 mskconstructionswll.com tcp
US 31.170.167.26:443 msglobalengineering.com tcp
US 8.8.8.8:53 www.pixiecoverecommends.com udp
US 8.8.8.8:53 paopopcreationsblog.com udp
BR 154.49.247.241:443 multipliquesolution.com tcp
US 8.8.8.8:53 planetaryexpedition.com udp
US 8.8.8.8:53 plasticsurgeon-iran.com udp
US 8.8.8.8:53 pmproskillstraining.com udp
IN 154.41.233.179:443 offerzonechandigarh.com tcp
US 8.8.8.8:53 141.97.77.185.in-addr.arpa udp
US 8.8.8.8:53 18.132.165.188.in-addr.arpa udp
US 8.8.8.8:53 242.245.239.35.in-addr.arpa udp
US 8.8.8.8:53 105.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 147.206.250.199.in-addr.arpa udp
US 8.8.8.8:53 91.246.33.70.in-addr.arpa udp
US 8.8.8.8:53 78.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 86.92.20.198.in-addr.arpa udp
US 8.8.8.8:53 17.252.241.162.in-addr.arpa udp
US 8.8.8.8:53 162.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 projetovidacomsaude.com udp
US 8.8.8.8:53 programaflowselling.com udp
US 8.8.8.8:53 www.puritas-erfahrungen.com udp
US 8.8.8.8:53 realtydreamproperty.com udp
US 8.8.8.8:53 realstatecasamakhom.com udp
IR 89.39.208.139:443 plasticsurgeon-iran.com tcp
US 173.252.167.20:443 pan-africanmaritime.com tcp
US 185.150.190.75:443 www.pixiecoverecommends.com tcp
US 162.241.224.50:443 nabaa-adeemhospital.com tcp
TR 104.247.168.99:443 nevaltingayrimenkul.com tcp
US 149.100.151.232:443 paopopcreationsblog.com tcp
US 172.67.222.124:443 ontargeteducational.com tcp
NL 185.41.127.20:443 planetaryexpedition.com tcp
US 149.100.151.135:443 pmproskillstraining.com tcp
US 8.8.8.8:53 stcatalina.com udp
US 8.8.8.8:53 www.stitchloud.com udp
US 8.8.8.8:53 storyonweb.com udp
US 8.8.8.8:53 www.cassandralotus.com udp
US 8.8.8.8:53 stylotrend.com udp
US 108.167.132.208:443 projetovidacomsaude.com tcp
US 192.185.131.135:443 realstatecasamakhom.com tcp
US 8.8.8.8:53 sutinguide.com udp
US 8.8.8.8:53 www.capoeirabarcelona.com udp
US 8.8.8.8:53 suy-noblog.com udp
US 8.8.8.8:53 swamisevak.com udp
US 8.8.8.8:53 swing-cart.com udp
US 8.8.8.8:53 240.131.144.5.in-addr.arpa udp
US 8.8.8.8:53 26.167.170.31.in-addr.arpa udp
US 8.8.8.8:53 221.252.241.162.in-addr.arpa udp
US 8.8.8.8:53 198.155.100.149.in-addr.arpa udp
US 8.8.8.8:53 241.247.49.154.in-addr.arpa udp
US 8.8.8.8:53 179.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 tailstower.com udp
US 8.8.8.8:53 pecaslunares.com udp
US 8.8.8.8:53 peakhotelinn.com udp
LT 45.84.207.35:443 programaflowselling.com tcp
US 104.21.78.97:443 www.puritas-erfahrungen.com tcp
IN 89.117.157.95:443 realtydreamproperty.com tcp
FR 37.59.70.160:443 stcatalina.com tcp
US 34.160.17.71:443 www.stitchloud.com tcp
PL 146.59.70.127:443 stylotrend.com tcp
US 149.100.151.109:443 storyonweb.com tcp
US 23.105.170.37:443 tailstower.com tcp
US 172.67.136.85:443 www.cassandralotus.com tcp
US 8.8.8.8:53 persianloves.com udp
GB 153.92.7.177:443 peakhotelinn.com tcp
US 82.180.174.156:443 pecaslunares.com tcp
US 8.8.8.8:53 petejgerardo.com udp
US 172.96.187.179:443 sutinguide.com tcp
US 8.8.8.8:53 picsbyfabian.com udp
US 8.8.8.8:53 www.canopy-collective.com udp
JP 160.251.148.89:443 suy-noblog.com tcp
US 172.67.202.196:443 www.capoeirabarcelona.com tcp
US 8.8.8.8:53 75.190.150.185.in-addr.arpa udp
US 8.8.8.8:53 139.208.39.89.in-addr.arpa udp
US 8.8.8.8:53 50.224.241.162.in-addr.arpa udp
US 8.8.8.8:53 20.167.252.173.in-addr.arpa udp
US 8.8.8.8:53 124.222.67.172.in-addr.arpa udp
US 8.8.8.8:53 20.127.41.185.in-addr.arpa udp
US 8.8.8.8:53 99.168.247.104.in-addr.arpa udp
US 8.8.8.8:53 232.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 135.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 208.132.167.108.in-addr.arpa udp
US 8.8.8.8:53 135.131.185.192.in-addr.arpa udp
US 8.8.8.8:53 97.78.21.104.in-addr.arpa udp
US 8.8.8.8:53 35.207.84.45.in-addr.arpa udp
US 8.8.8.8:53 95.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 71.17.160.34.in-addr.arpa udp
US 62.72.50.26:443 swing-cart.com tcp
US 104.21.67.4:443 swamisevak.com tcp
US 8.8.8.8:53 pinkymanager.com udp
US 8.8.8.8:53 pintujatitua.com udp
US 8.8.8.8:53 pinkladymaid.com udp
US 8.8.8.8:53 piotrcwalina.com udp
US 8.8.8.8:53 platingastro.com udp
GB 31.132.0.114:80 persianloves.com tcp
US 8.8.8.8:53 pmdentelcare.com udp
DE 45.81.232.20:443 picsbyfabian.com tcp
US 8.8.8.8:53 pmvaustralia.com udp
US 50.87.145.246:443 petejgerardo.com tcp
US 8.8.8.8:53 policykhabar.com udp
US 8.8.8.8:53 www.pompaandalan.com udp
US 8.8.8.8:53 polymerkimia.com udp
US 8.8.8.8:53 www.mohammadrezaghasemi.com udp
US 8.8.8.8:53 popnprofit17.com udp
PL 91.241.62.248:443 piotrcwalina.com tcp
BR 89.117.7.121:443 pinkladymaid.com tcp
US 172.67.203.135:443 www.canopy-collective.com tcp
US 8.8.8.8:53 posf-cyssoft.com udp
US 8.8.8.8:53 109.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 85.136.67.172.in-addr.arpa udp
US 8.8.8.8:53 177.7.92.153.in-addr.arpa udp
US 8.8.8.8:53 156.174.180.82.in-addr.arpa udp
US 8.8.8.8:53 196.202.67.172.in-addr.arpa udp
US 8.8.8.8:53 4.67.21.104.in-addr.arpa udp
US 8.8.8.8:53 26.50.72.62.in-addr.arpa udp
US 8.8.8.8:53 114.0.132.31.in-addr.arpa udp
US 8.8.8.8:53 20.232.81.45.in-addr.arpa udp
US 8.8.8.8:53 89.148.251.160.in-addr.arpa udp
US 8.8.8.8:53 www.poteriemaroc.com udp
US 8.8.8.8:53 postsblogger.com udp
US 8.8.8.8:53 prettyinjoya.com udp
US 8.8.8.8:53 powerpcgames.com udp
US 8.8.8.8:53 pricepointad.com udp
US 104.21.88.92:443 policykhabar.com tcp
US 162.241.216.77:443 pmdentelcare.com tcp
FI 65.108.69.111:443 platingastro.com tcp
FR 37.187.78.11:80 polymerkimia.com tcp
US 82.180.175.121:443 popnprofit17.com tcp
US 8.8.8.8:53 projecttest2.com udp
AU 203.28.49.193:443 pmvaustralia.com tcp
US 8.8.8.8:53 primezondeal.com udp
IR 5.144.131.240:443 www.mohammadrezaghasemi.com tcp
US 66.55.68.73:443 powerpcgames.com tcp
US 8.8.8.8:53 prospervibez.com udp
US 173.236.195.223:443 posf-cyssoft.com tcp
US 66.85.47.15:443 www.poteriemaroc.com tcp
US 209.182.203.89:443 pricepointad.com tcp
US 8.8.8.8:53 protracksvts.com udp
US 8.8.8.8:53 protradingfd.com udp
US 8.8.8.8:53 provocationz.com udp
US 38.107.250.230:443 postsblogger.com tcp
US 89.116.190.244:443 primezondeal.com tcp
US 8.8.8.8:53 prudenehijos.com udp
US 8.8.8.8:53 248.62.241.91.in-addr.arpa udp
US 8.8.8.8:53 246.145.87.50.in-addr.arpa udp
US 8.8.8.8:53 135.203.67.172.in-addr.arpa udp
SG 23.106.52.199:443 www.pompaandalan.com tcp
DE 91.195.240.123:443 prospervibez.com tcp
SG 85.187.128.40:443 protracksvts.com tcp
ID 202.52.146.246:443 warisanherbalnusantara.com tcp
IN 89.117.157.237:443 prettyinjoya.com tcp
US 8.8.8.8:53 pruebamatcha.com udp
US 23.239.27.53:443 protradingfd.com tcp
US 8.8.8.8:53 publycom-web.com udp
US 8.8.8.8:53 qadri-sports.com udp
US 8.8.8.8:53 quannhaubros.com udp
US 208.113.191.146:443 provocationz.com tcp
US 8.8.8.8:53 quickregedit.com udp
US 8.8.8.8:53 questrecipes.com udp
US 8.8.8.8:53 ragammandiri.com udp
US 8.8.8.8:53 radiantnutra.com udp
US 8.8.8.8:53 raiseyourart.com udp
US 8.8.8.8:53 rambut-sihat.com udp
US 8.8.8.8:53 92.88.21.104.in-addr.arpa udp
US 8.8.8.8:53 121.7.117.89.in-addr.arpa udp
US 8.8.8.8:53 111.69.108.65.in-addr.arpa udp
US 8.8.8.8:53 11.78.187.37.in-addr.arpa udp
ES 217.76.130.105:443 prudenehijos.com tcp
IN 62.72.14.131:443 projecttest2.com tcp
US 8.8.8.8:53 77.216.241.162.in-addr.arpa udp
US 8.8.8.8:53 121.175.180.82.in-addr.arpa udp
US 8.8.8.8:53 193.49.28.203.in-addr.arpa udp
US 8.8.8.8:53 15.47.85.66.in-addr.arpa udp
DE 173.212.198.78:443 qadri-sports.com tcp
US 195.179.239.4:443 publycom-web.com tcp
US 8.8.8.8:53 223.195.236.173.in-addr.arpa udp
US 8.8.8.8:53 89.203.182.209.in-addr.arpa udp
US 8.8.8.8:53 230.250.107.38.in-addr.arpa udp
US 8.8.8.8:53 244.190.116.89.in-addr.arpa udp
FI 95.217.5.229:443 recaptcha.cloud tcp
US 8.8.8.8:53 raoneazevedo.com udp
US 82.180.172.2:443 quickregedit.com tcp
IN 89.117.188.185:443 questrecipes.com tcp
SG 209.58.169.75:443 rambut-sihat.com tcp
US 64.90.51.151:443 raiseyourart.com tcp
SG 185.237.145.172:443 ragammandiri.com tcp
US 8.8.8.8:53 rebecamayora.com udp
US 8.8.8.8:53 recipeblog07.com udp
US 8.8.8.8:53 refer-agency.com udp
US 8.8.8.8:53 reformas-rhd.com udp
US 8.8.8.8:53 relyinterior.com udp
US 8.8.8.8:53 reparatodoya.com udp
US 8.8.8.8:53 www.pricepointad.com udp
US 8.8.8.8:53 retepatsigel.com udp
US 134.122.10.147:443 pruebamatcha.com tcp
US 172.67.217.13:443 quannhaubros.com tcp
IN 217.21.91.229:443 relyinterior.com tcp
US 8.8.8.8:53 123.240.195.91.in-addr.arpa udp
US 8.8.8.8:53 146.191.113.208.in-addr.arpa udp
US 8.8.8.8:53 40.128.187.85.in-addr.arpa udp
US 8.8.8.8:53 237.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 199.52.106.23.in-addr.arpa udp
US 8.8.8.8:53 53.27.239.23.in-addr.arpa udp
US 8.8.8.8:53 246.146.52.202.in-addr.arpa udp
US 8.8.8.8:53 105.130.76.217.in-addr.arpa udp
US 8.8.8.8:53 131.14.72.62.in-addr.arpa udp
US 8.8.8.8:53 78.198.212.173.in-addr.arpa udp
US 8.8.8.8:53 229.5.217.95.in-addr.arpa udp
US 8.8.8.8:53 13.217.67.172.in-addr.arpa udp
US 8.8.8.8:53 4.239.179.195.in-addr.arpa udp
US 63.250.38.100:443 retepatsigel.com tcp
FR 5.196.72.102:443 reparatodoya.com tcp
GB 185.77.97.23:443 refer-agency.com tcp
US 65.181.111.144:443 rebecamayora.com tcp
US 209.182.203.89:443 www.pricepointad.com tcp
BR 186.209.113.98:443 raoneazevedo.com tcp
FR 54.36.145.173:443 reformas-rhd.com tcp
US 8.8.8.8:53 retirosyndao.com udp
IN 154.41.233.134:443 recipeblog07.com tcp
US 8.8.8.8:53 revengelaser.com udp
US 8.8.8.8:53 revitavision.com udp
US 8.8.8.8:53 riddigitalia.com udp
US 38.107.250.230:443 postsblogger.com tcp
US 8.8.8.8:53 riffjunction.com udp
US 8.8.8.8:53 riobajoelrio.com udp
US 8.8.8.8:53 riveriacraft.com udp
US 8.8.8.8:53 rkpnutrition.com udp
IN 154.41.233.33:443 riddigitalia.com tcp
US 156.67.74.29:443 retirosyndao.com tcp
GB 154.49.138.54:443 revengelaser.com tcp
BR 170.81.42.20:443 revitavision.com tcp
US 149.100.151.227:443 riffjunction.com tcp
BE 188.208.36.80:443 rkpnutrition.com tcp
US 8.8.8.8:53 rnspamassage.com udp
US 50.6.138.154:443 riobajoelrio.com tcp
US 8.8.8.8:53 rodzinagizow.com udp
US 8.8.8.8:53 185.188.117.89.in-addr.arpa udp
US 8.8.8.8:53 2.172.180.82.in-addr.arpa udp
US 8.8.8.8:53 147.10.122.134.in-addr.arpa udp
US 8.8.8.8:53 151.51.90.64.in-addr.arpa udp
US 8.8.8.8:53 75.169.58.209.in-addr.arpa udp
US 8.8.8.8:53 172.145.237.185.in-addr.arpa udp
US 8.8.8.8:53 102.72.196.5.in-addr.arpa udp
US 8.8.8.8:53 23.97.77.185.in-addr.arpa udp
US 8.8.8.8:53 173.145.36.54.in-addr.arpa udp
US 8.8.8.8:53 144.111.181.65.in-addr.arpa udp
US 8.8.8.8:53 229.91.21.217.in-addr.arpa udp
US 8.8.8.8:53 100.38.250.63.in-addr.arpa udp
US 8.8.8.8:53 134.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 98.113.209.186.in-addr.arpa udp
US 8.8.8.8:53 33.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 29.74.67.156.in-addr.arpa udp
US 8.8.8.8:53 54.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 80.36.208.188.in-addr.arpa udp
US 8.8.8.8:53 royalrent-tr.com udp
US 8.8.8.8:53 www.posf-cyssoft.com udp
US 8.8.8.8:53 ruricdouglas.com udp
US 8.8.8.8:53 www.s1ngularlife.com udp
US 8.8.8.8:53 saasblogging.com udp
US 8.8.8.8:53 saludablekim.com udp
US 8.8.8.8:53 salam7langit.com udp
US 8.8.8.8:53 samonconsult.com udp
ID 103.229.73.226:443 rnspamassage.com tcp
US 8.8.8.8:53 samruddhioil.com udp
US 8.8.8.8:53 sarkariyodha.com udp
US 8.8.8.8:53 www.sanyachauhan.com udp
US 8.8.8.8:53 satoshi-pepe.com udp
US 8.8.8.8:53 sasoliorigin.com udp
US 173.236.165.166:80 rodzinagizow.com tcp
US 8.8.8.8:53 saudirepairs.com udp
ID 103.229.73.226:443 rnspamassage.com tcp
US 8.8.8.8:53 roelantsfood.com udp
US 8.8.8.8:53 227.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 154.138.6.50.in-addr.arpa udp
US 8.8.8.8:53 20.42.81.170.in-addr.arpa udp
US 8.8.8.8:53 www.provocationz.com udp
US 8.8.8.8:53 sbancabomber.com udp
US 8.8.8.8:53 seomagicmode.com udp
US 173.236.195.223:443 www.posf-cyssoft.com tcp
US 172.67.140.124:443 roelantsfood.com tcp
US 8.8.8.8:53 shahedmasoud.com udp
US 8.8.8.8:53 sialiulujami.com udp
US 89.117.139.199:443 saudirepairs.com tcp
ID 153.92.13.91:80 salam7langit.com tcp
US 173.236.63.42:443 www.s1ngularlife.com tcp
IN 154.41.233.138:443 sarkariyodha.com tcp
US 149.100.151.145:443 satoshi-pepe.com tcp
IN 68.178.159.92:80 saasblogging.com tcp
FR 154.49.245.133:443 sahibajewels.com tcp
IN 217.21.94.93:443 sasoliorigin.com tcp
US 172.67.188.55:443 royalrent-tr.com tcp
US 108.170.44.115:443 www.sanyachauhan.com tcp
US 162.214.80.130:443 samruddhioil.com tcp
US 35.196.170.28:443 saludablekim.com tcp
US 8.8.8.8:53 sdskaridosai.com udp
US 66.29.132.149:443 samonconsult.com tcp
US 208.113.191.146:443 www.provocationz.com tcp
US 8.8.8.8:53 simonbeckett.com udp
US 8.8.8.8:53 www.sinergyevent.com udp
US 8.8.8.8:53 sirenacyprus.com udp
US 50.87.253.56:443 shahedmasoud.com tcp
US 172.67.149.73:443 sbancabomber.com tcp
US 162.241.218.112:80 seomagicmode.com tcp
US 8.8.8.8:53 166.165.236.173.in-addr.arpa udp
US 8.8.8.8:53 226.73.229.103.in-addr.arpa udp
US 8.8.8.8:53 124.140.67.172.in-addr.arpa udp
US 8.8.8.8:53 55.188.67.172.in-addr.arpa udp
US 8.8.8.8:53 133.245.49.154.in-addr.arpa udp
US 8.8.8.8:53 www.sirstaffnews.com udp
IT 46.252.147.154:443 www.sinergyevent.com tcp
US 193.42.137.158:443 sirenacyprus.com tcp
IN 89.117.27.234:443 sdskaridosai.com tcp
DE 217.160.0.235:443 simonbeckett.com tcp
SG 185.237.145.22:443 sialiulujami.com tcp
US 8.8.8.8:53 sitemaestros.com udp
FR 188.165.208.104:443 www.sirstaffnews.com tcp
FR 89.117.169.147:443 sitemaestros.com tcp
US 8.8.8.8:53 siyarampujan.com udp
US 8.8.8.8:53 skiathosland.com udp
LT 84.32.84.32:443 siteroofview.com tcp
US 8.8.8.8:53 skills-group.com udp
US 8.8.8.8:53 www.skillsikhobd.com udp
US 8.8.8.8:53 skullsgalaxy.com udp
US 8.8.8.8:53 smartstrroze.com udp
US 8.8.8.8:53 2dtradingsac.com udp
US 8.8.8.8:53 mesapoolrepair.com udp
US 8.8.8.8:53 hoststaydanang.com udp
US 8.8.8.8:53 42.63.236.173.in-addr.arpa udp
US 8.8.8.8:53 138.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 199.139.117.89.in-addr.arpa udp
US 8.8.8.8:53 145.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 130.80.214.162.in-addr.arpa udp
US 8.8.8.8:53 115.44.170.108.in-addr.arpa udp
US 8.8.8.8:53 93.94.21.217.in-addr.arpa udp
US 8.8.8.8:53 149.132.29.66.in-addr.arpa udp
US 8.8.8.8:53 91.13.92.153.in-addr.arpa udp
US 8.8.8.8:53 73.149.67.172.in-addr.arpa udp
US 8.8.8.8:53 56.253.87.50.in-addr.arpa udp
US 8.8.8.8:53 112.218.241.162.in-addr.arpa udp
US 8.8.8.8:53 235.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 158.137.42.193.in-addr.arpa udp
US 8.8.8.8:53 104.208.165.188.in-addr.arpa udp
US 8.8.8.8:53 234.27.117.89.in-addr.arpa udp
US 8.8.8.8:53 22.145.237.185.in-addr.arpa udp
US 8.8.8.8:53 mountainmafiaa.com udp
US 8.8.8.8:53 mylifefullness.com udp
US 8.8.8.8:53 syncrenovations.com udp
US 8.8.8.8:53 taikhoannetflix.com udp
US 8.8.8.8:53 snackeconomy.com udp
IN 154.41.233.73:443 siyarampujan.com tcp
US 68.65.120.202:443 mylifefullness.com tcp
FR 91.234.195.179:80 skills-group.com tcp
CA 23.227.38.65:443 smartstrroze.com tcp
US 8.8.8.8:53 thisisreggaeton.com udp
DE 3.64.163.50:443 mesapoolrepair.com tcp
SG 156.67.222.51:443 skiathosland.com tcp
US 66.198.240.49:80 mountainmafiaa.com tcp
KR 183.111.183.55:443 snackeconomy.com tcp
US 8.8.8.8:53 topeng-editions.com udp
US 8.8.8.8:53 umkmtempehkidul.com udp
US 8.8.8.8:53 ultimatexgaming.com udp
VN 45.252.250.39:443 taikhoannetflix.com tcp
US 8.8.8.8:53 warehouseexcess.com udp
US 8.8.8.8:53 walpoleshipping.com udp
US 8.8.8.8:53 projekt-abenteuer.de udp
US 8.8.8.8:53 xpresshomedecor.com udp
US 89.117.77.115:443 skullsgalaxy.com tcp
VN 202.92.4.11:443 hoststaydanang.com tcp
US 209.59.191.142:443 syncrenovations.com tcp
US 8.8.8.8:53 rasselbande-rohr.com udp
US 66.29.146.48:443 thisisreggaeton.com tcp
US 8.8.8.8:53 147.169.117.89.in-addr.arpa udp
US 8.8.8.8:53 179.195.234.91.in-addr.arpa udp
US 8.8.8.8:53 65.38.227.23.in-addr.arpa udp
US 8.8.8.8:53 50.163.64.3.in-addr.arpa udp
US 8.8.8.8:53 73.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 202.120.65.68.in-addr.arpa udp
US 8.8.8.8:53 siavserviciosweb.com udp
US 8.8.8.8:53 slotonlinebeacon.com udp
DE 162.55.131.89:443 2dtradingsac.com tcp
US 8.8.8.8:53 slotonlineblockr.com udp
US 8.8.8.8:53 slotonlinedebate.com udp
US 68.65.122.94:443 topeng-editions.com tcp
US 162.254.39.111:443 xpresshomedecor.com tcp
US 8.8.8.8:53 smglucosecontrol.com udp
US 104.21.16.105:443 slotonlinebeacon.com tcp
IN 154.41.233.105:443 skytechlimitless.com tcp
DE 81.169.145.157:80 rasselbande-rohr.com tcp
DE 81.169.145.159:443 projekt-abenteuer.de tcp
US 82.180.174.231:443 siavserviciosweb.com tcp
US 8.8.8.8:53 smubizconference.com udp
US 162.241.253.177:443 warehouseexcess.com tcp
US 104.21.65.91:443 slotonlineblockr.com tcp
SG 151.106.119.248:80 umkmtempehkidul.com tcp
US 172.67.146.6:443 slotonlinedebate.com tcp
US 8.8.8.8:53 49.240.198.66.in-addr.arpa udp
US 8.8.8.8:53 51.222.67.156.in-addr.arpa udp
US 8.8.8.8:53 89.131.55.162.in-addr.arpa udp
US 8.8.8.8:53 142.191.59.209.in-addr.arpa udp
US 8.8.8.8:53 48.146.29.66.in-addr.arpa udp
US 8.8.8.8:53 55.183.111.183.in-addr.arpa udp
US 8.8.8.8:53 39.250.252.45.in-addr.arpa udp
US 8.8.8.8:53 11.4.92.202.in-addr.arpa udp
US 8.8.8.8:53 snapstagedesigns.com udp
US 8.8.8.8:53 soberintegration.com udp
US 8.8.8.8:53 solutionswithcas.com udp
FI 95.217.5.229:443 recaptcha.cloud tcp
US 104.21.65.254:443 smglucosecontrol.com tcp
US 8.8.8.8:53 sommetexcellence.com udp
US 52.10.62.74:443 smubizconference.com tcp
US 8.8.8.8:53 spareroomquilter.com udp
US 8.8.8.8:53 www.thisisreggaeton.com udp
US 74.208.236.5:80 soberintegration.com tcp
DE 81.169.145.157:443 rasselbande-rohr.com tcp
US 162.241.217.150:443 snapstagedesigns.com tcp
US 162.241.253.174:443 solutionswithcas.com tcp
US 162.241.225.87:443 spareroomquilter.com tcp
GB 154.49.138.62:443 sommetexcellence.com tcp
US 66.29.146.48:443 www.thisisreggaeton.com tcp
US 8.8.8.8:53 srtoursandexport.com udp
US 8.8.8.8:53 stahlmanoutdoors.com udp
IN 217.21.94.229:443 srtoursandexport.com tcp
US 8.8.8.8:53 wed-webs.com udp
US 82.180.174.232:443 stahlmanoutdoors.com tcp
US 8.8.8.8:53 studiomauricette.com udp
US 8.8.8.8:53 105.16.21.104.in-addr.arpa udp
US 8.8.8.8:53 159.145.169.81.in-addr.arpa udp
US 8.8.8.8:53 157.145.169.81.in-addr.arpa udp
US 8.8.8.8:53 91.65.21.104.in-addr.arpa udp
US 8.8.8.8:53 94.122.65.68.in-addr.arpa udp
US 8.8.8.8:53 111.39.254.162.in-addr.arpa udp
US 8.8.8.8:53 6.146.67.172.in-addr.arpa udp
US 8.8.8.8:53 231.174.180.82.in-addr.arpa udp
US 8.8.8.8:53 105.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 248.119.106.151.in-addr.arpa udp
US 8.8.8.8:53 74.62.10.52.in-addr.arpa udp
US 8.8.8.8:53 62.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 5.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 150.217.241.162.in-addr.arpa udp
US 8.8.8.8:53 87.225.241.162.in-addr.arpa udp
US 8.8.8.8:53 174.253.241.162.in-addr.arpa udp
US 8.8.8.8:53 supernovapodcast.com udp
US 8.8.8.8:53 techgadgetportal.com udp
US 8.8.8.8:53 surajswadridhani.com udp
US 8.8.8.8:53 temitopeolagbegi.com udp
US 8.8.8.8:53 techycoolgadgets.com udp
US 8.8.8.8:53 tempnibtnesxnald.com udp
US 104.21.43.222:443 tempnibtnesxnald.com tcp
BR 149.62.37.59:443 supernovapodcast.com tcp
US 194.195.84.236:443 techycoolgadgets.com tcp
FR 154.49.245.158:443 studiomauricette.com tcp
US 3.33.130.190:80 surajswadridhani.com tcp
US 8.8.8.8:53 tensiometroideal.com udp
US 8.8.8.8:53 theaveragewriter.com udp
US 8.8.8.8:53 thedigitalslomad.com udp
US 8.8.8.8:53 theexecutivelens.com udp
US 8.8.8.8:53 thehybridprogram.com udp
US 8.8.8.8:53 theitgirlarchive.com udp
SG 151.106.119.71:443 wed-webs.com tcp
US 82.180.174.239:443 techgadgetportal.com tcp
US 131.153.147.90:443 temitopeolagbegi.com tcp
US 8.8.8.8:53 229.94.21.217.in-addr.arpa udp
US 8.8.8.8:53 232.174.180.82.in-addr.arpa udp
US 8.8.8.8:53 222.43.21.104.in-addr.arpa udp
US 8.8.8.8:53 thelavishcomfort.com udp
US 8.8.8.8:53 thesparkcenterwv.com udp
US 8.8.8.8:53 theroadtoagrammy.com udp
US 8.8.8.8:53 server4.ghostly.top udp
US 8.8.8.8:53 threedots-online.com udp
US 8.8.8.8:53 thryveinbusiness.com udp
US 8.8.8.8:53 titantraininghub.com udp
US 8.8.8.8:53 topcaregrouphome.com udp
US 8.8.8.8:53 travelinglullaby.com udp
IN 154.41.233.150:443 theaveragewriter.com tcp
US 160.153.0.161:443 theroadtoagrammy.com tcp
DE 77.105.132.4:443 server4.ghostly.top tcp
US 217.21.77.177:443 theexecutivelens.com tcp
US 191.101.79.211:443 thehybridprogram.com tcp
IN 68.178.154.108:80 threedots-online.com tcp
US 162.241.219.143:443 theitgirlarchive.com tcp
US 192.185.71.136:443 thryveinbusiness.com tcp
US 8.8.8.8:53 taxaccconsultants.com udp
US 8.8.8.8:53 enlightenedmindss.com udp
US 50.87.144.239:443 thesparkcenterwv.com tcp
US 108.167.164.135:443 thelavishcomfort.com tcp
US 162.144.15.174:80 thedigitalslomad.com tcp
US 8.8.8.8:53 158.245.49.154.in-addr.arpa udp
US 8.8.8.8:53 236.84.195.194.in-addr.arpa udp
US 8.8.8.8:53 59.37.62.149.in-addr.arpa udp
US 8.8.8.8:53 90.147.153.131.in-addr.arpa udp
US 8.8.8.8:53 239.174.180.82.in-addr.arpa udp
US 8.8.8.8:53 71.119.106.151.in-addr.arpa udp
US 104.21.47.21:443 titantraininghub.com tcp
US 8.8.8.8:53 todaystatesidenews.com udp
US 3.33.130.190:443 surajswadridhani.com tcp
US 8.8.8.8:53 woundcareprocenter.com udp
US 148.72.86.249:80 topcaregrouphome.com tcp
US 50.87.171.154:443 travelinglullaby.com tcp
US 8.8.8.8:53 yvettebrownconsult.com udp
US 66.29.137.15:443 todaystatesidenews.com tcp
US 8.8.8.8:53 moonlightingfloral.com udp
FI 65.21.134.164:443 enlightenedmindss.com tcp
US 198.54.125.146:443 woundcareprocenter.com tcp
US 8.8.8.8:53 myrelojinteligente.com udp
US 8.8.8.8:53 nationoneinsurance.com udp
US 162.254.39.94:443 yvettebrownconsult.com tcp
US 50.87.139.112:443 moonlightingfloral.com tcp
US 8.8.8.8:53 negrilislandgrille.com udp
US 8.8.8.8:53 161.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 oceanpearlinfotech.com udp
US 8.8.8.8:53 21.47.21.104.in-addr.arpa udp
US 8.8.8.8:53 177.77.21.217.in-addr.arpa udp
US 8.8.8.8:53 211.79.101.191.in-addr.arpa udp
US 8.8.8.8:53 143.219.241.162.in-addr.arpa udp
US 8.8.8.8:53 136.71.185.192.in-addr.arpa udp
US 8.8.8.8:53 135.164.167.108.in-addr.arpa udp
US 8.8.8.8:53 239.144.87.50.in-addr.arpa udp
US 8.8.8.8:53 174.15.144.162.in-addr.arpa udp
US 8.8.8.8:53 154.171.87.50.in-addr.arpa udp
US 8.8.8.8:53 15.137.29.66.in-addr.arpa udp
US 8.8.8.8:53 164.134.21.65.in-addr.arpa udp
US 8.8.8.8:53 acceleratemycapital.com udp
US 8.8.8.8:53 acetraveladventures.com udp
US 131.153.165.33:443 taxaccconsultants.com tcp
US 8.8.8.8:53 antoniobritoalcalde.com udp
US 8.8.8.8:53 allinclusivemindset.com udp
US 8.8.8.8:53 www.andreamariabonavita.com udp
US 8.8.8.8:53 myempoweringenergy.com udp
US 8.8.8.8:53 asglobalconsultancy.com udp
US 8.8.8.8:53 bolddetailingstudio.com udp
US 8.8.8.8:53 championhealthbetel.com udp
IT 89.46.105.98:443 www.andreamariabonavita.com tcp
FR 5.39.109.102:443 myrelojinteligente.com tcp
US 162.241.225.189:443 acetraveladventures.com tcp
US 162.241.216.185:443 negrilislandgrille.com tcp
US 162.241.226.151:443 myempoweringenergy.com tcp
US 192.185.52.236:443 acceleratemycapital.com tcp
US 162.241.252.89:443 allinclusivemindset.com tcp
US 162.241.85.65:443 asglobalconsultancy.com tcp
US 160.153.0.174:443 antoniobritoalcalde.com tcp
US 108.167.157.139:80 nationoneinsurance.com tcp
US 8.8.8.8:53 cinderellanewmexico.com udp
US 108.167.188.67:443 bolddetailingstudio.com tcp
FI 95.217.5.229:443 recaptcha.cloud tcp
US 8.8.8.8:53 146.125.54.198.in-addr.arpa udp
US 8.8.8.8:53 112.139.87.50.in-addr.arpa udp
US 8.8.8.8:53 94.39.254.162.in-addr.arpa udp
US 8.8.8.8:53 33.165.153.131.in-addr.arpa udp
US 8.8.8.8:53 claritypowerpurpose.com udp
US 8.8.8.8:53 classiccityscooters.com udp
US 72.167.69.4:80 championhealthbetel.com tcp
US 162.241.85.240:443 oceanpearlinfotech.com tcp
US 162.241.216.155:443 claritypowerpurpose.com tcp
US 8.8.8.8:53 coconailsysuplidora.com udp
US 8.8.8.8:53 coryonlinemarketing.com udp
US 160.153.0.138:443 cinderellanewmexico.com tcp
US 208.109.79.3:80 classiccityscooters.com tcp
US 172.67.187.199:443 coryonlinemarketing.com tcp
US 198.187.29.149:443 comfylifeaccesories.com tcp
US 192.185.131.123:443 coconailsysuplidora.com tcp
US 8.8.8.8:53 dicaspersonalizadas.com udp
US 8.8.8.8:53 futurepriceforecast.com udp
US 8.8.8.8:53 98.105.46.89.in-addr.arpa udp
US 8.8.8.8:53 102.109.39.5.in-addr.arpa udp
US 8.8.8.8:53 174.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 189.225.241.162.in-addr.arpa udp
US 8.8.8.8:53 185.216.241.162.in-addr.arpa udp
US 8.8.8.8:53 236.52.185.192.in-addr.arpa udp
US 8.8.8.8:53 139.157.167.108.in-addr.arpa udp
US 8.8.8.8:53 67.188.167.108.in-addr.arpa udp
US 8.8.8.8:53 89.252.241.162.in-addr.arpa udp
US 8.8.8.8:53 151.226.241.162.in-addr.arpa udp
US 8.8.8.8:53 240.85.241.162.in-addr.arpa udp
US 8.8.8.8:53 155.216.241.162.in-addr.arpa udp
US 8.8.8.8:53 199.187.67.172.in-addr.arpa udp
US 8.8.8.8:53 www.harmoniorganizasyon.com udp
US 8.8.8.8:53 65.85.241.162.in-addr.arpa udp
US 8.8.8.8:53 HAWAIIANOVERLANDERS.COM udp
US 8.8.8.8:53 himalayajetholidays.com udp
US 8.8.8.8:53 hizlibiletislemleri.com udp
US 8.8.8.8:53 jasadesaindanbangun.com udp
US 8.8.8.8:53 www.pmvaustralia.com udp
US 8.8.8.8:53 jcservicosesolucoes.com udp
US 8.8.8.8:53 kelasbahasainggeris.com udp
US 8.8.8.8:53 officialhealthplaza.com udp
US 8.8.8.8:53 realbiblicalanswers.com udp
MY 103.27.73.60:443 kelasbahasainggeris.com tcp
US 68.65.122.110:443 futurepriceforecast.com tcp
US 108.167.188.68:443 dicaspersonalizadas.com tcp
US 50.87.179.245:443 HAWAIIANOVERLANDERS.COM tcp
TR 94.199.200.135:443 www.harmoniorganizasyon.com tcp
US 8.8.8.8:53 residencialbrisamar.com udp
US 8.8.8.8:53 sleepbettersolution.com udp
US 8.8.8.8:53 royaltouchceylontea.com udp
US 8.8.8.8:53 soldierpoetkingquiz.com udp
ID 103.247.8.73:443 jasadesaindanbangun.com tcp
US 68.178.220.38:443 hawkshamanichealing.com tcp
US 160.153.0.102:443 hizlibiletislemleri.com tcp
US 172.67.161.89:443 himalayajetholidays.com tcp
US 8.8.8.8:53 149.29.187.198.in-addr.arpa udp
US 8.8.8.8:53 123.131.185.192.in-addr.arpa udp
US 106.0.62.84:443 realbiblicalanswers.com tcp
US 69.49.241.187:443 jcservicosesolucoes.com tcp
NL 213.249.70.41:443 officialhealthplaza.com tcp
US 8.8.8.8:53 southwest-analytics.com udp
MY 103.130.153.14:443 khasiatsendudukasli.com tcp
US 8.8.8.8:53 amthor-carbontechnik.de udp
US 8.8.8.8:53 srivishnugopinathan.com udp
AU 203.28.49.193:443 www.pmvaustralia.com tcp
US 198.54.115.85:443 sleepbettersolution.com tcp
US 65.181.111.166:443 residencialbrisamar.com tcp
US 198.187.31.171:443 soldierpoetkingquiz.com tcp
DE 85.13.137.141:443 amthor-carbontechnik.de tcp
US 162.241.24.239:443 southwest-analytics.com tcp
US 8.8.8.8:53 block-chain-insights.com udp
US 50.87.253.59:443 srivishnugopinathan.com tcp
SG 179.61.199.2:80 royaltouchceylontea.com tcp
US 8.8.8.8:53 foodandbeveragetoday.com udp
US 8.8.8.8:53 farmoaid.com udp
US 8.8.8.8:53 himalayajet.co.uk udp
US 8.8.8.8:53 izkarsan.com udp
US 8.8.8.8:53 smokietees.com udp
US 8.8.8.8:53 89.161.67.172.in-addr.arpa udp
US 8.8.8.8:53 102.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 68.188.167.108.in-addr.arpa udp
US 8.8.8.8:53 41.70.249.213.in-addr.arpa udp
US 8.8.8.8:53 110.122.65.68.in-addr.arpa udp
US 8.8.8.8:53 245.179.87.50.in-addr.arpa udp
US 8.8.8.8:53 187.241.49.69.in-addr.arpa udp
US 8.8.8.8:53 84.62.0.106.in-addr.arpa udp
US 8.8.8.8:53 60.73.27.103.in-addr.arpa udp
US 8.8.8.8:53 14.153.130.103.in-addr.arpa udp
US 8.8.8.8:53 73.8.247.103.in-addr.arpa udp
US 8.8.8.8:53 85.115.54.198.in-addr.arpa udp
US 8.8.8.8:53 166.111.181.65.in-addr.arpa udp
US 63.250.38.114:443 farmoaid.com tcp
FI 95.217.127.27:443 himalayajet.co.uk tcp
US 8.8.8.8:53 staceyrn.com udp
US 8.8.8.8:53 stps-edu.com udp
US 8.8.8.8:53 strimnet.com udp
US 8.8.8.8:53 www.talkkung.com udp
JP 140.83.34.244:443 block-chain-insights.com tcp
US 8.8.8.8:53 www.tannerus.com udp
FR 92.205.2.25:80 izkarsan.com tcp
US 8.8.8.8:53 teeteoil.com udp
US 8.8.8.8:53 8thsquare.com udp
US 8.8.8.8:53 abdostyle.com udp
US 74.208.53.227:443 foodandbeveragetoday.com tcp
US 8.8.8.8:53 ablscrubs.com udp
US 8.8.8.8:53 aidatapis.com udp
US 8.8.8.8:53 airahills.com udp
US 8.8.8.8:53 www.scalebuilt.ai udp
US 162.241.216.68:443 smokietees.com tcp
US 8.8.8.8:53 ajiralink.com udp
US 8.8.8.8:53 141.137.13.85.in-addr.arpa udp
US 8.8.8.8:53 171.31.187.198.in-addr.arpa udp
US 8.8.8.8:53 239.24.241.162.in-addr.arpa udp
US 8.8.8.8:53 59.253.87.50.in-addr.arpa udp
US 8.8.8.8:53 2.199.61.179.in-addr.arpa udp
US 8.8.8.8:53 114.38.250.63.in-addr.arpa udp
US 8.8.8.8:53 alabamaca.com udp
US 172.67.214.135:443 www.talkkung.com tcp
US 50.87.146.15:443 staceyrn.com tcp
DE 162.55.131.89:443 strimnet.com tcp
US 3.237.254.153:443 www.scalebuilt.ai tcp
IN 154.41.233.248:443 airahills.com tcp
US 8.8.8.8:53 alabradio.com udp
US 162.241.85.202:443 www.tannerus.com tcp
IR 89.235.79.56:443 abdostyle.com tcp
US 162.241.203.241:443 ablscrubs.com tcp
US 8.8.8.8:53 alkalino2.com udp
US 74.220.199.6:443 teeteoil.com tcp
US 66.235.200.147:443 ajiralink.com tcp
US 8.8.8.8:53 almasheal.com udp
US 8.8.8.8:53 alkh-aima.com udp
US 8.8.8.8:53 alphalish.com udp
US 8.8.8.8:53 arkingweb.com udp
US 8.8.8.8:53 ascomobil.com udp
US 107.154.169.84:443 stps-edu.com tcp
US 162.241.225.147:443 8thsquare.com tcp
ID 103.247.11.243:443 aidatapis.com tcp
US 8.8.8.8:53 27.127.217.95.in-addr.arpa udp
US 8.8.8.8:53 227.53.208.74.in-addr.arpa udp
US 8.8.8.8:53 244.34.83.140.in-addr.arpa udp
US 8.8.8.8:53 68.216.241.162.in-addr.arpa udp
FR 154.49.245.84:443 aidealbot.com tcp
US 104.21.31.97:443 imunify-alert.com tcp
US 8.8.8.8:53 bawarimsp.com udp
US 8.8.8.8:53 bestshill.com udp
FR 15.237.197.211:443 almasheal.com tcp
IN 217.21.87.217:443 alabradio.com tcp
LU 198.251.88.24:443 bawarimsp.com tcp
US 8.8.8.8:53 bricsmark.com udp
US 8.8.8.8:53 chupybaby.com udp
FR 154.49.245.95:443 alkh-aima.com tcp
US 8.8.8.8:53 dexkstore.com udp
US 66.235.200.112:443 alphalish.com tcp
US 162.0.215.132:443 ascomobil.com tcp
US 148.163.93.106:443 arkingweb.com tcp
RO 188.241.222.254:443 alkalino2.com tcp
US 8.8.8.8:53 deyesperu.com udp
US 8.8.8.8:53 digipydia.com udp
US 8.8.8.8:53 dioutlett.com udp
US 8.8.8.8:53 dittebags.com udp
US 8.8.8.8:53 diziboost.com udp
US 8.8.8.8:53 divinatum.com udp
US 8.8.8.8:53 135.214.67.172.in-addr.arpa udp
US 8.8.8.8:53 147.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 15.146.87.50.in-addr.arpa udp
US 8.8.8.8:53 248.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 56.79.235.89.in-addr.arpa udp
US 8.8.8.8:53 241.203.241.162.in-addr.arpa udp
US 8.8.8.8:53 147.225.241.162.in-addr.arpa udp
US 8.8.8.8:53 202.85.241.162.in-addr.arpa udp
US 8.8.8.8:53 84.169.154.107.in-addr.arpa udp
US 8.8.8.8:53 84.245.49.154.in-addr.arpa udp
US 8.8.8.8:53 243.11.247.103.in-addr.arpa udp
US 8.8.8.8:53 dohaeagle.com udp
US 8.8.8.8:53 djapraweb.com udp
US 8.8.8.8:53 dorhassan.com udp
US 68.65.120.151:443 bestshill.com tcp
FI 95.217.5.229:443 recaptcha.cloud tcp
US 198.54.119.115:443 bricsmark.com tcp
US 8.8.8.8:53 jacobs4mo.com udp
US 8.8.8.8:53 www.jaluzicam.com udp
BR 154.49.247.148:443 dexkstore.com tcp
GB 154.49.138.141:443 deyesperu.com tcp
US 8.8.8.8:53 www.jdsartist.com udp
US 8.8.8.8:53 jarrucheo.com udp
US 8.8.8.8:53 jermdraws.com udp
US 44.213.187.159:443 digipydia.com tcp
LT 45.84.207.87:443 dohaeagle.com tcp
VN 103.57.222.10:80 chupybaby.com tcp
FR 154.49.245.77:443 dorhassan.com tcp
US 104.21.34.37:443 dittebags.com tcp
US 8.8.8.8:53 jesstrend.com udp
IN 154.41.233.133:443 diziboost.com tcp
US 104.21.59.146:443 djapraweb.com tcp
US 8.8.8.8:53 jobxthere.com udp
US 8.8.8.8:53 jolivoile.com udp
US 8.8.8.8:53 95.245.49.154.in-addr.arpa udp
US 8.8.8.8:53 112.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 217.87.21.217.in-addr.arpa udp
US 8.8.8.8:53 132.215.0.162.in-addr.arpa udp
US 8.8.8.8:53 106.93.163.148.in-addr.arpa udp
US 8.8.8.8:53 151.120.65.68.in-addr.arpa udp
US 24.144.104.213:443 dioutlett.com tcp
US 172.67.155.141:443 divinatum.com tcp
US 8.8.8.8:53 jungblatt.com udp
US 104.131.178.126:443 jacobs4mo.com tcp
US 8.8.8.8:53 www.jyotidevi.com udp
FR 109.234.164.228:443 www.jdsartist.com tcp
DE 164.90.213.49:443 jesstrend.com tcp
US 8.8.8.8:53 www.kabulwood.com udp
US 104.21.77.149:443 iufabetde.com tcp
DE 91.216.248.21:443 jungblatt.com tcp
FI 65.108.134.49:443 jarrucheo.com tcp
TR 46.20.146.37:443 www.jaluzicam.com tcp
JP 52.193.90.155:443 jermdraws.com tcp
NL 212.107.17.2:443 jolivoile.com tcp
US 172.67.144.153:443 jobxthere.com tcp
IN 62.72.28.231:443 www.jyotidevi.com tcp
US 8.8.8.8:53 www.kamnadevi.com udp
US 173.208.242.178:443 www.kabulwood.com tcp
US 8.8.8.8:53 141.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 115.119.54.198.in-addr.arpa udp
US 8.8.8.8:53 87.207.84.45.in-addr.arpa udp
US 8.8.8.8:53 148.247.49.154.in-addr.arpa udp
US 8.8.8.8:53 37.34.21.104.in-addr.arpa udp
US 8.8.8.8:53 77.245.49.154.in-addr.arpa udp
US 8.8.8.8:53 141.155.67.172.in-addr.arpa udp
US 8.8.8.8:53 213.104.144.24.in-addr.arpa udp
US 8.8.8.8:53 133.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 126.178.131.104.in-addr.arpa udp
SG 179.61.199.2:443 royaltouchceylontea.com tcp
FI 95.217.5.229:443 recaptcha.cloud tcp
US 8.8.8.8:53 www.kavutepin.com udp
IN 89.117.188.130:443 www.kamnadevi.com tcp
US 172.67.163.110:443 www.kavutepin.com tcp
US 8.8.8.8:53 keemscuts.com udp
US 160.153.0.186:443 keemscuts.com tcp
US 8.8.8.8:53 www.dein-hebammensupport.de udp
US 8.8.8.8:53 kerdosbiz.com udp
US 8.8.8.8:53 www.ketkiarya.com udp
US 8.8.8.8:53 228.164.234.109.in-addr.arpa udp
US 8.8.8.8:53 49.213.90.164.in-addr.arpa udp
US 8.8.8.8:53 149.77.21.104.in-addr.arpa udp
US 8.8.8.8:53 49.134.108.65.in-addr.arpa udp
US 8.8.8.8:53 2.17.107.212.in-addr.arpa udp
US 8.8.8.8:53 153.144.67.172.in-addr.arpa udp
US 8.8.8.8:53 37.146.20.46.in-addr.arpa udp
US 8.8.8.8:53 155.90.193.52.in-addr.arpa udp
US 8.8.8.8:53 178.242.208.173.in-addr.arpa udp
US 8.8.8.8:53 130.188.117.89.in-addr.arpa udp
US 8.8.8.8:53 110.163.67.172.in-addr.arpa udp
US 8.8.8.8:53 186.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 kodekashi.com udp
US 8.8.8.8:53 korean108.com udp
DE 91.216.248.22:443 www.dein-hebammensupport.de tcp
US 8.8.8.8:53 kolideals.com udp
US 8.8.8.8:53 ksikitchens.com udp
US 8.8.8.8:53 ktthealth.com udp
US 8.8.8.8:53 kurupunch.com udp
US 8.8.8.8:53 pizzalore.com udp
IN 68.178.145.166:80 kerdosbiz.com tcp
IN 89.117.27.47:443 kodekashi.com tcp
US 34.210.137.143:443 www.ketkiarya.com tcp
US 8.8.8.8:53 plotiobcf.com udp
US 8.8.8.8:53 pmk-chiba.com udp
US 8.8.8.8:53 pmk-ginza.com udp
US 8.8.8.8:53 pmk-kyoto.com udp
US 8.8.8.8:53 pmk-omiya.com udp
SG 143.198.201.128:443 korean108.com tcp
FR 154.49.245.167:443 kolideals.com tcp
PL 146.59.70.127:443 pizzalore.com tcp
US 192.210.0.37:443 ksikitchens.com tcp
KR 183.111.183.60:443 ktthealth.com tcp
FR 155.133.132.2:443 kurupunch.com tcp
US 8.8.8.8:53 pmk-sakae.com udp
US 8.8.8.8:53 22.248.216.91.in-addr.arpa udp
US 8.8.8.8:53 pmk-umeda.com udp
FR 18.161.111.120:443 pmk-umeda.com tcp
FR 18.161.111.120:443 pmk-umeda.com tcp
FR 18.161.111.120:443 pmk-umeda.com tcp
FR 18.161.111.120:443 pmk-umeda.com tcp
FR 18.161.111.79:443 pmk-umeda.com tcp
US 8.8.8.8:53 pnwtracks.com udp
FR 18.161.111.36:443 pmk-umeda.com tcp
US 8.8.8.8:53 pontiwear.com udp
HK 103.73.163.170:80 plotiobcf.com tcp
US 172.67.138.246:443 pontiwear.com tcp
US 8.8.8.8:53 www.kodekashi.com udp
US 162.241.253.192:443 pnwtracks.com tcp
US 8.8.8.8:53 portbryan.com udp
US 8.8.8.8:53 porpholio.com udp
US 8.8.8.8:53 prestputt.com udp
US 8.8.8.8:53 www.www.ketkiarya.com udp
US 8.8.8.8:53 prevandco.com udp
US 8.8.8.8:53 www.prevermas.com udp
US 8.8.8.8:53 proeyepet.com udp
US 8.8.8.8:53 projectkz.com udp
US 8.8.8.8:53 47.27.117.89.in-addr.arpa udp
US 8.8.8.8:53 167.245.49.154.in-addr.arpa udp
US 8.8.8.8:53 2.132.133.155.in-addr.arpa udp
US 8.8.8.8:53 120.111.161.18.in-addr.arpa udp
US 8.8.8.8:53 128.201.198.143.in-addr.arpa udp
US 8.8.8.8:53 60.183.111.183.in-addr.arpa udp
US 8.8.8.8:53 79.111.161.18.in-addr.arpa udp
US 8.8.8.8:53 36.111.161.18.in-addr.arpa udp
US 8.8.8.8:53 246.138.67.172.in-addr.arpa udp
US 8.8.8.8:53 170.163.73.103.in-addr.arpa udp
IN 89.117.27.47:443 www.kodekashi.com tcp
US 8.8.8.8:53 purgeware.com udp
US 8.8.8.8:53 prosyncds.com udp
US 8.8.8.8:53 qasreamin.com udp
N/A 127.0.0.1:34513 tcp
US 8.8.8.8:53 quaggamer.com udp
US 8.8.8.8:53 www.plotiobcf.com udp
IN 154.41.233.149:443 porpholio.com tcp
FR 51.91.236.193:443 prevandco.com tcp
US 160.153.41.131:443 portbryan.com tcp
US 162.241.203.60:443 proeyepet.com tcp
CL 186.64.114.65:443 www.prevermas.com tcp
FR 151.106.26.219:443 purgeware.com tcp
US 8.8.8.8:53 racksauto.com udp
US 8.8.8.8:53 rajuislam.com udp
US 34.68.234.4:443 prosyncds.com tcp
GB 109.123.65.85:443 qasreamin.com tcp
US 208.109.42.45:443 projectkz.com tcp
US 62.72.2.201:443 prestputt.com tcp
US 8.8.8.8:53 regionite.com udp
US 8.8.8.8:53 reactlasl.com udp
IN 154.41.233.152:443 quaggamer.com tcp
US 208.97.150.186:443 racksauto.com tcp
DE 88.198.100.142:443 rajuislam.com tcp
DE 49.12.121.200:80 reactlasl.com tcp
US 8.8.8.8:53 192.253.241.162.in-addr.arpa udp
US 8.8.8.8:53 85.65.123.109.in-addr.arpa udp
US 8.8.8.8:53 60.203.241.162.in-addr.arpa udp
US 8.8.8.8:53 149.233.41.154.in-addr.arpa udp
HK 103.73.163.170:443 www.plotiobcf.com tcp
US 8.8.8.8:53 www.houseofacker.at udp
US 8.8.8.8:53 remaxeasy.com udp
US 8.8.8.8:53 remax4win.com udp
AT 81.19.159.43:443 www.houseofacker.at tcp
US 8.8.8.8:53 revitavit.com udp
US 8.8.8.8:53 rfidlinen.com udp
US 8.8.8.8:53 thehordey.com udp
US 8.8.8.8:53 thelhview.com udp
US 8.8.8.8:53 thewebpag.com udp
US 8.8.8.8:53 thewebish.com udp
GB 185.77.97.120:443 remaxeasy.com tcp
US 67.20.115.50:443 remax4win.com tcp
IN 143.244.139.106:443 thempwire.com tcp
US 64.31.43.186:80 thehordey.com tcp
US 66.235.200.147:443 thewebish.com tcp
US 8.8.8.8:53 4.234.68.34.in-addr.arpa udp
US 8.8.8.8:53 201.2.72.62.in-addr.arpa udp
US 8.8.8.8:53 65.114.64.186.in-addr.arpa udp
US 8.8.8.8:53 152.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 142.100.198.88.in-addr.arpa udp
US 8.8.8.8:53 200.121.12.49.in-addr.arpa udp
US 8.8.8.8:53 186.150.97.208.in-addr.arpa udp
US 8.8.8.8:53 43.159.19.81.in-addr.arpa udp
US 8.8.8.8:53 120.97.77.185.in-addr.arpa udp
US 8.8.8.8:53 thicwitit.com udp
SG 217.21.72.248:443 rfidlinen.com tcp
IN 154.41.233.144:443 thewebpag.com tcp
US 162.241.170.179:443 thelhview.com tcp
BR 177.11.50.82:443 revitavit.com tcp
US 8.8.8.8:53 tinnituss.com udp
US 8.8.8.8:53 toddstile.com udp
US 35.81.52.103:443 toddstile.com tcp
US 172.67.203.199:443 tinnituss.com tcp
US 66.235.200.146:80 thicwitit.com tcp
US 8.8.8.8:53 eastafricajobcenter.com udp
US 8.8.8.8:53 www.goizargizumelzucoach.com udp
US 8.8.8.8:53 www.palmbaydentistrycare.com udp
US 8.8.8.8:53 www.kharepackersandmovers.com udp
US 8.8.8.8:53 kidsinmotiontherapies.com udp
US 104.21.20.159:443 kidsinmotiontherapies.com tcp
US 162.254.39.100:443 eastafricajobcenter.com tcp
ES 185.156.219.125:443 www.goizargizumelzucoach.com tcp
US 8.8.8.8:53 50.115.20.67.in-addr.arpa udp
US 8.8.8.8:53 106.139.244.143.in-addr.arpa udp
US 8.8.8.8:53 186.43.31.64.in-addr.arpa udp
US 8.8.8.8:53 144.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 179.170.241.162.in-addr.arpa udp
US 8.8.8.8:53 82.50.11.177.in-addr.arpa udp
US 8.8.8.8:53 248.72.21.217.in-addr.arpa udp
US 8.8.8.8:53 103.52.81.35.in-addr.arpa udp
US 8.8.8.8:53 199.203.67.172.in-addr.arpa udp
US 8.8.8.8:53 146.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 kindredconnectionstuc.com udp
US 8.8.8.8:53 klondikesolitaireplay.com udp
US 8.8.8.8:53 ladistribuidorafloral.com udp
US 8.8.8.8:53 krsmaindianrestaurant.com udp
IN 103.212.121.75:443 www.kharepackersandmovers.com tcp
US 70.32.23.62:443 www.palmbaydentistrycare.com tcp
US 8.8.8.8:53 lasvegascasinosufabet.com udp
US 8.8.8.8:53 lawyer-truck-accident.com udp
US 8.8.8.8:53 leopoldodeonlinesells.com udp
US 8.8.8.8:53 lot35palmbeachforsale.com udp
US 8.8.8.8:53 localbiznessdirectory.com udp
US 8.8.8.8:53 lovelypuppiescomplexe.com udp
US 8.8.8.8:53 rabitaclubdemarrakech.com udp
US 8.8.8.8:53 gardenaromarestaurant.com udp
US 8.8.8.8:53 gestionimmobilieresls.com udp
US 8.8.8.8:53 getmachupicchutickets.com udp
US 162.144.15.124:443 krsmaindianrestaurant.com tcp
US 160.153.0.56:443 kindredconnectionstuc.com tcp
US 8.8.8.8:53 159.20.21.104.in-addr.arpa udp
US 8.8.8.8:53 100.39.254.162.in-addr.arpa udp
US 8.8.8.8:53 125.219.156.185.in-addr.arpa udp
US 8.8.8.8:53 prime-consultoria.com.mx udp
US 157.230.0.88:443 klondikesolitaireplay.com tcp
AR 200.58.112.237:443 ladistribuidorafloral.com tcp
US 104.21.59.127:443 lasvegascasinosufabet.com tcp
US 74.208.236.88:443 localbiznessdirectory.com tcp
RU 91.215.85.51:443 lovelypuppiescomplexe.com tcp
US 8.8.8.8:53 giwoneducationallinks.com udp
US 8.8.8.8:53 globallogistics-cargo.com udp
US 104.21.57.208:443 lawyer-truck-accident.com tcp
US 8.8.8.8:53 getthespecialoftheday.com udp
US 8.8.8.8:53 www.tinnituss.com udp
US 173.236.193.181:443 gestionimmobilieresls.com tcp
FI 95.217.5.229:443 recaptcha.cloud tcp
US 50.87.216.15:443 leopoldodeonlinesells.com tcp
US 8.8.8.8:53 globalscholarsconnect.com udp
US 162.0.229.168:443 rabitaclubdemarrakech.com tcp
US 195.179.238.65:443 getmachupicchutickets.com tcp
US 162.241.219.29:443 lot35palmbeachforsale.com tcp
US 8.8.8.8:53 www.grandemosqueemamelles.com udp
US 8.8.8.8:53 62.23.32.70.in-addr.arpa udp
US 8.8.8.8:53 75.121.212.103.in-addr.arpa udp
US 8.8.8.8:53 56.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 124.15.144.162.in-addr.arpa udp
IN 68.178.149.40:443 gardenaromarestaurant.com tcp
US 104.37.183.1:443 prime-consultoria.com.mx tcp
ZA 102.130.122.231:443 globalscholarsconnect.com tcp
GB 154.49.138.172:443 giwoneducationallinks.com tcp
US 104.21.22.92:443 www.tinnituss.com tcp
US 8.8.8.8:53 guerriers-guerisseurs.com udp
US 8.8.8.8:53 smartlinkconnectivity.com udp
US 8.8.8.8:53 shinemakerrugcleaning.com udp
US 8.8.8.8:53 silvertopgraphicsdev3.com udp
US 8.8.8.8:53 smartgreeninnovations.com udp
GB 31.22.4.60:443 globallogistics-cargo.com tcp
US 162.241.203.140:443 getthespecialoftheday.com tcp
US 8.8.8.8:53 somewhatawesomewashes.com udp
US 206.189.233.179:443 shinemakerrugcleaning.com tcp
US 65.61.8.110:443 silvertopgraphicsdev3.com tcp
FR 51.91.236.193:443 guerriers-guerisseurs.com tcp
US 198.54.115.24:443 shrooqalshamstoursuae.com tcp
US 148.72.122.188:443 smartlinkconnectivity.com tcp
US 8.8.8.8:53 88.0.230.157.in-addr.arpa udp
US 8.8.8.8:53 127.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 208.57.21.104.in-addr.arpa udp
US 8.8.8.8:53 51.85.215.91.in-addr.arpa udp
US 8.8.8.8:53 88.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 237.112.58.200.in-addr.arpa udp
US 8.8.8.8:53 181.193.236.173.in-addr.arpa udp
US 8.8.8.8:53 65.238.179.195.in-addr.arpa udp
US 8.8.8.8:53 15.216.87.50.in-addr.arpa udp
US 8.8.8.8:53 168.229.0.162.in-addr.arpa udp
US 8.8.8.8:53 29.219.241.162.in-addr.arpa udp
US 8.8.8.8:53 1.183.37.104.in-addr.arpa udp
US 8.8.8.8:53 92.22.21.104.in-addr.arpa udp
US 8.8.8.8:53 172.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 60.4.22.31.in-addr.arpa udp
US 8.8.8.8:53 socialufabetaffiliate.com udp
US 63.250.43.134:443 smartgreeninnovations.com tcp
US 162.241.2.93:443 smartshoppingemporium.com tcp
US 8.8.8.8:53 spinamusementscapital.com udp
US 8.8.8.8:53 spreaddentalmarketing.com udp
US 8.8.8.8:53 strongprintpublishing.com udp
US 8.8.8.8:53 studiolegalestrambini.com udp
US 8.8.8.8:53 synrcosurgicaltrading.com udp
US 8.8.8.8:53 sunnyrehmanijewellers.com udp
US 35.83.159.219:443 somewhatawesomewashes.com tcp
US 104.21.28.14:443 socialufabetaffiliate.com tcp
US 8.8.8.8:53 www.tapandpaysolutionsltd.com udp
US 172.67.215.185:443 strongprintpublishing.com tcp
US 185.212.71.74:443 synrcosurgicaltrading.com tcp
US 154.49.142.38:443 sunnyrehmanijewellers.com tcp
US 173.254.1.247:443 spinamusementscapital.com tcp
US 8.8.8.8:53 tdsantiqueufabetchips.com udp
US 156.67.68.171:443 spreaddentalmarketing.com tcp
US 8.8.8.8:53 231.122.130.102.in-addr.arpa udp
US 8.8.8.8:53 140.203.241.162.in-addr.arpa udp
US 8.8.8.8:53 179.233.189.206.in-addr.arpa udp
US 8.8.8.8:53 110.8.61.65.in-addr.arpa udp
US 8.8.8.8:53 24.115.54.198.in-addr.arpa udp
US 8.8.8.8:53 93.2.241.162.in-addr.arpa udp
US 8.8.8.8:53 134.43.250.63.in-addr.arpa udp
US 8.8.8.8:53 14.28.21.104.in-addr.arpa udp
DE 172.105.250.34:443 studiolegalestrambini.com tcp
GB 185.199.220.50:443 www.tapandpaysolutionsltd.com tcp
US 8.8.8.8:53 technoshiftinnovation.com udp
US 172.67.194.251:443 tdsantiqueufabetchips.com tcp
US 8.8.8.8:53 staging.silvertopgraphicsdev3.com udp
US 8.8.8.8:53 thecoachingsisterhood.com udp
US 8.8.8.8:53 thegirlstheintroverts.com udp
US 108.179.253.44:443 thebestishereofficial.com tcp
US 65.61.8.110:443 staging.silvertopgraphicsdev3.com tcp
US 198.54.125.253:443 thecoachingsisterhood.com tcp
US 8.8.8.8:53 thehairlossretoration.com udp
US 8.8.8.8:53 thehomesteadoriginals.com udp
US 8.8.8.8:53 therealdealbatesville.com udp
IN 103.92.235.64:443 technoshiftinnovation.com tcp
US 8.8.8.8:53 tiffanysibajaelizondo.com udp
US 8.8.8.8:53 thetraveliciousfoodie.com udp
US 66.235.200.145:80 thegirlstheintroverts.com tcp
US 8.8.8.8:53 toolsofdigitalsuccess.com udp
US 8.8.8.8:53 219.159.83.35.in-addr.arpa udp
US 8.8.8.8:53 185.215.67.172.in-addr.arpa udp
US 8.8.8.8:53 50.220.199.185.in-addr.arpa udp
US 8.8.8.8:53 34.250.105.172.in-addr.arpa udp
US 8.8.8.8:53 247.1.254.173.in-addr.arpa udp
US 8.8.8.8:53 74.71.212.185.in-addr.arpa udp
US 8.8.8.8:53 38.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 251.194.67.172.in-addr.arpa udp
US 8.8.8.8:53 171.68.67.156.in-addr.arpa udp
US 8.8.8.8:53 44.253.179.108.in-addr.arpa udp
US 63.250.43.132:80 thehomesteadoriginals.com tcp
US 50.87.253.68:443 thetraveliciousfoodie.com tcp
US 8.8.8.8:53 tourisme-sud-tunisien.com udp
US 8.8.8.8:53 triunedeityministries.com udp
US 8.8.8.8:53 truyenthongtruyenhinh.com udp
US 8.8.8.8:53 www.uappalasportingpicchi.com udp
US 8.8.8.8:53 underrecruitedathlete.com udp
BR 154.56.48.35:443 thehairlossretoration.com tcp
US 96.43.139.18:443 therealdealbatesville.com tcp
LU 198.251.88.24:443 tiffanysibajaelizondo.com tcp
US 104.21.6.248:443 thehealthyandwealthyu.com tcp
US 8.8.8.8:53 vailmountainbikecamps.com udp
US 8.8.8.8:53 vanchuyenhangdicondao.com udp
US 8.8.8.8:53 valleyvillagedadsclub.com udp
US 8.8.8.8:53 vanchuyenhanghoadilao.com udp
US 8.8.8.8:53 ventetracteur.ca udp
US 8.8.8.8:53 venda-oficial-digital.com udp
US 82.180.172.144:443 toolsofdigitalsuccess.com tcp
US 74.208.236.219:443 underrecruitedathlete.com tcp
US 8.8.8.8:53 virtualinternetufabet.com udp
US 8.8.8.8:53 www.walkertraveleducation.com udp
US 8.8.8.8:53 wanderandwonderstruck.com udp
FR 51.83.41.3:443 tourisme-sud-tunisien.com tcp
IT 89.46.107.251:443 www.uappalasportingpicchi.com tcp
US 160.153.0.38:443 triunedeityministries.com tcp
US 8.8.8.8:53 weiss-serviceberatung.com udp
US 8.8.8.8:53 worldsoundtranslation.com udp
US 8.8.8.8:53 64.235.92.103.in-addr.arpa udp
US 8.8.8.8:53 68.253.87.50.in-addr.arpa udp
US 8.8.8.8:53 253.125.54.198.in-addr.arpa udp
US 8.8.8.8:53 35.48.56.154.in-addr.arpa udp
US 8.8.8.8:53 18.139.43.96.in-addr.arpa udp
US 8.8.8.8:53 248.6.21.104.in-addr.arpa udp
US 172.67.161.11:443 truyenthongtruyenhinh.com tcp
BR 154.49.247.193:443 venda-oficial-digital.com tcp
US 106.0.62.80:443 valleyvillagedadsclub.com tcp
US 50.87.226.64:443 ventetracteur.ca tcp
US 199.250.206.91:443 vailmountainbikecamps.com tcp
US 104.21.66.172:443 virtualinternetufabet.com tcp
US 50.87.171.154:80 wanderandwonderstruck.com tcp
US 8.8.8.8:53 www.guerriers-guerisseurs.com udp
US 8.8.8.8:53 www.worship-china-service.com udp
US 8.8.8.8:53 yellvillelandclearing.com udp
US 8.8.8.8:53 y3sistemasysoluciones.com udp
US 8.8.8.8:53 shanghaipacificleather.com udp
US 8.8.8.8:53 www.uappalapicchicalcio.com udp
US 8.8.8.8:53 www.shinemakerrugcleaning.com udp
VN 202.92.4.51:443 vanchuyenhanghoadilao.com tcp
US 162.241.203.45:443 worldsoundtranslation.com tcp
US 66.225.201.23:443 www.walkertraveleducation.com tcp
VN 103.57.222.18:443 vanchuyenhangdicondao.com tcp
US 206.189.233.179:443 www.shinemakerrugcleaning.com tcp
IT 89.46.106.69:443 www.uappalapicchicalcio.com tcp
US 8.8.8.8:53 shopmichiganhealthcare.com udp
US 8.8.8.8:53 www.thecoachingsisterhood.com udp
US 8.8.8.8:53 sharpsdigitalmarketing.com udp
US 8.8.8.8:53 38.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 3.41.83.51.in-addr.arpa udp
US 8.8.8.8:53 251.107.46.89.in-addr.arpa udp
US 8.8.8.8:53 144.172.180.82.in-addr.arpa udp
US 8.8.8.8:53 219.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 11.161.67.172.in-addr.arpa udp
US 8.8.8.8:53 193.247.49.154.in-addr.arpa udp
US 8.8.8.8:53 172.66.21.104.in-addr.arpa udp
US 8.8.8.8:53 91.206.250.199.in-addr.arpa udp
US 8.8.8.8:53 64.226.87.50.in-addr.arpa udp
US 8.8.8.8:53 80.62.0.106.in-addr.arpa udp
US 8.8.8.8:53 45.203.241.162.in-addr.arpa udp
US 8.8.8.8:53 23.201.225.66.in-addr.arpa udp
US 8.8.8.8:53 skyunlimitedenterprise.com udp
US 8.8.8.8:53 socialufabetaffiliates.com udp
FR 92.205.13.20:443 y3sistemasysoluciones.com tcp
US 192.254.186.135:443 www.worship-china-service.com tcp
FR 51.91.236.193:443 www.guerriers-guerisseurs.com tcp
SG 45.80.183.107:443 shanghaipacificleather.com tcp
US 104.21.9.42:443 yellvillelandclearing.com tcp
US 8.8.8.8:53 stockinvestinginsights.com udp
US 198.54.125.253:443 www.thecoachingsisterhood.com tcp
US 35.232.96.238:443 shopmichiganhealthcare.com tcp
US 172.67.218.41:443 socialufabetaffiliates.com tcp
US 8.8.8.8:53 thearbitragecollective.com udp
US 141.193.213.10:443 skyunlimitedenterprise.com tcp
US 8.8.8.8:53 www.thebrighthousecleaning.com udp
US 8.8.8.8:53 theemotionalexperience.com udp
US 8.8.8.8:53 thevintageshopclothing.com udp
US 8.8.8.8:53 tomcunninghammediation.com udp
US 8.8.8.8:53 transforminglivestoday.com udp
US 195.179.238.247:443 sharpsdigitalmarketing.com tcp
NL 45.82.188.40:443 stockinvestinginsights.com tcp
US 8.8.8.8:53 transitiontotechafrica.com udp
FR 52.84.45.7:443 www.thebrighthousecleaning.com tcp
US 8.8.8.8:53 51.4.92.202.in-addr.arpa udp
US 8.8.8.8:53 18.222.57.103.in-addr.arpa udp
US 8.8.8.8:53 69.106.46.89.in-addr.arpa udp
US 8.8.8.8:53 42.9.21.104.in-addr.arpa udp
US 8.8.8.8:53 135.186.254.192.in-addr.arpa udp
US 8.8.8.8:53 107.183.80.45.in-addr.arpa udp
US 8.8.8.8:53 41.218.67.172.in-addr.arpa udp
FR 216.137.52.27:443 thearbitragecollective.com tcp
US 8.8.8.8:53 traveldestinationsasia.com udp
US 173.254.30.113:443 thevintageshopclothing.com tcp
FR 94.23.73.16:443 theemotionalexperience.com tcp
US 104.21.74.157:443 transitiontotechafrica.com tcp
US 209.182.214.22:443 tomcunninghammediation.com tcp
US 8.8.8.8:53 tudomaispersonalizados.com udp
US 8.8.8.8:53 unitedtastesofcalcutta.com udp
US 8.8.8.8:53 universalfinancialnews.com udp
US 192.185.211.39:443 transforminglivestoday.com tcp
US 8.8.8.8:53 vanchuyenhangdiphuquoc.com udp
US 162.241.24.158:443 traveldestinationsasia.com tcp
US 67.223.118.104:80 universalfinancialnews.com tcp
IN 119.18.49.75:443 unitedtastesofcalcutta.com tcp
US 8.8.8.8:53 velvetvibebeautyparlor.com udp
BR 154.56.48.55:443 tudomaispersonalizados.com tcp
VN 103.57.221.19:443 vanchuyenhangdiphuquoc.com tcp
US 172.67.170.69:443 velvetvibebeautyparlor.com tcp
US 8.8.8.8:53 wdadvertisinganddesign.com udp
US 8.8.8.8:53 40.188.82.45.in-addr.arpa udp
US 8.8.8.8:53 238.96.232.35.in-addr.arpa udp
US 8.8.8.8:53 7.45.84.52.in-addr.arpa udp
US 8.8.8.8:53 romanostromboli.com udp
US 8.8.8.8:53 27.52.137.216.in-addr.arpa udp
US 8.8.8.8:53 16.73.23.94.in-addr.arpa udp
US 8.8.8.8:53 157.74.21.104.in-addr.arpa udp
US 8.8.8.8:53 22.214.182.209.in-addr.arpa udp
US 8.8.8.8:53 39.211.185.192.in-addr.arpa udp
US 8.8.8.8:53 113.30.254.173.in-addr.arpa udp
US 8.8.8.8:53 158.24.241.162.in-addr.arpa udp
US 8.8.8.8:53 104.118.223.67.in-addr.arpa udp
US 8.8.8.8:53 75.49.18.119.in-addr.arpa udp
US 8.8.8.8:53 55.48.56.154.in-addr.arpa udp
US 8.8.8.8:53 westknoxsafeandstorage.com udp
US 8.8.8.8:53 whatwouldyoudoforabeer.com udp
US 8.8.8.8:53 williamphillipanderson.com udp
US 8.8.8.8:53 wolfpackwrestlingcamps.com udp
US 8.8.8.8:53 hotrokekhaithuemienphi.com udp
US 8.8.8.8:53 hire-berkshirehathaway.com udp
US 8.8.8.8:53 www.ecoturismeterraalta.com udp
US 8.8.8.8:53 cambiumx.com udp
US 8.8.8.8:53 www.car-take.com udp
US 8.8.8.8:53 cartslys.com udp
US 54.208.164.230:443 romanostromboli.com tcp
US 67.223.118.104:443 universalfinancialnews.com tcp
US 8.8.8.8:53 www.cat-deal.com udp
US 8.8.8.8:53 www.hk-front.com udp
US 8.8.8.8:53 heaven29.com udp
US 8.8.8.8:53 www.homes-jk.com udp
US 66.235.200.147:443 wdadvertisinganddesign.com tcp
US 162.241.217.72:443 wolfpackwrestlingcamps.com tcp
US 8.8.8.8:53 69.170.67.172.in-addr.arpa udp
US 8.8.8.8:53 19.221.57.103.in-addr.arpa udp
US 74.208.236.68:443 westknoxsafeandstorage.com tcp
ID 202.52.146.246:443 warisanherbalnusantara.com tcp
US 162.241.216.80:443 williamphillipanderson.com tcp
US 162.241.194.117:443 whatwouldyoudoforabeer.com tcp
US 8.8.8.8:53 i-sunads.com udp
US 8.8.8.8:53 iclickhq.com udp
IR 185.159.153.58:80 www.car-take.com tcp
VN 112.213.89.38:443 hotrokekhaithuemienphi.com tcp
US 8.8.8.8:53 www.imagidis.com udp
ES 134.0.10.143:443 www.ecoturismeterraalta.com tcp
ES 188.164.194.213:443 cambiumx.com tcp
US 8.8.8.8:53 indoguns.com udp
CN 42.171.229.177:443 www.busbyrio.com tcp
US 62.72.25.85:443 cartslys.com tcp
US 172.67.206.111:443 www.cat-deal.com tcp
US 8.8.8.8:53 infobuja.com udp
KR 183.111.138.237:443 www.homes-jk.com tcp
US 8.8.8.8:53 infolati.com udp
US 8.8.8.8:53 72.217.241.162.in-addr.arpa udp
US 8.8.8.8:53 68.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 143.10.0.134.in-addr.arpa udp
US 8.8.8.8:53 213.194.164.188.in-addr.arpa udp
US 8.8.8.8:53 80.216.241.162.in-addr.arpa udp
US 8.8.8.8:53 117.194.241.162.in-addr.arpa udp
US 8.8.8.8:53 58.153.159.185.in-addr.arpa udp
US 8.8.8.8:53 111.206.67.172.in-addr.arpa udp
US 8.8.8.8:53 230.164.208.54.in-addr.arpa udp
KR 183.111.183.51:80 heaven29.com tcp
US 50.31.188.124:443 www.imagidis.com tcp
US 66.235.200.251:443 i-sunads.com tcp
US 8.8.8.8:53 inzakang.com udp
US 8.8.8.8:53 iptvhand.com udp
ID 103.131.51.31:443 indoguns.com tcp
US 8.8.8.8:53 itisshan.com udp
US 8.8.8.8:53 janasaul.com udp
US 8.8.8.8:53 johargas.com udp
US 8.8.8.8:53 katviral.com udp
US 8.8.8.8:53 www.kapateam.com udp
US 8.8.8.8:53 kazatoru.com udp
HK 219.234.31.161:80 www.hk-front.com tcp
SG 68.183.178.47:443 infobuja.com tcp
US 8.8.8.8:53 jxchains.com udp
US 104.21.40.27:443 infolati.com tcp
US 8.8.8.8:53 kbn-shop.com udp
US 8.8.8.8:53 85.25.72.62.in-addr.arpa udp
US 8.8.8.8:53 237.138.111.183.in-addr.arpa udp
US 8.8.8.8:53 251.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 124.188.31.50.in-addr.arpa udp
US 8.8.8.8:53 51.183.111.183.in-addr.arpa udp
US 104.152.109.72:443 itisshan.com tcp
US 162.0.209.152:443 iptvhand.com tcp
US 162.0.229.63:443 katviral.com tcp
US 104.21.37.200:443 janasaul.com tcp
US 172.67.192.218:443 johargas.com tcp
US 8.8.8.8:53 keenstor.com udp
US 8.8.8.8:53 korapply.com udp
JP 160.251.71.118:443 kazatoru.com tcp
US 50.31.188.124:443 www.kapateam.com tcp
US 45.56.95.147:443 jxchains.com tcp
US 162.213.251.101:443 kbn-shop.com tcp
KR 183.111.199.222:80 inzakang.com tcp
US 8.8.8.8:53 kozykubz.com udp
US 8.8.8.8:53 leedahxo.com udp
US 8.8.8.8:53 www.kydagame.com udp
US 8.8.8.8:53 leucelia.com udp
US 8.8.8.8:53 www.levenola.com udp
US 104.21.65.90:443 kozykubz.com tcp
US 8.8.8.8:53 liiliian.com udp
US 8.8.8.8:53 31.51.131.103.in-addr.arpa udp
US 8.8.8.8:53 40.173.79.40.in-addr.arpa udp
US 8.8.8.8:53 27.40.21.104.in-addr.arpa udp
US 8.8.8.8:53 47.178.183.68.in-addr.arpa udp
US 8.8.8.8:53 161.31.234.219.in-addr.arpa udp
US 8.8.8.8:53 72.109.152.104.in-addr.arpa udp
US 8.8.8.8:53 200.37.21.104.in-addr.arpa udp
US 8.8.8.8:53 218.192.67.172.in-addr.arpa udp
US 8.8.8.8:53 152.209.0.162.in-addr.arpa udp
US 104.21.33.174:443 leedahxo.com tcp
US 104.21.28.148:443 www.kydagame.com tcp
SG 134.209.98.180:443 keenstor.com tcp
KR 117.52.89.197:80 korapply.com tcp
FR 109.234.164.75:443 leucelia.com tcp
US 172.67.176.74:443 www.levenola.com tcp
US 8.8.8.8:53 linhgiac.com udp
US 8.8.8.8:53 www.lsr-luft.de udp
US 8.8.8.8:53 lubtexco.com udp
US 104.21.87.29:443 lojadrex.com tcp
US 8.8.8.8:53 lumidoka.com udp
US 8.8.8.8:53 www.lumoquip.com udp
US 8.8.8.8:53 mafviral.com udp
GB 154.49.138.110:443 linhgiac.com tcp
KR 117.52.89.197:80 korapply.com tcp
US 8.8.8.8:53 147.95.56.45.in-addr.arpa udp
US 8.8.8.8:53 101.251.213.162.in-addr.arpa udp
US 8.8.8.8:53 118.71.251.160.in-addr.arpa udp
US 8.8.8.8:53 222.199.111.183.in-addr.arpa udp
US 8.8.8.8:53 90.65.21.104.in-addr.arpa udp
US 8.8.8.8:53 174.33.21.104.in-addr.arpa udp
US 8.8.8.8:53 74.176.67.172.in-addr.arpa udp
US 8.8.8.8:53 180.98.209.134.in-addr.arpa udp
US 8.8.8.8:53 75.164.234.109.in-addr.arpa udp
US 8.8.8.8:53 197.89.52.117.in-addr.arpa udp
US 8.8.8.8:53 marcearl.com udp
US 162.0.229.63:443 katviral.com tcp
US 8.8.8.8:53 meankown.com udp
GB 185.77.97.28:443 www.lookatyu.com tcp
VN 103.221.221.39:443 lubtexco.com tcp
DE 94.130.184.17:443 www.lsr-luft.de tcp
US 8.8.8.8:53 mileojet.com udp
US 104.21.54.57:443 www.lumoquip.com tcp
US 165.22.13.126:443 lumidoka.com tcp
US 8.8.8.8:53 menusset.com udp
US 8.8.8.8:53 mueblive.com udp
US 23.105.221.135:443 meankown.com tcp
US 8.8.8.8:53 mujerpan.com udp
US 104.21.28.7:443 marcearl.com tcp
US 8.8.8.8:53 illumixco.com udp
US 8.8.8.8:53 imperlaje.com udp
US 172.67.154.168:443 mileojet.com tcp
US 63.250.43.16:80 mistyscc.com tcp
DE 217.160.0.230:443 menusset.com tcp
US 8.8.8.8:53 indoorgem.com udp
US 8.8.8.8:53 infogultd.com udp
US 8.8.8.8:53 29.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 110.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 28.97.77.185.in-addr.arpa udp
US 8.8.8.8:53 17.184.130.94.in-addr.arpa udp
US 8.8.8.8:53 57.54.21.104.in-addr.arpa udp
US 8.8.8.8:53 126.13.22.165.in-addr.arpa udp
US 8.8.8.8:53 39.221.221.103.in-addr.arpa udp
US 8.8.8.8:53 135.221.105.23.in-addr.arpa udp
US 8.8.8.8:53 ingridtol.com udp
US 8.8.8.8:53 qufakd4842.mycafe24.com udp
US 8.8.8.8:53 lookatyu.com udp
US 68.183.154.32:443 mujerpan.com tcp
US 8.8.8.8:53 investxid.com udp
ID 103.142.21.66:443 maorumah.com tcp
US 8.8.8.8:53 iriafilms.com udp
US 172.67.148.50:443 mueblive.com tcp
SG 128.199.222.17:443 mkdkblog.com tcp
US 8.8.8.8:53 ishoppeja.com udp
US 162.241.3.30:443 imperlaje.com tcp
US 104.21.61.13:443 ingridtol.com tcp
US 173.254.104.65:443 indoorgem.com tcp
US 172.67.210.221:80 investxid.com tcp
KR 183.111.183.51:80 qufakd4842.mycafe24.com tcp
GB 154.49.138.216:443 lookatyu.com tcp
US 172.67.169.18:443 infogultd.com tcp
US 8.8.8.8:53 j36casino.com udp
US 8.8.8.8:53 iteachapp.com udp
US 8.8.8.8:53 jahanallc.com udp
FR 92.205.13.40:443 iriafilms.com tcp
US 209.17.116.165:80 ishoppeja.com tcp
US 8.8.8.8:53 janetpeel.com udp
US 8.8.8.8:53 7.28.21.104.in-addr.arpa udp
US 8.8.8.8:53 168.154.67.172.in-addr.arpa udp
US 8.8.8.8:53 230.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 50.148.67.172.in-addr.arpa udp
US 8.8.8.8:53 32.154.183.68.in-addr.arpa udp
US 8.8.8.8:53 16.43.250.63.in-addr.arpa udp
US 8.8.8.8:53 30.3.241.162.in-addr.arpa udp
US 8.8.8.8:53 17.222.199.128.in-addr.arpa udp
US 8.8.8.8:53 66.21.142.103.in-addr.arpa udp
US 8.8.8.8:53 13.61.21.104.in-addr.arpa udp
US 8.8.8.8:53 65.104.254.173.in-addr.arpa udp

Files

memory/2888-1-0x0000000001CA0000-0x0000000001DA0000-memory.dmp

memory/2888-2-0x0000000003770000-0x000000000377B000-memory.dmp

memory/2888-3-0x0000000000400000-0x0000000001A2B000-memory.dmp

memory/3472-4-0x0000000000980000-0x0000000000996000-memory.dmp

memory/2888-5-0x0000000000400000-0x0000000001A2B000-memory.dmp

memory/2888-8-0x0000000003770000-0x000000000377B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\C505.exe

MD5 398ab69b1cdc624298fbc00526ea8aca
SHA1 b2c76463ae08bb3a08accfcbf609ec4c2a9c0821
SHA256 ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be
SHA512 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739

memory/4544-17-0x00000000037A0000-0x0000000003960000-memory.dmp

memory/4544-18-0x0000000003A90000-0x0000000003C47000-memory.dmp

memory/2216-19-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2216-21-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\C505.exe

MD5 aa4d2da41beb1cff9d5e8976a6614c9b
SHA1 55220085d0eadc5801f11d13a42407abb18164ec
SHA256 070358003d65fc59726a1c10c5f12ace47a20891037abc050e63a746b61a86f7
SHA512 28d1884ae99281e8dd87d19b3a321741a8473c069531a5afdce52dc0dbd010e0af8cdb1b29d8af601b2eabb00be7a622aa35a385d5d711951a3ed35dea4d445f

memory/2216-22-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2216-23-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CD82.dll

MD5 9b1697d40dfd386fdd7e9327844f301a
SHA1 e75defb119e2c7b7d3f75ab70a100ec504af5ebf
SHA256 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d
SHA512 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69

memory/2216-26-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2216-27-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CD82.dll

MD5 cd9252ba97e54a4425be872512fb1c90
SHA1 0f3c5d795fe6a62337c518348bf2dea84420ccb0
SHA256 edf95d4b4f57a1bfa2b17f5f677c09e878aaa756086304dd369c43b4074f6ea1
SHA512 7f505cb8a42a52faad1ac690bdfd70c98fd51b1bd5cd9cf79e132aacde30c62a11a72c37c12f6b4d6df088d530647b8b11ab87ed31e5b6aa493c889b951016c3

memory/2216-30-0x0000000010000000-0x0000000010202000-memory.dmp

memory/1472-35-0x0000000000980000-0x0000000000986000-memory.dmp

memory/2216-31-0x0000000000B60000-0x0000000000B66000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E37C.exe

MD5 f9dfad37321a3366ef3f3d4de3c9692b
SHA1 cdd16f32498a5596c1b11af89c41a782308d1143
SHA256 34ccb9a856a8b9fc6448030518d69af5e518bdbc76a2a63ce976020d3187593d
SHA512 bec84ce05eca34b9d874e7730dd1c778b76a57b2bb4315231b6a3e0a9a2394cf3f1d8afbe37c886c754b019e3b56f153db9aa4f1fda40a032c91d4dbe78f2e74

C:\Users\Admin\AppData\Local\Temp\E37C.exe

MD5 545ea65be2741bfa7cf40f26b56a9d4a
SHA1 06d208f6ef7be414314654348156599e50f68e08
SHA256 4660b3fb8b75d479637b17fb36f40106c49a622b9bfb75fc1d261aa94b9089fe
SHA512 0d9f0eff748f46e8800dc6dbfdefcc485ce7bc1743e9fef06957aec166181605fe199d8901e7cc2013c12951277a772684b92bb7d8b900c22987ca06a6c0044a

C:\Users\Admin\AppData\Local\Temp\E811.exe

MD5 a1b5ee1b9649ab629a7ac257e2392f8d
SHA1 dc1b14b6d57589440fb3021c9e06a3e3191968dc
SHA256 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65
SHA512 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b

memory/756-45-0x0000000000DC0000-0x0000000000DC1000-memory.dmp

memory/756-46-0x0000000000EB0000-0x00000000017A1000-memory.dmp

memory/4156-49-0x0000000001C00000-0x0000000001D00000-memory.dmp

memory/4156-47-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/4156-51-0x00000000036C0000-0x000000000372B000-memory.dmp

memory/756-52-0x0000000000DD0000-0x0000000000E02000-memory.dmp

memory/756-53-0x0000000000DD0000-0x0000000000E02000-memory.dmp

memory/756-54-0x0000000000DD0000-0x0000000000E02000-memory.dmp

memory/756-55-0x0000000000DD0000-0x0000000000E02000-memory.dmp

memory/2216-56-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\F5CE.exe

MD5 8cd6b6903ff5b0ed65a3c090d7f9a248
SHA1 f95f22506fb6e47caf5ec933ca81ee01cd59dacb
SHA256 316dc6faed94ef405e8b91f1b869ca72215dc776f77a0a0d4a88bcf19f5c7ea0
SHA512 9ebd5299a431de9c8c1e1c72507a765a8b4b37e901d801924a0eeb3881d5d1bc656c4a1cd16365ff10a5ea7ad6199b9b56e94b9b4ae914436dd0f7f45deb3eee

C:\Users\Admin\AppData\Local\Temp\F5CE.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1472-62-0x0000000010000000-0x0000000010202000-memory.dmp

memory/4852-63-0x0000000000470000-0x00000000008FC000-memory.dmp

memory/2216-65-0x0000000002CF0000-0x0000000002E18000-memory.dmp

memory/4852-66-0x0000000074290000-0x0000000074A40000-memory.dmp

memory/1472-64-0x0000000002670000-0x0000000002798000-memory.dmp

memory/1472-68-0x00000000027A0000-0x00000000028AD000-memory.dmp

memory/2216-70-0x0000000002E20000-0x0000000002F2D000-memory.dmp

memory/2216-74-0x0000000002E20000-0x0000000002F2D000-memory.dmp

memory/1472-75-0x00000000027A0000-0x00000000028AD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

MD5 0564a9bf638169a89ccb3820a6b9a58e
SHA1 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb
SHA256 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058
SHA512 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6

C:\Users\Admin\AppData\Local\Temp\FF16.exe

MD5 38617539f3925b6017474f088cc3769a
SHA1 c689b57ab62eac790a204c8231b02bfe0bc243a6
SHA256 defe2d4c932a7ef607e8ef1a643fb57b9c69cbc53b52bf802f9471aae5caef49
SHA512 15d87c6231a8f2115ae3f0f021949d175d3f36735637c7b508a229af5b2a93f70f32e19d9b8e3d1e0fa41bd21ee46ab5d9c6ef630c826afe2210a789e5da53e7

memory/5004-91-0x0000000001CB0000-0x0000000001DB0000-memory.dmp

memory/5004-94-0x00000000036E0000-0x0000000003747000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 0c7b8daa9b09bcdf947a020bf28c2f19
SHA1 738f89f4da5256d14fe11394cf79e42060a7e98b
SHA256 ff0c709f06a8850794f2501c7dc9ce4ffc75f1ab3039218952cd87a067d3d3ff
SHA512 b069ef6d30a5afafc4b4e2632cb4f9da65e58dcedb66706921d85a6be97a024c1e786ec51299ba52668a65fe948d499609aa2b4978fb20738dd0b643d84cbcf6

memory/4852-104-0x0000000074290000-0x0000000074A40000-memory.dmp

memory/5004-105-0x0000000000400000-0x0000000001A4B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 b93108b3671a16cc43cc0fddcfbdba3f
SHA1 214cec6912a00942c3687e8ba25dd4a67edddcfb
SHA256 941245b551e8c714f3c4afb07b61ad39897fa2c541455c6afa693e50d14e492b
SHA512 847a95b66b6d21e5dbc6c15dcad69de98ff378c80034daca676a94abb27dfebf08394dbd03806a3fc435164e8ec3de8f9051885f03b7ac9d26ca2847ba4ba5b0

memory/1472-97-0x00000000027A0000-0x00000000028AD000-memory.dmp

memory/2216-98-0x0000000002E20000-0x0000000002F2D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 e0bda1036cb1e33e6f3a28ea7b0619e2
SHA1 cf20fbd01abfa05f3788ec0166518ed643cd166b
SHA256 a512d49b209b57e575459e34b99872f34b64562c538880f98e83bb51ef2498ce
SHA512 99390d218f88d0b53f67e877da7d90a2e4713012b7a551e771b94b67f6dd6f9118396872e9422a83fa881a673a6f890812206e870e3e352b94f253c07ab08e3b

memory/2340-107-0x0000000003950000-0x0000000003D4B000-memory.dmp

memory/2340-110-0x0000000003E50000-0x000000000473B000-memory.dmp

memory/2340-118-0x0000000000400000-0x0000000001E0F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\u3v0.0.exe

MD5 5c47e4602163dd29a39294b7192f0658
SHA1 268d1bf1f4c8c8b696298f802b95af8bd3891c10
SHA256 5c0b29d51d9b148c8c19ce0efca365ccb1bbe720f634a15897684abbd1dc5d76
SHA512 7baa0359781ba21c378a0fbd37dfcde2d1b0c5a9ce3afcf8db0617f91a49dd552416c90963731798669002eda0a15f2296120cb9307c8cafef18dfdb4a52ad91

C:\Users\Admin\AppData\Local\Temp\u3v0.1.exe

MD5 5b87828ea000c7111084d8beed17175e
SHA1 e8aa3848e39c449051702a333e608fafd2e5330f
SHA256 1a557fae2d39d06392f4bea760fb72c87f0959a7c3ac66865e36f316866f57d3
SHA512 56b0d0e5422b89a4659969f59570962dbb267fde913ed051fbedf3d66653c9c23d15c945a6ae8ce5570af010b3671eb0be085e8afb44c3088def9f423290f385

C:\Users\Admin\AppData\Local\Temp\u3v0.1.exe

MD5 3617a29bd8a5ce15c26c390d950c4269
SHA1 3249c854aafedcf0787ce9f759f451df803afc9c
SHA256 c932561935ced4b282d3e0f7dca8e74b3f073e03966151f96359c815cd25b234
SHA512 a6a355ca6ebbcf334cdba7d5522cb9f3365c0a1ea9eb32806c4a771a544ad21b7425efc839c999a656cf714f1d77c7b48f73248d7976f0c774dcf5dd0ced8366

memory/2216-133-0x0000000000400000-0x0000000000848000-memory.dmp

memory/4156-134-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/4700-135-0x0000000000400000-0x0000000000930000-memory.dmp

memory/2216-137-0x0000000000400000-0x0000000000848000-memory.dmp

memory/4700-136-0x0000000000D00000-0x0000000000D01000-memory.dmp

memory/5004-139-0x0000000000400000-0x0000000001A4B000-memory.dmp

memory/4556-143-0x0000000000400000-0x00000000022D3000-memory.dmp

memory/4556-144-0x00000000025A0000-0x00000000026A0000-memory.dmp

memory/4556-145-0x00000000023F0000-0x00000000023FB000-memory.dmp

memory/2340-146-0x0000000000400000-0x0000000001E0F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 982d86e6224481651e6e47bff114232e
SHA1 0bc788de366cc6a0005a8c4d281781d37703997a
SHA256 767456707586974ac33bb3a61dc4a12b64d1ffcadc21a0430d6ef88b73af40bf
SHA512 86a34151578b8a9975b5d7d957678de231d0cb96dddf951167afd07d2acce27553f4f2b9ee899dcc0cf2613fc8209812f2c74c532a128d6792f65113333392d4

C:\Users\Admin\AppData\Roaming\Temp\Task.bat

MD5 11bb3db51f701d4e42d3287f71a6a43e
SHA1 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86
SHA256 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331
SHA512 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2

memory/3472-157-0x0000000002EF0000-0x0000000002F06000-memory.dmp

memory/2216-161-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1816-162-0x0000000002150000-0x0000000002186000-memory.dmp

memory/4556-159-0x0000000000400000-0x00000000022D3000-memory.dmp

memory/1816-167-0x0000000004DD0000-0x00000000053F8000-memory.dmp

memory/1816-165-0x0000000004790000-0x00000000047A0000-memory.dmp

memory/4700-164-0x0000000000400000-0x0000000000930000-memory.dmp

memory/756-169-0x0000000000EB0000-0x00000000017A1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 c8e14e182d14c76ced299bae435ab28b
SHA1 5e09b067cc573119956127220ae7919acc8846c3
SHA256 2e93d6fae9912232b5a4bb9d9705a27656bce7bf7e763289fba574c275cc5db0
SHA512 a507a2f46b00b0158ca7b9129e184e066cc3daf25a3f29263b5b13cd6ecfbfc591078efa8afafa35808dfd34837e6b30811d6d14ef1e37f6f3d0b5e1860b143e

memory/1816-174-0x0000000004790000-0x00000000047A0000-memory.dmp

memory/1816-172-0x0000000072920000-0x00000000730D0000-memory.dmp

memory/756-177-0x0000000000DD0000-0x0000000000E02000-memory.dmp

memory/4156-176-0x0000000001C00000-0x0000000001D00000-memory.dmp

memory/756-178-0x0000000000DD0000-0x0000000000E02000-memory.dmp

memory/756-179-0x0000000000DD0000-0x0000000000E02000-memory.dmp

memory/756-181-0x0000000000DD0000-0x0000000000E02000-memory.dmp

memory/3092-185-0x0000000003E00000-0x0000000003E27000-memory.dmp

memory/3092-183-0x0000000002420000-0x0000000002520000-memory.dmp

memory/1816-182-0x0000000004C90000-0x0000000004CB2000-memory.dmp

memory/2340-186-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/1816-194-0x0000000004D40000-0x0000000004DA6000-memory.dmp

memory/1816-199-0x0000000005470000-0x00000000054D6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ofkim0d4.fr2.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1816-200-0x00000000055E0000-0x0000000005934000-memory.dmp

memory/3092-203-0x0000000000400000-0x00000000022DA000-memory.dmp

memory/1816-208-0x0000000004880000-0x000000000489E000-memory.dmp

memory/1816-209-0x0000000005B30000-0x0000000005B7C000-memory.dmp

memory/3092-210-0x0000000061E00000-0x0000000061EF3000-memory.dmp

memory/1816-232-0x0000000006C00000-0x0000000006C44000-memory.dmp

memory/2216-244-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1816-253-0x0000000006DA0000-0x0000000006E16000-memory.dmp

memory/1816-255-0x0000000004790000-0x00000000047A0000-memory.dmp

memory/756-259-0x0000000000EB0000-0x00000000017A1000-memory.dmp

memory/1816-263-0x00000000074A0000-0x0000000007B1A000-memory.dmp

memory/1816-267-0x0000000006E40000-0x0000000006E5A000-memory.dmp

C:\ProgramData\nss3.dll

MD5 d57820879867c26d0a12cf705742aea5
SHA1 099ed7e26d3aa905241e223fd562efb4a6da3117
SHA256 ef7ca3616ad339af502d30320b0f297171e259348d2f2dddb4dc2f36f237218c
SHA512 dcccfbac75a5c7f1ab3950a901fa984ae1389d2b6725fc02f0e8f756cb48f38100afa0c9b7859d5b068ead7974c4fd3598273fe7dfdcf969502ab10d27fc83e0

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/1816-285-0x0000000007000000-0x0000000007032000-memory.dmp

memory/1816-289-0x00000000747D0000-0x000000007481C000-memory.dmp

memory/1816-291-0x000000006F600000-0x000000006F954000-memory.dmp

memory/1816-301-0x0000000006FE0000-0x0000000006FFE000-memory.dmp

memory/1816-302-0x0000000007040000-0x00000000070E3000-memory.dmp

memory/1816-305-0x000000007EEA0000-0x000000007EEB0000-memory.dmp

memory/1816-306-0x0000000007130000-0x000000000713A000-memory.dmp

memory/1816-310-0x00000000071F0000-0x0000000007286000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 6ed0423b605c5ae80bc9695cb8c18d1a
SHA1 3062203aae80249f23c2064b2466cdff956453ac
SHA256 f5810d899b09e94142f16a61a762a4aea9eef36070cca208bf3ea49372096f4c
SHA512 42e53ece8999811fbe91ef59660799196f7646959c55298735b85ff31bbbf33e5ac037235be7bee77baa9c0ac2d56cd4504c9b4d29fc0007d171de98d7bbdaaa

C:\ProgramData\Are.docx

MD5 a33e5b189842c5867f46566bdbf7a095
SHA1 e1c06359f6a76da90d19e8fd95e79c832edb3196
SHA256 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454
SHA512 f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

C:\Users\Admin\AppData\Roaming\reivsgs

MD5 5c666aed70980ea1d08ad44459eaacaa
SHA1 800d5a7826018c9ca3093cca18b41989d086a370
SHA256 b5724d1ea8d2a379e0989ab74ab7719ed93d94dee8638b3dc31e53569cc36107
SHA512 fdf44e1c4ee18a8d67334cce30a22cf391ad48ad95c92f858f35e2090cd5cf5029240a2e7bbe4a7a924d75d5c3c9c616115baeb02af08c2c285e46f53312a5fc

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 3d086a433708053f9bf9523e1d87a4e8
SHA1 b3ab5d4f282a4c8fe8c3005b8a557ed5a0e37f28
SHA256 6f8fd1b8d9788ad54eaeee329232187e24b7b43393a01aeba2d6e9675231fb69
SHA512 931ae42b4c68a4507ff2342332b08eb407050d47cf4176137ea022d0f6e513c689e998445a04c6d18d4877391705c586bfce0234632b898d41aaed0957996dfd

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 a243f932f50561a96d7a97546a32b3d8
SHA1 f508265851d9568212f495b72c5afc94bcc8b384
SHA256 f25a2a5efa57c314d53ad7d54db2024049f4231870fd0d6e37f0517f28b6aadd
SHA512 8b015c6564364652e8d2c19c20a135e729e1450e6f20cff315c2b1d924ce8668f6f9e8c5e66f9db1e46273a4ef960297c6c5672e53b2d39b7eb324cd6e509dec

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 cdb70dc039771fcf9e67cc141d6df24d
SHA1 4dcb1fadbaf419515b1268ea89207cc6c7069950
SHA256 421c1a2bc981103c332c94391868a5a519badcd9867a6063b8fc4518596da3f3
SHA512 a1c2096f2657daa625be64b4ecf295d24a5d50c46302fe9a8f1df809ae2a9fe27a0340978cecb8f057cb6eb8ac11236d47717ecd80d894268c4bb9167a28225d

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 67714b94ff22937f555ef0c23681e0a6
SHA1 eb8406fcdbcd78d44b583ea20bfdf4b61a5937e5
SHA256 271c6e7f2e1f968bcf9114d55e9e8536e378d828abaf5471839378468c1b42c7
SHA512 268bb3d2ad88ffca3ca494197c3bce9c3243c0c5f223a36709e2531eaa4280a5e5c478870fb153a8d9ccb787e13413a34eb0d4396735746274b31b228c6230e9

C:\Windows\rss\csrss.exe

MD5 87242b84e5aa10ce234cce1b3d34746e
SHA1 390da1c7d5484a6b645fdc0bb087feffe8c6b7b4
SHA256 e277ad127d7a62431b349fd6d15c15186a57aed74a1aaa88ce3c2530341cc599
SHA512 70844a34724a77a129bdf844b419f906bae6c0db1b42c7a90b1b88cd98f260631cb3394f9fbc05285845c708530ececfc0d42d470571ea70fb29b79334eaddea

C:\Windows\rss\csrss.exe

MD5 e00f2014541006c46bd69677d27eee52
SHA1 3f494dff72105b0c816250437c5051728a8694c3
SHA256 0f083588893441a0fbfa9f548bec90c6b76b5103bdee80602c6cb45b10bdc1e1
SHA512 3755b57e127e58f6156b24975e321613b8f80c776974b04c7c9c7c1a367a474a6fe8668d0ff902a352c6f6c2d9d3930e8f280963f2cea340fce4046053edd8fb