Malware Analysis Report

2024-11-30 05:05

Sample ID 240229-f4ae2afb5v
Target 4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe
SHA256 4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809
Tags
glupteba lumma smokeloader pub1 backdoor discovery dropper loader persistence stealer trojan upx bootkit
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809

Threat Level: Known bad

The file 4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe was found to be: Known bad.

Malicious Activity Summary

glupteba lumma smokeloader pub1 backdoor discovery dropper loader persistence stealer trojan upx bootkit

Glupteba

Lumma Stealer

SmokeLoader

Glupteba payload

Detects executables referencing many varying, potentially fake Windows User-Agents

Detects Windows executables referencing non-Windows User-Agents

Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

UPX dump on OEP (original entry point)

Detects executables Discord URL observed in first stage droppers

Detect binaries embedding considerable number of MFA browser extension IDs.

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Detects executables containing artifacts associated with disabling Widnows Defender

Detects executables containing URLs to raw contents of a Github gist

Downloads MZ/PE file

Contacts a large (704) amount of remote hosts

UPX packed file

Executes dropped EXE

Loads dropped DLL

Deletes itself

Adds Run key to start application

Writes to the Master Boot Record (MBR)

Suspicious use of SetThreadContext

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Checks SCSI registry key(s)

Creates scheduled task(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-29 05:25

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-29 05:25

Reported

2024-02-29 05:29

Platform

win10v2004-20240226-en

Max time kernel

37s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe"

Signatures

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

SmokeLoader

trojan backdoor smokeloader

Detect binaries embedding considerable number of MFA browser extension IDs.

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects Windows executables referencing non-Windows User-Agents

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects executables Discord URL observed in first stage droppers

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects executables containing URLs to raw contents of a Github gist

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects executables containing artifacts associated with disabling Widnows Defender

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects executables referencing many varying, potentially fake Windows User-Agents

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Contacts a large (704) amount of remote hosts

discovery

Downloads MZ/PE file

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\A4FA.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4876 set thread context of 2220 N/A C:\Users\Admin\AppData\Local\Temp\A4FA.exe C:\Users\Admin\AppData\Local\Temp\A4FA.exe

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3448 wrote to memory of 4876 N/A N/A C:\Users\Admin\AppData\Local\Temp\A4FA.exe
PID 3448 wrote to memory of 4876 N/A N/A C:\Users\Admin\AppData\Local\Temp\A4FA.exe
PID 3448 wrote to memory of 4876 N/A N/A C:\Users\Admin\AppData\Local\Temp\A4FA.exe
PID 4876 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\A4FA.exe C:\Users\Admin\AppData\Local\Temp\A4FA.exe
PID 4876 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\A4FA.exe C:\Users\Admin\AppData\Local\Temp\A4FA.exe
PID 4876 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\A4FA.exe C:\Users\Admin\AppData\Local\Temp\A4FA.exe
PID 4876 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\A4FA.exe C:\Users\Admin\AppData\Local\Temp\A4FA.exe
PID 4876 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\A4FA.exe C:\Users\Admin\AppData\Local\Temp\A4FA.exe
PID 4876 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\A4FA.exe C:\Users\Admin\AppData\Local\Temp\A4FA.exe
PID 4876 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\A4FA.exe C:\Users\Admin\AppData\Local\Temp\A4FA.exe
PID 4876 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\A4FA.exe C:\Users\Admin\AppData\Local\Temp\A4FA.exe
PID 3448 wrote to memory of 1516 N/A N/A C:\Windows\system32\regsvr32.exe
PID 3448 wrote to memory of 1516 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1516 wrote to memory of 1224 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1516 wrote to memory of 1224 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1516 wrote to memory of 1224 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3448 wrote to memory of 1372 N/A N/A C:\Users\Admin\AppData\Local\Temp\C71B.exe
PID 3448 wrote to memory of 1372 N/A N/A C:\Users\Admin\AppData\Local\Temp\C71B.exe
PID 3448 wrote to memory of 1372 N/A N/A C:\Users\Admin\AppData\Local\Temp\C71B.exe
PID 3448 wrote to memory of 1388 N/A N/A C:\Users\Admin\AppData\Local\Temp\CC2C.exe
PID 3448 wrote to memory of 1388 N/A N/A C:\Users\Admin\AppData\Local\Temp\CC2C.exe
PID 3448 wrote to memory of 1388 N/A N/A C:\Users\Admin\AppData\Local\Temp\CC2C.exe
PID 3448 wrote to memory of 3388 N/A N/A C:\Users\Admin\AppData\Local\Temp\D9E9.exe
PID 3448 wrote to memory of 3388 N/A N/A C:\Users\Admin\AppData\Local\Temp\D9E9.exe
PID 3448 wrote to memory of 3388 N/A N/A C:\Users\Admin\AppData\Local\Temp\D9E9.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe

"C:\Users\Admin\AppData\Local\Temp\4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe"

C:\Users\Admin\AppData\Local\Temp\A4FA.exe

C:\Users\Admin\AppData\Local\Temp\A4FA.exe

C:\Users\Admin\AppData\Local\Temp\A4FA.exe

C:\Users\Admin\AppData\Local\Temp\A4FA.exe

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\A9DD.dll

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\A9DD.dll

C:\Users\Admin\AppData\Local\Temp\C71B.exe

C:\Users\Admin\AppData\Local\Temp\C71B.exe

C:\Users\Admin\AppData\Local\Temp\CC2C.exe

C:\Users\Admin\AppData\Local\Temp\CC2C.exe

C:\Users\Admin\AppData\Local\Temp\D9E9.exe

C:\Users\Admin\AppData\Local\Temp\D9E9.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Users\Admin\AppData\Local\Temp\E1BA.exe

C:\Users\Admin\AppData\Local\Temp\E1BA.exe

C:\Users\Admin\AppData\Local\Temp\u3ko.0.exe

"C:\Users\Admin\AppData\Local\Temp\u3ko.0.exe"

C:\Users\Admin\AppData\Local\Temp\u3ko.1.exe

"C:\Users\Admin\AppData\Local\Temp\u3ko.1.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4632 -ip 4632

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 1232

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4060 -ip 4060

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 2336

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
US 8.8.8.8:53 120.85.215.91.in-addr.arpa udp
US 147.135.64.217:443 tcp
DE 185.220.101.22:30022 tcp
US 8.8.8.8:53 217.64.135.147.in-addr.arpa udp
CA 149.56.98.216:9001 tcp
DE 158.180.20.125:443 tcp
US 15.204.220.109:8443 tcp
US 8.8.8.8:53 125.20.180.158.in-addr.arpa udp
US 8.8.8.8:53 109.220.204.15.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 udp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 resergvearyinitiani.shop udp
US 104.21.94.2:443 resergvearyinitiani.shop tcp
US 8.8.8.8:53 19.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 trmpc.com udp
BG 95.158.162.200:80 trmpc.com tcp
DE 185.172.128.90:80 185.172.128.90 tcp
US 8.8.8.8:53 200.162.158.95.in-addr.arpa udp
US 8.8.8.8:53 90.128.172.185.in-addr.arpa udp
DE 185.172.128.127:80 185.172.128.127 tcp
US 8.8.8.8:53 joly.bestsup.su udp
US 104.21.29.103:80 joly.bestsup.su tcp
US 8.8.8.8:53 127.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 103.29.21.104.in-addr.arpa udp
DE 185.172.128.127:80 185.172.128.127 tcp
DE 185.172.128.109:80 185.172.128.109 tcp
US 8.8.8.8:53 109.128.172.185.in-addr.arpa udp
DE 185.172.128.145:80 185.172.128.145 tcp
US 8.8.8.8:53 145.128.172.185.in-addr.arpa udp
DE 158.180.20.125:443 tcp
US 15.204.220.109:8443 tcp
US 8.8.8.8:53 technologyenterdo.shop udp
US 172.67.180.132:443 technologyenterdo.shop tcp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 detectordiscusser.shop udp
US 172.67.195.126:443 detectordiscusser.shop tcp
US 8.8.8.8:53 132.180.67.172.in-addr.arpa udp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 104.21.76.253:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 126.195.67.172.in-addr.arpa udp
US 8.8.8.8:53 associationokeo.shop udp
US 172.67.147.18:443 associationokeo.shop tcp
US 8.8.8.8:53 253.76.21.104.in-addr.arpa udp
US 8.8.8.8:53 18.147.67.172.in-addr.arpa udp
US 8.8.8.8:53 ganjarholic.com udp
US 8.8.8.8:53 getmassfans.com udp
US 8.8.8.8:53 bestpsychicganesh.com udp
US 67.223.118.155:443 ganjarholic.com tcp
US 8.8.8.8:53 bostonterrierpals.com udp
US 66.29.132.128:443 getmassfans.com tcp
US 8.8.8.8:53 www.buanajaringsafety.com udp
US 8.8.8.8:53 capcuttemplatepro.com udp
US 8.8.8.8:53 caribbeanetickets.com udp
US 198.54.116.151:443 bostonterrierpals.com tcp
US 8.8.8.8:53 creacionestuhogar.com udp
ID 103.159.65.155:443 www.buanajaringsafety.com tcp
US 8.8.8.8:53 deborahmshelbwala.com udp
IN 103.21.59.208:443 bestpsychicganesh.com tcp
US 162.254.39.19:443 capcuttemplatepro.com tcp
US 162.254.39.133:443 caribbeanetickets.com tcp
US 8.8.8.8:53 www.evanconstructions.com udp
US 8.8.8.8:53 fitnessfirstworld.com udp
US 162.241.62.156:443 creacionestuhogar.com tcp
US 8.8.8.8:53 gardenersecretary.com udp
US 66.85.47.62:443 deborahmshelbwala.com tcp
US 106.0.62.81:443 gardenersecretary.com tcp
US 8.8.8.8:53 serutetreinamentos.com udp
US 8.8.8.8:53 155.118.223.67.in-addr.arpa udp
US 8.8.8.8:53 128.132.29.66.in-addr.arpa udp
US 8.8.8.8:53 151.116.54.198.in-addr.arpa udp
US 8.8.8.8:53 208.59.21.103.in-addr.arpa udp
US 8.8.8.8:53 19.39.254.162.in-addr.arpa udp
US 8.8.8.8:53 155.65.159.103.in-addr.arpa udp
US 8.8.8.8:53 133.39.254.162.in-addr.arpa udp
US 106.0.62.81:443 gardenersecretary.com tcp
US 8.8.8.8:53 softwaretecrevenda.com udp
IN 103.53.42.134:443 www.evanconstructions.com tcp
US 8.8.8.8:53 solugasodomesticos.com udp
US 8.8.8.8:53 sontropicaleventos.com udp
US 108.179.252.42:443 serutetreinamentos.com tcp
US 8.8.8.8:53 spectrumsemidesign.com udp
US 8.8.8.8:53 superluzengenharia.com udp
US 162.241.2.239:443 softwaretecrevenda.com tcp
US 8.8.8.8:53 susiebondnutrition.com udp
US 8.8.8.8:53 tenacitymktdigital.com udp
US 8.8.8.8:53 thebestforyouenjoy.com udp
US 8.8.8.8:53 156.62.241.162.in-addr.arpa udp
US 8.8.8.8:53 62.47.85.66.in-addr.arpa udp
US 8.8.8.8:53 81.62.0.106.in-addr.arpa udp
US 8.8.8.8:53 134.42.53.103.in-addr.arpa udp
US 8.8.8.8:53 42.252.179.108.in-addr.arpa udp
US 8.8.8.8:53 thenecessaryforyou.com udp
US 8.8.8.8:53 therenegaderealtor.com udp
US 8.8.8.8:53 therooftopjunction.com udp
US 8.8.8.8:53 throughcathieseyes.com udp
US 162.215.210.151:443 solugasodomesticos.com tcp
US 162.241.61.124:443 sontropicaleventos.com tcp
US 192.185.35.244:80 spectrumsemidesign.com tcp
US 8.8.8.8:53 trajetoeducacional.com udp
US 8.8.8.8:53 triadegastritezero.com udp
US 8.8.8.8:53 trinityketogummies.com udp
US 192.185.217.5:443 superluzengenharia.com tcp
US 8.8.8.8:53 turnover-reduction.com udp
US 8.8.8.8:53 turbotaxexperience.com udp
US 108.167.188.89:443 thebestforyouenjoy.com tcp
US 50.87.232.208:443 throughcathieseyes.com tcp
US 50.87.253.50:443 therenegaderealtor.com tcp
US 50.6.138.90:443 thenecessaryforyou.com tcp
US 192.254.232.75:443 susiebondnutrition.com tcp
US 192.185.208.15:443 tenacitymktdigital.com tcp
IN 116.206.105.14:443 therooftopjunction.com tcp
US 8.8.8.8:53 239.2.241.162.in-addr.arpa udp
US 8.8.8.8:53 151.210.215.162.in-addr.arpa udp
US 8.8.8.8:53 124.61.241.162.in-addr.arpa udp
US 8.8.8.8:53 tuseguro-soataldia.com udp
US 8.8.8.8:53 unstoppable-wallet.com udp
US 8.8.8.8:53 vanessascottauthor.com udp
US 162.241.2.228:443 trajetoeducacional.com tcp
US 192.185.41.37:443 trinityketogummies.com tcp
US 162.241.2.198:443 triadegastritezero.com tcp
US 74.220.199.6:443 turnover-reduction.com tcp
US 8.8.8.8:53 vantagetruckingusa.com udp
US 8.8.8.8:53 wildtreewildhorses.com udp
US 162.241.218.58:443 turbotaxexperience.com tcp
US 8.8.8.8:53 yourstrulyobiajulu.com udp
US 8.8.8.8:53 youwillbesurprised.com udp
US 162.222.225.246:443 unstoppable-wallet.com tcp
US 162.241.225.105:443 vanessascottauthor.com tcp
US 162.241.60.254:443 tuseguro-soataldia.com tcp
US 8.8.8.8:53 ziminspiredhousing.com udp
US 8.8.8.8:53 244.35.185.192.in-addr.arpa udp
US 8.8.8.8:53 5.217.185.192.in-addr.arpa udp
US 8.8.8.8:53 89.188.167.108.in-addr.arpa udp
US 8.8.8.8:53 90.138.6.50.in-addr.arpa udp
US 8.8.8.8:53 15.208.185.192.in-addr.arpa udp
US 8.8.8.8:53 208.232.87.50.in-addr.arpa udp
US 8.8.8.8:53 50.253.87.50.in-addr.arpa udp
US 8.8.8.8:53 75.232.254.192.in-addr.arpa udp
US 8.8.8.8:53 14.105.206.116.in-addr.arpa udp
US 8.8.8.8:53 228.2.241.162.in-addr.arpa udp
US 8.8.8.8:53 37.41.185.192.in-addr.arpa udp
US 162.241.218.196:443 vantagetruckingusa.com tcp
US 162.241.252.221:443 wildtreewildhorses.com tcp
US 8.8.8.8:53 apexalaskacleaners.com udp
US 8.8.8.8:53 artisanalapparelco.com udp
US 8.8.8.8:53 1physioandmobility.ca udp
US 8.8.8.8:53 bananarepublicnews.com udp
US 8.8.8.8:53 www.towingnearriverdale.com udp
US 8.8.8.8:53 www.towingservicehanson.com udp
US 8.8.8.8:53 treatmenttouchpoint.com udp
US 8.8.8.8:53 unmissiblediscounts.com udp
US 8.8.8.8:53 useprodutoessencial.com udp
US 8.8.8.8:53 yakshithenterprises.com udp
US 8.8.8.8:53 yashfearchitectures.com udp
US 8.8.8.8:53 experttummymakeovers.com udp
US 8.8.8.8:53 www.yokobatikbanyuwangi.com udp
US 162.241.224.107:443 yourstrulyobiajulu.com tcp
US 162.144.14.134:443 youwillbesurprised.com tcp
US 8.8.8.8:53 financialartssociety.com udp
US 8.8.8.8:53 198.2.241.162.in-addr.arpa udp
US 8.8.8.8:53 58.218.241.162.in-addr.arpa udp
US 8.8.8.8:53 105.225.241.162.in-addr.arpa udp
US 8.8.8.8:53 246.225.222.162.in-addr.arpa udp
US 8.8.8.8:53 floridalanaicurtains.com udp
US 8.8.8.8:53 freeaivoicegenerator.com udp
US 192.254.189.171:443 ziminspiredhousing.com tcp
US 192.185.211.219:443 useprodutoessencial.com tcp
US 192.185.177.46:443 unmissiblediscounts.com tcp
DE 144.76.79.100:443 artisanalapparelco.com tcp
US 192.254.235.178:443 apexalaskacleaners.com tcp
US 8.8.8.8:53 friendsandfiendsclub.com udp
US 38.170.194.86:443 experttummymakeovers.com tcp
DE 139.162.151.111:443 yashfearchitectures.com tcp
US 8.8.8.8:53 www.fueldeliveryflatrock.com udp
US 208.109.22.137:443 www.towingservicehanson.com tcp
US 8.8.8.8:53 fusiteknikaindonesia.com udp
US 8.8.8.8:53 gabriellathepetnanny.com udp
IN 111.118.215.186:443 yakshithenterprises.com tcp
US 165.140.70.70:443 financialartssociety.com tcp
US 162.241.24.146:443 1physioandmobility.ca tcp
US 208.109.22.137:443 www.towingservicehanson.com tcp
US 50.116.81.10:443 bananarepublicnews.com tcp
SG 83.136.216.81:443 www.yokobatikbanyuwangi.com tcp
IN 103.247.19.33:443 freeaivoicegenerator.com tcp
US 38.170.200.106:443 treatmenttouchpoint.com tcp
US 8.8.8.8:53 196.218.241.162.in-addr.arpa udp
US 8.8.8.8:53 221.252.241.162.in-addr.arpa udp
US 8.8.8.8:53 107.224.241.162.in-addr.arpa udp
US 8.8.8.8:53 134.14.144.162.in-addr.arpa udp
US 8.8.8.8:53 gadgetfanaticsonline.com udp
US 8.8.8.8:53 geliboluotoekspertiz.com udp
US 8.8.8.8:53 www.futuristicstructures.com udp
US 8.8.8.8:53 geniusartmasterpiece.com udp
US 8.8.8.8:53 www.getproactiveservices.com udp
US 8.8.8.8:53 freethreadsfollowers.com udp
US 8.8.8.8:53 getweddinginvitation.com udp
US 104.218.54.194:443 floridalanaicurtains.com tcp
US 8.8.8.8:53 gadgetloversparadise.com udp
US 8.8.8.8:53 gmasesoriayproyectos.com udp
US 8.8.8.8:53 greatpeaksconsulting.com udp
US 50.62.186.218:443 www.fueldeliveryflatrock.com tcp
US 173.236.200.102:443 friendsandfiendsclub.com tcp
US 8.8.8.8:53 groomingsalonsuccess.com udp
US 8.8.8.8:53 gruaseconomicas24hrs.com udp
US 8.8.8.8:53 gustuspizzeriafoggia.com udp
US 173.236.201.19:443 www.getproactiveservices.com tcp
US 50.63.8.241:80 www.futuristicstructures.com tcp
FR 89.117.169.203:443 geliboluotoekspertiz.com tcp
US 8.8.8.8:53 219.211.185.192.in-addr.arpa udp
US 8.8.8.8:53 46.177.185.192.in-addr.arpa udp
US 8.8.8.8:53 171.189.254.192.in-addr.arpa udp
US 8.8.8.8:53 100.79.76.144.in-addr.arpa udp
US 8.8.8.8:53 111.151.162.139.in-addr.arpa udp
US 8.8.8.8:53 178.235.254.192.in-addr.arpa udp
US 8.8.8.8:53 86.194.170.38.in-addr.arpa udp
US 8.8.8.8:53 70.70.140.165.in-addr.arpa udp
US 8.8.8.8:53 186.215.118.111.in-addr.arpa udp
US 8.8.8.8:53 146.24.241.162.in-addr.arpa udp
US 8.8.8.8:53 10.81.116.50.in-addr.arpa udp
US 8.8.8.8:53 33.19.247.103.in-addr.arpa udp
US 8.8.8.8:53 106.200.170.38.in-addr.arpa udp
US 172.67.214.236:443 gadgetfanaticsonline.com tcp
US 8.8.8.8:53 hareemnoorfacilities.com udp
US 104.21.15.203:443 gabriellathepetnanny.com tcp
ID 153.92.9.10:443 fusiteknikaindonesia.com tcp
US 104.21.95.130:443 gadgetloversparadise.com tcp
US 8.8.8.8:53 healthcoachjuditkiss.com udp
US 8.8.8.8:53 healthymorningdrinks.com udp
US 8.8.8.8:53 healthysmilesnorwalk.com udp
US 8.8.8.8:53 healthytouch-massage.com udp
US 8.8.8.8:53 hiperacusiaytinnitus.com udp
US 8.8.8.8:53 hereandtherewithkids.com udp
US 8.8.8.8:53 hungundhospethighway.com udp
US 8.8.8.8:53 idgdrops-idesigngold.com udp
US 8.8.8.8:53 healthysmileselmonte.com udp
US 31.170.160.170:443 gmasesoriayproyectos.com tcp
SG 156.67.213.88:443 getweddinginvitation.com tcp
US 74.208.236.42:80 gruaseconomicas24hrs.com tcp
SG 85.187.128.53:443 hareemnoorfacilities.com tcp
NL 136.144.155.207:443 gustuspizzeriafoggia.com tcp
US 8.8.8.8:53 imagen360empresarial.com udp
US 63.250.43.5:80 greatpeaksconsulting.com tcp
US 8.8.8.8:53 81.216.136.83.in-addr.arpa udp
US 8.8.8.8:53 imersaovendaimediata.com udp
US 8.8.8.8:53 236.214.67.172.in-addr.arpa udp
US 8.8.8.8:53 203.169.117.89.in-addr.arpa udp
US 8.8.8.8:53 102.200.236.173.in-addr.arpa udp
US 8.8.8.8:53 19.201.236.173.in-addr.arpa udp
US 8.8.8.8:53 203.15.21.104.in-addr.arpa udp
US 8.8.8.8:53 informativobienestar.com udp
US 8.8.8.8:53 inklessprinterreview.com udp
US 8.8.8.8:53 innovatronconsulting.com udp
US 162.241.85.108:443 hungundhospethighway.com tcp
US 8.8.8.8:53 insspacedesignstudio.com udp
US 8.8.8.8:53 internasionalkoneksi.com udp
US 8.8.8.8:53 ithedmedicalsurgical.com udp
US 50.87.171.205:443 healthcoachjuditkiss.com tcp
US 8.8.8.8:53 soniaasbedandbreakfast.com udp
US 50.6.138.170:443 imagen360empresarial.com tcp
US 209.59.156.165:80 healthysmileselmonte.com tcp
NL 75.102.57.85:443 hiperacusiaytinnitus.com tcp
US 162.241.218.34:80 hereandtherewithkids.com tcp
US 172.67.154.186:443 healthymorningdrinks.com tcp
US 141.193.213.11:443 idgdrops-idesigngold.com tcp
US 8.8.8.8:53 stlouislandscapingpros.com udp
US 75.102.22.214:443 informativobienestar.com tcp
US 209.59.156.165:443 healthysmileselmonte.com tcp
TR 80.253.246.193:443 inklessprinterreview.com tcp
US 8.8.8.8:53 superbearadventuregame.com udp
US 8.8.8.8:53 sweetcreativecreations.com udp
US 8.8.8.8:53 10.9.92.153.in-addr.arpa udp
US 8.8.8.8:53 207.155.144.136.in-addr.arpa udp
US 8.8.8.8:53 170.160.170.31.in-addr.arpa udp
US 8.8.8.8:53 42.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 53.128.187.85.in-addr.arpa udp
US 8.8.8.8:53 88.213.67.156.in-addr.arpa udp
US 8.8.8.8:53 5.43.250.63.in-addr.arpa udp
US 154.56.47.7:443 innovatronconsulting.com tcp
US 8.8.8.8:53 srikanthaavelpromoters.com udp
US 8.8.8.8:53 tapdoanfaralandvietnam.com udp
US 8.8.8.8:53 thegroupofambikataylor.com udp
US 8.8.8.8:53 theprocrastinationzone.com udp
CZ 194.182.78.153:443 internasionalkoneksi.com tcp
FR 195.35.49.216:443 soniaasbedandbreakfast.com tcp
IN 82.180.143.131:443 insspacedesignstudio.com tcp
US 8.8.8.8:53 thereflectionwestlakes.com udp
US 8.8.8.8:53 thesparklingcollective.com udp
US 8.8.8.8:53 wouldwoodsyendorse.com udp
US 8.8.8.8:53 techwavetechnologiesuk.com udp
US 8.8.8.8:53 aldomietyfurniture.com udp
US 63.250.43.5:443 greatpeaksconsulting.com tcp
US 8.8.8.8:53 amorporlasmascotas.com udp
US 8.8.8.8:53 alhamlanfakhruddin.com udp
US 162.241.252.197:443 sweetcreativecreations.com tcp
US 8.8.8.8:53 battleswappdesigns.com udp
US 104.21.12.158:443 superbearadventuregame.com tcp
US 8.8.8.8:53 108.85.241.162.in-addr.arpa udp
US 8.8.8.8:53 205.171.87.50.in-addr.arpa udp
US 8.8.8.8:53 186.154.67.172.in-addr.arpa udp
US 8.8.8.8:53 85.57.102.75.in-addr.arpa udp
US 8.8.8.8:53 170.138.6.50.in-addr.arpa udp
US 8.8.8.8:53 11.213.193.141.in-addr.arpa udp
US 8.8.8.8:53 165.156.59.209.in-addr.arpa udp
US 8.8.8.8:53 34.218.241.162.in-addr.arpa udp
US 8.8.8.8:53 193.246.253.80.in-addr.arpa udp
US 8.8.8.8:53 214.22.102.75.in-addr.arpa udp
NL 109.106.246.71:443 ithedmedicalsurgical.com tcp
US 8.8.8.8:53 beautybestiestudio.com udp
US 8.8.8.8:53 bellonimultimarcas.com udp
US 8.8.8.8:53 bisnisonlinetravel.com udp
US 8.8.8.8:53 bondistreetfashion.com udp
US 8.8.8.8:53 braillebellringers.com udp
US 8.8.8.8:53 www.crucialonsite.com udp
US 8.8.8.8:53 bullseyewebcontent.com udp
FR 51.159.197.228:443 srikanthaavelpromoters.com tcp
US 50.87.228.230:443 theprocrastinationzone.com tcp
GB 154.49.138.186:443 alhamlanfakhruddin.com tcp
US 195.35.33.234:443 thegroupofambikataylor.com tcp
SG 194.163.36.183:443 tapdoanfaralandvietnam.com tcp
US 8.8.8.8:53 cherryblossomgrief.com udp
US 8.8.8.8:53 connollydetailbros.com udp
US 8.8.8.8:53 conqueringyourhome.com udp
US 8.8.8.8:53 digitalaffordables.com udp
US 108.179.192.89:443 bellonimultimarcas.com tcp
US 65.181.111.145:443 amorporlasmascotas.com tcp
GB 77.95.113.12:443 techwavetechnologiesuk.com tcp
US 162.241.194.189:443 aldomietyfurniture.com tcp
US 8.8.8.8:53 7.47.56.154.in-addr.arpa udp
US 8.8.8.8:53 216.49.35.195.in-addr.arpa udp
US 8.8.8.8:53 153.78.182.194.in-addr.arpa udp
US 8.8.8.8:53 131.143.180.82.in-addr.arpa udp
US 8.8.8.8:53 158.12.21.104.in-addr.arpa udp
US 8.8.8.8:53 71.246.106.109.in-addr.arpa udp
US 8.8.8.8:53 197.252.241.162.in-addr.arpa udp
US 162.241.225.60:80 beautybestiestudio.com tcp
US 162.241.226.61:443 battleswappdesigns.com tcp
FR 54.36.91.62:80 thesparklingcollective.com tcp
US 50.87.143.172:80 wouldwoodsyendorse.com tcp
US 35.209.219.198:443 www.crucialonsite.com tcp
VN 103.74.123.2:443 thereflectionwestlakes.com tcp
SG 185.229.118.21:443 bisnisonlinetravel.com tcp
US 8.8.8.8:53 digitalmamakreator.com udp
US 8.8.8.8:53 directhotelsonline.com udp
US 162.241.253.201:80 braillebellringers.com tcp
US 50.87.170.32:443 cherryblossomgrief.com tcp
US 8.8.8.8:53 drakplasticsurgery.com udp
US 8.8.8.8:53 digitalcryptoguide.com udp
GB 153.92.6.225:443 digitalaffordables.com tcp
US 66.235.200.147:80 conqueringyourhome.com tcp
US 162.241.252.17:443 bondistreetfashion.com tcp
US 199.188.200.84:80 bullseyewebcontent.com tcp
US 8.8.8.8:53 dreamgreekrealtors.com udp
US 8.8.8.8:53 ercfundingsolution.com udp
US 8.8.8.8:53 exceltaxconsultant.com udp
US 8.8.8.8:53 firelotuswebdesign.com udp
US 8.8.8.8:53 228.197.159.51.in-addr.arpa udp
US 8.8.8.8:53 186.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 230.228.87.50.in-addr.arpa udp
US 8.8.8.8:53 234.33.35.195.in-addr.arpa udp
US 8.8.8.8:53 12.113.95.77.in-addr.arpa udp
US 8.8.8.8:53 62.91.36.54.in-addr.arpa udp
US 162.241.226.82:80 connollydetailbros.com tcp
US 8.8.8.8:53 gilbertbonales2023.com udp
US 8.8.8.8:53 grantwritingwithai.com udp
US 8.8.8.8:53 greatplymouthtours.com udp
US 8.8.8.8:53 greenorganiccircle.com udp
US 8.8.8.8:53 europfinancegreece.com udp
US 8.8.8.8:53 hulegebictsolution.com udp
US 8.8.8.8:53 www.shopifystoremanager.com udp
US 8.8.8.8:53 ignitegrowthagency.com udp
US 8.8.8.8:53 www.silverriversjewelry.com udp
IN 217.21.84.141:443 digitalcryptoguide.com tcp
SG 193.168.194.144:80 digitalmamakreator.com tcp
US 160.153.0.154:443 drakplasticsurgery.com tcp
US 192.185.155.224:443 directhotelsonline.com tcp
US 8.8.8.8:53 sisterstarcreations.com udp
US 8.8.8.8:53 smartindianshopping.com udp
US 8.8.8.8:53 softwarelicensespro.com udp
US 8.8.8.8:53 smartmind-knowledge.com udp
US 8.8.8.8:53 springstreetbooksri.com udp
US 8.8.8.8:53 superbirthdaywishes.com udp
US 8.8.8.8:53 takumimobilecarcare.com udp
US 8.8.8.8:53 terrascriptjournals.com udp
US 8.8.8.8:53 tesouraearteoficial.com udp
US 8.8.8.8:53 145.111.181.65.in-addr.arpa udp
US 8.8.8.8:53 89.192.179.108.in-addr.arpa udp
US 8.8.8.8:53 189.194.241.162.in-addr.arpa udp
US 8.8.8.8:53 198.219.209.35.in-addr.arpa udp
US 8.8.8.8:53 60.225.241.162.in-addr.arpa udp
US 8.8.8.8:53 61.226.241.162.in-addr.arpa udp
US 8.8.8.8:53 172.143.87.50.in-addr.arpa udp
US 8.8.8.8:53 147.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 225.6.92.153.in-addr.arpa udp
US 8.8.8.8:53 32.170.87.50.in-addr.arpa udp
US 8.8.8.8:53 201.253.241.162.in-addr.arpa udp
US 8.8.8.8:53 17.252.241.162.in-addr.arpa udp
US 8.8.8.8:53 2.123.74.103.in-addr.arpa udp
US 8.8.8.8:53 21.118.229.185.in-addr.arpa udp
US 8.8.8.8:53 84.200.188.199.in-addr.arpa udp
US 8.8.8.8:53 thebestutvchiangmai.com udp
GB 81.19.215.12:443 dreamgreekrealtors.com tcp
US 8.8.8.8:53 thefrontpagedigital.com udp
US 8.8.8.8:53 theinnovativehumans.com udp
US 162.241.226.67:80 gilbertbonales2023.com tcp
US 34.68.234.4:443 ercfundingsolution.com tcp
ID 103.186.208.130:443 exceltaxconsultant.com tcp
US 67.20.76.62:443 grantwritingwithai.com tcp
US 162.241.253.120:443 greatplymouthtours.com tcp
US 8.8.8.8:53 theleadingparadigms.com udp
US 50.87.170.37:443 firelotuswebdesign.com tcp
US 209.172.2.40:443 europfinancegreece.com tcp
US 8.8.8.8:53 thepureorganicstore.com udp
US 8.8.8.8:53 theweddingeditorial.com udp
US 8.8.8.8:53 theyogagurukulindia.com udp
US 8.8.8.8:53 thinkmarketingplans.com udp
US 104.21.84.204:443 springstreetbooksri.com tcp
FR 92.205.8.188:80 superbirthdaywishes.com tcp
US 165.140.68.97:443 takumimobilecarcare.com tcp
US 162.241.217.219:80 sisterstarcreations.com tcp
CH 217.26.53.162:443 smartmind-knowledge.com tcp
US 8.8.8.8:53 thinktechuniversity.com udp
US 8.8.8.8:53 timberentertainment.com udp
IN 89.117.188.169:443 smartindianshopping.com tcp
US 8.8.8.8:53 82.226.241.162.in-addr.arpa udp
US 8.8.8.8:53 154.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 12.215.19.81.in-addr.arpa udp
US 8.8.8.8:53 224.155.185.192.in-addr.arpa udp
US 8.8.8.8:53 141.84.21.217.in-addr.arpa udp
IN 103.152.79.182:443 www.shopifystoremanager.com tcp
US 50.116.112.117:443 tesouraearteoficial.com tcp
TH 147.50.227.16:443 thebestutvchiangmai.com tcp
US 192.254.225.220:80 ignitegrowthagency.com tcp
US 208.113.224.44:443 terrascriptjournals.com tcp
US 67.205.14.141:443 www.silverriversjewelry.com tcp
US 199.188.200.84:443 bullseyewebcontent.com tcp
US 8.8.8.8:53 tokatdispoliklinigi.com udp
GB 109.70.148.43:443 hulegebictsolution.com tcp
US 8.8.8.8:53 torchliteautomation.com udp
US 50.87.253.56:80 theleadingparadigms.com tcp
US 8.8.8.8:53 transgoballogistics.com udp
US 35.188.58.213:443 thefrontpagedigital.com tcp
GB 185.77.97.10:443 thepureorganicstore.com tcp
US 160.153.0.97:443 theyogagurukulindia.com tcp
GB 154.49.138.164:443 thinkmarketingplans.com tcp
US 217.196.54.165:443 theinnovativehumans.com tcp
US 8.8.8.8:53 trustscoresolutions.com udp
US 8.8.8.8:53 www.unipacshippinglogis.com udp
TR 94.199.206.9:443 tokatdispoliklinigi.com tcp
US 66.81.203.198:80 timberentertainment.com tcp
US 8.8.8.8:53 viralmarketingcraft.com udp
US 8.8.8.8:53 vantagentertainment.com udp
US 8.8.8.8:53 trademarkprotectorr.com udp
US 8.8.8.8:53 144.194.168.193.in-addr.arpa udp
US 8.8.8.8:53 4.234.68.34.in-addr.arpa udp
US 8.8.8.8:53 67.226.241.162.in-addr.arpa udp
US 8.8.8.8:53 62.76.20.67.in-addr.arpa udp
US 8.8.8.8:53 120.253.241.162.in-addr.arpa udp
US 8.8.8.8:53 37.170.87.50.in-addr.arpa udp
US 8.8.8.8:53 130.208.186.103.in-addr.arpa udp
US 8.8.8.8:53 40.2.172.209.in-addr.arpa udp
US 8.8.8.8:53 204.84.21.104.in-addr.arpa udp
US 8.8.8.8:53 162.53.26.217.in-addr.arpa udp
US 8.8.8.8:53 43.148.70.109.in-addr.arpa udp
US 8.8.8.8:53 141.14.205.67.in-addr.arpa udp
US 8.8.8.8:53 44.224.113.208.in-addr.arpa udp
US 8.8.8.8:53 219.217.241.162.in-addr.arpa udp
US 8.8.8.8:53 117.112.116.50.in-addr.arpa udp
AU 103.152.249.64:80 thinktechuniversity.com tcp
SG 185.187.241.30:443 theweddingeditorial.com tcp
US 8.8.8.8:53 warriorkingheritage.com udp
CA 23.227.38.65:443 greenorganiccircle.com tcp
US 8.8.8.8:53 wristwatch-elegance.com udp
US 8.8.8.8:53 xceedfoodsandevents.com udp
US 8.8.8.8:53 xprexglobalshipping.com udp
US 8.8.8.8:53 paulspainforcongress.com udp
US 8.8.8.8:53 zhrtcomputersystems.com udp
US 8.8.8.8:53 powerplatformcentral.com udp
US 8.8.8.8:53 projecthybridathlete.com udp
US 8.8.8.8:53 psychologyforourlife.com udp
US 8.8.8.8:53 randallcountyrentals.com udp
US 8.8.8.8:53 remysamuelconsulting.com udp
US 50.87.145.220:443 torchliteautomation.com tcp
US 8.8.8.8:53 rrodgersfinancialllc.com udp
GB 154.49.138.77:443 viralmarketingcraft.com tcp
US 8.8.8.8:53 rudraashwitechnology.com udp
US 8.8.8.8:53 sagradocorazonanawin.com udp
US 195.179.236.181:443 vantagentertainment.com tcp
US 8.8.8.8:53 220.225.254.192.in-addr.arpa udp
US 8.8.8.8:53 169.188.117.89.in-addr.arpa udp
US 8.8.8.8:53 16.227.50.147.in-addr.arpa udp
US 8.8.8.8:53 97.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 10.97.77.185.in-addr.arpa udp
US 8.8.8.8:53 164.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 56.253.87.50.in-addr.arpa udp
US 8.8.8.8:53 213.58.188.35.in-addr.arpa udp
US 8.8.8.8:53 165.54.196.217.in-addr.arpa udp
US 8.8.8.8:53 198.203.81.66.in-addr.arpa udp
IN 89.117.188.9:443 trademarkprotectorr.com tcp
NL 160.153.138.217:443 warriorkingheritage.com tcp
US 8.8.8.8:53 shopbaocaosuhaiphong.com udp
US 89.117.139.121:443 trustscoresolutions.com tcp
GB 141.136.43.162:443 transgoballogistics.com tcp
US 162.241.252.146:80 randallcountyrentals.com tcp
PL 145.239.19.134:443 xprexglobalshipping.com tcp
US 8.8.8.8:53 sinakisteelstructure.com udp
JP 150.95.59.36:443 wristwatch-elegance.com tcp
CA 51.161.91.173:80 paulspainforcongress.com tcp
JP 45.76.97.105:443 psychologyforourlife.com tcp
BD 115.187.18.23:443 wp-maintenance-boss.com tcp
US 162.144.14.142:80 projecthybridathlete.com tcp
DE 20.79.107.0:443 powerplatformcentral.com tcp
US 8.8.8.8:53 socalcemeterybrokers.com udp
RU 91.215.85.19:443 zhrtcomputersystems.com tcp
US 8.8.8.8:53 soundpostenterprises.com udp
US 8.8.8.8:53 sungrandcitythuykhue.com udp
US 8.8.8.8:53 www.srilankantraditional.com udp
US 8.8.8.8:53 tedapontegaragedoors.com udp
US 8.8.8.8:53 thelifelinelogistics.com udp
US 8.8.8.8:53 tongueandcheekboston.com udp
US 8.8.8.8:53 topaccessoriesonline.com udp
US 8.8.8.8:53 www.terrascriptjournals.com udp
BR 185.213.81.250:443 sagradocorazonanawin.com tcp
US 8.8.8.8:53 65.38.227.23.in-addr.arpa udp
US 8.8.8.8:53 30.241.187.185.in-addr.arpa udp
US 8.8.8.8:53 64.249.152.103.in-addr.arpa udp
US 8.8.8.8:53 77.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 220.145.87.50.in-addr.arpa udp
US 8.8.8.8:53 181.236.179.195.in-addr.arpa udp
US 8.8.8.8:53 9.188.117.89.in-addr.arpa udp
US 8.8.8.8:53 traveladventuretrips.com udp
GB 145.14.152.192:443 remysamuelconsulting.com tcp
US 144.202.89.183:443 rrodgersfinancialllc.com tcp
IN 116.206.104.66:443 rudraashwitechnology.com tcp
US 8.8.8.8:53 truckparkingcashflow.com udp
IR 185.141.212.171:443 sinakisteelstructure.com tcp
US 72.167.100.60:80 thelifelinelogistics.com tcp
US 162.241.216.164:80 soundpostenterprises.com tcp
US 162.241.216.65:80 socalcemeterybrokers.com tcp
VN 45.252.251.72:443 shopbaocaosuhaiphong.com tcp
US 172.67.161.26:443 sungrandcitythuykhue.com tcp
US 195.179.237.84:443 topaccessoriesonline.com tcp
US 66.81.203.198:80 tongueandcheekboston.com tcp
US 208.113.224.44:443 www.terrascriptjournals.com tcp
US 8.8.8.8:53 www.valueformoneymastery.com udp
US 8.8.8.8:53 velkiiex123agentlist.com udp
US 8.8.8.8:53 villatigaenamumaalas.com udp
US 8.8.8.8:53 vintagetobaccostores.com udp
IN 89.117.157.6:443 traveladventuretrips.com tcp
US 192.243.110.5:80 tedapontegaragedoors.com tcp
US 8.8.8.8:53 162.43.136.141.in-addr.arpa udp
US 8.8.8.8:53 134.19.239.145.in-addr.arpa udp
US 8.8.8.8:53 121.139.117.89.in-addr.arpa udp
US 8.8.8.8:53 173.91.161.51.in-addr.arpa udp
US 8.8.8.8:53 146.252.241.162.in-addr.arpa udp
US 8.8.8.8:53 0.107.79.20.in-addr.arpa udp
US 8.8.8.8:53 19.85.215.91.in-addr.arpa udp
US 8.8.8.8:53 142.14.144.162.in-addr.arpa udp
US 8.8.8.8:53 36.59.95.150.in-addr.arpa udp
US 8.8.8.8:53 23.18.187.115.in-addr.arpa udp
US 8.8.8.8:53 250.81.213.185.in-addr.arpa udp
US 8.8.8.8:53 192.152.14.145.in-addr.arpa udp
US 8.8.8.8:53 183.89.202.144.in-addr.arpa udp
AU 103.152.249.64:443 thinktechuniversity.com tcp
US 104.21.39.252:443 truckparkingcashflow.com tcp
US 8.8.8.8:53 wilbournhouseorchard.com udp
US 8.8.8.8:53 vitasempliceinitalia.com udp
US 8.8.8.8:53 yourhapinessoftheday.com udp
US 8.8.8.8:53 zadranecommercestore.com udp
N/A 127.0.0.1:64633 tcp
US 8.8.8.8:53 zinzanwindowcleaning.com udp
US 99.192.201.79:443 vintagetobaccostores.com tcp
US 8.8.8.8:53 absolute-counselling.com udp
US 8.8.8.8:53 adorableyorkierescue.com udp
US 162.241.63.44:443 yourhapinessoftheday.com tcp
SG 131.153.48.202:443 velkiiex123agentlist.com tcp
US 192.64.87.150:443 usedhomeappliancesme.com tcp
SG 109.106.252.91:443 villatigaenamumaalas.com tcp
US 8.8.8.8:53 adoretheselectpremia.com udp
US 162.241.225.126:80 wilbournhouseorchard.com tcp
NL 206.189.9.29:443 vitasempliceinitalia.com tcp
US 8.8.8.8:53 safecookery.com udp
US 8.8.8.8:53 sambacouver.com udp
US 8.8.8.8:53 pocketecobag.com udp
US 172.67.169.27:443 www.valueformoneymastery.com tcp
US 8.8.8.8:53 www.ancientbracer.com udp
US 8.8.8.8:53 66.104.206.116.in-addr.arpa udp
US 8.8.8.8:53 26.161.67.172.in-addr.arpa udp
US 8.8.8.8:53 171.212.141.185.in-addr.arpa udp
US 8.8.8.8:53 164.216.241.162.in-addr.arpa udp
US 8.8.8.8:53 65.216.241.162.in-addr.arpa udp
US 8.8.8.8:53 84.237.179.195.in-addr.arpa udp
US 8.8.8.8:53 72.251.252.45.in-addr.arpa udp
US 8.8.8.8:53 5.110.243.192.in-addr.arpa udp
US 8.8.8.8:53 6.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 252.39.21.104.in-addr.arpa udp
US 8.8.8.8:53 www.basketkaseetx.com udp
US 76.223.105.230:443 zinzanwindowcleaning.com tcp
US 89.117.139.146:443 adorableyorkierescue.com tcp
US 162.241.85.135:443 adoretheselectpremia.com tcp
US 8.8.8.8:53 remotejobless.com udp
US 89.116.192.41:443 zadranecommercestore.com tcp
US 99.192.201.79:443 vintagetobaccostores.com tcp
US 192.185.44.70:443 sambacouver.com tcp
GB 141.136.39.30:443 remotejobless.com tcp
US 108.179.232.173:443 safecookery.com tcp
US 8.8.8.8:53 serviciosgm.com udp
US 8.8.8.8:53 bookishlifebd.com udp
US 8.8.8.8:53 www.retieyretilap.com udp
US 8.8.8.8:53 robertdeboron.com udp
US 8.8.8.8:53 rusticlifehub.com udp
US 8.8.8.8:53 saichrealtors.com udp
US 8.8.8.8:53 sanadadvanced.com udp
GB 45.77.57.25:443 www.basketkaseetx.com tcp
US 162.144.14.150:443 absolute-counselling.com tcp
US 8.8.8.8:53 sandraventure.com udp
US 8.8.8.8:53 79.201.192.99.in-addr.arpa udp
US 8.8.8.8:53 29.9.189.206.in-addr.arpa udp
US 8.8.8.8:53 27.169.67.172.in-addr.arpa udp
US 8.8.8.8:53 150.87.64.192.in-addr.arpa udp
US 8.8.8.8:53 44.63.241.162.in-addr.arpa udp
US 8.8.8.8:53 126.225.241.162.in-addr.arpa udp
US 8.8.8.8:53 202.48.153.131.in-addr.arpa udp
US 8.8.8.8:53 91.252.106.109.in-addr.arpa udp
US 8.8.8.8:53 230.105.223.76.in-addr.arpa udp
US 8.8.8.8:53 146.139.117.89.in-addr.arpa udp
US 8.8.8.8:53 135.85.241.162.in-addr.arpa udp
US 8.8.8.8:53 secretchristi.com udp
US 8.8.8.8:53 sedekahkucing.com udp
US 8.8.8.8:53 site2023tests.com udp
IN 103.93.17.10:80 pocketecobag.com tcp
US 8.8.8.8:53 smokeyjoes420.com udp
US 68.66.226.110:443 bookishlifebd.com tcp
US 8.8.8.8:53 simpaticoland.com udp
US 8.8.8.8:53 frenchjobsforme.com udp
US 8.8.8.8:53 vinfastcaobang3s.com udp
US 8.8.8.8:53 vitoriapetroshow.com.br udp
US 158.106.138.13:443 sandraventure.com tcp
US 198.252.106.137:443 robertdeboron.com tcp
US 50.31.177.150:443 www.retieyretilap.com tcp
BG 79.98.104.3:443 secretchristi.com tcp
ID 103.247.11.165:443 sedekahkucing.com tcp
US 106.0.62.70:443 rusticlifehub.com tcp
US 8.8.8.8:53 www.wadesresidentialservices.com udp
US 8.8.8.8:53 weightheightinfo.com udp
US 8.8.8.8:53 wesecureservices.com udp
US 8.8.8.8:53 whatsonhollywood.com udp
US 8.8.8.8:53 white-deserttour.com udp
US 8.8.8.8:53 41.192.116.89.in-addr.arpa udp
US 8.8.8.8:53 30.39.136.141.in-addr.arpa udp
US 8.8.8.8:53 173.232.179.108.in-addr.arpa udp
US 8.8.8.8:53 150.14.144.162.in-addr.arpa udp
US 8.8.8.8:53 110.226.66.68.in-addr.arpa udp
US 8.8.8.8:53 10.17.93.103.in-addr.arpa udp
US 8.8.8.8:53 whitebeamdigital.com udp
IN 172.105.63.212:443 sanadadvanced.com tcp
DE 88.198.22.18:443 saichrealtors.com tcp
US 162.241.2.161:443 serviciosgm.com tcp
US 75.102.22.105:443 site2023tests.com tcp
FR 188.165.1.37:443 simpaticoland.com tcp
GB 77.72.2.45:443 smokeyjoes420.com tcp
US 76.76.21.21:80 frenchjobsforme.com tcp
US 8.8.8.8:53 austriamanufaktur.at udp
US 8.8.8.8:53 workupanappetite.com udp
US 8.8.8.8:53 wrightdreamstays.com udp
US 8.8.8.8:53 xingshengculture.com udp
US 8.8.8.8:53 yarisreklamcilik.com udp
US 8.8.8.8:53 ybreakfaststudio.com udp
US 8.8.8.8:53 yjmarketanalysis.com udp
US 8.8.8.8:53 yolandaelsoponzo.com udp
GB 154.49.138.25:443 whitebeamdigital.com tcp
US 8.8.8.8:53 yorumeklemekarti.com udp
US 8.8.8.8:53 25.57.77.45.in-addr.arpa udp
US 172.67.135.148:443 workupanappetite.com tcp
IN 217.21.93.178:443 wesecureservices.com tcp
US 8.8.8.8:53 zsinternationals.com udp
US 8.8.8.8:53 softwarestarfield.com udp
US 8.8.8.8:53 speedyriderentals.com udp
US 8.8.8.8:53 stallionsdelivery.com udp
US 149.100.151.225:443 white-deserttour.com tcp
US 149.100.151.24:443 weightheightinfo.com tcp
US 141.193.213.11:443 www.wadesresidentialservices.com tcp
SG 109.106.254.229:443 whatsonhollywood.com tcp
BR 186.202.153.64:443 vitoriapetroshow.com.br tcp
DE 85.13.128.192:443 austriamanufaktur.at tcp
US 8.8.8.8:53 www.zanzibarecotours.com udp
US 8.8.8.8:53 suamaytinhgiaphat.com udp
ZA 102.219.84.126:443 ybreakfaststudio.com tcp
CA 66.199.141.100:443 yolandaelsoponzo.com tcp
GB 141.136.34.171:443 yorumeklemekarti.com tcp
US 8.8.8.8:53 www.sunsetpropertygrp.com udp
US 8.8.8.8:53 sweetwednesdayllc.com udp
US 8.8.8.8:53 13.138.106.158.in-addr.arpa udp
US 8.8.8.8:53 45.2.72.77.in-addr.arpa udp
US 8.8.8.8:53 37.1.165.188.in-addr.arpa udp
US 8.8.8.8:53 18.22.198.88.in-addr.arpa udp
US 8.8.8.8:53 21.21.76.76.in-addr.arpa udp
US 8.8.8.8:53 70.62.0.106.in-addr.arpa udp
US 8.8.8.8:53 137.106.252.198.in-addr.arpa udp
US 8.8.8.8:53 161.2.241.162.in-addr.arpa udp
US 8.8.8.8:53 105.22.102.75.in-addr.arpa udp
US 8.8.8.8:53 212.63.105.172.in-addr.arpa udp
US 8.8.8.8:53 165.11.247.103.in-addr.arpa udp
US 8.8.8.8:53 25.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 switchhousetohome.com udp
US 8.8.8.8:53 templateplanetary.com udp
US 8.8.8.8:53 thebreretonfamily.com udp
US 8.8.8.8:53 thebestsellonline.com udp
US 170.106.179.31:443 xingshengculture.com tcp
US 23.231.1.5:443 wrightdreamstays.com tcp
US 8.8.8.8:53 thecreativesphere.com udp
VN 103.74.118.169:80 vinfastcaobang3s.com tcp
US 76.76.21.21:443 frenchjobsforme.com tcp
US 8.8.8.8:53 theenrgysolutions.com udp
TR 185.114.22.82:443 yarisreklamcilik.com tcp
FR 51.159.198.163:443 srivaikunthmotors.com tcp
IN 89.117.157.62:443 zsinternationals.com tcp
US 8.8.8.8:53 theholyrosaryinvr.com udp
US 154.49.142.81:443 softwarestarfield.com tcp
US 104.21.7.85:443 speedyriderentals.com tcp
US 86.38.202.227:443 stallionsdelivery.com tcp
US 8.8.8.8:53 theprettypetstore.com udp
US 170.10.162.143:443 www.zanzibarecotours.com tcp
US 74.208.236.114:80 theenrgysolutions.com tcp
US 185.212.71.134:443 thecreativesphere.com tcp
US 31.170.161.122:443 thebestsellonline.com tcp
US 217.21.76.189:443 templateplanetary.com tcp
US 154.49.142.16:443 thebreretonfamily.com tcp
US 160.153.0.79:443 sweetwednesdayllc.com tcp
DK 46.30.213.129:443 switchhousetohome.com tcp
US 5.78.65.36:443 suamaytinhgiaphat.com tcp
US 104.21.61.95:443 www.sunsetpropertygrp.com tcp
US 8.8.8.8:53 nyconpurpose.com udp
US 8.8.8.8:53 theworldnewsflash.com udp
US 8.8.8.8:53 thrissurmarketing.com udp
US 8.8.8.8:53 150.177.31.50.in-addr.arpa udp
US 8.8.8.8:53 148.135.67.172.in-addr.arpa udp
US 8.8.8.8:53 178.93.21.217.in-addr.arpa udp
US 8.8.8.8:53 225.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 24.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 192.128.13.85.in-addr.arpa udp
US 8.8.8.8:53 171.34.136.141.in-addr.arpa udp
US 8.8.8.8:53 229.254.106.109.in-addr.arpa udp
US 8.8.8.8:53 100.141.199.66.in-addr.arpa udp
US 8.8.8.8:53 5.1.231.23.in-addr.arpa udp
US 8.8.8.8:53 82.22.114.185.in-addr.arpa udp
US 8.8.8.8:53 31.179.106.170.in-addr.arpa udp
US 8.8.8.8:53 126.84.219.102.in-addr.arpa udp
US 160.153.0.51:443 theholyrosaryinvr.com tcp
US 8.8.8.8:53 thunderbusinesses.com udp
US 8.8.8.8:53 toptattoosflorida.com udp
US 8.8.8.8:53 tomamboconquerors.com udp
US 154.49.142.26:443 theworldnewsflash.com tcp
GB 154.49.138.75:443 thrissurmarketing.com tcp
US 8.8.8.8:53 trinityoiltrading.com udp
US 8.8.8.8:53 www.yarisreklamcilik.com udp
US 8.8.8.8:53 tryultimateninjas.com udp
US 8.8.8.8:53 turimultiagencies.com udp
US 8.8.8.8:53 unpluggedoverseas.com udp
US 8.8.8.8:53 www.wrightdreamstays.com udp
US 172.67.217.130:443 nyconpurpose.com tcp
NL 89.116.153.90:443 theprettypetstore.com tcp
US 8.8.8.8:53 urbandroneinsight.com udp
US 8.8.8.8:53 utsavidigitalzone.com udp
US 75.102.22.187:80 toptattoosflorida.com tcp
US 8.8.8.8:53 169.118.74.103.in-addr.arpa udp
US 8.8.8.8:53 163.198.159.51.in-addr.arpa udp
US 8.8.8.8:53 85.7.21.104.in-addr.arpa udp
US 8.8.8.8:53 62.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 81.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 143.162.10.170.in-addr.arpa udp
US 8.8.8.8:53 227.202.38.86.in-addr.arpa udp
US 8.8.8.8:53 114.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 79.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 95.61.21.104.in-addr.arpa udp
US 8.8.8.8:53 129.213.30.46.in-addr.arpa udp
US 8.8.8.8:53 64.153.202.186.in-addr.arpa udp
US 8.8.8.8:53 122.161.170.31.in-addr.arpa udp
US 8.8.8.8:53 134.71.212.185.in-addr.arpa udp
US 8.8.8.8:53 189.76.21.217.in-addr.arpa udp
US 8.8.8.8:53 16.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 36.65.78.5.in-addr.arpa udp
US 8.8.8.8:53 51.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 75.138.49.154.in-addr.arpa udp
US 86.38.202.194:443 tomamboconquerors.com tcp
GB 194.11.155.50:443 trinityoiltrading.com tcp
US 149.28.203.159:443 thunderbusinesses.com tcp
TR 185.114.22.82:443 www.yarisreklamcilik.com tcp
FR 87.98.184.98:443 turimultiagencies.com tcp
US 141.193.213.21:443 tryultimateninjas.com tcp
US 8.8.8.8:53 www.thecreativesphere.com udp
US 23.231.1.5:443 www.wrightdreamstays.com tcp
IN 89.117.188.122:443 unpluggedoverseas.com tcp
IN 89.117.27.211:443 utsavidigitalzone.com tcp
US 8.8.8.8:53 varaschessacademy.com udp
US 8.8.8.8:53 verboarchitecture.com udp
US 8.8.8.8:53 prettypetstores.com udp
US 8.8.8.8:53 vesper-properties.com udp
US 185.212.71.134:443 www.thecreativesphere.com tcp
US 8.8.8.8:53 villabellissimalk.com udp
US 8.8.8.8:53 viptransporter-ro.com udp
US 8.8.8.8:53 villapuncakikhsan.com udp
US 8.8.8.8:53 26.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 130.217.67.172.in-addr.arpa udp
US 8.8.8.8:53 90.153.116.89.in-addr.arpa udp
US 8.8.8.8:53 50.155.11.194.in-addr.arpa udp
US 8.8.8.8:53 187.22.102.75.in-addr.arpa udp
US 8.8.8.8:53 194.202.38.86.in-addr.arpa udp
US 170.106.179.31:443 www.xingshengculture.com tcp
US 8.8.8.8:53 159.203.28.149.in-addr.arpa udp
US 8.8.8.8:53 98.184.98.87.in-addr.arpa udp
SG 217.21.73.224:443 varaschessacademy.com tcp
US 104.21.17.157:443 urbandroneinsight.com tcp
NL 89.116.153.90:443 prettypetstores.com tcp
US 104.21.30.254:443 veroniquederkenne.com tcp
US 154.56.47.12:443 verboarchitecture.com tcp
US 63.250.43.130:80 villabellissimalk.com tcp
US 8.8.8.8:53 21.213.193.141.in-addr.arpa udp
US 23.231.1.152:443 vesper-properties.com tcp
US 172.67.185.114:443 viptransporter-ro.com tcp
US 8.8.8.8:53 vjltravelvacation.com udp
US 8.8.8.8:53 wahnafenterprises.com udp
US 8.8.8.8:53 watthaisirirajgir.com udp
US 8.8.8.8:53 www.visitarentresdias.com udp
US 8.8.8.8:53 vibhabridalstudio.com udp
US 8.8.8.8:53 wescanresidential.com udp
US 8.8.8.8:53 whoiswhoawardsorg.com udp
ID 103.241.192.18:443 villapuncakikhsan.com tcp
US 8.8.8.8:53 122.188.117.89.in-addr.arpa udp
US 8.8.8.8:53 211.27.117.89.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 157.17.21.104.in-addr.arpa udp
US 8.8.8.8:53 254.30.21.104.in-addr.arpa udp
US 104.21.27.95:443 watthaisirirajgir.com tcp
US 8.8.8.8:53 williamblakehenry.com udp
US 8.8.8.8:53 yahvithefarmhouse.com udp
US 8.8.8.8:53 yardtechsolutions.com udp
IN 217.21.84.224:443 vibhabridalstudio.com tcp
US 160.153.0.60:443 wescanresidential.com tcp
US 141.193.213.10:443 vjltravelvacation.com tcp
US 8.8.8.8:53 yayasankomandomnt.com udp
US 8.8.8.8:53 www.yolomexicaneatery.com udp
DE 178.63.179.249:443 wahnafenterprises.com tcp
US 8.8.8.8:53 zeppelinsiteleri7.com udp
US 8.8.8.8:53 406healthyvending.com udp
US 8.8.8.8:53 achadosemumclique.com udp
US 8.8.8.8:53 actechnologygroup.com udp
US 8.8.8.8:53 adictosalaciencia.com udp
US 74.208.236.232:80 williamblakehenry.com tcp
FR 51.255.149.48:443 whoiswhoawardsorg.com tcp
US 8.8.8.8:53 agrivoltaics-conf.com udp
US 8.8.8.8:53 www.urbandroneinsight.com udp
US 8.8.8.8:53 agusprietofitness.com udp
US 8.8.8.8:53 12.47.56.154.in-addr.arpa udp
US 8.8.8.8:53 152.1.231.23.in-addr.arpa udp
US 8.8.8.8:53 130.43.250.63.in-addr.arpa udp
US 8.8.8.8:53 114.185.67.172.in-addr.arpa udp
US 8.8.8.8:53 224.73.21.217.in-addr.arpa udp
US 8.8.8.8:53 95.27.21.104.in-addr.arpa udp
US 8.8.8.8:53 18.192.241.103.in-addr.arpa udp
IN 82.180.143.32:443 yahvithefarmhouse.com tcp
US 172.67.128.169:443 yardtechsolutions.com tcp
US 104.21.47.125:443 yayasankomandomnt.com tcp
DE 64.226.103.225:443 zeppelinsiteleri7.com tcp
US 8.8.8.8:53 airconditionerask.com udp
US 8.8.8.8:53 afterhours-agency.com udp
US 8.8.8.8:53 www.veroniquederkenne.com udp
US 45.32.66.72:443 406healthyvending.com tcp
US 172.67.177.18:443 www.urbandroneinsight.com tcp
BR 185.239.210.222:443 achadosemumclique.com tcp
GB 185.77.97.183:443 adictosalaciencia.com tcp
US 8.8.8.8:53 alecoarquitectura.com udp
GR 155.207.123.111:443 agrivoltaics-conf.com tcp
BR 154.49.247.27:443 agusprietofitness.com tcp
US 8.8.8.8:53 alignedanddivined.com udp
US 209.17.116.165:80 actechnologygroup.com tcp
US 8.8.8.8:53 amakwaunityschool.com udp
JP 153.127.71.228:80 www.yolomexicaneatery.com tcp
US 104.21.30.254:443 www.veroniquederkenne.com tcp
DE 217.160.0.81:80 afterhours-agency.com tcp
US 8.8.8.8:53 amyheebnerwriting.com udp
US 8.8.8.8:53 zeppelinsiteleri8.com udp
US 8.8.8.8:53 60.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 10.213.193.141.in-addr.arpa udp
US 8.8.8.8:53 48.149.255.51.in-addr.arpa udp
US 8.8.8.8:53 232.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 169.128.67.172.in-addr.arpa udp
US 8.8.8.8:53 125.47.21.104.in-addr.arpa udp
US 8.8.8.8:53 225.103.226.64.in-addr.arpa udp
US 8.8.8.8:53 32.143.180.82.in-addr.arpa udp
US 8.8.8.8:53 18.177.67.172.in-addr.arpa udp
US 8.8.8.8:53 183.97.77.185.in-addr.arpa udp
US 8.8.8.8:53 72.66.32.45.in-addr.arpa udp
US 8.8.8.8:53 anthonymatarsteel.com udp
US 8.8.8.8:53 aphroditesurgical.com udp
US 8.8.8.8:53 anekvarnaholidays.com udp
NL 45.93.126.123:443 amakwaunityschool.com tcp
US 8.8.8.8:53 hemp-sons.com udp
US 8.8.8.8:53 hocketbet.com udp
US 174.136.25.60:443 alecoarquitectura.com tcp
US 8.8.8.8:53 huntingss.com udp
US 8.8.8.8:53 hottobali.com udp
BR 186.202.153.64:443 vitoriapetroshow.com.br tcp
US 8.8.8.8:53 iarasagaz.com udp
US 8.8.8.8:53 ij4design.com udp
US 8.8.8.8:53 smillego.shop udp
US 8.8.8.8:53 www.406healthyvending.com udp
US 8.8.8.8:53 infozamir.com udp
US 8.8.8.8:53 ipradarmx.com udp
US 8.8.8.8:53 jellyfixe.com udp
US 8.8.8.8:53 hc-arnoldi.com udp
US 8.8.8.8:53 manrahgh.com udp
US 8.8.8.8:53 222.210.239.185.in-addr.arpa udp
US 8.8.8.8:53 111.123.207.155.in-addr.arpa udp
US 8.8.8.8:53 165.116.17.209.in-addr.arpa udp
US 8.8.8.8:53 27.247.49.154.in-addr.arpa udp
US 8.8.8.8:53 81.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 228.71.127.153.in-addr.arpa udp
US 31.170.167.128:443 anthonymatarsteel.com tcp
US 74.208.236.162:80 amyheebnerwriting.com tcp
US 198.54.112.130:443 zeppelinsiteleri8.com tcp
GB 81.19.215.20:443 hemp-sons.com tcp
US 8.8.8.8:53 jhinesley.com udp
US 154.49.142.241:443 alignedanddivined.com tcp
CA 104.251.111.203:443 hottobali.com tcp
US 8.8.8.8:53 www.jooduahlp.com udp
US 8.8.8.8:53 udp
US 162.241.203.90:443 hocketbet.com tcp
FR 15.188.219.54:443 huntingss.com tcp
IN 195.35.44.27:443 anekvarnaholidays.com tcp
DE 142.132.154.18:80 aphroditesurgical.com tcp
US 8.8.8.8:53 jspbeauty.com udp
US 74.220.199.6:443 ipradarmx.com tcp
US 50.87.172.132:443 infozamir.com tcp
US 45.32.66.72:443 www.406healthyvending.com tcp
US 3.33.130.190:443 smillego.shop tcp
US 8.8.8.8:53 jukujo-bu.com udp
US 198.54.120.43:443 manrahgh.com tcp
US 162.241.225.183:443 ij4design.com tcp
US 50.87.150.204:80 jellyfixe.com tcp
US 8.8.8.8:53 junubia64.com udp
DE 81.169.145.84:443 hc-arnoldi.com tcp
US 8.8.8.8:53 ferregrand.com udp
US 8.8.8.8:53 123.126.93.45.in-addr.arpa udp
US 8.8.8.8:53 60.25.136.174.in-addr.arpa udp
US 8.8.8.8:53 20.215.19.81.in-addr.arpa udp
US 8.8.8.8:53 emkidsbooks.com udp
US 8.8.8.8:53 emmedemarta.com udp
US 8.8.8.8:53 entera-site.com udp
US 8.8.8.8:53 esaptakosi.com udp
GB 77.95.113.183:443 www.jooduahlp.com tcp
US 162.241.216.80:443 jhinesley.com tcp
GB 109.70.148.67:443 jspbeauty.com tcp
CH 217.26.53.169:443 entera-site.com tcp
US 106.0.62.71:443 junubia64.com tcp
US 104.21.35.164:443 esaptakosi.com tcp
FR 89.116.147.183:443 emmedemarta.com tcp
US 8.8.8.8:53 ethreeindia.com udp
US 8.8.8.8:53 fancymen-au.com udp
US 8.8.8.8:53 fanstudiotv.com udp
US 8.8.8.8:53 fashionhoot.com udp
US 8.8.8.8:53 fcproyectos.com udp
US 162.241.61.214:443 ferregrand.com tcp
US 173.236.193.177:443 emkidsbooks.com tcp
JP 183.90.183.165:443 jukujo-bu.com tcp
US 8.8.8.8:53 imunify-alert.com udp
US 8.8.8.8:53 162.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 203.111.251.104.in-addr.arpa udp
US 8.8.8.8:53 241.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 130.112.54.198.in-addr.arpa udp
US 8.8.8.8:53 54.219.188.15.in-addr.arpa udp
US 8.8.8.8:53 18.154.132.142.in-addr.arpa udp
US 8.8.8.8:53 90.203.241.162.in-addr.arpa udp
US 8.8.8.8:53 27.44.35.195.in-addr.arpa udp
US 8.8.8.8:53 190.130.33.3.in-addr.arpa udp
US 8.8.8.8:53 84.145.169.81.in-addr.arpa udp
US 8.8.8.8:53 132.172.87.50.in-addr.arpa udp
US 8.8.8.8:53 183.225.241.162.in-addr.arpa udp
US 8.8.8.8:53 204.150.87.50.in-addr.arpa udp
US 8.8.8.8:53 43.120.54.198.in-addr.arpa udp
US 8.8.8.8:53 183.113.95.77.in-addr.arpa udp
US 8.8.8.8:53 67.148.70.109.in-addr.arpa udp
US 8.8.8.8:53 80.216.241.162.in-addr.arpa udp
US 8.8.8.8:53 169.53.26.217.in-addr.arpa udp
US 74.208.236.63:443 fanstudiotv.com tcp
US 8.8.8.8:53 feliciajean.com udp
US 104.21.53.23:443 fancymen-au.com tcp
IN 68.178.154.108:443 ethreeindia.com tcp
US 8.8.8.8:53 felixmotzet.com udp
US 8.8.8.8:53 fenrircraft.com udp
US 8.8.8.8:53 fijnesierad.com udp
US 8.8.8.8:53 filofilellc.com udp
US 8.8.8.8:53 fileshadow3.com udp
US 172.67.176.47:443 imunify-alert.com tcp
US 8.8.8.8:53 financedipo.com udp
RU 45.147.179.65:443 fcproyectos.com tcp
US 8.8.8.8:53 first-limou.com udp
US 8.8.8.8:53 fireopstech.com udp
US 8.8.8.8:53 flixhobiptv.com udp
US 8.8.8.8:53 forexguider.com udp
US 8.8.8.8:53 www.actechnologygroup.com udp
US 104.21.59.78:443 fashionhoot.com tcp
US 172.67.207.188:443 feliciajean.com tcp
US 8.8.8.8:53 71.62.0.106.in-addr.arpa udp
US 8.8.8.8:53 183.147.116.89.in-addr.arpa udp
US 8.8.8.8:53 164.35.21.104.in-addr.arpa udp
US 8.8.8.8:53 214.61.241.162.in-addr.arpa udp
US 8.8.8.8:53 177.193.236.173.in-addr.arpa udp
US 8.8.8.8:53 165.183.90.183.in-addr.arpa udp
US 8.8.8.8:53 23.53.21.104.in-addr.arpa udp
DE 88.198.220.237:443 felixmotzet.com tcp
US 209.17.116.165:80 www.actechnologygroup.com tcp
IN 82.180.165.75:443 financedipo.com tcp
US 44.206.56.175:443 fenrircraft.com tcp
US 154.49.142.174:443 fileshadow3.com tcp
NL 185.166.188.124:443 flixhobiptv.com tcp
US 104.21.15.147:443 forexguider.com tcp
US 8.8.8.8:53 foudeseries.com udp
US 8.8.8.8:53 fountainhcl.com udp
FI 65.21.229.26:443 filofilellc.com tcp
US 8.8.8.8:53 frazerdyson.com udp
DE 85.90.245.58:443 first-limou.com tcp
US 8.8.8.8:53 frashvendas.com udp
US 104.21.59.252:80 fireopstech.com tcp
US 172.67.176.207:443 fijnesierad.com tcp
US 8.8.8.8:53 sashimi-sp.com udp
US 8.8.8.8:53 frishfriesz.com udp
US 8.8.8.8:53 furststaffing.com udp
US 8.8.8.8:53 gariksports.com udp
US 8.8.8.8:53 gadiexplore.com udp
US 8.8.8.8:53 47.176.67.172.in-addr.arpa udp
US 8.8.8.8:53 63.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 65.179.147.45.in-addr.arpa udp
US 8.8.8.8:53 78.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 188.207.67.172.in-addr.arpa udp
US 34.170.230.254:80 frazerdyson.com tcp
GB 45.77.57.25:443 foudeseries.com tcp
US 190.124.47.72:443 fountainhcl.com tcp
US 8.8.8.8:53 237.220.198.88.in-addr.arpa udp
BR 154.49.247.143:443 frashvendas.com tcp
LT 45.84.206.69:443 frishfriesz.com tcp
US 141.193.213.10:443 furststaffing.com tcp
US 8.8.8.8:53 gchasesores.com udp
US 23.111.168.178:443 frostedoven.com tcp
US 8.8.8.8:53 get-rushapk.com udp
US 8.8.8.8:53 gdhideaways.com udp
ES 89.46.91.70:443 gadiexplore.com tcp
US 8.8.8.8:53 giannarueda.com udp
US 8.8.8.8:53 glitzcolors.com udp
US 34.170.230.254:80 frazerdyson.com tcp
US 8.8.8.8:53 gogtasmetal.com udp
US 8.8.8.8:53 gold-anonym.com udp
US 8.8.8.8:53 golflantern.com udp
US 104.21.76.79:443 sashimi-sp.com tcp
DE 5.9.143.132:443 gariksports.com tcp
US 8.8.8.8:53 www.emkidsbooks.com udp
US 8.8.8.8:53 147.15.21.104.in-addr.arpa udp
US 8.8.8.8:53 252.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 124.188.166.185.in-addr.arpa udp
US 8.8.8.8:53 58.245.90.85.in-addr.arpa udp
US 8.8.8.8:53 175.56.206.44.in-addr.arpa udp
US 8.8.8.8:53 207.176.67.172.in-addr.arpa udp
US 8.8.8.8:53 75.165.180.82.in-addr.arpa udp
US 8.8.8.8:53 174.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 254.230.170.34.in-addr.arpa udp
US 8.8.8.8:53 72.47.124.190.in-addr.arpa udp
US 8.8.8.8:53 gorgeoussay.com udp
US 172.67.191.193:443 gold-anonym.com tcp
FR 92.205.12.254:443 gogtasmetal.com tcp
GB 154.49.138.26:443 glitzcolors.com tcp
IN 154.41.233.84:443 genzstreets.com tcp
IN 89.117.157.212:443 get-rushapk.com tcp
SE 185.76.64.173:443 golflantern.com tcp
US 74.208.236.131:80 gchasesores.com tcp
US 8.8.8.8:53 gotriadstop.com udp
US 154.56.47.10:443 giannarueda.com tcp
US 8.8.8.8:53 gptrevealed.com udp
US 8.8.8.8:53 www.fireopstech.com udp
US 8.8.8.8:53 gracekazaji.com udp
US 23.231.2.59:443 gdhideaways.com tcp
US 8.8.8.8:53 grandpalapp.com udp
US 8.8.8.8:53 graine2luxe.com udp
US 172.67.195.1:443 gorgeoussay.com tcp
US 8.8.8.8:53 greenpalzza.com udp
US 8.8.8.8:53 growitpanda.com udp
US 8.8.8.8:53 grupo7tres7.com udp
US 173.236.193.177:443 www.emkidsbooks.com tcp
US 8.8.8.8:53 69.206.84.45.in-addr.arpa udp
US 8.8.8.8:53 79.76.21.104.in-addr.arpa udp
US 8.8.8.8:53 178.168.111.23.in-addr.arpa udp
US 8.8.8.8:53 143.247.49.154.in-addr.arpa udp
US 8.8.8.8:53 132.143.9.5.in-addr.arpa udp
US 8.8.8.8:53 70.91.46.89.in-addr.arpa udp
US 8.8.8.8:53 193.191.67.172.in-addr.arpa udp
US 8.8.8.8:53 26.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 173.64.76.185.in-addr.arpa udp
US 104.21.59.252:80 www.fireopstech.com tcp
CA 104.152.168.45:443 gotriadstop.com tcp
US 208.113.188.129:443 gracekazaji.com tcp
US 104.21.82.99:443 gptrevealed.com tcp
US 8.8.8.8:53 grupocasdel.com udp
FR 145.239.37.162:443 graine2luxe.com tcp
US 172.67.169.244:443 grandpalapp.com tcp
US 8.8.8.8:53 www.fenrircraft.com udp
US 8.8.8.8:53 guoxohanspa.com udp
US 8.8.8.8:53 hack-apollo.com udp
US 8.8.8.8:53 grupocoinco.com udp
US 8.8.8.8:53 www.feliciajean.com udp
US 8.8.8.8:53 guinchosfoz.com udp
BR 154.49.247.125:443 grupo7tres7.com tcp
US 192.64.119.66:443 greenpalzza.com tcp
US 8.8.8.8:53 haigomarket.com udp
US 8.8.8.8:53 www.haiplatform.com udp
US 65.99.225.9:443 grupocasdel.com tcp
US 8.8.8.8:53 131.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 84.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 212.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 10.47.56.154.in-addr.arpa udp
US 8.8.8.8:53 59.2.231.23.in-addr.arpa udp
US 8.8.8.8:53 1.195.67.172.in-addr.arpa udp
US 8.8.8.8:53 99.82.21.104.in-addr.arpa udp
US 8.8.8.8:53 45.168.152.104.in-addr.arpa udp
US 8.8.8.8:53 129.188.113.208.in-addr.arpa udp
US 8.8.8.8:53 244.169.67.172.in-addr.arpa udp
US 8.8.8.8:53 162.37.239.145.in-addr.arpa udp
US 172.67.176.47:443 imunify-alert.com tcp
US 198.23.53.106:443 guoxohanspa.com tcp
US 198.59.144.26:443 grupocoinco.com tcp
US 172.67.207.188:443 www.feliciajean.com tcp
US 104.21.29.38:443 hack-apollo.com tcp
US 8.8.8.8:53 halsangroup.com udp
US 44.206.56.175:443 www.fenrircraft.com tcp
US 104.21.72.162:443 guinchosfoz.com tcp
US 8.8.8.8:53 halvani-art.com udp
US 8.8.8.8:53 hamletboost.com udp
US 8.8.8.8:53 hardlopscho.com udp
US 8.8.8.8:53 www.grandpalapp.com udp
US 8.8.8.8:53 sgandfamily.com udp
US 8.8.8.8:53 shaheenkazi.com udp
FR 89.117.169.109:443 haigomarket.com tcp
US 8.8.8.8:53 www.sheilaedner.com udp
US 172.67.134.143:443 hamletboost.com tcp
DE 139.162.160.9:443 halvani-art.com tcp
US 8.8.8.8:53 shopdabanda.com udp
US 8.8.8.8:53 shyammovers.com udp
SG 217.21.72.152:443 www.haiplatform.com tcp
DE 176.9.251.54:443 halsangroup.com tcp
US 172.67.197.138:443 hardlopscho.com tcp
US 8.8.8.8:53 125.247.49.154.in-addr.arpa udp
US 8.8.8.8:53 38.29.21.104.in-addr.arpa udp
US 8.8.8.8:53 162.72.21.104.in-addr.arpa udp
US 8.8.8.8:53 26.144.59.198.in-addr.arpa udp
US 104.21.63.51:443 www.grandpalapp.com tcp
US 8.8.8.8:53 siticsteels.com udp
GB 185.77.97.84:443 sgandfamily.com tcp
US 86.38.202.119:443 shaheenkazi.com tcp
US 8.8.8.8:53 www.gorgeoussay.com udp
US 8.8.8.8:53 skillslever.com udp
US 8.8.8.8:53 skywatchufo.com udp
CH 128.65.195.185:443 shopdabanda.com tcp
US 8.8.8.8:53 skullfuck3r.com udp
US 8.8.8.8:53 slapyagrass.com udp
US 151.101.130.159:443 www.sheilaedner.com tcp
US 8.8.8.8:53 slcjiujitsu.com udp
SG 151.106.117.35:443 shyammovers.com tcp
US 8.8.8.8:53 snowstaffca.com udp
US 8.8.8.8:53 soflosoccer.com udp
US 8.8.8.8:53 solowvision.com udp
US 89.117.58.178:443 siticsteels.com tcp
US 154.56.37.121:443 skywatchufo.com tcp
US 8.8.8.8:53 109.169.117.89.in-addr.arpa udp
US 8.8.8.8:53 143.134.67.172.in-addr.arpa udp
US 8.8.8.8:53 54.251.9.176.in-addr.arpa udp
US 8.8.8.8:53 152.72.21.217.in-addr.arpa udp
US 8.8.8.8:53 9.160.162.139.in-addr.arpa udp
US 8.8.8.8:53 51.63.21.104.in-addr.arpa udp
US 8.8.8.8:53 138.197.67.172.in-addr.arpa udp
US 8.8.8.8:53 185.195.65.128.in-addr.arpa udp
US 8.8.8.8:53 119.202.38.86.in-addr.arpa udp
US 8.8.8.8:53 somterminal.com udp
US 104.21.53.178:443 skullfuck3r.com tcp
US 172.67.195.1:443 www.gorgeoussay.com tcp
FR 62.72.37.147:443 skillslever.com tcp
US 74.220.199.6:80 slapyagrass.com tcp
US 45.63.110.110:443 soflosoccer.com tcp
US 104.21.69.207:443 snowstaffca.com tcp
US 8.8.8.8:53 sonnythomas.com udp
US 8.8.8.8:53 soultorches.com udp
US 8.8.8.8:53 soularycorp.com udp
US 62.72.48.246:443 slcjiujitsu.com tcp
US 8.8.8.8:53 spark-smart.com udp
US 82.180.138.166:443 solowvision.com tcp
US 8.8.8.8:53 www.gracekazaji.com udp
US 8.8.8.8:53 speccompany.com udp
US 8.8.8.8:53 srmreformes.com udp
US 8.8.8.8:53 a1-quality.com udp
US 8.8.8.8:53 www.siticsteels.com udp
US 8.8.8.8:53 abluedhabi.com udp
US 108.167.189.17:80 somterminal.com tcp
BR 45.132.157.67:443 solymarshop.com tcp
US 104.21.34.247:443 sonnythomas.com tcp
US 8.8.8.8:53 159.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 178.58.117.89.in-addr.arpa udp
US 8.8.8.8:53 35.117.106.151.in-addr.arpa udp
US 8.8.8.8:53 121.37.56.154.in-addr.arpa udp
US 8.8.8.8:53 178.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 147.37.72.62.in-addr.arpa udp
US 8.8.8.8:53 207.69.21.104.in-addr.arpa udp
US 8.8.8.8:53 110.110.63.45.in-addr.arpa udp
US 8.8.8.8:53 6.199.220.74.in-addr.arpa udp
US 82.180.174.213:443 soultorches.com tcp
US 208.113.188.129:443 www.gracekazaji.com tcp
US 63.250.43.3:80 abluedhabi.com tcp
US 89.117.58.178:443 www.siticsteels.com tcp
GB 185.28.20.21:443 a1-quality.com tcp
ES 82.98.171.60:443 srmreformes.com tcp
US 149.100.151.207:443 soularycorp.com tcp
US 8.8.8.8:53 adantelope.com udp
US 8.8.8.8:53 adielsouza.com udp
US 8.8.8.8:53 aidoushequ.com udp
US 8.8.8.8:53 aijobsadda.com udp
BR 45.152.44.158:443 speccompany.com tcp
US 172.67.135.39:443 spark-smart.com tcp
US 8.8.8.8:53 www.alamcelroy.com udp
US 8.8.8.8:53 allieerist.com udp
US 8.8.8.8:53 allsmartac.com udp
US 8.8.8.8:53 alqazilift.com udp
US 8.8.8.8:53 arabiptvhd.com udp
US 8.8.8.8:53 angelchart.com udp
US 8.8.8.8:53 areufosreal.wpengine.com udp
US 8.8.8.8:53 246.48.72.62.in-addr.arpa udp
US 8.8.8.8:53 166.138.180.82.in-addr.arpa udp
US 8.8.8.8:53 17.189.167.108.in-addr.arpa udp
US 8.8.8.8:53 67.157.132.45.in-addr.arpa udp
US 8.8.8.8:53 247.34.21.104.in-addr.arpa udp
IN 64.227.169.131:443 aijobsadda.com tcp
US 149.100.149.44:443 adantelope.com tcp
BR 154.49.247.221:443 adielsouza.com tcp
US 8.8.8.8:53 arvenscans.com udp
US 172.67.171.18:443 allsmartac.com tcp
DE 217.160.0.109:80 amalwalton.com tcp
US 143.198.131.13:443 allieerist.com tcp
US 198.54.114.170:443 alqazilift.com tcp
ES 217.76.130.105:443 www.alamcelroy.com tcp
US 154.41.230.24:443 arabiptvhd.com tcp
US 8.8.8.8:53 asiatether.com udp
US 104.197.19.125:443 areufosreal.wpengine.com tcp
US 8.8.8.8:53 atomgeek4u.com udp
US 8.8.8.8:53 attrprints.com udp
US 8.8.8.8:53 aubgeneral.com udp
US 8.8.8.8:53 aycreation.com udp
NL 89.116.53.201:443 ampliakids.com tcp
CN 119.45.93.231:443 aidoushequ.com tcp
US 8.8.8.8:53 21.20.28.185.in-addr.arpa udp
US 8.8.8.8:53 60.171.98.82.in-addr.arpa udp
US 8.8.8.8:53 39.135.67.172.in-addr.arpa udp
US 8.8.8.8:53 213.174.180.82.in-addr.arpa udp
US 8.8.8.8:53 3.43.250.63.in-addr.arpa udp
US 8.8.8.8:53 207.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 158.44.152.45.in-addr.arpa udp
US 8.8.8.8:53 18.171.67.172.in-addr.arpa udp
US 8.8.8.8:53 109.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 105.130.76.217.in-addr.arpa udp
US 195.35.39.188:443 asiatether.com tcp
US 8.8.8.8:53 badreldeen.com udp
US 8.8.8.8:53 bistroccai.com udp
US 8.8.8.8:53 bloommatic.com udp
US 172.67.201.175:443 arvenscans.com tcp
US 8.8.8.8:53 www.azzurrivpn.com udp
IN 154.41.233.63:443 atomgeek4u.com tcp
IN 89.117.188.146:443 aycreation.com tcp
US 172.67.176.47:443 imunify-alert.com tcp
US 54.203.224.232:443 bistroccai.com tcp
US 8.8.8.8:53 boldfemmes.com udp
US 8.8.8.8:53 boontutors.com udp
US 8.8.8.8:53 boopiedoes.com udp
US 8.8.8.8:53 udp
US 217.196.55.162:443 bloommatic.com tcp
US 104.21.55.92:443 www.azzurrivpn.com tcp
US 8.8.8.8:53 brandsroom.com udp
US 8.8.8.8:53 brudermask.com udp
US 8.8.8.8:53 buendiahub.com udp
US 8.8.8.8:53 bsgetaways.com udp
US 8.8.8.8:53 canapropre.com udp
US 8.8.8.8:53 byblueland.com udp
US 8.8.8.8:53 44.149.100.149.in-addr.arpa udp
US 8.8.8.8:53 131.169.227.64.in-addr.arpa udp
US 8.8.8.8:53 24.230.41.154.in-addr.arpa udp
US 8.8.8.8:53 13.131.198.143.in-addr.arpa udp
US 8.8.8.8:53 170.114.54.198.in-addr.arpa udp
US 8.8.8.8:53 221.247.49.154.in-addr.arpa udp
US 8.8.8.8:53 125.19.197.104.in-addr.arpa udp
US 8.8.8.8:53 201.53.116.89.in-addr.arpa udp
US 8.8.8.8:53 188.39.35.195.in-addr.arpa udp
US 8.8.8.8:53 175.201.67.172.in-addr.arpa udp
US 8.8.8.8:53 63.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 146.188.117.89.in-addr.arpa udp
US 149.100.151.150:443 attrprints.com tcp
US 162.159.137.9:443 boopiedoes.com tcp
US 66.235.200.251:443 boontutors.com tcp
GB 185.77.97.27:443 boldfemmes.com tcp
US 8.8.8.8:53 arvenscans.org udp
US 198.23.52.86:80 awecre8ive.com tcp
US 160.153.0.36:443 badreldeen.com tcp
US 8.8.8.8:53 chandikala.com udp
DE 144.76.142.186:443 aubgeneral.com tcp
US 8.8.8.8:53 coachgargi.com udp
US 8.8.8.8:53 compass24h.com udp
DE 161.97.169.95:443 coachgargi.com tcp
DE 217.160.0.139:443 canapropre.com tcp
IN 82.180.164.79:443 chandikala.com tcp
US 8.8.8.8:53 www.soultorches.com udp
US 86.38.202.7:443 brudermask.com tcp
US 31.170.167.121:443 buendiahub.com tcp
US 80.71.144.227:443 byblueland.com tcp
US 8.8.8.8:53 cookfoodze.com udp
US 104.21.81.242:443 compass24h.com tcp
US 8.8.8.8:53 costlomall.com udp
US 8.8.8.8:53 damakala24.com udp
US 8.8.8.8:53 denimlanka.com udp
US 8.8.8.8:53 232.224.203.54.in-addr.arpa udp
US 8.8.8.8:53 92.55.21.104.in-addr.arpa udp
US 8.8.8.8:53 162.55.196.217.in-addr.arpa udp
US 8.8.8.8:53 9.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 251.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 27.97.77.185.in-addr.arpa udp
US 8.8.8.8:53 36.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 186.142.76.144.in-addr.arpa udp
US 8.8.8.8:53 150.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 86.52.23.198.in-addr.arpa udp
US 62.72.48.249:443 brandsroom.com tcp
US 23.231.1.99:443 bsgetaways.com tcp
US 82.180.174.213:443 www.soultorches.com tcp
US 104.21.26.191:443 cookfoodze.com tcp
US 104.21.65.164:443 arvenscans.org tcp
DE 136.243.210.97:443 damakala24.com tcp
US 8.8.8.8:53 dblogsspot.com udp
US 8.8.8.8:53 desisextoy.com udp
US 8.8.8.8:53 detastudia.com udp
US 8.8.8.8:53 digimakala.com udp
US 8.8.8.8:53 digipaceup.com udp
US 152.44.39.83:443 costlomall.com tcp
US 8.8.8.8:53 diwalirizz.com udp
US 8.8.8.8:53 disestampa.com udp
US 8.8.8.8:53 djtibevabe.com udp
US 8.8.8.8:53 digihemant.com udp
US 8.8.8.8:53 docplusapp.com udp
US 8.8.8.8:53 designooze.com udp
US 8.8.8.8:53 95.169.97.161.in-addr.arpa udp
US 8.8.8.8:53 79.164.180.82.in-addr.arpa udp
US 8.8.8.8:53 7.202.38.86.in-addr.arpa udp
US 8.8.8.8:53 121.167.170.31.in-addr.arpa udp
US 8.8.8.8:53 242.81.21.104.in-addr.arpa udp
US 8.8.8.8:53 227.144.71.80.in-addr.arpa udp
US 156.67.72.104:443 denimlanka.com tcp
IN 154.41.233.77:443 dblogsspot.com tcp
US 18.144.79.245:80 docplusapp.com tcp
US 185.212.71.6:443 desisextoy.com tcp
US 104.21.38.127:443 detastudia.com tcp
FI 135.181.12.11:443 djtibevabe.com tcp
IN 154.41.233.63:443 digipaceup.com tcp
IR 88.135.68.87:443 digimakala.com tcp
US 8.8.8.8:53 draraghbaz.com udp
US 8.8.8.8:53 drautowork.com udp
US 8.8.8.8:53 ibero4jobs.com udp
US 104.238.205.144:443 disestampa.com tcp
US 8.8.8.8:53 www.iccievents.com udp
US 8.8.8.8:53 idmcrackdl.com udp
IN 89.117.188.163:443 diwalirizz.com tcp
US 8.8.8.8:53 164.65.21.104.in-addr.arpa udp
US 8.8.8.8:53 97.210.243.136.in-addr.arpa udp
US 8.8.8.8:53 249.48.72.62.in-addr.arpa udp
US 8.8.8.8:53 99.1.231.23.in-addr.arpa udp
US 8.8.8.8:53 104.72.67.156.in-addr.arpa udp
US 8.8.8.8:53 127.38.21.104.in-addr.arpa udp
US 8.8.8.8:53 77.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 245.79.144.18.in-addr.arpa udp
US 8.8.8.8:53 6.71.212.185.in-addr.arpa udp
US 8.8.8.8:53 11.12.181.135.in-addr.arpa udp
US 8.8.8.8:53 damakala24.ir udp
IN 217.21.91.9:443 designooze.com tcp
US 8.8.8.8:53 indibetapk.com udp
US 104.21.51.185:443 impeccbags.com tcp
GB 154.49.138.150:443 drautowork.com tcp
US 216.239.34.21:443 idmcrackdl.com tcp
DE 178.18.245.250:443 www.iccievents.com tcp
IR 185.252.29.160:443 draraghbaz.com tcp
US 149.100.151.208:443 ibero4jobs.com tcp
US 8.8.8.8:53 indsrealty.com udp
US 8.8.8.8:53 infofotobr.com udp
US 8.8.8.8:53 inikarilah.com udp
US 104.21.76.79:443 sashimi-sp.com tcp
SG 191.101.230.145:443 inikarilah.com tcp
US 8.8.8.8:53 taviathevix.com udp
BR 45.152.44.9:443 infofotobr.com tcp
IN 89.117.188.131:443 indibetapk.com tcp
US 8.8.8.8:53 issuehiter.com udp
US 8.8.8.8:53 ivanov-law.com udp
US 8.8.8.8:53 jankrueder.com udp
US 8.8.8.8:53 javedmulla.com udp
US 8.8.8.8:53 87.68.135.88.in-addr.arpa udp
US 8.8.8.8:53 144.205.238.104.in-addr.arpa udp
US 8.8.8.8:53 163.188.117.89.in-addr.arpa udp
US 8.8.8.8:53 185.51.21.104.in-addr.arpa udp
US 8.8.8.8:53 21.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 150.138.49.154.in-addr.arpa udp
DE 136.243.210.97:443 damakala24.ir tcp
US 8.8.8.8:53 250.245.18.178.in-addr.arpa udp
US 8.8.8.8:53 9.91.21.217.in-addr.arpa udp
US 8.8.8.8:53 160.29.252.185.in-addr.arpa udp
US 8.8.8.8:53 208.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 www.joanbronte.com udp
SG 139.180.128.139:443 issuehiter.com tcp
US 191.96.56.101:443 indsrealty.com tcp
US 160.153.0.21:443 taviathevix.com tcp
IN 62.72.28.180:443 javedmulla.com tcp
FR 92.205.54.91:80 jankrueder.com tcp
US 8.8.8.8:53 www.idmcrackdl.com udp
US 8.8.8.8:53 joblounges.com udp
US 8.8.8.8:53 jobsmoment.com udp
FR 195.35.49.63:443 ivanov-law.com tcp
US 8.8.8.8:53 jooneyblog.com udp
US 8.8.8.8:53 jriverblog.com udp
US 8.8.8.8:53 justeyanis.com udp
US 8.8.8.8:53 kamasboune.com udp
US 8.8.8.8:53 karynafoto.com udp
US 8.8.8.8:53 junealicia.com udp
SG 194.59.164.80:443 inidsystem.com tcp
US 8.8.8.8:53 kasiavelaj.com udp
US 8.8.8.8:53 131.188.117.89.in-addr.arpa udp
US 8.8.8.8:53 9.44.152.45.in-addr.arpa udp
US 8.8.8.8:53 145.230.101.191.in-addr.arpa udp
US 8.8.8.8:53 kirakilive.com udp
US 8.8.8.8:53 klickorder.com udp
US 172.67.196.195:443 www.joanbronte.com tcp
US 172.67.176.47:443 imunify-alert.com tcp
US 8.8.8.8:53 kmtranslog.com udp
IN 89.117.27.224:443 jobsmoment.com tcp
IE 74.125.193.121:443 www.idmcrackdl.com tcp
FR 154.49.245.89:443 kamasboune.com tcp
FR 129.151.229.102:443 justeyanis.com tcp
FR 154.49.245.30:443 joblounges.com tcp
LT 45.84.206.219:443 karynafoto.com tcp
US 8.8.8.8:53 l-tenshoku.com udp
KR 158.247.233.194:443 jriverblog.com tcp
CA 184.107.100.26:443 junealicia.com tcp
US 8.8.8.8:53 lavizblind.com udp
US 8.8.8.8:53 www.byblueland.com udp
US 8.8.8.8:53 leiamentes.com udp
US 8.8.8.8:53 leo4durham.com udp
JP 133.18.77.79:443 kirakilive.com tcp
US 8.8.8.8:53 101.56.96.191.in-addr.arpa udp
US 8.8.8.8:53 21.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 63.49.35.195.in-addr.arpa udp
US 8.8.8.8:53 180.28.72.62.in-addr.arpa udp
US 8.8.8.8:53 195.196.67.172.in-addr.arpa udp
PL 178.211.137.107:80 kasiavelaj.com tcp
FR 109.234.164.163:443 kmtranslog.com tcp
SG 146.190.85.30:443 jooneyblog.com tcp
SG 156.67.222.72:443 klickorder.com tcp
JP 163.44.185.184:443 l-tenshoku.com tcp
US 8.8.8.8:53 leprinteur.com udp
US 8.8.8.8:53 liraevents.com udp
US 8.8.8.8:53 linksmeans.com udp
US 8.8.8.8:53 www.localvacpa.com udp
US 34.120.137.41:80 lavizblind.com tcp
US 8.8.8.8:53 loosingdan.com udp
US 8.8.8.8:53 lopdadapta.com udp
US 8.8.8.8:53 luzbeatriz.com udp
US 8.8.8.8:53 www.madgebroad.com udp
US 80.71.144.227:443 www.byblueland.com tcp
US 8.8.8.8:53 maheshdhfm.com udp
GB 31.220.106.43:443 leiamentes.com tcp
US 8.8.8.8:53 121.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 89.245.49.154.in-addr.arpa udp
US 8.8.8.8:53 102.229.151.129.in-addr.arpa udp
US 8.8.8.8:53 30.245.49.154.in-addr.arpa udp
US 8.8.8.8:53 224.27.117.89.in-addr.arpa udp
US 8.8.8.8:53 219.206.84.45.in-addr.arpa udp
US 8.8.8.8:53 26.100.107.184.in-addr.arpa udp
US 8.8.8.8:53 107.137.211.178.in-addr.arpa udp
US 8.8.8.8:53 79.77.18.133.in-addr.arpa udp
US 8.8.8.8:53 163.164.234.109.in-addr.arpa udp
US 162.159.137.9:443 leo4durham.com tcp
FR 89.116.147.153:443 leprinteur.com tcp
SG 156.67.222.250:443 linksmeans.com tcp
IN 89.117.157.210:443 livecricks.com tcp
GB 51.68.200.100:443 www.lexi-cohen.com tcp
US 3.132.17.71:80 loosingdan.com tcp
US 172.67.201.188:443 www.localvacpa.com tcp
US 8.8.8.8:53 mansaforex.com udp
GB 217.21.68.3:443 liraevents.com tcp
IN 154.41.233.62:443 maheshdhfm.com tcp
US 31.170.167.178:443 luzbeatriz.com tcp
US 104.21.77.250:443 lopdadapta.com tcp
US 172.67.178.11:443 www.madgebroad.com tcp
US 8.8.8.8:53 mao-in-aus.com udp
US 34.120.137.41:443 lavizblind.com tcp
US 8.8.8.8:53 mecyclinic.com udp
US 8.8.8.8:53 41.137.120.34.in-addr.arpa udp
US 8.8.8.8:53 184.185.44.163.in-addr.arpa udp
US 8.8.8.8:53 72.222.67.156.in-addr.arpa udp
US 8.8.8.8:53 43.106.220.31.in-addr.arpa udp
US 8.8.8.8:53 100.200.68.51.in-addr.arpa udp
US 8.8.8.8:53 153.147.116.89.in-addr.arpa udp
US 8.8.8.8:53 188.201.67.172.in-addr.arpa udp
US 8.8.8.8:53 3.68.21.217.in-addr.arpa udp
US 8.8.8.8:53 71.17.132.3.in-addr.arpa udp
US 8.8.8.8:53 210.157.117.89.in-addr.arpa udp
IN 217.21.85.140:443 mansaforex.com tcp
TR 93.180.133.7:443 mecyclinic.com tcp
US 8.8.8.8:53 lash-glow.com udp
US 8.8.8.8:53 legaitech.com udp
US 8.8.8.8:53 levelzcut.com udp
US 8.8.8.8:53 lexiqshop.com udp
US 8.8.8.8:53 mkkpishro.com udp
US 8.8.8.8:53 luffy-win.com udp
US 8.8.8.8:53 mscudnews.com udp
US 8.8.8.8:53 nksphysio.com udp
US 8.8.8.8:53 nonahause.com udp
US 8.8.8.8:53 250.77.21.104.in-addr.arpa udp
US 8.8.8.8:53 11.178.67.172.in-addr.arpa udp
US 8.8.8.8:53 178.167.170.31.in-addr.arpa udp
US 8.8.8.8:53 62.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 250.222.67.156.in-addr.arpa udp
US 8.8.8.8:53 140.85.21.217.in-addr.arpa udp
US 8.8.8.8:53 nsbamedia.com udp
US 8.8.8.8:53 opg-bacic.com udp
US 8.8.8.8:53 ozhiaopin.com udp
US 8.8.8.8:53 pap-autos.com udp
US 8.8.8.8:53 pgmportal.com udp
US 8.8.8.8:53 abelmidias.com udp
US 162.241.2.113:443 lash-glow.com tcp
US 50.87.174.20:443 legaitech.com tcp
DE 139.162.173.93:443 lexiqshop.com tcp
US 162.241.2.29:443 levelzcut.com tcp
IR 217.144.105.206:80 mkkpishro.com tcp
US 162.241.230.132:443 nksphysio.com tcp
US 162.215.169.248:443 luffy-win.com tcp
JP 163.44.177.18:443 na-na-log.com tcp
US 8.8.8.8:53 abrilsaude.com udp
US 162.241.216.122:443 nonahause.com tcp
US 8.8.8.8:53 www.lopdadapta.com udp
US 50.87.230.228:443 mscudnews.com tcp
FR 213.186.33.5:80 pap-autos.com tcp
US 74.220.199.6:443 pgmportal.com tcp
US 162.255.119.164:80 ozhiaopin.com tcp
US 154.49.142.51:443 nsbamedia.com tcp
US 8.8.8.8:53 academyami.com udp
US 8.8.8.8:53 aeromaxavi.com udp
US 108.167.142.40:443 opg-bacic.com tcp
US 172.67.176.47:443 imunify-alert.com tcp
US 192.185.213.25:443 abelmidias.com tcp
US 8.8.8.8:53 agrifanaka.com udp
US 8.8.8.8:53 ajforidaho.com udp
US 8.8.8.8:53 www.ajaqceylon.com udp
US 108.179.192.139:443 abrilsaude.com tcp
US 8.8.8.8:53 www.pap-autos.com udp
US 104.21.77.250:443 www.lopdadapta.com tcp
US 8.8.8.8:53 akotastore.com udp
US 8.8.8.8:53 alisadeeds.com udp
US 8.8.8.8:53 allindumps.com udp
US 8.8.8.8:53 annewooten.com udp
US 8.8.8.8:53 aprometals.com udp
US 8.8.8.8:53 aralucknow.in udp
IN 68.178.157.109:80 aeromaxavi.com tcp
SG 45.13.133.189:443 academyami.com tcp
US 8.8.8.8:53 113.2.241.162.in-addr.arpa udp
US 8.8.8.8:53 93.173.162.139.in-addr.arpa udp
US 8.8.8.8:53 20.174.87.50.in-addr.arpa udp
US 8.8.8.8:53 29.2.241.162.in-addr.arpa udp
US 8.8.8.8:53 206.105.144.217.in-addr.arpa udp
US 8.8.8.8:53 132.230.241.162.in-addr.arpa udp
US 8.8.8.8:53 248.169.215.162.in-addr.arpa udp
US 8.8.8.8:53 5.33.186.213.in-addr.arpa udp
US 8.8.8.8:53 122.216.241.162.in-addr.arpa udp
US 8.8.8.8:53 228.230.87.50.in-addr.arpa udp
US 8.8.8.8:53 164.119.255.162.in-addr.arpa udp
US 8.8.8.8:53 18.177.44.163.in-addr.arpa udp
US 8.8.8.8:53 51.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 40.142.167.108.in-addr.arpa udp
US 8.8.8.8:53 assexgroup.com udp
US 8.8.8.8:53 www.assirypark.com udp
US 8.8.8.8:53 www.balegantar.com udp
US 8.8.8.8:53 bab-atypik.com udp
US 8.8.8.8:53 bankedtest.com udp
NL 107.6.173.134:80 akotastore.com tcp
US 192.254.185.181:443 www.ajaqceylon.com tcp
FR 5.196.35.29:443 ajforidaho.com tcp
US 8.8.8.8:53 barkuluxka.com udp
US 162.144.15.174:443 alisadeeds.com tcp
FR 51.91.236.193:80 www.pap-autos.com tcp
US 8.8.8.8:53 beariskuma.com udp
US 8.8.8.8:53 bestieland.com udp
US 8.8.8.8:53 bhavalagna.com udp
US 129.121.20.169:443 allindumps.com tcp
US 8.8.8.8:53 blueskitty.com udp
US 50.87.173.87:443 annewooten.com tcp
US 192.185.105.197:443 agrifanaka.com tcp
US 192.185.129.39:443 aralucknow.in tcp
US 8.8.8.8:53 bncestudio.com udp
US 8.8.8.8:53 bniyatezer.com udp
US 8.8.8.8:53 25.213.185.192.in-addr.arpa udp
US 8.8.8.8:53 139.192.179.108.in-addr.arpa udp
ID 103.112.245.8:443 www.balegantar.com tcp
FR 109.234.164.166:443 bab-atypik.com tcp
US 162.241.225.171:443 assexgroup.com tcp
RU 45.91.8.248:443 aprometals.com tcp
US 8.8.8.8:53 brealswash.com udp
US 8.8.8.8:53 www.bosourcing.com udp
US 162.241.225.108:80 bankedtest.com tcp
ID 203.175.8.49:443 www.assirypark.com tcp
ES 82.223.36.109:443 barkuluxka.com tcp
US 8.8.8.8:53 bunstorevn.com udp
US 8.8.8.8:53 cats-matic.com udp
US 8.8.8.8:53 cariirumah.com udp
US 8.8.8.8:53 bsmambalaj.com udp
US 208.113.173.80:80 blueskitty.com tcp
US 8.8.8.8:53 cbiocarbon.com udp
CA 104.251.111.203:443 www.bosourcing.com tcp
US 50.87.216.37:443 bniyatezer.com tcp
US 162.241.226.121:443 bestaiware.com tcp
US 8.8.8.8:53 ardentennis.com udp
US 173.201.190.5:443 bhavalagna.com tcp
US 8.8.8.8:53 189.133.13.45.in-addr.arpa udp
US 8.8.8.8:53 29.35.196.5.in-addr.arpa udp
US 8.8.8.8:53 181.185.254.192.in-addr.arpa udp
US 8.8.8.8:53 193.236.91.51.in-addr.arpa udp
US 8.8.8.8:53 174.15.144.162.in-addr.arpa udp
US 8.8.8.8:53 169.20.121.129.in-addr.arpa udp
US 8.8.8.8:53 166.164.234.109.in-addr.arpa udp
US 8.8.8.8:53 197.105.185.192.in-addr.arpa udp
US 8.8.8.8:53 87.173.87.50.in-addr.arpa udp
US 8.8.8.8:53 39.129.185.192.in-addr.arpa udp
US 8.8.8.8:53 171.225.241.162.in-addr.arpa udp
US 8.8.8.8:53 108.225.241.162.in-addr.arpa udp
US 8.8.8.8:53 8.245.112.103.in-addr.arpa udp
ES 185.66.41.241:443 bncestudio.com tcp
US 8.8.8.8:53 audhdforshe.com udp
US 8.8.8.8:53 beawakening.com udp
US 8.8.8.8:53 bohedavilla.com udp
US 8.8.8.8:53 bibearstore.com udp
US 8.8.8.8:53 cafasedutor.com udp
US 8.8.8.8:53 comeonshein.com udp
US 8.8.8.8:53 coatingchic.com udp
US 8.8.8.8:53 creamelissa.com udp
US 8.8.8.8:53 dent-urgent.com udp
US 8.8.8.8:53 cudadigital.com udp
VN 202.92.7.54:443 bunstorevn.com tcp
US 172.67.176.62:443 cariirumah.com tcp
TR 104.247.167.147:443 bsmambalaj.com tcp
US 8.8.8.8:53 digitaljodo.com udp
US 8.8.8.8:53 divapeshop4.com udp
US 8.8.8.8:53 109.36.223.82.in-addr.arpa udp
US 8.8.8.8:53 49.8.175.203.in-addr.arpa udp
US 8.8.8.8:53 80.173.113.208.in-addr.arpa udp
US 8.8.8.8:53 www.ozhiaopin.com udp
US 8.8.8.8:53 arganatechnologies.com udp
US 8.8.8.8:53 digfest2k23.com udp
SG 151.106.119.225:80 cats-matic.com tcp
US 72.167.56.241:80 brealswash.com tcp
US 50.87.149.43:443 cudadigital.com tcp
US 162.241.60.213:443 creamelissa.com tcp
US 8.8.8.8:53 itsrealagency.com udp
US 162.241.219.116:443 ardentennis.com tcp
US 8.8.8.8:53 jamaliahbasri.com udp
US 192.185.84.22:443 bohedavilla.com tcp
US 108.167.188.62:443 cafasedutor.com tcp
US 50.87.138.151:443 coatingchic.com tcp
US 8.8.8.8:53 jareddeflurin.com udp
US 162.241.226.193:443 audhdforshe.com tcp
US 162.241.253.198:443 comeonshein.com tcp
US 162.144.12.125:443 bibearstore.com tcp
US 162.241.252.206:443 beawakening.com tcp
US 8.8.8.8:53 jayarathnapcb.com udp
US 8.8.8.8:53 jaybirddragon.com udp
US 8.8.8.8:53 jessiemorrell.com udp
US 8.8.8.8:53 37.216.87.50.in-addr.arpa udp
US 8.8.8.8:53 121.226.241.162.in-addr.arpa udp
US 8.8.8.8:53 241.41.66.185.in-addr.arpa udp
US 8.8.8.8:53 62.176.67.172.in-addr.arpa udp
US 8.8.8.8:53 147.167.247.104.in-addr.arpa udp
US 8.8.8.8:53 54.7.92.202.in-addr.arpa udp
US 8.8.8.8:53 jesusenovilla.com udp
US 162.241.30.77:443 digfest2k23.com tcp
GB 31.22.4.6:443 arganatechnologies.com tcp
IN 111.118.215.77:443 dent-urgent.com tcp
IR 89.42.211.235:443 divapeshop4.com tcp
US 192.185.129.112:443 digitaljodo.com tcp
US 8.8.8.8:53 kaghaz-divari.com udp
DE 91.195.240.19:80 www.ozhiaopin.com tcp
FR 51.91.236.193:443 itsrealagency.com tcp
US 8.8.8.8:53 katana-espada.com udp
US 8.8.8.8:53 dashboard.thepaperlessagent.com udp
FR 176.31.149.106:443 jesusenovilla.com tcp
SG 109.123.239.189:80 jamaliahbasri.com tcp
US 63.250.43.15:80 jaybirddragon.com tcp
US 8.8.8.8:53 ketcaunhathep.com udp
US 146.20.65.5:443 jareddeflurin.com tcp
US 8.8.8.8:53 keytotheparty.com udp
US 8.8.8.8:53 kozoji-tyozai.com udp
US 8.8.8.8:53 kitasenju-elu.com udp
US 8.8.8.8:53 kpmyhrconnect.com udp
US 82.180.172.124:443 jayarathnapcb.com tcp
IR 45.149.76.60:80 kaghaz-divari.com tcp
US 8.8.8.8:53 kpoptrendsnyc.com udp
US 8.8.8.8:53 213.60.241.162.in-addr.arpa udp
US 8.8.8.8:53 43.149.87.50.in-addr.arpa udp
US 8.8.8.8:53 225.119.106.151.in-addr.arpa udp
US 8.8.8.8:53 116.219.241.162.in-addr.arpa udp
US 8.8.8.8:53 62.188.167.108.in-addr.arpa udp
US 8.8.8.8:53 22.84.185.192.in-addr.arpa udp
US 8.8.8.8:53 151.138.87.50.in-addr.arpa udp
US 8.8.8.8:53 193.226.241.162.in-addr.arpa udp
US 8.8.8.8:53 198.253.241.162.in-addr.arpa udp
US 8.8.8.8:53 206.252.241.162.in-addr.arpa udp
US 8.8.8.8:53 6.4.22.31.in-addr.arpa udp
US 8.8.8.8:53 77.30.241.162.in-addr.arpa udp
US 8.8.8.8:53 235.211.42.89.in-addr.arpa udp
US 8.8.8.8:53 77.215.118.111.in-addr.arpa udp
US 8.8.8.8:53 112.129.185.192.in-addr.arpa udp
US 8.8.8.8:53 19.240.195.91.in-addr.arpa udp
US 8.8.8.8:53 kromercountry.com udp
US 8.8.8.8:53 lasnoticiasf1.com udp
US 8.8.8.8:53 lamaisonbinaf.com udp
US 8.8.8.8:53 lillianrecipe.com udp
US 8.8.8.8:53 lifestyle9365.com udp
US 8.8.8.8:53 limosdispatch.com udp
US 62.72.25.90:443 kpmyhrconnect.com tcp
JP 133.242.220.117:443 kozoji-tyozai.com tcp
US 104.21.89.234:443 dashboard.thepaperlessagent.com tcp
BE 13.225.239.88:443 kitasenju-elu.com tcp
FR 109.234.164.18:443 katana-espada.com tcp
US 8.8.8.8:53 livredecracha.com udp
US 8.8.8.8:53 lfbeautysalon.com udp
US 8.8.8.8:53 lojucontainer.com udp
US 8.8.8.8:53 recaptcha.cloud udp
US 8.8.8.8:53 letsbreathebd.com udp
US 8.8.8.8:53 lorabetgirisi.com udp
US 8.8.8.8:53 lorabetadresi.com udp
US 8.8.8.8:53 lucilemonnier.com udp
US 8.8.8.8:53 liberaldiario.com udp
US 8.8.8.8:53 luckylandbest.com udp
US 8.8.8.8:53 106.149.31.176.in-addr.arpa udp
US 8.8.8.8:53 5.65.20.146.in-addr.arpa udp
US 8.8.8.8:53 15.43.250.63.in-addr.arpa udp
NL 96.127.186.30:443 lasnoticiasf1.com tcp
US 141.193.213.10:443 kromercountry.com tcp
US 162.240.78.72:443 keytotheparty.com tcp
FR 145.239.37.162:443 lamaisonbinaf.com tcp
VN 103.179.190.245:443 ketcaunhathep.com tcp
US 156.67.73.161:443 kpoptrendsnyc.com tcp
US 8.8.8.8:53 luckylanes-it.com udp
US 8.8.8.8:53 lukecombsshop.com udp
US 154.56.47.231:443 limosdispatch.com tcp
US 8.8.8.8:53 lunanaturalls.com udp
DE 185.202.239.29:443 lorabetadresi.com tcp
US 8.8.8.8:53 www.madresfuertes.com udp
DE 95.111.249.199:443 letsbreathebd.com tcp
US 217.21.77.170:443 lfbeautysalon.com tcp
US 172.67.220.252:443 livredecracha.com tcp
DE 38.242.151.227:443 lorabetgirisi.com tcp
US 8.8.8.8:53 maestrodorado.com udp
US 104.21.81.30:80 luckylandbest.com tcp
BR 154.49.247.241:443 liberaldiario.com tcp
GB 154.49.138.68:443 lojucontainer.com tcp
KR 183.111.183.73:443 lifestyle9365.com tcp
DE 157.90.254.77:443 recaptcha.cloud tcp
US 172.67.218.186:443 lucilemonnier.com tcp
US 8.8.8.8:53 magdalenakruk.com udp
US 8.8.8.8:53 124.172.180.82.in-addr.arpa udp
US 8.8.8.8:53 60.76.149.45.in-addr.arpa udp
US 8.8.8.8:53 189.239.123.109.in-addr.arpa udp
US 8.8.8.8:53 234.89.21.104.in-addr.arpa udp
US 8.8.8.8:53 88.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 18.164.234.109.in-addr.arpa udp
US 8.8.8.8:53 90.25.72.62.in-addr.arpa udp
US 8.8.8.8:53 30.186.127.96.in-addr.arpa udp
US 8.8.8.8:53 117.220.242.133.in-addr.arpa udp
US 8.8.8.8:53 72.78.240.162.in-addr.arpa udp
US 8.8.8.8:53 245.190.179.103.in-addr.arpa udp
US 8.8.8.8:53 161.73.67.156.in-addr.arpa udp
US 8.8.8.8:53 www.jamaliahbasri.com udp
US 172.67.206.215:443 luckylanes-it.com tcp
US 172.67.186.75:80 lukecombsshop.com tcp
US 8.8.8.8:53 diegoscareandbubbles.com udp
US 104.21.8.25:80 lunanaturalls.com tcp
US 173.208.242.178:443 www.madresfuertes.com tcp
US 74.208.236.155:80 maestrodorado.com tcp
US 104.21.20.204:443 magdalenakruk.com tcp
US 8.8.8.8:53 dralergologopediatra.com udp
US 8.8.8.8:53 drjoserenatomaiolini.com udp
US 8.8.8.8:53 eaglecreekbotanicals.com udp
SG 109.123.239.189:80 www.jamaliahbasri.com tcp
US 8.8.8.8:53 caracal.odns.fr udp
US 8.8.8.8:53 eaglehillrenovations.com udp
US 162.241.2.166:443 diegoscareandbubbles.com tcp
US 8.8.8.8:53 easygardeningsecrets.com udp
US 8.8.8.8:53 www.empireconstructionsupply.com udp
US 8.8.8.8:53 29.239.202.185.in-addr.arpa udp
US 8.8.8.8:53 252.220.67.172.in-addr.arpa udp
US 8.8.8.8:53 30.81.21.104.in-addr.arpa udp
US 8.8.8.8:53 227.151.242.38.in-addr.arpa udp
US 8.8.8.8:53 231.47.56.154.in-addr.arpa udp
US 8.8.8.8:53 199.249.111.95.in-addr.arpa udp
US 8.8.8.8:53 186.218.67.172.in-addr.arpa udp
US 8.8.8.8:53 68.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 77.254.90.157.in-addr.arpa udp
US 8.8.8.8:53 170.77.21.217.in-addr.arpa udp
US 8.8.8.8:53 241.247.49.154.in-addr.arpa udp
US 8.8.8.8:53 73.183.111.183.in-addr.arpa udp
US 8.8.8.8:53 215.206.67.172.in-addr.arpa udp
US 8.8.8.8:53 75.186.67.172.in-addr.arpa udp
US 8.8.8.8:53 25.8.21.104.in-addr.arpa udp
US 8.8.8.8:53 204.20.21.104.in-addr.arpa udp
US 8.8.8.8:53 155.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 178.242.208.173.in-addr.arpa udp
US 108.179.253.43:443 drjoserenatomaiolini.com tcp
FR 109.234.164.249:443 caracal.odns.fr tcp
US 66.235.200.170:443 eaglecreekbotanicals.com tcp
US 8.8.8.8:53 energyelitenutrition.com udp
US 8.8.8.8:53 entreprenuersthreads.com udp
US 154.56.47.118:443 dralergologopediatra.com tcp
US 8.8.8.8:53 epichealthcareagency.com udp
SG 151.106.117.99:443 energyelitenutrition.com tcp
US 104.21.76.79:443 sashimi-sp.com tcp
US 89.117.8.243:443 eaglehillrenovations.com tcp
US 8.8.8.8:53 estheticsworldsupply.com udp
US 8.8.8.8:53 excitedsphynxkittens.com udp
IN 68.178.145.64:80 entreprenuersthreads.com tcp
US 66.235.200.147:443 www.empireconstructionsupply.com tcp
US 66.235.200.147:443 www.empireconstructionsupply.com tcp
US 8.8.8.8:53 www.felixrosenmusictutor.com udp
US 8.8.8.8:53 fightingtypeweakness.com udp
US 8.8.8.8:53 www.faithasphaltservices.com udp
US 8.8.8.8:53 166.2.241.162.in-addr.arpa udp
US 8.8.8.8:53 170.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 249.164.234.109.in-addr.arpa udp
US 8.8.8.8:53 43.253.179.108.in-addr.arpa udp
US 8.8.8.8:53 findexpertorganizers.com udp
US 8.8.8.8:53 fireflyenergyholding.com udp
US 8.8.8.8:53 www.freetestwaterflorida.com udp
US 8.8.8.8:53 foconobemestaresaude.com udp
US 8.8.8.8:53 friendslawassociates.com udp
ES 46.39.192.80:443 estancomillansoriano.com tcp
US 8.8.8.8:53 futuracreativestudio.com udp
US 82.180.172.70:443 excitedsphynxkittens.com tcp
US 8.8.8.8:53 fungiftspersonalized.com udp
US 8.8.8.8:53 gamevisionprotectors.com udp
US 8.8.8.8:53 furfeastspetsupplies.com udp
US 50.62.220.1:443 www.faithasphaltservices.com tcp
US 162.241.218.31:443 findexpertorganizers.com tcp
US 8.8.8.8:53 gitemaraisaudomarois.com udp
US 104.160.240.48:443 fireflyenergyholding.com tcp
FR 92.42.111.219:443 friendslawassociates.com tcp
BR 45.132.157.15:443 futuracreativestudio.com tcp
US 65.60.5.206:443 www.freetestwaterflorida.com tcp
US 108.167.169.87:443 foconobemestaresaude.com tcp
GB 185.77.97.64:443 fungiftspersonalized.com tcp
US 8.8.8.8:53 goldenleafpublishers.com udp
US 8.8.8.8:53 shreenakodaornaments.com udp
US 8.8.8.8:53 siambatteryayutthaya.com udp
US 8.8.8.8:53 graspdataengineering.com udp
US 8.8.8.8:53 sifaal-international.com udp
US 8.8.8.8:53 118.47.56.154.in-addr.arpa udp
US 8.8.8.8:53 99.117.106.151.in-addr.arpa udp
US 8.8.8.8:53 80.192.39.46.in-addr.arpa udp
US 8.8.8.8:53 simple-softsolutions.com udp
US 8.8.8.8:53 singaporehousingloan.com udp
US 8.8.8.8:53 skidsquadrugcleaning.com udp
US 50.87.253.23:443 easygardeningsecrets.com tcp
US 162.241.218.91:80 gamevisionprotectors.com tcp
US 8.8.8.8:53 www.lucilemonnier.com udp
US 8.8.8.8:53 www.skimsglobal.com udp
US 67.225.140.12:443 epichealthcareagency.com tcp
US 154.49.142.245:443 estheticsworldsupply.com tcp
IN 89.117.245.85:443 fightingtypeweakness.com tcp
GB 5.180.211.169:443 www.felixrosenmusictutor.com tcp
US 172.67.190.224:443 furfeastspetsupplies.com tcp
US 63.250.43.4:443 www.skimsglobal.com tcp
IN 119.18.49.78:443 gkdigitalopportunity.com tcp
US 63.250.43.131:80 singaporehousingloan.com tcp
US 8.8.8.8:53 www.magdalenakruk.com udp
US 207.174.215.130:443 shreenakodaornaments.com tcp
US 172.67.218.186:443 www.lucilemonnier.com tcp
SG 139.162.55.233:443 sifaal-international.com tcp
US 8.8.8.8:53 smartlifeelectricinc.com udp
US 8.8.8.8:53 70.172.180.82.in-addr.arpa udp
US 8.8.8.8:53 31.218.241.162.in-addr.arpa udp
US 8.8.8.8:53 64.97.77.185.in-addr.arpa udp
US 8.8.8.8:53 206.5.60.65.in-addr.arpa udp
US 8.8.8.8:53 48.240.160.104.in-addr.arpa udp
US 8.8.8.8:53 87.169.167.108.in-addr.arpa udp
US 8.8.8.8:53 23.253.87.50.in-addr.arpa udp
US 8.8.8.8:53 91.218.241.162.in-addr.arpa udp
US 8.8.8.8:53 12.140.225.67.in-addr.arpa udp
US 8.8.8.8:53 245.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 15.157.132.45.in-addr.arpa udp
US 8.8.8.8:53 85.245.117.89.in-addr.arpa udp
US 206.189.233.179:443 skidsquadrugcleaning.com tcp
US 8.8.8.8:53 sophisticatedswagger.com udp
US 64.90.39.232:443 simple-softsolutions.com tcp
IN 82.180.142.206:443 goldenleafpublishers.com tcp
US 8.8.8.8:53 soulshineinspiration.com udp
US 8.8.8.8:53 spacemonkeylogistics.com udp
US 8.8.8.8:53 speedyburgerdelivery.com udp
US 8.8.8.8:53 stellastarsastrology.com udp
US 8.8.8.8:53 srisaidurgastrologer.com udp
US 50.87.141.159:443 graspdataengineering.com tcp
US 8.8.8.8:53 stewardsharrisonfirm.com udp
US 8.8.8.8:53 sunbeamsanddaydreams.com udp
US 192.185.226.106:80 gitemaraisaudomarois.com tcp
TH 147.50.231.21:443 siambatteryayutthaya.com tcp
US 172.67.186.75:443 lukecombsshop.com tcp
US 8.8.8.8:53 sohainternationalllc.com udp
US 199.189.225.40:443 soulshineinspiration.com tcp
US 172.67.151.164:443 speedyburgerdelivery.com tcp
US 8.8.8.8:53 surveillancecamerasa.com udp
SG 156.67.222.247:443 sophisticatedswagger.com tcp
FI 95.217.75.123:80 smartlifeelectricinc.com tcp
US 8.8.8.8:53 224.190.67.172.in-addr.arpa udp
US 8.8.8.8:53 78.49.18.119.in-addr.arpa udp
US 8.8.8.8:53 4.43.250.63.in-addr.arpa udp
US 8.8.8.8:53 131.43.250.63.in-addr.arpa udp
US 8.8.8.8:53 130.215.174.207.in-addr.arpa udp
US 8.8.8.8:53 179.233.189.206.in-addr.arpa udp
US 8.8.8.8:53 206.142.180.82.in-addr.arpa udp
US 8.8.8.8:53 232.39.90.64.in-addr.arpa udp
US 8.8.8.8:53 159.141.87.50.in-addr.arpa udp
US 8.8.8.8:53 106.226.185.192.in-addr.arpa udp
US 172.67.194.101:443 www.magdalenakruk.com tcp
US 8.8.8.8:53 skimsglobal.com udp
US 162.241.226.118:443 spacemonkeylogistics.com tcp
US 50.87.172.103:443 sunbeamsanddaydreams.com tcp
LT 84.32.84.32:443 stellastarsastrology.com tcp
US 185.212.71.113:443 stewardsharrisonfirm.com tcp
US 8.8.8.8:53 swargadhamsevasamiti.com udp
US 8.8.8.8:53 tacticalquestdigital.com udp
GB 185.77.97.9:443 srisaidurgastrologer.com tcp
US 8.8.8.8:53 tahitisafariislander.com udp
US 8.8.8.8:53 test-bh-prod-ind-wc3.com udp
US 82.180.172.126:443 sohainternationalllc.com tcp
US 63.250.43.3:443 skimsglobal.com tcp
US 154.56.47.102:443 surveillancecamerasa.com tcp
US 8.8.8.8:53 texacarechimneysweep.com udp
US 8.8.8.8:53 thecircleadvertising.com udp
US 172.67.167.181:443 swargadhamsevasamiti.com tcp
SG 156.67.222.26:443 tacticalquestdigital.com tcp
US 8.8.8.8:53 21.231.50.147.in-addr.arpa udp
US 8.8.8.8:53 164.151.67.172.in-addr.arpa udp
US 8.8.8.8:53 233.55.162.139.in-addr.arpa udp
US 8.8.8.8:53 40.225.189.199.in-addr.arpa udp
US 8.8.8.8:53 123.75.217.95.in-addr.arpa udp
US 8.8.8.8:53 32.84.32.84.in-addr.arpa udp
US 8.8.8.8:53 247.222.67.156.in-addr.arpa udp
US 8.8.8.8:53 103.172.87.50.in-addr.arpa udp
US 8.8.8.8:53 118.226.241.162.in-addr.arpa udp
US 8.8.8.8:53 113.71.212.185.in-addr.arpa udp
US 154.49.142.245:443 estheticsworldsupply.com tcp
FR 46.105.204.28:443 tahitisafariislander.com tcp
US 8.8.8.8:53 thefreelancaingpoint.com udp
US 8.8.8.8:53 thepawsomewonderland.com udp
US 162.214.80.24:443 test-bh-prod-ind-wc3.com tcp
US 8.8.8.8:53 thepremiumshelfdeals.com udp
US 8.8.8.8:53 toptechnicalservices.com udp
US 8.8.8.8:53 tierramayarealestate.com udp
US 8.8.8.8:53 www.toursys.net udp
US 8.8.8.8:53 trademarkbuildersusa.com udp
US 8.8.8.8:53 tsalephalaleoriginal.com udp
US 8.8.8.8:53 tudoparavoceeporvoce.com udp
US 8.8.8.8:53 9.97.77.185.in-addr.arpa udp
US 8.8.8.8:53 126.172.180.82.in-addr.arpa udp
US 8.8.8.8:53 102.47.56.154.in-addr.arpa udp
US 8.8.8.8:53 181.167.67.172.in-addr.arpa udp
US 8.8.8.8:53 26.222.67.156.in-addr.arpa udp
US 8.8.8.8:53 www.swargadhamsevasamiti.com udp
US 8.8.8.8:53 www.tuifutureshaperhouse.com udp
FI 135.181.231.204:443 thecircleadvertising.com tcp
US 35.190.31.54:443 texacarechimneysweep.com tcp
US 168.235.116.206:443 thefreelancaingpoint.com tcp
US 172.67.193.196:443 thepawsomewonderland.com tcp
US 35.190.174.218:443 trademarkbuildersusa.com tcp
US 172.67.172.140:443 thepremiumshelfdeals.com tcp
GB 185.151.30.186:443 toptechnicalservices.com tcp
US 216.246.47.134:443 tierramayarealestate.com tcp
US 8.8.8.8:53 www.skidsquadrugcleaning.com udp
US 8.8.8.8:53 ufabetaffiliatetheme.com udp
US 8.8.8.8:53 www.simple-softsolutions.com udp
US 8.8.8.8:53 ufabetcounselingfree.com udp
US 8.8.8.8:53 ufabetgameswithcards.com udp
US 8.8.8.8:53 ufabetmagazineonline.com udp
US 192.185.199.101:443 www.toursys.net tcp
FR 35.181.89.222:443 tsalephalaleoriginal.com tcp
US 8.8.8.8:53 vadipattimadhashrine.com udp
FR 92.205.132.36:443 www.tuifutureshaperhouse.com tcp
US 104.21.35.19:443 www.swargadhamsevasamiti.com tcp
US 8.8.8.8:53 vendasonlinepromocao.com udp
US 8.8.8.8:53 24.80.214.162.in-addr.arpa udp
US 8.8.8.8:53 204.231.181.135.in-addr.arpa udp
US 8.8.8.8:53 54.31.190.35.in-addr.arpa udp
US 8.8.8.8:53 196.193.67.172.in-addr.arpa udp
US 8.8.8.8:53 vocationalfirstgroup.com udp
US 8.8.8.8:53 websuccessstrategies.com udp
CA 23.227.38.65:443 tudoparavoceeporvoce.com tcp
US 206.189.233.179:443 www.skidsquadrugcleaning.com tcp
US 8.8.8.8:53 westwoodresidencestz.com udp
US 64.90.39.232:443 www.simple-softsolutions.com tcp
US 104.21.3.107:443 ufabetaffiliatetheme.com tcp
US 104.21.6.83:443 ufabetgameswithcards.com tcp
US 172.67.176.19:443 ufabetmagazineonline.com tcp
US 172.67.182.67:443 ufabetcounselingfree.com tcp
US 8.8.8.8:53 wintersportsuniverse.com udp
US 8.8.8.8:53 worksmartmichaelsetm.com udp
US 8.8.8.8:53 www.zetetique-du-terrain.com udp
US 8.8.8.8:53 hcpublicidadedigital.com udp
PL 195.78.67.65:443 vertical-laptopstand.com tcp
US 8.8.8.8:53 hdredemptionsoftball.com udp
US 8.8.8.8:53 headphonehavenonline.com udp
US 66.228.55.89:443 vadipattimadhashrine.com tcp
US 162.241.203.80:443 vendasonlinepromocao.com tcp
FR 154.49.245.180:443 vocationalfirstgroup.com tcp
US 8.8.8.8:53 healthpointaesthetic.com udp
US 8.8.8.8:53 206.116.235.168.in-addr.arpa udp
US 8.8.8.8:53 140.172.67.172.in-addr.arpa udp
US 8.8.8.8:53 186.30.151.185.in-addr.arpa udp
US 8.8.8.8:53 218.174.190.35.in-addr.arpa udp
US 8.8.8.8:53 134.47.246.216.in-addr.arpa udp
US 8.8.8.8:53 222.89.181.35.in-addr.arpa udp
US 8.8.8.8:53 19.35.21.104.in-addr.arpa udp
US 8.8.8.8:53 heladoslatradicional.com udp
US 8.8.8.8:53 hermanosmatiasysebas.com udp
US 8.8.8.8:53 highachieversakademy.com udp
US 62.72.25.90:443 worksmartmichaelsetm.com tcp
FR 109.234.165.186:443 www.zetetique-du-terrain.com tcp
US 8.8.8.8:53 gille-specials.com udp
US 8.8.8.8:53 himalayannaturetreks.com udp
US 89.117.139.201:443 wintersportsuniverse.com tcp
US 207.174.212.247:443 westwoodresidencestz.com tcp
US 8.8.8.8:53 www.lovemynurse.com udp
TR 104.247.165.99:443 healthpointaesthetic.com tcp
ES 185.55.249.30:443 hermanosmatiasysebas.com tcp
US 108.179.232.244:443 hdredemptionsoftball.com tcp
US 8.8.8.8:53 horizondiagnosticsgh.com udp
US 69.49.241.15:443 hcpublicidadedigital.com tcp
US 162.241.2.162:443 heladoslatradicional.com tcp
US 8.8.8.8:53 housetohomewithheidi.com udp
US 172.67.223.238:443 headphonehavenonline.com tcp
US 8.8.8.8:53 howtodigitalproducts.com udp
NL 185.224.137.8:443 himalayannaturetreks.com tcp
US 8.8.8.8:53 www.indonesiabirdingtour.com udp
US 8.8.8.8:53 107.3.21.104.in-addr.arpa udp
US 8.8.8.8:53 83.6.21.104.in-addr.arpa udp
US 8.8.8.8:53 19.176.67.172.in-addr.arpa udp
US 8.8.8.8:53 67.182.67.172.in-addr.arpa udp
US 8.8.8.8:53 65.67.78.195.in-addr.arpa udp
US 8.8.8.8:53 180.245.49.154.in-addr.arpa udp
US 8.8.8.8:53 89.55.228.66.in-addr.arpa udp
US 8.8.8.8:53 80.203.241.162.in-addr.arpa udp
US 8.8.8.8:53 186.165.234.109.in-addr.arpa udp
DE 85.13.134.232:443 gille-specials.com tcp
US 8.8.8.8:53 interculturalharmony.com udp
US 8.8.8.8:53 izmirkoltuktamircisi.com udp
US 8.8.8.8:53 javiscashforjunkcars.com udp
US 212.1.208.103:443 horizondiagnosticsgh.com tcp
US 192.252.146.16:443 www.lovemynurse.com tcp
US 8.8.8.8:53 www.jovanovic-restaurant.com udp
US 8.8.8.8:53 julianblocktaxexpert.com udp
US 8.8.8.8:53 k9petchildessentials.com udp
US 8.8.8.8:53 kandongaproducciones.com udp
US 8.8.8.8:53 www.karkingiyimalisveris.com udp
BR 45.132.157.18:443 institutodosnegocios.com tcp
US 8.8.8.8:53 www.puntospy.com udp
BR 154.49.247.228:443 howtodigitalproducts.com tcp
US 86.38.202.177:443 javiscashforjunkcars.com tcp
US 8.8.8.8:53 quinodil.com udp
US 8.8.8.8:53 nuriafdez.com udp
US 8.8.8.8:53 dr-fanazad.com udp
US 8.8.8.8:53 ebrandship.com udp
US 8.8.8.8:53 201.139.117.89.in-addr.arpa udp
US 8.8.8.8:53 247.212.174.207.in-addr.arpa udp
US 8.8.8.8:53 30.249.55.185.in-addr.arpa udp
US 8.8.8.8:53 99.165.247.104.in-addr.arpa udp
US 8.8.8.8:53 244.232.179.108.in-addr.arpa udp
US 8.8.8.8:53 15.241.49.69.in-addr.arpa udp
US 8.8.8.8:53 162.2.241.162.in-addr.arpa udp
US 8.8.8.8:53 238.223.67.172.in-addr.arpa udp
US 8.8.8.8:53 8.137.224.185.in-addr.arpa udp
US 8.8.8.8:53 232.134.13.85.in-addr.arpa udp
US 66.235.200.112:443 interculturalharmony.com tcp
US 8.8.8.8:53 thefalconer.uk udp
US 8.8.8.8:53 searchbypr.com udp
US 8.8.8.8:53 danatalbahr.com udp
US 8.8.8.8:53 lukeleisman.com udp
US 155.248.196.23:443 julianblocktaxexpert.com tcp
BR 154.49.247.212:443 kandongaproducciones.com tcp
US 157.245.168.54:443 k9petchildessentials.com tcp
US 8.8.8.8:53 lyzproperty.com udp
DE 162.55.81.97:443 www.jovanovic-restaurant.com tcp
US 162.241.225.246:443 housetohomewithheidi.com tcp
TR 45.84.188.3:443 izmirkoltuktamircisi.com tcp
US 8.8.8.8:53 solutionpdf.com udp
DE 144.76.62.230:443 www.indonesiabirdingtour.com tcp
US 8.8.8.8:53 sonia-jerbi.com udp
US 8.8.8.8:53 sonsofswoop.com udp
IT 89.46.110.77:443 www.puntospy.com tcp
US 172.67.207.83:443 www.karkingiyimalisveris.com tcp
US 8.8.8.8:53 sportszaika.com udp
US 8.8.8.8:53 www.sr2energies.com udp
US 8.8.8.8:53 stampnshape.com udp
US 8.8.8.8:53 16.146.252.192.in-addr.arpa udp
US 8.8.8.8:53 18.157.132.45.in-addr.arpa udp
US 8.8.8.8:53 177.202.38.86.in-addr.arpa udp
US 50.6.138.174:443 quinodil.com tcp
ES 82.194.68.54:443 nuriafdez.com tcp
US 104.21.47.188:443 thefalconer.uk tcp
IR 195.28.10.78:443 irandatura.com tcp
US 198.54.125.151:443 ebrandship.com tcp
US 8.8.8.8:53 starbanters.com udp
US 162.213.255.48:443 searchbypr.com tcp

Files

memory/4920-1-0x0000000001C30000-0x0000000001D30000-memory.dmp

memory/4920-2-0x0000000001BC0000-0x0000000001BCB000-memory.dmp

memory/4920-3-0x0000000000400000-0x0000000001A2C000-memory.dmp

memory/3448-4-0x0000000003140000-0x0000000003156000-memory.dmp

memory/4920-5-0x0000000000400000-0x0000000001A2C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\A4FA.exe

MD5 2edff5c8ab33278d13cc2fa17ea6cb56
SHA1 9b99b27686a80333a552707a882378ea2a33d44f
SHA256 0138a6b63849e63167551e69e46948cbb2f4d7597fa14db93a0aaaab7be33c95
SHA512 1ac13bf26df417f7d33b8d6a6b7918f468778cd959493f326718a0d2c92875da55f0a516150b420085ec814c09b0bf38cd64d2b6a0c38d46bdc01443942a0e00

C:\Users\Admin\AppData\Local\Temp\A4FA.exe

MD5 7a6c19aeef203d2f34112ce9675efce3
SHA1 2cd3eef278513dc90402605257f308003e1e4781
SHA256 8a49cb8742b8f36798c25012e0790326a337c4314e9bf483badefbf036c5bcab
SHA512 0aa7b627333dd2ed607e0e7f2787f9e83fff2c66f4666e43d2fcdc4fbfb8da2ff51351d33d4faf34a915abd3df42feac96f1cfc9ba8accd429e79c58201e971d

memory/4876-16-0x00000000038B0000-0x0000000003A76000-memory.dmp

memory/4876-17-0x0000000003A80000-0x0000000003C37000-memory.dmp

memory/2220-20-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2220-21-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\A4FA.exe

MD5 3794ab461238c03c1e49fd9759b31772
SHA1 5606cf30a3f20f8871cf776fa87ff3ae97f2915a
SHA256 d06086ed6a3c20e91ba22cd4a3a7ffda1b7fceef529cd4ec257ceb6fef160908
SHA512 4c05433d8d8b1c0ca3767039820684d8602771475e8fd185e9772acdae8aa2756aa1b3fdc4d3a06122a6532f928835e1a24f8a40454295e1dc6c0b6f9866253a

memory/2220-18-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2220-22-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2220-23-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2220-24-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\A9DD.dll

MD5 91ad1563e079bce0cc0747d790261934
SHA1 696f1957d258ac510578ca8a3e7b7b31fd814ffa
SHA256 28fe4574b09ffc4ad8ecad0d7fe0c31e1e9e5159cb871dbd2813e4e95ecff5d2
SHA512 761b6c7475ac449aaf181b9b1aed21049b2a5fafcceb1d0d87302e0ccf6dbea1cfce2df5380db0ec2b053dab499af15646badcf9543f622edf322395be7bb748

C:\Users\Admin\AppData\Local\Temp\A9DD.dll

MD5 96df911f7bba43d9156a2ad6b6a13218
SHA1 1a0a5c9cdb9c91bb78fdb79b6a5e71cdcb31e08c
SHA256 164aee06dfeedc96d797520c3cbf8d6ee74716c5941d02706ea5dfdde2d7caef
SHA512 efa921645525978fa98037130063108b0f25706b3eefe345bc2f38fc00c97b266d9dc2a2141422f12582b81dd756a50555ebc053be5775d71f9c64d31d496717

memory/1224-34-0x00000000007F0000-0x00000000007F6000-memory.dmp

memory/1224-32-0x0000000010000000-0x0000000010202000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 cb350ff734929250c18faed165d9072e
SHA1 398c9353aeeb4887c3da6990f33a9e915c85d621
SHA256 774eb74563e41cbb61b596a35746355e11b82cef3469cffd1f59a678f9f8b6b0
SHA512 45f670710cbdfeb70453b8c40eda948b8e99e3df3a021618d0f3e47b15dec904efaa918080cfea22dccb56eae4270509a4dc3bf375c1125b11b57896947ea8b9

memory/1224-43-0x0000000002840000-0x0000000002968000-memory.dmp

memory/1224-44-0x0000000002970000-0x0000000002A7D000-memory.dmp

memory/1224-47-0x0000000002970000-0x0000000002A7D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\C71B.exe

MD5 9017e82a49326cb980b772a98a7110d2
SHA1 42146f4bb45c3b223f150e4262e56e7728734f0e
SHA256 baabd35b4ecd17c69c6c5430ea5fed47d22c070076eeb5c57039c69020cd3e04
SHA512 b8f76e60c886b03c2d3a4a99eebf9c2bfe1bb477f8bc94ba53cc8079a32a015f49ed1d83620465032774c02228721daaae74a7b961b29c122acf39b922b4230c

C:\Users\Admin\AppData\Local\Temp\C71B.exe

MD5 052df00587aad69aa3439ab10e1b9684
SHA1 8e68300f7c4aba7e544577311c99de35b43e73c7
SHA256 b6267f205e88ce464982579021c70822db04ee2f0a97c638c90861be72db05ba
SHA512 c58b1bd3fc1dc2ff4e846b3abf4a529273176a8ddfb8aa29ec501dc92d3f271ffc3b120e6bf9e9ccb7c5b9308f4f439d9e45fa1194ba0559cff47b5a864a3101

memory/1372-54-0x0000000000740000-0x0000000001031000-memory.dmp

memory/1372-53-0x0000000001470000-0x0000000001471000-memory.dmp

memory/1372-58-0x00000000014D0000-0x00000000014D1000-memory.dmp

memory/1372-57-0x00000000014D0000-0x00000000014D1000-memory.dmp

memory/1372-59-0x00000000014D0000-0x00000000014D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CC2C.exe

MD5 ea6e4a6cd6e24b47ddffb9efb4c86e9f
SHA1 0eb5423f94dcf8c0ff6e2d7b24ad6ddb63ab6aaf
SHA256 37e8a24769e076d6fc2c55837824d4c7118e02da0ce5ec593891cbca120762fc
SHA512 88562f21f14939b139a1a0cda8e3efb31099950a5a6dd093098e2f877b89d86dede5f16f8dc950024501164cf0fc106bb2c3d5782fe41b5a1cddd00baa5f24ae

C:\Users\Admin\AppData\Local\Temp\CC2C.exe

MD5 273242e786c6e976694d9405170f8e1c
SHA1 8fc5cea214f00fdd3d0dc91325e540f5cc97d180
SHA256 1da3a0a258886a295ceb3cda4b085cce997b2053d9934cc8285934d247ba3a39
SHA512 d6f42111ad3450f1146da6674e67ba5e039d651bd751c47fa58169cd4c0e488d999165ce3fd7bc6a9e4d292159b4b827e10c8f737ce7ac96d0cc32ceeb7f78a7

memory/2220-65-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1388-68-0x0000000001CA0000-0x0000000001DA0000-memory.dmp

memory/2220-66-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1388-69-0x0000000003680000-0x00000000036EB000-memory.dmp

memory/1388-67-0x0000000000400000-0x0000000001A77000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D9E9.exe

MD5 47d62a762bfe6acf8c57a6d377f12f7a
SHA1 ad258807d3d412b7da81de2d35b010721c85cb24
SHA256 fe88327cae614ac125604bb7ea97ec570327331abe46a974448792cffd3fb1cb
SHA512 a348c1e9ebf096ae4c6280595bcd33ebce73380beb489aba2dbba34dd33f74f1affc71908cb7446b5f345d7dad4259e87401a8d71ebb878d51a55373c57e43f1

C:\Users\Admin\AppData\Local\Temp\D9E9.exe

MD5 a61f4f160e03af6632da3446dc797e7e
SHA1 cae881d839cc9ea87852660993fecfd355b250fb
SHA256 970a64c1355989b64faeac9bffc1c524458696065b8378545331d2768967e951
SHA512 146598d624a57609535b94e521459edc845d8a2b1490faf75e8d7b5ecab9af40dc6ffc74d4da4f4d94578c57d26d74c25ad837d4d84c096f03c335d8eb3b1ff0

memory/1224-74-0x0000000010000000-0x0000000010202000-memory.dmp

memory/2220-75-0x0000000000400000-0x0000000000848000-memory.dmp

memory/3388-76-0x0000000000CB0000-0x000000000113C000-memory.dmp

memory/3388-78-0x0000000073400000-0x0000000073BB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

MD5 0564a9bf638169a89ccb3820a6b9a58e
SHA1 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb
SHA256 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058
SHA512 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 38266d377901981dc5afe97da18ca0dc
SHA1 6d9e713f95c29494ed7e2bf7aaf2c80f0051165b
SHA256 92576f2b525a4672fc48ba30b960c902c3f0b1190ee2160e6fe17407c61bbde0
SHA512 a8861daf3485f59f865dd24b1b44ec5a6ef91084b27830f8e9da3a1feb42239648b32885ce7a6370603d3347ceacd47aa3dfa2a118a61c49653d812478030943

memory/4632-94-0x0000000003690000-0x00000000036F7000-memory.dmp

memory/4632-91-0x0000000001BC0000-0x0000000001CC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 cb140dae94574f00eac452116f066c10
SHA1 12e2f57d525ee91b17229fb7d986244ea3a96d93
SHA256 5e9ec2d1bb8a3b6659dba83a05c3635794d42f6318027661fb45f4be0b9d68b4
SHA512 8d9c4f8752a994544320c6d0e360f0890c5f6a8ed681b48d62f1669f27a388fde994f389006845476c8f339886fbad976d7faf4954c723da80aa1719c9a9cbbc

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 ed0da2cf65d5548f4be637818cde8f3c
SHA1 87e51fbe402fe1bced141b08c6f70323dbcad3ee
SHA256 a8eeba60fd2b74d4a4f2bca79ba1788c4ad2c46b716cf7bc7d8d1b7f386c89ed
SHA512 effcfb24c0270fb33a70e32116ddaa88c0a29ec649bb37cf10ca2215cfca046b3664bc23fdd51c3c44e6c1b2668a057ad33658e10b44aeee0eabc7771236e61a

C:\Users\Admin\AppData\Local\Temp\E1BA.exe

MD5 643b3aff07e315712ad000f5d1a7ad55
SHA1 d3d6e1c9a2a2e6d6e2df824cf68122743c7fe286
SHA256 b377eb3585b734a07b9b0342323b40734f1d723575b4cd2b7629d38482815b51
SHA512 59dff8515bc27512ad3abe1d3e2a80c444fb14b4ad265411b3a41db27362fee4ddfe8a8426236a3aac832ae18ce8e1f3c4cb70880129701e7203988ac5eb5582

memory/3388-108-0x0000000073400000-0x0000000073BB0000-memory.dmp

memory/4632-107-0x0000000000400000-0x0000000001A4B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 66469bbb22b2cbad7c9dbf8f1b8b0a81
SHA1 320eba31d8cbf671ae3511ca20033a27165ee105
SHA256 c990cc5e0bddf87a4664475c7b5581df4e4278172b21e5292890345ef8a7e90c
SHA512 24dfb25634d12d61928c4273a527bd57544a934c07f60472685f6ab06292417e06f67a92902ae591b5a66fa6254249896a4e3dbaf11c84ac4a3911d9f88d6146

C:\Users\Admin\AppData\Local\Temp\E1BA.exe

MD5 0c3f7f76be32866fafcf1b1d26b831c3
SHA1 d7bb7e9437e922de417ce9e9102d2ee6cba7e9e7
SHA256 454e17045a7dd1a6a36dc0a8dcf5dfeebcd0ea36436c94d793de80bd9f150fe2
SHA512 a09084ab2dd088b85b2dbce2e4973c91a372898eda91419c1a79058a53742cced45d87b1c67b2e8c5528c333a2bf0e16d005edcdf33da40626c3c7b07933ad1d

memory/3764-109-0x0000000003B30000-0x0000000003F29000-memory.dmp

memory/3764-110-0x0000000003F30000-0x000000000481B000-memory.dmp

memory/1372-111-0x0000000000740000-0x0000000001031000-memory.dmp

memory/3764-113-0x0000000000400000-0x0000000001E0F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\u3ko.0.exe

MD5 d0de3ce247b4ebb9b0778563f7bb3a47
SHA1 20259867152e73d0027da63f8c351c4e911690ca
SHA256 de333c544b3def02e10b7a8d1c3677efbcbb010ecce2b601573dae1584b9cc1f
SHA512 3811fe4864c154ee020a6c158557e1d42e8ef954c836192acb19241343ad01a2c21e69960f4780b5e2404bf963de0e51cf01fe0ed2b012c8cbec95b36c21661d

C:\Users\Admin\AppData\Local\Temp\u3ko.1.exe

MD5 cfa69ebe86396a146c001f21f2e6920b
SHA1 3021d94e258c831a4067f3b1f1b337005a2bf29c
SHA256 097ad67b1ed1da6502532780163bff40cddb6078da00ff36ee4edf7957558787
SHA512 03e4ec0ff6038f769bb317c23eefe8c13b6debb37000d8a2265ddafd796e1620329d18d1ab6adb08ad9f887508ec99f0060235399d5ef6a0933200e4a1c394a5

C:\Users\Admin\AppData\Local\Temp\u3ko.1.exe

MD5 a1672247bad685030be1f3908159325d
SHA1 81068b777be32832287887dcae5d3d5b0f5b5df6
SHA256 e84fd5d731804486866fb4ced0e9727e575facc070536eef90d19d5fe812ec51
SHA512 e7157558416a01a922d2145767be989ef306eaa5469489411504b3aa4216b8051cd37f1f7274e8dd4cea7d6a10e2691cfb4d4704a072bd452cc2b435e520e138

memory/1372-132-0x00000000014D0000-0x00000000014D1000-memory.dmp

memory/1388-133-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/2220-134-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\u3ko.1.exe

MD5 0811eb13cd009ffa90f49e9da2f42ec9
SHA1 e63a240fc309077c234dc737c6555501871eb205
SHA256 156ff9ca6bfb890aede5d1ab519f3d402fd7f4ffb24c2db28ef5449e593fe1b7
SHA512 6bc8d7348cb171908b4e706055833f81c053826d36b187611d223956a0b243be6ddc3553b15a83034c375c4d4534e75a879e9f51cc5ee37f09d1ff917472dbc5

memory/4716-135-0x0000000000400000-0x0000000000930000-memory.dmp

memory/4716-136-0x00000000027D0000-0x00000000027D1000-memory.dmp

memory/2524-141-0x00000000023F0000-0x00000000023FB000-memory.dmp

memory/2524-140-0x0000000002410000-0x0000000002510000-memory.dmp

memory/2524-144-0x0000000000400000-0x00000000022D4000-memory.dmp

memory/4632-145-0x0000000000400000-0x0000000001A4B000-memory.dmp

memory/1388-147-0x0000000001CA0000-0x0000000001DA0000-memory.dmp

memory/4060-148-0x0000000002360000-0x0000000002460000-memory.dmp

memory/4060-149-0x0000000002310000-0x0000000002337000-memory.dmp

C:\Users\Admin\AppData\Roaming\Temp\Task.bat

MD5 11bb3db51f701d4e42d3287f71a6a43e
SHA1 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86
SHA256 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331
SHA512 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2

memory/3764-150-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/4060-153-0x0000000000400000-0x00000000022DC000-memory.dmp

memory/3448-154-0x00000000034E0000-0x00000000034F6000-memory.dmp

memory/2524-156-0x0000000000400000-0x00000000022D4000-memory.dmp

memory/4060-160-0x0000000061E00000-0x0000000061EF3000-memory.dmp

memory/2220-214-0x0000000000400000-0x0000000000848000-memory.dmp

memory/4716-218-0x0000000000400000-0x0000000000930000-memory.dmp

memory/4060-217-0x0000000000400000-0x00000000022DC000-memory.dmp

C:\ProgramData\nss3.dll

MD5 9432f34b9434facb5aaae5cce52469e5
SHA1 f2c648c41f3baf28a7feac17afc0d91ed4d42c37
SHA256 0957f46da68eeadf16c6528c765f53233137153290b1276eccb55a369867a2c8
SHA512 413559d3b70f3f912d93add450097ac66b97a5d315df660437baaf3930b23787e19903f5cc05e06f9ab42cc2660a533ce4c83eda329503fcc716f34ccfd73dc2

C:\ProgramData\mozglue.dll

MD5 2e5a15c173a5b467292a41feb8118c93
SHA1 58bb90e77e275603789dce5bb55091872b67c041
SHA256 b97594025386e4ee15c23117a16cc93900c951a7bddc8a8ad0d541a3a1c1a8da
SHA512 88d036a39e0ce0f54bd28547a61322e0fa71043a8e174b8c50438af3d3a3d14a19629a8fb9c460689b7f0f248bd21ff57738b35942af660293719e651278cfc1

C:\ProgramData\mozglue.dll

MD5 f95bb240fd5d6feb7c7878115d3d925d
SHA1 49299cb256444cbc4eb7ddf87c8f76d39931f43a
SHA256 0b79dd4a355caa7cfb9b166253e31e7a7bf804de0d4bbfa6a22b4e3ff2466bb1
SHA512 23d67ca2a6e495f9890f843ba0bdbf8a29c458a21101552975e0eaf566d7f08264e25d4c97c4e6a03fc578df70b98c2eb53af08ef61c11ddcce1edc38c3d6261

memory/2220-252-0x0000000000400000-0x0000000000848000-memory.dmp

memory/3764-254-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/4060-255-0x0000000000400000-0x00000000022DC000-memory.dmp

C:\ProgramData\Are.docx

MD5 a33e5b189842c5867f46566bdbf7a095
SHA1 e1c06359f6a76da90d19e8fd95e79c832edb3196
SHA256 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454
SHA512 f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

memory/1372-267-0x0000000000740000-0x0000000001031000-memory.dmp

memory/4060-268-0x0000000000400000-0x00000000022DC000-memory.dmp

memory/4328-269-0x0000000004650000-0x0000000004686000-memory.dmp

memory/4328-272-0x0000000004640000-0x0000000004650000-memory.dmp

memory/4328-273-0x0000000004CC0000-0x00000000052E8000-memory.dmp

memory/4328-271-0x0000000071780000-0x0000000071F30000-memory.dmp

memory/3764-274-0x0000000003B30000-0x0000000003F29000-memory.dmp

memory/4328-275-0x0000000004640000-0x0000000004650000-memory.dmp

memory/3764-276-0x0000000003F30000-0x000000000481B000-memory.dmp

memory/3764-270-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/4328-277-0x0000000004C70000-0x0000000004C92000-memory.dmp

memory/4328-283-0x0000000005520000-0x0000000005586000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_w30tgv2p.zgt.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4328-288-0x0000000005700000-0x0000000005766000-memory.dmp

memory/4328-289-0x0000000005770000-0x0000000005AC4000-memory.dmp

memory/4328-290-0x0000000005BF0000-0x0000000005C0E000-memory.dmp

memory/4328-291-0x0000000005C50000-0x0000000005C9C000-memory.dmp

memory/4328-292-0x0000000006B40000-0x0000000006B84000-memory.dmp

memory/4328-294-0x0000000006F30000-0x0000000006FA6000-memory.dmp

memory/4328-295-0x0000000007630000-0x0000000007CAA000-memory.dmp

memory/4328-296-0x0000000006FD0000-0x0000000006FEA000-memory.dmp

memory/2220-297-0x0000000000400000-0x0000000000848000-memory.dmp

memory/4328-352-0x0000000073830000-0x000000007387C000-memory.dmp

memory/4328-348-0x0000000007180000-0x00000000071B2000-memory.dmp

memory/4328-379-0x00000000071C0000-0x00000000071DE000-memory.dmp

memory/4328-364-0x000000006E610000-0x000000006E964000-memory.dmp

memory/4328-383-0x00000000071E0000-0x0000000007283000-memory.dmp

memory/4328-420-0x00000000072D0000-0x00000000072DA000-memory.dmp

memory/4328-430-0x000000007FC80000-0x000000007FC90000-memory.dmp

memory/4328-440-0x0000000004640000-0x0000000004650000-memory.dmp

memory/4328-435-0x0000000004640000-0x0000000004650000-memory.dmp

memory/3764-472-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/4328-494-0x00000000073B0000-0x0000000007446000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 98d2928dc8738a1529c6696e134f5c6d
SHA1 955892b370d2f1e13e21df4ee0d8ab63ab5a3504
SHA256 095fb8519510313b38dc6079ed7512fd614698612c1e391f4b7df03437ab0482
SHA512 dd9cc5a6a087a4d7415641777774b5fa3b7753655417257ee545164a48cd684c39e449099cd44fb1728d17ec9069d437f4712161a6a4d08f1a41784c78c25a4c

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-29 05:25

Reported

2024-02-29 05:29

Platform

win7-20240221-en

Max time kernel

57s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe"

Signatures

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects Windows executables referencing non-Windows User-Agents

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects executables Discord URL observed in first stage droppers

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects executables containing URLs to raw contents of a Github gist

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects executables containing artifacts associated with disabling Widnows Defender

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects executables referencing many varying, potentially fake Windows User-Agents

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\E263.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\AppData\Local\Temp\E46.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2636 set thread context of 2480 N/A C:\Users\Admin\AppData\Local\Temp\E263.exe C:\Users\Admin\AppData\Local\Temp\E263.exe

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\84C.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1260 wrote to memory of 2636 N/A N/A C:\Users\Admin\AppData\Local\Temp\E263.exe
PID 1260 wrote to memory of 2636 N/A N/A C:\Users\Admin\AppData\Local\Temp\E263.exe
PID 1260 wrote to memory of 2636 N/A N/A C:\Users\Admin\AppData\Local\Temp\E263.exe
PID 1260 wrote to memory of 2636 N/A N/A C:\Users\Admin\AppData\Local\Temp\E263.exe
PID 2636 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\E263.exe C:\Users\Admin\AppData\Local\Temp\E263.exe
PID 2636 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\E263.exe C:\Users\Admin\AppData\Local\Temp\E263.exe
PID 2636 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\E263.exe C:\Users\Admin\AppData\Local\Temp\E263.exe
PID 2636 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\E263.exe C:\Users\Admin\AppData\Local\Temp\E263.exe
PID 2636 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\E263.exe C:\Users\Admin\AppData\Local\Temp\E263.exe
PID 2636 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\E263.exe C:\Users\Admin\AppData\Local\Temp\E263.exe
PID 2636 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\E263.exe C:\Users\Admin\AppData\Local\Temp\E263.exe
PID 2636 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\E263.exe C:\Users\Admin\AppData\Local\Temp\E263.exe
PID 2636 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\E263.exe C:\Users\Admin\AppData\Local\Temp\E263.exe
PID 1260 wrote to memory of 588 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1260 wrote to memory of 588 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1260 wrote to memory of 588 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1260 wrote to memory of 588 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1260 wrote to memory of 588 N/A N/A C:\Windows\system32\regsvr32.exe
PID 588 wrote to memory of 740 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 588 wrote to memory of 740 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 588 wrote to memory of 740 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 588 wrote to memory of 740 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 588 wrote to memory of 740 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 588 wrote to memory of 740 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 588 wrote to memory of 740 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1260 wrote to memory of 1520 N/A N/A C:\Users\Admin\AppData\Local\Temp\84C.exe
PID 1260 wrote to memory of 1520 N/A N/A C:\Users\Admin\AppData\Local\Temp\84C.exe
PID 1260 wrote to memory of 1520 N/A N/A C:\Users\Admin\AppData\Local\Temp\84C.exe
PID 1260 wrote to memory of 1520 N/A N/A C:\Users\Admin\AppData\Local\Temp\84C.exe
PID 1260 wrote to memory of 2772 N/A N/A C:\Users\Admin\AppData\Local\Temp\E46.exe
PID 1260 wrote to memory of 2772 N/A N/A C:\Users\Admin\AppData\Local\Temp\E46.exe
PID 1260 wrote to memory of 2772 N/A N/A C:\Users\Admin\AppData\Local\Temp\E46.exe
PID 1260 wrote to memory of 2772 N/A N/A C:\Users\Admin\AppData\Local\Temp\E46.exe
PID 1520 wrote to memory of 488 N/A C:\Users\Admin\AppData\Local\Temp\84C.exe C:\Windows\SysWOW64\WerFault.exe
PID 1520 wrote to memory of 488 N/A C:\Users\Admin\AppData\Local\Temp\84C.exe C:\Windows\SysWOW64\WerFault.exe
PID 1520 wrote to memory of 488 N/A C:\Users\Admin\AppData\Local\Temp\84C.exe C:\Windows\SysWOW64\WerFault.exe
PID 1520 wrote to memory of 488 N/A C:\Users\Admin\AppData\Local\Temp\84C.exe C:\Windows\SysWOW64\WerFault.exe
PID 1260 wrote to memory of 620 N/A N/A C:\Users\Admin\AppData\Local\Temp\2244.exe
PID 1260 wrote to memory of 620 N/A N/A C:\Users\Admin\AppData\Local\Temp\2244.exe
PID 1260 wrote to memory of 620 N/A N/A C:\Users\Admin\AppData\Local\Temp\2244.exe
PID 1260 wrote to memory of 620 N/A N/A C:\Users\Admin\AppData\Local\Temp\2244.exe
PID 620 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\2244.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 620 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\2244.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 620 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\2244.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 620 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\2244.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 620 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\2244.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 620 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\2244.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 620 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\2244.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 620 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\2244.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 620 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\2244.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 620 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\2244.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 620 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\2244.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 1260 wrote to memory of 1744 N/A N/A C:\Users\Admin\AppData\Local\Temp\323C.exe
PID 1260 wrote to memory of 1744 N/A N/A C:\Users\Admin\AppData\Local\Temp\323C.exe
PID 1260 wrote to memory of 1744 N/A N/A C:\Users\Admin\AppData\Local\Temp\323C.exe
PID 1260 wrote to memory of 1744 N/A N/A C:\Users\Admin\AppData\Local\Temp\323C.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe

"C:\Users\Admin\AppData\Local\Temp\4db6f4628dcd3a4ef8417290ad40c858047ceaed4daaff87a4a5f0d873745809.exe"

C:\Users\Admin\AppData\Local\Temp\E263.exe

C:\Users\Admin\AppData\Local\Temp\E263.exe

C:\Users\Admin\AppData\Local\Temp\E263.exe

C:\Users\Admin\AppData\Local\Temp\E263.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\EFDC.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\EFDC.dll

C:\Users\Admin\AppData\Local\Temp\84C.exe

C:\Users\Admin\AppData\Local\Temp\84C.exe

C:\Users\Admin\AppData\Local\Temp\E46.exe

C:\Users\Admin\AppData\Local\Temp\E46.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 124

C:\Users\Admin\AppData\Local\Temp\2244.exe

C:\Users\Admin\AppData\Local\Temp\2244.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Users\Admin\AppData\Local\Temp\323C.exe

C:\Users\Admin\AppData\Local\Temp\323C.exe

C:\Users\Admin\AppData\Local\Temp\u188.0.exe

"C:\Users\Admin\AppData\Local\Temp\u188.0.exe"

C:\Users\Admin\AppData\Local\Temp\u188.1.exe

"C:\Users\Admin\AppData\Local\Temp\u188.1.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
N/A 127.0.0.1:49226 tcp
FR 178.20.55.18:443 tcp
NL 192.42.116.17:443 tcp
UA 134.249.185.176:9001 tcp
MD 185.163.46.83:9001 tcp
DE 159.69.152.157:9001 tcp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 trmpc.com udp
AR 186.13.17.220:80 trmpc.com tcp
DE 159.69.152.157:9001 tcp
US 8.8.8.8:53 joly.bestsup.su udp
US 104.21.29.103:80 joly.bestsup.su tcp
DE 185.172.128.90:80 185.172.128.90 tcp
MD 185.163.46.83:9001 tcp
DE 185.172.128.127:80 185.172.128.127 tcp
DE 185.172.128.127:80 185.172.128.127 tcp
DE 185.172.128.109:80 185.172.128.109 tcp
US 8.8.8.8:53 modernaemprego.tweezer.jobs udp
US 8.8.8.8:53 bh8912.banahosting.com udp
US 8.8.8.8:53 doodstream.com udp
US 8.8.8.8:53 biencuongtoquoc.vn udp
US 8.8.8.8:53 sugardaddie.com udp
US 8.8.8.8:53 modernaemprego.tweezer.jobs udp
US 8.8.8.8:53 modernaemprego.tweezer.jobs udp
US 8.8.8.8:53 biencuongtoquoc.vn udp
US 8.8.8.8:53 modernaemprego.tweezer.jobs udp
US 8.8.8.8:53 bh8912.banahosting.com udp
US 8.8.8.8:53 doodstream.com udp
US 8.8.8.8:53 sugardaddie.com udp
US 8.8.8.8:53 quote.admiral.com udp
US 8.8.8.8:53 www7.unileon.es udp
US 8.8.8.8:53 www7.unileon.es udp
US 8.8.8.8:53 quote.admiral.com udp
US 8.8.8.8:53 popads.net udp
US 8.8.8.8:53 login.leagueoflegends.com udp
US 8.8.8.8:53 brux2116.claro.com.br udp
US 8.8.8.8:53 popads.net udp
US 8.8.8.8:53 cams.chatrandom.com udp
US 8.8.8.8:53 player.twitch.tv udp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
US 8.8.8.8:53 login.leagueoflegends.com udp
US 8.8.8.8:53 mx1.emailsrvr.com udp
US 8.8.8.8:53 brux2116.claro.com.br udp
US 8.8.8.8:53 player.twitch.tv udp
US 8.8.8.8:53 brux2116.claro.com.br udp
US 8.8.8.8:53 brux2116.claro.com.br udp
US 8.8.8.8:53 cams.chatrandom.com udp
US 8.8.8.8:53 crowd1.com udp
US 8.8.8.8:53 popads-net.mail.protection.outlook.com udp
US 8.8.8.8:53 pl.metin2.gameforge.com udp
US 8.8.8.8:53 areaclienti3.tre.it udp
US 8.8.8.8:53 crowd1.com udp
US 8.8.8.8:53 areaclienti3.tre.it udp
US 8.8.8.8:53 sv6.byethost6.org udp
US 8.8.8.8:53 panel.axis-la.com.ar udp
US 8.8.8.8:53 cardsecurity.enstage.com udp
US 8.8.8.8:53 bannerfans.com udp
US 8.8.8.8:53 pl.metin2.gameforge.com udp
US 8.8.8.8:53 loginx.caixa.gov.br udp
US 8.8.8.8:53 identity.getpostman.com udp
US 8.8.8.8:53 sv6.byethost6.org udp
US 8.8.8.8:53 mx.zoho.com udp
US 8.8.8.8:53 panel.axis-la.com.ar udp
US 8.8.8.8:53 cardsecurity.enstage.com udp
US 8.8.8.8:53 cardsecurity.enstage.com udp
US 8.8.8.8:53 bannerfans.com udp
US 8.8.8.8:53 loginx.caixa.gov.br udp
US 8.8.8.8:53 loginx.caixa.gov.br udp
US 8.8.8.8:53 identity.getpostman.com udp
US 8.8.8.8:53 vtopcc.vit.ac.in udp
US 8.8.8.8:53 mexc.com udp
US 8.8.8.8:53 vtopcc.vit.ac.in udp
GB 179.191.165.65:443 loginx.caixa.gov.br tcp
DE 79.110.92.127:80 pl.metin2.gameforge.com tcp
US 8.8.8.8:53 cybrary.it udp
US 8.8.8.8:53 mexc.com udp
US 8.8.8.8:53 cybrary.it udp
US 8.8.8.8:53 identity.getpostman.com udp
US 104.18.36.161:22 identity.getpostman.com tcp
IN 115.240.194.17:22 vtopcc.vit.ac.in tcp
DE 79.110.92.127:465 pl.metin2.gameforge.com tcp
US 104.18.36.161:21 identity.getpostman.com tcp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 byethost6.org udp
IE 63.35.51.142:443 bannerfans.com tcp
US 172.64.151.95:22 identity.getpostman.com tcp
IN 122.187.117.185:22 vtopcc.vit.ac.in tcp
US 172.64.151.95:21 identity.getpostman.com tcp
DE 79.110.92.127:995 pl.metin2.gameforge.com tcp
US 104.18.36.161:443 identity.getpostman.com tcp
JP 54.92.7.39:22 mexc.com tcp
US 18.219.44.144:22 cybrary.it tcp
US 104.18.36.161:143 identity.getpostman.com tcp
US 8.8.8.8:53 shockbyte.com udp
US 8.8.8.8:53 shockbyte.com udp
US 8.8.8.8:53 mniterp.org udp
IN 115.240.194.17:21 vtopcc.vit.ac.in tcp
US 8.8.8.8:53 extranet.gls-spain.es udp
GB 31.22.4.44:143 byethost6.org tcp
US 18.188.221.124:22 cybrary.it tcp
JP 54.92.7.39:21 mexc.com tcp
BE 173.194.76.27:143 aspmx.l.google.com tcp
US 172.64.151.95:143 identity.getpostman.com tcp
GB 179.191.165.65:80 loginx.caixa.gov.br tcp
US 104.18.36.161:995 identity.getpostman.com tcp
US 104.22.60.138:22 sugardaddie.com tcp
US 8.8.8.8:53 mniterp.org udp
US 8.8.8.8:53 srv-bahia.bahia.intranet.lan udp
US 8.8.8.8:53 bannerfans.com udp
US 8.8.8.8:53 extranet.gls-spain.es udp
US 8.8.8.8:53 identity.getpostman.com udp
BR 177.11.54.92:21 modernaemprego.tweezer.jobs tcp
US 172.66.40.96:22 shockbyte.com tcp
GB 82.163.176.7:80 sv6.byethost6.org tcp
GB 179.191.165.65:465 loginx.caixa.gov.br tcp
US 104.18.36.161:80 identity.getpostman.com tcp
GB 179.191.165.65:80 loginx.caixa.gov.br tcp
US 173.247.255.86:22 mniterp.org tcp
BR 177.11.54.92:22 modernaemprego.tweezer.jobs tcp
RU 185.178.208.163:22 doodstream.com tcp
US 172.64.151.95:995 identity.getpostman.com tcp
IE 63.35.51.142:80 bannerfans.com tcp
DE 79.110.92.127:443 pl.metin2.gameforge.com tcp
US 8.8.8.8:53 srv-bahia.bahia.intranet.lan udp
IN 103.74.181.42:465 cardsecurity.enstage.com tcp
US 173.247.255.86:21 mniterp.org tcp
JP 54.92.7.39:80 mexc.com tcp
IN 103.74.181.42:80 cardsecurity.enstage.com tcp
US 8.8.8.8:53 dienynas.tamo.lt udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 mobilkulup.com udp
US 8.8.8.8:53 dienynas.tamo.lt udp
US 8.8.8.8:53 loginx.caixa.gov.br udp
US 8.8.8.8:53 loginx.caixa.gov.br udp
US 8.8.8.8:53 ftp.biencuongtoquoc.vn udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 mobilkulup.com udp
IN 115.240.194.17:80 vtopcc.vit.ac.in tcp
US 8.8.8.8:53 a2plcpnl0552.prod.iad2.secureserver.net udp
GB 82.163.176.7:80 sv6.byethost6.org tcp
IN 115.240.194.17:80 vtopcc.vit.ac.in tcp
GB 179.191.165.65:443 loginx.caixa.gov.br tcp
US 172.64.151.95:443 identity.getpostman.com tcp
IE 52.17.119.105:443 bannerfans.com tcp
US 18.219.44.144:80 cybrary.it tcp
US 8.8.8.8:53 creanet1.creasp.org.br udp
US 8.8.8.8:53 gameforge.com udp
US 8.8.8.8:53 servicioscorp.anses.gob.ar udp
US 8.8.8.8:53 identity.getpostman.com udp
US 8.8.8.8:53 identity.getpostman.com udp
US 8.8.8.8:53 a2plcpnl0552.prod.iad2.secureserver.net udp
US 8.8.8.8:53 cardsecurity.enstage.com udp
US 8.8.8.8:53 creanet1.creasp.org.br udp
US 8.8.8.8:53 ftp.brux2116.claro.com.br udp
US 8.8.8.8:53 servicioscorp.anses.gob.ar udp
US 8.8.8.8:53 mexc.com udp
US 8.8.8.8:53 www.mexc.com udp
US 8.8.8.8:53 alt3.gmr-smtp-in.l.google.com udp
US 8.8.8.8:53 mx1.privateemail.com udp
US 8.8.8.8:53 mail.biencuongtoquoc.vn udp
US 8.8.8.8:53 identity.getpostman.com udp
US 8.8.8.8:53 identity.getpostman.com udp
US 172.66.40.96:80 shockbyte.com tcp
US 173.247.255.86:80 mniterp.org tcp
US 8.8.8.8:53 hosting.interne.lagfo udp
US 172.66.43.24:443 gameforge.com tcp
DE 79.110.92.127:80 pl.metin2.gameforge.com tcp
DE 79.110.92.127:443 pl.metin2.gameforge.com tcp
IN 103.74.181.41:80 cardsecurity.enstage.com tcp
ES 195.57.17.180:80 extranet.gls-spain.es tcp
GB 104.77.160.212:443 www.mexc.com tcp
US 8.8.8.8:53 register.betway.com udp
GB 82.163.176.7:80 sv6.byethost6.org tcp
US 8.8.8.8:53 hosting.interne.lagfo udp
US 8.8.8.8:53 tplinkwifi.net udp
IN 103.74.181.42:80 cardsecurity.enstage.com tcp
US 8.8.8.8:53 identity.getpostman.com udp
US 172.64.151.95:80 identity.getpostman.com tcp
US 8.8.8.8:53 loginx.caixa.gov.br udp
US 8.8.8.8:53 loginx.caixa.gov.br udp
US 8.8.8.8:53 register.betway.com udp
US 8.8.8.8:53 chymall.net udp
US 8.8.8.8:53 secure.jaalifestyle.com udp
US 8.8.8.8:53 ibas.finance.gov.bd udp
US 8.8.8.8:53 cart.godaddy.com udp
US 8.8.8.8:53 freelandsestates.com udp
US 8.8.8.8:53 bannerfans.com udp
US 8.8.8.8:53 gfxtra31.com udp
US 8.8.8.8:53 tplinkwifi.net udp
US 8.8.8.8:53 secure.jaalifestyle.com udp
US 8.8.8.8:53 ssh.biencuongtoquoc.vn udp
US 8.8.8.8:53 mail.brux2116.claro.com.br udp
US 8.8.8.8:53 chymall.net udp
US 8.8.8.8:53 chymall.net udp
US 8.8.8.8:53 ftp.areaclienti3.tre.it udp
US 8.8.8.8:53 ibas.finance.gov.bd udp
US 8.8.8.8:53 chymall.net udp
US 8.8.8.8:53 cart.godaddy.com udp
US 8.8.8.8:53 freelandsestates.com udp
US 8.8.8.8:53 gfxtra31.com udp
US 8.8.8.8:53 freelandsestates.com udp

Files

memory/2120-1-0x0000000001B70000-0x0000000001C70000-memory.dmp

memory/2120-2-0x0000000000220000-0x000000000022B000-memory.dmp

memory/2120-3-0x0000000000400000-0x0000000001A2C000-memory.dmp

memory/1260-4-0x0000000002A50000-0x0000000002A66000-memory.dmp

memory/2120-5-0x0000000000400000-0x0000000001A2C000-memory.dmp

memory/2120-8-0x0000000000220000-0x000000000022B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E263.exe

MD5 398ab69b1cdc624298fbc00526ea8aca
SHA1 b2c76463ae08bb3a08accfcbf609ec4c2a9c0821
SHA256 ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be
SHA512 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739

memory/2636-18-0x0000000003650000-0x0000000003808000-memory.dmp

memory/2636-19-0x0000000003650000-0x0000000003808000-memory.dmp

\Users\Admin\AppData\Local\Temp\E263.exe

MD5 14aa601b5ddbeab4253fa3893dc3a059
SHA1 6924d2ba25c8a153b79a0c77723c37e5c3adbaca
SHA256 8449ec5969a1628c6589bef831a45de067a26db1223cb44ffa57799e12fef1dd
SHA512 dec08a56664deb921e65e60f012378a96612e0da1311bdc18f4d3ba15abf9810e97cfb0588ca27e3c334478cbc911043c3ee5c07fd1b8eb63150919cb6556a05

memory/2480-22-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2636-23-0x0000000003810000-0x00000000039C7000-memory.dmp

memory/2480-25-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-28-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-29-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-30-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-31-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-32-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\EFDC.dll

MD5 9b1697d40dfd386fdd7e9327844f301a
SHA1 e75defb119e2c7b7d3f75ab70a100ec504af5ebf
SHA256 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d
SHA512 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69

memory/740-40-0x0000000000130000-0x0000000000136000-memory.dmp

memory/740-41-0x0000000010000000-0x0000000010202000-memory.dmp

memory/740-43-0x0000000000D40000-0x0000000000E68000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\84C.exe

MD5 1fc50fde6b8b23d73982892e71a0f7fa
SHA1 425193fed1217c239ed224fdd26be96a184a2661
SHA256 e1d004c9a95b2cbf9c12e2c7642bad346b56921075fefaba7f9daa90e969a612
SHA512 73db6da7ed925ef343147177eda2716732bfc5819d6828d06a1e520116197da020237b18ed417fe8cd991793e3f7d561778419bf6053916e7b8b81981f210d92

memory/740-48-0x0000000002280000-0x000000000238D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\84C.exe

MD5 ba5022b2cb9c31d74b1a13b6cd4a8e28
SHA1 f0aae743ad25e5e1fd3e4320a30666aa06c99196
SHA256 fc6ae36d9e5dd25a7dd9f990ba61e9fe8587f5df1a27d4461af5db3ae3573d95
SHA512 c9f807659202d38eaa6bd2fb10edbc6d854a1610aa858577e35e43cb60bd471ff651a59903b11d4ed058661123e18a02abdc528429ed82a622f7dc7ae704343c

memory/740-52-0x0000000002280000-0x000000000238D000-memory.dmp

memory/740-53-0x0000000002280000-0x000000000238D000-memory.dmp

memory/2480-55-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E46.exe

MD5 a1b5ee1b9649ab629a7ac257e2392f8d
SHA1 dc1b14b6d57589440fb3021c9e06a3e3191968dc
SHA256 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65
SHA512 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b

memory/1520-54-0x00000000000C0000-0x00000000000C1000-memory.dmp

memory/1520-66-0x0000000001250000-0x0000000001B41000-memory.dmp

memory/2772-69-0x0000000001C30000-0x0000000001D30000-memory.dmp

memory/1520-71-0x00000000000C0000-0x00000000000C1000-memory.dmp

memory/2772-70-0x0000000000240000-0x00000000002AB000-memory.dmp

memory/1520-78-0x00000000774F0000-0x00000000774F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 69272d604bcfc79a6cf9c8a117524e0a
SHA1 4c79237f6de3a3e0fb770157a83fb77923b43560
SHA256 40632a2f3dca03b4d56b7e4c8db05c054079c6de44c26579f9f4722270840cdb
SHA512 8aa579a6e603288afeb757b85f5cf72ea32e88c24100820fd890ff7fb0e6edb7b043c1d9adea0667c7912029293d723fea51fbaea6bb26d6e2170aed4c9d5ee6

memory/1520-67-0x00000000000C0000-0x00000000000C1000-memory.dmp

memory/1520-81-0x00000000000D0000-0x00000000000D1000-memory.dmp

memory/2772-83-0x0000000000400000-0x0000000001A77000-memory.dmp

\Users\Admin\AppData\Local\Temp\84C.exe

MD5 e3d7c4a86bcce9e0cd449ecd0937591b
SHA1 20b283dd2448ab6d2b38cf50938fe542d205dc3e
SHA256 5de4584043b152a8e2554175c36d9b4419dddd4d5a20d5c7291e7d9ef1d9df1a
SHA512 13bfb10d3569b0690f178ba271e6f448153e1383b2ecbd3daccca0171bf897786b4a23e1ca8ef6a437ea448802d2544cd90c01be6bcfee1fafc01f0d27d55b51

\Users\Admin\AppData\Local\Temp\84C.exe

MD5 69b8c9f37ac4766b572538b2e8836dc0
SHA1 82bf0148cd45fd624f02d4a4b96baa9c2e3d9702
SHA256 e664aadbbcf631a8793b01e9106c3c59a923c63ba11b85da3c58295918e2590d
SHA512 fb13241d6cda11e1132c8bd5ee109dce79db35eaf8787a3c6fc06b1142110bfbd34ff95a9b8def5805dcba508ee15f6ba7d288fa729d15ccbb0882451dbbff28

C:\Users\Admin\AppData\Local\Temp\2244.exe

MD5 8e549c0353f9ddab4e0ab1ee84564952
SHA1 ad7d7b5505339e4c3915a641987c7204acea7aab
SHA256 eed12a14e078ccdfa6e0bee8ca5df9eab044d3ed3475b07c09abddb617f1a8d7
SHA512 ed38db3eb737e043890a02309532bf1aa89a2252a4cc6e9149ec2ebaa47bf1142f4941b6c88b031e18eafe4e432d098cffb236c3431004f89622aa8d4632fc8b

C:\Users\Admin\AppData\Local\Temp\2244.exe

MD5 efcceadb41fc40a3084b944e29dbfaa5
SHA1 34d3470e7be7858a6551f14343b6767f3f7c744a
SHA256 9b1826f9664db9883fa57ba6a4222d7128551d350fae5cb5656492788ac8d4f3
SHA512 9f9963a926bda7ba171d70691c2f628e080e8213cd6e7461cd71e82d743518aac326637e3595239785f9956b08dd6ee51d30202b0b7eecbdf32b2f72ce6db90c

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 78c221309bb78d961b75067616cefccb
SHA1 732e217fe70598f0a6779f7f46de805a60d4532b
SHA256 75cdd46246b4532b772336974fb581855856ce2cb343c271498be9ee4342ab2a
SHA512 d50ed89a836049eb35a2467c3c6ef446b2cab95162a38cc4425bc0682816ae612e20802e3ba7956cd583551d5940aee7d6a7a5e760c64e13fcfbdf29ab0d3b23

\Users\Admin\AppData\Local\Temp\84C.exe

MD5 64f789cab0f87d5d8c62255790da1113
SHA1 e6608fe0a385266a8ad84aac7174fa375f814aca
SHA256 6c92be1ac4b7137d52ea40c537ad20a5092dd36b2d5aa8586ade1dcab58fc642
SHA512 554041be6e6f53a5565a4384630ca03fdd23a18a2d7d84afa2868adef1a4337ed44e2c1b3ca55eaee0550b493f0c5efda658f38613d09bb03065cf7644437efa

memory/620-98-0x0000000000CB0000-0x000000000113C000-memory.dmp

memory/620-99-0x00000000731F0000-0x00000000738DE000-memory.dmp

\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

MD5 0564a9bf638169a89ccb3820a6b9a58e
SHA1 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb
SHA256 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058
SHA512 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6

\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 3c20f2e7db8b75326455d3522cfc906b
SHA1 b5c5fb3952d1c7232ae8f7893cae99c83c81780a
SHA256 00965991e367cf0a7d39b102ebdb18a7b7bc59adf9480a1fa3ea9b678c450db9
SHA512 d8055775463096afaf4f7569e6a631c0de7c9c44ee0fcd8e4d84d62fc429655abd29eb1617da205359363cafcd1e609da6894ba34a653b413220b693fd1a4d1d

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 277d1546b36f954f6e2a2849b42a411c
SHA1 90a47d719732fd029402e4fa95d664b615a259ff
SHA256 c2f32201946d6de15605ba78b7ee026373185839af2421b66e787fe859d8faac
SHA512 11ed096c0b1642d7136628e543ee6b89bf023b2b79b51e3b960967ed9595c852291f700676c7a9e3d0966e00c256d796ee6ee07c77c6a363d925ad658b2ec166

C:\Users\Admin\AppData\Local\Temp\323C.exe

MD5 ea3c00f2393fababd73401c7346f6c7c
SHA1 a73c7f7a854a9be7d2ad61e5c395bf843937f19f
SHA256 9b1c8d38d27be8d1c50709fc21b5dc08069d3fddf585b0a7b809b01a2b423c9b
SHA512 bba85a130952df13af4409d1da07d2ce80e5131a76a97be003f66f70145bc4ec0bea1a2e7c20f834e83116c4eec67029e69f6d0aab01181d5bd48d276acd7d3b

memory/2480-125-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\323C.exe

MD5 0c3f7f76be32866fafcf1b1d26b831c3
SHA1 d7bb7e9437e922de417ce9e9102d2ee6cba7e9e7
SHA256 454e17045a7dd1a6a36dc0a8dcf5dfeebcd0ea36436c94d793de80bd9f150fe2
SHA512 a09084ab2dd088b85b2dbce2e4973c91a372898eda91419c1a79058a53742cced45d87b1c67b2e8c5528c333a2bf0e16d005edcdf33da40626c3c7b07933ad1d

memory/1592-127-0x0000000001BA0000-0x0000000001CA0000-memory.dmp

memory/2480-117-0x0000000000400000-0x0000000000848000-memory.dmp

memory/620-128-0x00000000731F0000-0x00000000738DE000-memory.dmp

memory/1660-116-0x0000000003750000-0x0000000003B48000-memory.dmp

memory/1592-129-0x0000000000400000-0x0000000001A4B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 015958aff6c7e986af9fae2f82b1be0f
SHA1 aa5de0a11299ff3d0917934be43496a446164f68
SHA256 b3bb2b250af42b72b76bf7db3a786f9501fd8fb12ce2bdbf8e0565d55ccbf057
SHA512 9cf27a68024ecfcc022ee3a3a70f485a7f94a4e7df9114222aa79e84ec3a4bf255531acaa34005e983971dff7de8a78df5a645e6ace571f19aa383c0668f492a

\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 0c7b8daa9b09bcdf947a020bf28c2f19
SHA1 738f89f4da5256d14fe11394cf79e42060a7e98b
SHA256 ff0c709f06a8850794f2501c7dc9ce4ffc75f1ab3039218952cd87a067d3d3ff
SHA512 b069ef6d30a5afafc4b4e2632cb4f9da65e58dcedb66706921d85a6be97a024c1e786ec51299ba52668a65fe948d499609aa2b4978fb20738dd0b643d84cbcf6

memory/2772-131-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/1592-134-0x0000000001A50000-0x0000000001AB7000-memory.dmp

memory/1660-139-0x0000000003750000-0x0000000003B48000-memory.dmp

memory/1660-141-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/1660-142-0x0000000003B50000-0x000000000443B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 341164dc519b4843ca44ec27101bd73b
SHA1 7247d10769b1f1f8bd03db49ab2d0b622feb18bc
SHA256 1e1924fb30a7ed52bee75b874c6409aae5362e7484a7545ea1768fc7a639d1fc
SHA512 eb44397b33251570111f0b1b848d9774ce2155ae9084a6db233fa531a517dcc8e4fd8d12ea3684a6a113954eebecfb415d4281afe5bea775bf099dc78a14f58a

C:\Users\Admin\AppData\Local\Temp\u188.0.exe

MD5 d0de3ce247b4ebb9b0778563f7bb3a47
SHA1 20259867152e73d0027da63f8c351c4e911690ca
SHA256 de333c544b3def02e10b7a8d1c3677efbcbb010ecce2b601573dae1584b9cc1f
SHA512 3811fe4864c154ee020a6c158557e1d42e8ef954c836192acb19241343ad01a2c21e69960f4780b5e2404bf963de0e51cf01fe0ed2b012c8cbec95b36c21661d

\Users\Admin\AppData\Local\Temp\u188.1.exe

MD5 5b87828ea000c7111084d8beed17175e
SHA1 e8aa3848e39c449051702a333e608fafd2e5330f
SHA256 1a557fae2d39d06392f4bea760fb72c87f0959a7c3ac66865e36f316866f57d3
SHA512 56b0d0e5422b89a4659969f59570962dbb267fde913ed051fbedf3d66653c9c23d15c945a6ae8ce5570af010b3671eb0be085e8afb44c3088def9f423290f385

\Users\Admin\AppData\Local\Temp\u188.1.exe

MD5 96226e504f02fee5f939af14318f3b96
SHA1 6439795b61c9f081bab232b942fb62c88ada2ba8
SHA256 7e40358e0d287824edc1b7e1493af588da0c2d060a49c61ed419694a6d11bcd3
SHA512 8a851ea4b888fffd6eb572b71b81d7e46c5098226cfb27ea5ae90e8e02cd041db0fcc284946314f303eeea6ef76468c0e2da879af4bc3d670406e5def5a8197c

memory/1520-172-0x0000000001250000-0x0000000001B41000-memory.dmp

memory/2772-174-0x0000000000240000-0x00000000002AB000-memory.dmp

memory/1592-176-0x0000000004660000-0x0000000004B90000-memory.dmp

memory/1592-177-0x0000000004660000-0x0000000004B90000-memory.dmp

memory/1592-173-0x0000000000400000-0x0000000001A4B000-memory.dmp

memory/1592-178-0x0000000004660000-0x0000000004B90000-memory.dmp

memory/2772-180-0x0000000001C30000-0x0000000001D30000-memory.dmp

memory/1988-181-0x0000000000400000-0x0000000000930000-memory.dmp

memory/1260-183-0x0000000002C00000-0x0000000002C16000-memory.dmp

memory/1744-189-0x0000000000400000-0x00000000022D4000-memory.dmp

memory/1744-192-0x0000000000220000-0x000000000022B000-memory.dmp

memory/1744-191-0x0000000002483000-0x0000000002490000-memory.dmp

memory/1660-193-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/1436-195-0x0000000000400000-0x00000000022DC000-memory.dmp

memory/1988-196-0x0000000000400000-0x0000000000930000-memory.dmp

memory/2480-197-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1436-198-0x00000000002B0000-0x00000000002D7000-memory.dmp

memory/1988-199-0x0000000000230000-0x0000000000231000-memory.dmp

memory/1436-200-0x0000000002350000-0x0000000002450000-memory.dmp

memory/2480-201-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-202-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-203-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-204-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-205-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-206-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-207-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-209-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-211-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-215-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-216-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-212-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-217-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-210-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-219-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-220-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-218-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-208-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2480-221-0x0000000000400000-0x0000000000848000-memory.dmp