Analysis Overview
SHA256
10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16
Threat Level: Known bad
The file 10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16 was found to be: Known bad.
Malicious Activity Summary
Glupteba
Glupteba payload
SmokeLoader
Windows security bypass
Pitou
Lumma Stealer
DcRat
Modifies Windows Firewall
Contacts a large (779) amount of remote hosts
Downloads MZ/PE file
Executes dropped EXE
Reads data files stored by FTP clients
Deletes itself
Windows security modification
Reads user/profile data of web browsers
Loads dropped DLL
UPX packed file
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Manipulates WinMonFS driver.
Writes to the Master Boot Record (MBR)
Suspicious use of SetThreadContext
Drops file in System32 directory
Launches sc.exe
Drops file in Windows directory
Checks for VirtualBox DLLs, possible anti-VM trick
Program crash
Unsigned PE
Enumerates physical storage devices
Uses Task Scheduler COM API
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
Checks SCSI registry key(s)
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-29 04:48
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-29 04:48
Reported
2024-02-29 04:53
Platform
win7-20240221-en
Max time kernel
96s
Max time network
312s
Command Line
Signatures
DcRat
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Pitou
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Downloads MZ/PE file
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C16B.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C16B.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\D922.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E2E3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FA2B.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1357.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u23w.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u23w.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\sruhref | N/A |
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\C16B.exe | N/A |
Checks installed software on the system
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\E2E3.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2532 set thread context of 2512 | N/A | C:\Users\Admin\AppData\Local\Temp\C16B.exe | C:\Users\Admin\AppData\Local\Temp\C16B.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\D922.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\1357.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\1357.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\1357.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\u23w.0.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\u23w.0.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1357.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u23w.1.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe
"C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe"
C:\Users\Admin\AppData\Local\Temp\C16B.exe
C:\Users\Admin\AppData\Local\Temp\C16B.exe
C:\Users\Admin\AppData\Local\Temp\C16B.exe
C:\Users\Admin\AppData\Local\Temp\C16B.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\C9C6.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\C9C6.dll
C:\Users\Admin\AppData\Local\Temp\D922.exe
C:\Users\Admin\AppData\Local\Temp\D922.exe
C:\Users\Admin\AppData\Local\Temp\E2E3.exe
C:\Users\Admin\AppData\Local\Temp\E2E3.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 124
C:\Users\Admin\AppData\Local\Temp\FA2B.exe
C:\Users\Admin\AppData\Local\Temp\FA2B.exe
C:\Users\Admin\AppData\Local\Temp\1357.exe
C:\Users\Admin\AppData\Local\Temp\1357.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\u23w.0.exe
"C:\Users\Admin\AppData\Local\Temp\u23w.0.exe"
C:\Users\Admin\AppData\Local\Temp\u23w.1.exe
"C:\Users\Admin\AppData\Local\Temp\u23w.1.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\system32\taskeng.exe
taskeng.exe {A682DF57-8FB0-471A-A41E-7C3FCB4A3F2C} S-1-5-21-2461186416-2307104501-1787948496-1000:MGILJUBR\Admin:Interactive:[1]
C:\Windows\system32\makecab.exe
"C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20240229045009.log C:\Windows\Logs\CBS\CbsPersist_20240229045009.cab
C:\Users\Admin\AppData\Roaming\sruhref
C:\Users\Admin\AppData\Roaming\sruhref
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| PA | 200.46.202.73:80 | trmpc.com | tcp |
| N/A | 127.0.0.1:49298 | tcp | |
| FR | 163.172.68.222:9001 | tcp | |
| AT | 109.70.100.29:443 | tcp | |
| NO | 88.88.79.90:80 | tcp | |
| US | 8.8.8.8:53 | joly.bestsup.su | udp |
| US | 172.67.171.112:80 | joly.bestsup.su | tcp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| DE | 173.249.63.227:9001 | tcp | |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| DE | 131.188.40.189:443 | tcp | |
| LU | 104.244.72.91:9001 | tcp | |
| DE | 144.76.200.80:9001 | tcp | |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| DE | 144.76.200.80:9001 | tcp | |
| LU | 104.244.72.91:9001 | tcp | |
| N/A | 127.0.0.1:18513 | tcp | |
| N/A | 127.0.0.1:18513 | tcp | |
| N/A | 127.0.0.1:18513 | tcp | |
| N/A | 127.0.0.1:18513 | tcp | |
| N/A | 127.0.0.1:18513 | tcp | |
| N/A | 127.0.0.1:49515 | tcp | |
| US | 8.8.8.8:53 | varealtyprofessionals.com | udp |
| US | 8.8.8.8:53 | sigcomt.com | udp |
| N/A | 127.0.0.1:49520 | tcp | |
| N/A | 127.0.0.1:49526 | tcp | |
| N/A | 127.0.0.1:49528 | tcp | |
| N/A | 127.0.0.1:49536 | tcp | |
| N/A | 127.0.0.1:49540 | tcp | |
| N/A | 127.0.0.1:49542 | tcp | |
| N/A | 127.0.0.1:49546 | tcp | |
| N/A | 127.0.0.1:49550 | tcp | |
| N/A | 127.0.0.1:49554 | tcp | |
| N/A | 127.0.0.1:49560 | tcp | |
| N/A | 127.0.0.1:49566 | tcp | |
| N/A | 127.0.0.1:49569 | tcp | |
| N/A | 127.0.0.1:49571 | tcp | |
| N/A | 127.0.0.1:49575 | tcp | |
| N/A | 127.0.0.1:49583 | tcp | |
| N/A | 127.0.0.1:49592 | tcp | |
| N/A | 127.0.0.1:49595 | tcp | |
| N/A | 127.0.0.1:49599 | tcp | |
| N/A | 127.0.0.1:49602 | tcp | |
| US | 8.8.8.8:53 | proinv.com.com | udp |
| US | 8.8.8.8:53 | edulena.com | udp |
| US | 8.8.8.8:53 | putsbox.com | udp |
| US | 8.8.8.8:53 | sigcomt.com | udp |
| US | 8.8.8.8:53 | proinv.com.com | udp |
| US | 8.8.8.8:53 | vietmaslow.com | udp |
| US | 8.8.8.8:53 | posta.istruzione.it | udp |
| US | 8.8.8.8:53 | varealtyprofessionals.com | udp |
| US | 8.8.8.8:53 | edulena.com | udp |
| US | 8.8.8.8:53 | edulena.com | udp |
| US | 8.8.8.8:53 | proinv.com.com | udp |
| US | 8.8.8.8:53 | putsbox.com | udp |
| US | 8.8.8.8:53 | vietmaslow.com | udp |
| US | 8.8.8.8:53 | putsbox.com | udp |
| US | 8.8.8.8:53 | posta.istruzione.it | udp |
| US | 8.8.8.8:53 | hotmok.com | udp |
| US | 8.8.8.8:53 | isueir.com | udp |
| US | 8.8.8.8:53 | hotmok.com | udp |
| US | 8.8.8.8:53 | alt4.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | alt4.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | isueir.com | udp |
| N/A | 127.0.0.1:49606 | tcp | |
| N/A | 127.0.0.1:49610 | tcp | |
| N/A | 127.0.0.1:49613 | tcp | |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | pmg.sigcomt.com | udp |
| US | 8.8.8.8:53 | mx.sendgrid.net | udp |
| US | 8.8.8.8:53 | mx203.inbound-mx.net | udp |
| US | 8.8.8.8:53 | mx.mail-data.net | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| N/A | 127.0.0.1:49618 | tcp | |
| US | 8.8.8.8:53 | tactar.com | udp |
| US | 8.8.8.8:53 | tactar.com | udp |
| US | 8.8.8.8:53 | em4.rejecthost.com | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | imaja.co | udp |
| US | 8.8.8.8:53 | davincidigital.co | udp |
| US | 8.8.8.8:53 | imaja.co | udp |
| US | 8.8.8.8:53 | davincidigital.co | udp |
| US | 8.8.8.8:53 | easymc.com | udp |
| US | 8.8.8.8:53 | easymc.com | udp |
| US | 8.8.8.8:53 | guidelia.site | udp |
| US | 8.8.8.8:53 | guidelia.site | udp |
| US | 8.8.8.8:53 | dolce.fr | udp |
| US | 8.8.8.8:53 | ispaedu.com | udp |
| US | 8.8.8.8:53 | dolce.fr | udp |
| US | 8.8.8.8:53 | guidelia.site | udp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | emea.nttdata.com | udp |
| US | 8.8.8.8:53 | ispaedu.com | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| FR | 5.135.3.114:22 | dolce.fr | tcp |
| US | 143.244.202.96:465 | mx.mail-data.net | tcp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 143.244.202.96:143 | mx.mail-data.net | tcp |
| US | 34.193.204.92:443 | davincidigital.co | tcp |
| US | 143.244.202.96:995 | mx.mail-data.net | tcp |
| US | 172.67.191.120:21 | easymc.com | tcp |
| US | 172.67.191.120:443 | easymc.com | tcp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| FR | 54.36.91.62:22 | ispaedu.com | tcp |
| FR | 5.135.3.114:21 | dolce.fr | tcp |
| US | 104.21.65.185:21 | easymc.com | tcp |
| FR | 5.135.3.114:443 | dolce.fr | tcp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| FR | 54.36.91.62:21 | ispaedu.com | tcp |
| BE | 66.102.1.26:143 | aspmx.l.google.com | tcp |
| DE | 46.38.249.174:22 | hauptstadt-it.de | tcp |
| US | 8.8.8.8:53 | subredsuroccidente.gov.co | udp |
| US | 8.8.8.8:53 | easymc-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | emea.nttdata.com | udp |
| US | 8.8.8.8:53 | superblohey.com | udp |
| US | 8.8.8.8:53 | alcorconsultinginc.com | udp |
| US | 34.193.204.92:80 | davincidigital.co | tcp |
| BE | 66.102.1.26:465 | aspmx.l.google.com | tcp |
| FR | 54.36.91.62:443 | ispaedu.com | tcp |
| DE | 46.38.249.174:21 | hauptstadt-it.de | tcp |
| GB | 213.198.51.18:22 | emea.nttdata.com | tcp |
| N/A | 127.0.0.1:49621 | tcp | |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | subredsuroccidente.gov.co | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | superblohey.com | udp |
| US | 8.8.8.8:53 | subredsuroccidente.gov.co | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | mx2.mail.ovh.net | udp |
| US | 8.8.8.8:53 | aloebotondeoro.com | udp |
| US | 8.8.8.8:53 | vadim.in.tmes.trendmicro.eu | udp |
| US | 8.8.8.8:53 | alcorconsultinginc.com | udp |
| US | 8.8.8.8:53 | vadim.in.tmes.trendmicro.eu | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | aloebotondeoro.com | udp |
| US | 8.8.8.8:53 | gla.om | udp |
| US | 8.8.8.8:53 | psaxtiri.com | udp |
| US | 8.8.8.8:53 | bs-klimop.be | udp |
| US | 8.8.8.8:53 | mxa-004dc302.gslb.pphosted.com | udp |
| US | 8.8.8.8:53 | psaxtiri.com | udp |
| US | 8.8.8.8:53 | ftp.posta.istruzione.it | udp |
| US | 8.8.8.8:53 | bs-klimop.be | udp |
| US | 8.8.8.8:53 | gla.om | udp |
| US | 8.8.8.8:53 | hauptstadtit-de02e.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | www.davincidigital.co | udp |
| US | 8.8.8.8:53 | aloebotondeoro.com | udp |
| US | 8.8.8.8:53 | www.dolce.fr | udp |
| NL | 185.183.30.93:143 | mxa-004dc302.gslb.pphosted.com | tcp |
| N/A | 127.0.0.1:49626 | tcp | |
| N/A | 127.0.0.1:49628 | tcp | |
| US | 172.67.191.120:80 | easymc.com | tcp |
| US | 8.8.8.8:53 | soupletube.com | udp |
| US | 8.8.8.8:53 | 9bros.io | udp |
| FR | 5.135.3.114:80 | dolce.fr | tcp |
| FR | 54.36.91.62:80 | ispaedu.com | tcp |
| GB | 213.198.51.18:80 | emea.nttdata.com | tcp |
| FR | 5.135.3.114:21 | dolce.fr | tcp |
| IE | 34.249.200.254:443 | www.davincidigital.co | tcp |
| FR | 54.36.91.62:22 | ispaedu.com | tcp |
| BE | 185.3.216.209:21 | bs-klimop.be | tcp |
| US | 8.8.8.8:53 | soupletube.com | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | subredsuroccidente-gov-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | west.smtp.mx.exch083.serverdata.net | udp |
| US | 8.8.8.8:53 | park-mx.above.com | udp |
| US | 8.8.8.8:53 | outlook.salis.com.tr | udp |
| US | 8.8.8.8:53 | lbull.fr | udp |
| US | 8.8.8.8:53 | easymc-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | 9bros.io | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | outlook.salis.com.tr | udp |
| US | 8.8.8.8:53 | reproconcept69.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | reproconcept69.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| N/A | 127.0.0.1:49638 | tcp | |
| DE | 46.38.249.174:80 | hauptstadt-it.de | tcp |
| CO | 201.245.188.172:80 | subredsuroccidente.gov.co | tcp |
| DE | 46.38.249.174:80 | hauptstadt-it.de | tcp |
| US | 8.8.8.8:53 | outlook.cocanl.nc | udp |
| BE | 66.102.1.26:995 | aspmx.l.google.com | tcp |
| N/A | 127.0.0.1:49640 | tcp | |
| N/A | 127.0.0.1:49647 | tcp | |
| N/A | 127.0.0.1:49653 | tcp | |
| N/A | 127.0.0.1:49656 | tcp | |
| N/A | 127.0.0.1:49658 | tcp | |
| N/A | 127.0.0.1:49661 | tcp | |
| N/A | 127.0.0.1:49663 | tcp | |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | subredsuroccidente-gov-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | lbull.fr | udp |
| US | 8.8.8.8:53 | 3bf.comd | udp |
| US | 8.8.8.8:53 | gmailfree.fr | udp |
| US | 8.8.8.8:53 | inteduce.com.pl | udp |
| US | 8.8.8.8:53 | pe.amcoedu.org | udp |
| US | 8.8.8.8:53 | easymc-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | 9bros-io.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | hauptstadtit-de02e.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | skonare3.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 172.67.191.120:80 | easymc.com | tcp |
| US | 50.63.9.28:80 | alcorconsultinginc.com | tcp |
| US | 8.8.8.8:53 | 3bf.comd | udp |
| N/A | 127.0.0.1:49667 | tcp | |
| N/A | 127.0.0.1:49673 | tcp | |
| US | 8.8.8.8:53 | outlook.cocanl.nc | udp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | reproconcept69.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | outlook.cocanl.nc | udp |
| US | 8.8.8.8:53 | reproconcept69.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gmailfree.fr | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | inteduce.com.pl | udp |
| US | 8.8.8.8:53 | ftp.edulena.com | udp |
| US | 8.8.8.8:53 | skonare3.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | pe.amcoedu.org | udp |
| US | 8.8.8.8:53 | g.eg | udp |
| US | 8.8.8.8:53 | vulcanite.com | udp |
| US | 8.8.8.8:53 | g.eg | udp |
| FR | 51.254.108.50:443 | www.dolce.fr | tcp |
| US | 8.8.8.8:53 | vulcanite.com | udp |
| US | 8.8.8.8:53 | yspate.fr | udp |
| SG | 191.101.230.200:80 | 9bros.io | tcp |
| US | 103.224.212.212:80 | superblohey.com | tcp |
| US | 34.193.204.92:80 | davincidigital.co | tcp |
| BE | 185.3.216.209:80 | bs-klimop.be | tcp |
| DE | 46.38.249.174:443 | hauptstadt-it.de | tcp |
| GB | 213.198.51.18:80 | emea.nttdata.com | tcp |
| FR | 54.36.91.62:80 | ispaedu.com | tcp |
| US | 8.8.8.8:53 | guiasprepago.com | udp |
| FR | 51.254.108.50:443 | www.dolce.fr | tcp |
| N/A | 127.0.0.1:49678 | tcp | |
| N/A | 127.0.0.1:49680 | tcp | |
| CO | 201.245.188.172:80 | subredsuroccidente.gov.co | tcp |
| US | 8.8.8.8:53 | yspate.fr | udp |
| US | 8.8.8.8:53 | mxa-004dc302.gslb.pphosted.com | udp |
| US | 8.8.8.8:53 | nicecc.pw | udp |
| US | 8.8.8.8:53 | ssh.posta.istruzione.it | udp |
| US | 8.8.8.8:53 | guiasprepago.com | udp |
| US | 8.8.8.8:53 | subredsuroccidente-gov-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | hauptstadtit-de02e.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | skonare3.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | easymc-com.mail.protection.outlook.com | udp |
| US | 172.67.191.120:80 | easymc.com | tcp |
| US | 50.63.9.28:80 | alcorconsultinginc.com | tcp |
| US | 8.8.8.8:53 | mx2.mail.ovh.net | udp |
| US | 8.8.8.8:53 | 9bros-io.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ftp.vietmaslow.com | udp |
| US | 8.8.8.8:53 | mail.posta.istruzione.it | udp |
| US | 8.8.8.8:53 | ftp.hotmok.com | udp |
| N/A | 127.0.0.1:49683 | tcp | |
| N/A | 127.0.0.1:49686 | tcp | |
| N/A | 127.0.0.1:49689 | tcp | |
| N/A | 127.0.0.1:49692 | tcp | |
| N/A | 127.0.0.1:49695 | tcp | |
| N/A | 127.0.0.1:49697 | tcp | |
| N/A | 127.0.0.1:49702 | tcp | |
| N/A | 127.0.0.1:49704 | tcp | |
| N/A | 127.0.0.1:49709 | tcp | |
| N/A | 127.0.0.1:49713 | tcp | |
| N/A | 127.0.0.1:49716 | tcp | |
| IE | 34.249.200.254:443 | www.davincidigital.co | tcp |
| US | 8.8.8.8:53 | ftp.isueir.com | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| IE | 34.249.200.254:443 | www.davincidigital.co | tcp |
| US | 8.8.8.8:53 | mail.vietmaslow.com | udp |
| US | 8.8.8.8:53 | vulcanite-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | faithpos.com | udp |
| BE | 185.3.216.209:80 | bs-klimop.be | tcp |
| BE | 185.3.216.209:443 | bs-klimop.be | tcp |
| US | 8.8.8.8:53 | huvacliq.ck | udp |
| US | 8.8.8.8:53 | myfiforlif.com | udp |
| US | 8.8.8.8:53 | febi.it | udp |
| US | 8.8.8.8:53 | uorak.com | udp |
| US | 8.8.8.8:53 | mertboru.com.tr | udp |
| N/A | 127.0.0.1:49720 | tcp | |
| US | 8.8.8.8:53 | alumno.msev.gob.mx | udp |
| US | 8.8.8.8:53 | upds.net.bo | udp |
| US | 8.8.8.8:53 | office365.sut.ac.th | udp |
| US | 8.8.8.8:53 | kixotl.com | udp |
| US | 8.8.8.8:53 | stoppelmanexcavating.com | udp |
| N/A | 127.0.0.1:49722 | tcp | |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | ww25.superblohey.com | udp |
| US | 8.8.8.8:53 | skonare3.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | nicecc.pw | udp |
| US | 8.8.8.8:53 | easymc-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | reproconcept69.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | subredsuroccidente-gov-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | gmail.lf.org.uk | udp |
| US | 8.8.8.8:53 | myfiforlif.com | udp |
| US | 8.8.8.8:53 | ftp.team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | huvacliq.ck | udp |
| US | 8.8.8.8:53 | mail.guiasprepago.com | udp |
| US | 8.8.8.8:53 | faithpos.com | udp |
| US | 8.8.8.8:53 | febi.it | udp |
| US | 8.8.8.8:53 | allegorie.group | udp |
| US | 8.8.8.8:53 | ftp.easymc.com | udp |
| US | 8.8.8.8:53 | uorak.com | udp |
| US | 8.8.8.8:53 | hauptstadtit-de02e.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | alumno.msev.gob.mx | udp |
| US | 8.8.8.8:53 | mertboru.com.tr | udp |
| US | 8.8.8.8:53 | office365.sut.ac.th | udp |
| US | 8.8.8.8:53 | kixotl.com | udp |
| US | 8.8.8.8:53 | upds.net.bo | udp |
| US | 8.8.8.8:53 | gmasseguros.com | udp |
| US | 8.8.8.8:53 | avenir.fr | udp |
| US | 8.8.8.8:53 | ftp.dolce.fr | udp |
| US | 8.8.8.8:53 | ftp.ispaedu.com | udp |
| US | 8.8.8.8:53 | stoppelmanexcavating.com | udp |
| US | 8.8.8.8:53 | stoppelmanexcavating.com | udp |
| US | 8.8.8.8:53 | 9bros-io.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | allegorie.group | udp |
| US | 8.8.8.8:53 | gmail.lf.org.uk | udp |
| US | 8.8.8.8:53 | 9bros-io.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gmail.lf.org.uk | udp |
| US | 8.8.8.8:53 | avenir.fr | udp |
| DE | 46.38.249.174:80 | hauptstadt-it.de | tcp |
| N/A | 127.0.0.1:49732 | tcp | |
| US | 185.230.63.107:80 | guiasprepago.com | tcp |
| US | 165.160.15.20:80 | vulcanite.com | tcp |
| US | 199.127.60.238:80 | nicecc.pw | tcp |
| SG | 191.101.230.200:80 | 9bros.io | tcp |
| US | 103.224.212.212:80 | superblohey.com | tcp |
| FR | 54.36.91.62:80 | ftp.ispaedu.com | tcp |
| US | 8.8.8.8:53 | easymc-com.mail.protection.outlook.com | udp |
| US | 172.67.191.120:80 | easymc.com | tcp |
| BE | 185.3.216.209:80 | bs-klimop.be | tcp |
| US | 34.193.204.92:80 | davincidigital.co | tcp |
| US | 199.127.60.238:80 | nicecc.pw | tcp |
| US | 8.8.8.8:53 | gmasseguros.com | udp |
| N/A | 127.0.0.1:49738 | tcp | |
| US | 8.8.8.8:53 | gmailnline.de | udp |
| US | 8.8.8.8:53 | premiercricket.live | udp |
| US | 8.8.8.8:53 | searpen.com | udp |
| US | 8.8.8.8:53 | ensign.edu.gh | udp |
| N/A | 127.0.0.1:49742 | tcp | |
| N/A | 127.0.0.1:49745 | tcp | |
| N/A | 127.0.0.1:49750 | tcp | |
| N/A | 127.0.0.1:49756 | tcp | |
| N/A | 127.0.0.1:49759 | tcp | |
| N/A | 127.0.0.1:49766 | tcp | |
| N/A | 127.0.0.1:49768 | tcp | |
| N/A | 127.0.0.1:49770 | tcp | |
| US | 8.8.8.8:53 | gmail.ccionpatrimonial.net | udp |
| US | 8.8.8.8:53 | vulcanite-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | vadim.in.tmes.trendmicro.eu | udp |
| US | 8.8.8.8:53 | gmailnline.de | udp |
| US | 8.8.8.8:53 | ftp.guidelia.site | udp |
| US | 8.8.8.8:53 | mail.faithpos.com | udp |
| US | 8.8.8.8:53 | 9bros-io.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.hotmok.com | udp |
| US | 8.8.8.8:53 | upds-net-bo.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mx.turkticaret.net | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | premiercricket.live | udp |
| US | 8.8.8.8:53 | office365-sut-ac-th.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | reproconcept69.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | hauptstadtit-de02e.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | easymc-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | skonare3.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | alumno-msev-gob-mx.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | mx.febi.it | udp |
| US | 8.8.8.8:53 | mxa-004dc302.gslb.pphosted.com | udp |
| US | 185.230.63.107:80 | guiasprepago.com | tcp |
| US | 216.239.36.21:80 | varealtyprofessionals.com | tcp |
| N/A | 127.0.0.1:49776 | tcp | |
| N/A | 127.0.0.1:49778 | tcp | |
| N/A | 127.0.0.1:49782 | tcp | |
| US | 199.59.243.225:80 | ww25.superblohey.com | tcp |
| IN | 68.178.145.219:80 | mail.faithpos.com | tcp |
| GB | 213.198.51.18:80 | emea.nttdata.com | tcp |
| TR | 31.186.11.105:80 | mertboru.com.tr | tcp |
| CO | 201.245.188.172:80 | subredsuroccidente.gov.co | tcp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | ftp.subredsuroccidente.gov.co | udp |
| US | 8.8.8.8:53 | alumno-msev-gob-mx.mail.protection.outlook.com | udp |
| IN | 68.178.145.219:80 | mail.faithpos.com | tcp |
| N/A | 127.0.0.1:49785 | tcp | |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | ssh.edulena.com | udp |
| US | 8.8.8.8:53 | ftp.alcorconsultinginc.com | udp |
| US | 8.8.8.8:53 | ftp.9bros.io | udp |
| US | 8.8.8.8:53 | ftp.aloebotondeoro.com | udp |
| FR | 5.135.3.114:80 | dolce.fr | tcp |
| US | 3.228.97.49:80 | uorak.com | tcp |
| IT | 62.149.128.166:80 | mx.febi.it | tcp |
| HK | 65.55.88.202:80 | office365.sut.ac.th | tcp |
| GB | 213.198.51.18:80 | emea.nttdata.com | tcp |
| US | 8.8.8.8:53 | usacivil.com | udp |
| N/A | 127.0.0.1:49790 | tcp | |
| N/A | 127.0.0.1:49795 | tcp | |
| N/A | 127.0.0.1:49797 | tcp | |
| US | 8.8.8.8:53 | kuljetusturva.fi | udp |
| N/A | 127.0.0.1:49799 | tcp | |
| US | 8.8.8.8:53 | secomecuador.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | easymc-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ftp.imaja.co | udp |
| US | 8.8.8.8:53 | ftp.superblohey.com | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | mxb-004dc302.gslb.pphosted.com | udp |
| US | 8.8.8.8:53 | subredsuroccidente-gov-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | office365-sut-ac-th.mail.protection.outlook.com | udp |
| N/A | 127.0.0.1:49803 | tcp | |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | mxa-00114401.gslb.pphosted.com | udp |
| US | 8.8.8.8:53 | searpen.com | udp |
| US | 8.8.8.8:53 | themillenniumschoolsurat.org | udp |
| KR | 65.55.88.10:80 | office365.sut.ac.th | tcp |
| US | 199.127.60.238:80 | nicecc.pw | tcp |
| US | 8.8.8.8:53 | mx2.mail.ovh.net | udp |
| US | 8.8.8.8:53 | ftp.team.sman1lmj.sch.id | udp |
| DE | 3.64.163.50:80 | gmail.lf.org.uk | tcp |
| MX | 189.203.73.30:80 | alumno.msev.gob.mx | tcp |
| MX | 189.203.73.30:80 | alumno.msev.gob.mx | tcp |
| BE | 185.3.216.209:80 | bs-klimop.be | tcp |
| FR | 54.36.91.62:443 | ftp.ispaedu.com | tcp |
| HK | 65.55.88.202:80 | office365.sut.ac.th | tcp |
| CO | 201.245.188.172:80 | subredsuroccidente.gov.co | tcp |
| US | 8.8.8.8:53 | mx1.mail.ovh.net | udp |
| US | 199.127.60.238:80 | nicecc.pw | tcp |
| US | 172.67.191.120:80 | easymc.com | tcp |
| US | 8.8.8.8:53 | ssh.vietmaslow.com | udp |
| US | 8.8.8.8:53 | ftp.tactar.com | udp |
| US | 8.8.8.8:53 | 9bros-io.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | 9bros-io.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ftp.bs-klimop.be | udp |
| US | 8.8.8.8:53 | skonare3.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | vulcanite.com.au | udp |
| US | 8.8.8.8:53 | arensus.om | udp |
| US | 8.8.8.8:53 | ruhrmedia.de | udp |
| US | 8.8.8.8:53 | fostco.com | udp |
| US | 8.8.8.8:53 | gmail.poste.net | udp |
| US | 8.8.8.8:53 | vikasmassey.org | udp |
| US | 8.8.8.8:53 | otc-corse.fr | udp |
| US | 8.8.8.8:53 | betomateriais.com.br | udp |
| US | 8.8.8.8:53 | ensign.edu.gh | udp |
| US | 8.8.8.8:53 | gmail.ccionpatrimonial.net | udp |
| US | 8.8.8.8:53 | mailinator.comgmail.com | udp |
| US | 8.8.8.8:53 | gmail.coir.net | udp |
| US | 8.8.8.8:53 | ftp.emea.nttdata.com | udp |
| US | 8.8.8.8:53 | www.davincidigital.co | udp |
| US | 8.8.8.8:53 | alumno-msev-gob-mx.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | hauptstadtit-de02e.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.imaja.co | udp |
| US | 8.8.8.8:53 | usacivil.com | udp |
| US | 8.8.8.8:53 | upds-net-bo.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | secomecuador.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | kuljetusturva.fi | udp |
| US | 8.8.8.8:53 | pussport.com | udp |
| US | 8.8.8.8:53 | desertsundesigns.com | udp |
| US | 8.8.8.8:53 | perfect.productions | udp |
| US | 8.8.8.8:53 | sp.raszkow.pl | udp |
| US | 8.8.8.8:53 | 8knk.com | udp |
| US | 8.8.8.8:53 | live.comgmail.com | udp |
| US | 8.8.8.8:53 | admin.sd.belajar.id | udp |
| US | 8.8.8.8:53 | bendigotruss.com.au | udp |
| US | 8.8.8.8:53 | arensus.om | udp |
| US | 8.8.8.8:53 | arensus.om | udp |
| US | 8.8.8.8:53 | ruhrmedia.de | udp |
| US | 8.8.8.8:53 | themillenniumschoolsurat.org | udp |
| US | 8.8.8.8:53 | vulcanite-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | fostco.com | udp |
| US | 8.8.8.8:53 | easymc-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | office365-sut-ac-th.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | www.lauramcguirerealestate.com | udp |
| US | 8.8.8.8:53 | ftp.soupletube.com | udp |
| US | 8.8.8.8:53 | subredsuroccidente-gov-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ssh.isueir.com | udp |
| US | 35.208.231.179:80 | upds.net.bo | tcp |
| US | 8.8.8.8:53 | ssh.tactar.com | udp |
| US | 8.8.8.8:53 | mail.team.sman1lmj.sch.id | udp |
| US | 165.160.15.20:80 | vulcanite.com | tcp |
| SG | 191.101.230.200:80 | ftp.9bros.io | tcp |
| US | 8.8.8.8:53 | mxa-004dc302.gslb.pphosted.com | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | ssh.hotmok.com | udp |
| US | 8.8.8.8:53 | mxa-004dc302.gslb.pphosted.com | udp |
| US | 8.8.8.8:53 | gmail.poste.net | udp |
| US | 8.8.8.8:53 | east.smtp.mx.exch083.serverdata.net | udp |
| US | 8.8.8.8:53 | reproconcept69.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | ssh.dolce.fr | udp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| DE | 217.160.0.87:80 | allegorie.group | tcp |
| N/A | 127.0.0.1:49812 | tcp | |
| N/A | 127.0.0.1:49818 | tcp | |
| N/A | 127.0.0.1:49820 | tcp | |
| N/A | 127.0.0.1:49831 | tcp | |
| N/A | 127.0.0.1:49833 | tcp | |
| N/A | 127.0.0.1:49835 | tcp | |
| N/A | 127.0.0.1:49839 | tcp | |
| N/A | 127.0.0.1:49846 | tcp | |
| KR | 65.55.88.10:80 | office365.sut.ac.th | tcp |
| US | 8.8.8.8:53 | otc-corse.fr | udp |
| TR | 31.186.11.105:80 | mertboru.com.tr | tcp |
| N/A | 127.0.0.1:49852 | tcp | |
| US | 103.224.212.212:80 | ftp.superblohey.com | tcp |
| US | 8.8.8.8:53 | www.febi.it | udp |
| US | 8.8.8.8:53 | vikasmassey.org | udp |
| US | 8.8.8.8:53 | alumno-msev-gob-mx.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | reproconcept69.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | skonare3.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | betomateriais.com.br | udp |
| US | 8.8.8.8:53 | betomateriais.com.br | udp |
| US | 8.8.8.8:53 | mailinator.comgmail.com | udp |
| TR | 31.186.11.105:80 | mertboru.com.tr | tcp |
| US | 199.79.62.121:80 | ensign.edu.gh | tcp |
| US | 8.8.8.8:53 | gmail.coir.net | udp |
| US | 8.8.8.8:53 | ftp.psaxtiri.com | udp |
| US | 8.8.8.8:53 | gmail.coir.net | udp |
| US | 8.8.8.8:53 | gmail.coir.net | udp |
| US | 8.8.8.8:53 | rjsmithcos.in.tmes.trendmicro.com | udp |
| US | 8.8.8.8:53 | pussport.com | udp |
| US | 8.8.8.8:53 | perfect.productions | udp |
| US | 3.228.97.49:80 | uorak.com | tcp |
| US | 8.8.8.8:53 | desertsundesigns.com | udp |
| US | 8.8.8.8:53 | mail8.neutech.fi | udp |
| US | 8.8.8.8:53 | sp.raszkow.pl | udp |
| US | 8.8.8.8:53 | desertsundesigns.com | udp |
| US | 8.8.8.8:53 | sp.raszkow.pl | udp |
| US | 8.8.8.8:53 | desertsundesigns.com | udp |
| US | 8.8.8.8:53 | live.comgmail.com | udp |
| US | 8.8.8.8:53 | 8knk.com | udp |
| US | 8.8.8.8:53 | 8knk.com | udp |
| US | 8.8.8.8:53 | 8knk.com | udp |
| US | 8.8.8.8:53 | ftp.reproconcept69.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | easymc-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | admin.sd.belajar.id | udp |
| US | 8.8.8.8:53 | bendigotruss.com.au | udp |
| US | 8.8.8.8:53 | mxb-004dc302.gslb.pphosted.com | udp |
| US | 8.8.8.8:53 | yahoo.com.argmail.com | udp |
| US | 8.8.8.8:53 | bahiaemail.com | udp |
| US | 8.8.8.8:53 | egydrill.om | udp |
| US | 8.8.8.8:53 | starchestnut.com | udp |
| US | 8.8.8.8:53 | vadim.in.tmes.trendmicro.eu | udp |
| US | 8.8.8.8:53 | yahoo.com.mxmail.com | udp |
| US | 8.8.8.8:53 | fluefix.com | udp |
| US | 8.8.8.8:53 | yahoo.com.argmail.com | udp |
| US | 8.8.8.8:53 | mxa-00114401.gslb.pphosted.com | udp |
| US | 8.8.8.8:53 | ecspartners.com | udp |
| US | 8.8.8.8:53 | blokom.com | udp |
| US | 8.8.8.8:53 | redcolegiospatagonia.cl | udp |
| US | 8.8.8.8:53 | ftp.outlook.cocanl.nc | udp |
| US | 8.8.8.8:53 | office365-sut-ac-th.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ssh.team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | bahiaemail.com | udp |
| US | 8.8.8.8:53 | egydrill.om | udp |
| US | 8.8.8.8:53 | ftp.outlook.salis.com.tr | udp |
| US | 8.8.8.8:53 | ssh.ispaedu.com | udp |
| US | 8.8.8.8:53 | subredsuroccidente-gov-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ssh.imaja.co | udp |
| US | 8.8.8.8:53 | mail.guidelia.site | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| N/A | 127.0.0.1:49854 | tcp | |
| US | 8.8.8.8:53 | ftp.gla.om | udp |
| US | 199.168.114.96:80 | fostco.com | tcp |
| FR | 213.251.158.201:80 | otc-corse.fr | tcp |
| FR | 213.251.158.201:80 | otc-corse.fr | tcp |
| US | 199.168.114.96:80 | fostco.com | tcp |
| US | 8.8.8.8:53 | ftp.team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | 9bros-io.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | skonare3.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | w01d80d6.kasserver.com | udp |
| US | 8.8.8.8:53 | mx.uhserver.com | udp |
| US | 8.8.8.8:53 | mx3.mail.ovh.net | udp |
| US | 8.8.8.8:53 | mx156.hostedmxserver.com | udp |
| US | 8.8.8.8:53 | mail.8knk.com | udp |
| US | 8.8.8.8:53 | upds-net-bo.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | em4.rejecthost.com | udp |
| US | 8.8.8.8:53 | fostco-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | fostco-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | starchestnut.com | udp |
| US | 8.8.8.8:53 | hauptstadtit-de02e.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | in.mail.tm | udp |
| US | 8.8.8.8:53 | www.allegorie.group | udp |
| US | 8.8.8.8:53 | bendigotruss-com-au.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | fluefix.com | udp |
| US | 8.8.8.8:53 | sp-raszkow-pl.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | vulcanite-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | alumno-msev-gob-mx.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ssh.guidelia.site | udp |
| US | 8.8.8.8:53 | ftp.gmailfree.fr | udp |
| US | 8.8.8.8:53 | easymc-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ecspartners.com | udp |
| US | 8.8.8.8:53 | office365-sut-ac-th.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | subredsuroccidente-gov-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ftp.g.eg | udp |
| US | 8.8.8.8:53 | yahoo.com.mxmail.com | udp |
| US | 8.8.8.8:53 | mail.outlook.salis.com.tr | udp |
| US | 8.8.8.8:53 | reproconcept69.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ftp.pe.amcoedu.org | udp |
| US | 8.8.8.8:53 | ftp.skonare3.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | mail.team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | ssh.alcorconsultinginc.com | udp |
| US | 8.8.8.8:53 | mail.team.sman1lmj.sch.id | udp |
| US | 8.8.8.8:53 | mxa-004dc302.gslb.pphosted.com | udp |
| US | 8.8.8.8:53 | blokom.com | udp |
| US | 8.8.8.8:53 | redcolegiospatagonia.cl | udp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | kamsmad.com | udp |
| US | 35.208.231.179:80 | upds.net.bo | tcp |
| US | 8.8.8.8:53 | hauptstadt-it.de | udp |
| US | 8.8.8.8:53 | mail.aloebotondeoro.com | udp |
| US | 8.8.8.8:53 | vusra.coowoso | udp |
| US | 8.8.8.8:53 | ubutu2.onmicrosoft.c.com | udp |
| US | 8.8.8.8:53 | cmpardo.pe | udp |
| US | 8.8.8.8:53 | villadjati.com | udp |
| US | 8.8.8.8:53 | vfe.watchit.com | udp |
| US | 8.8.8.8:53 | kohlyahoo.com | udp |
| US | 8.8.8.8:53 | skonare3.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ssh.hauptstadt-it.de | udp |
| US | 216.239.36.21:80 | varealtyprofessionals.com | tcp |
| US | 35.208.231.179:80 | upds.net.bo | tcp |
| HK | 43.132.173.84:80 | 8knk.com | tcp |
| US | 193.243.189.83:80 | gmail.coir.net | tcp |
| PL | 194.181.228.40:80 | sp.raszkow.pl | tcp |
| US | 69.16.230.226:80 | live.comgmail.com | tcp |
| US | 8.8.8.8:53 | sp-raszkow-pl.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ubutu2.onmicrosoft.c.com | udp |
| US | 8.8.8.8:53 | alumno-msev-gob-mx.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | vusra.coowoso | udp |
| US | 8.8.8.8:53 | villadjati.com | udp |
Files
memory/2040-1-0x0000000002440000-0x0000000002540000-memory.dmp
memory/2040-2-0x0000000000220000-0x000000000022B000-memory.dmp
memory/2040-3-0x0000000000400000-0x00000000022D2000-memory.dmp
memory/1280-4-0x0000000002990000-0x00000000029A6000-memory.dmp
memory/2040-5-0x0000000000400000-0x00000000022D2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C16B.exe
| MD5 | 9df04112ee272246e537077b87e3d35c |
| SHA1 | cc3c7c8324d4e5f63b3ae96b9ed6028c0eb0a948 |
| SHA256 | cf88087be3560c201dd207a85ffbe860ad92b2ea8f0e56c725e3b1229a157635 |
| SHA512 | 52bf711e82cfb1ffbe5cabef3fe060603d1b864e91495ee0fb521c02374cfba87e30205c397b82efbce7d7e9fd2b0290e120effde3a6a2f029591ddfbab80c22 |
C:\Users\Admin\AppData\Local\Temp\C16B.exe
| MD5 | 7e0b0057bfa166c42bbcad570322ee7c |
| SHA1 | b57065cebd9402b43e63d6e331905407343b1e0f |
| SHA256 | 7cfac6497e8500a539b1531226c3f9dca7234db9bbc70f28f92da50177c9e65e |
| SHA512 | d8d3fdf7b6809aae33a433f267d53903a1a30729ffab72d7c0f5495ab1345d3eb31751e071c550840f9bae46b32a19cd95749bd0dda5909595ff763fafe343db |
memory/2532-17-0x0000000003570000-0x0000000003728000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C16B.exe
| MD5 | 398ab69b1cdc624298fbc00526ea8aca |
| SHA1 | b2c76463ae08bb3a08accfcbf609ec4c2a9c0821 |
| SHA256 | ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be |
| SHA512 | 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739 |
memory/2532-22-0x0000000003730000-0x00000000038E7000-memory.dmp
memory/2532-21-0x0000000003570000-0x0000000003728000-memory.dmp
memory/2512-20-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2512-24-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2512-27-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2512-28-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2512-29-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2512-30-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C9C6.dll
| MD5 | 9b1697d40dfd386fdd7e9327844f301a |
| SHA1 | e75defb119e2c7b7d3f75ab70a100ec504af5ebf |
| SHA256 | 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d |
| SHA512 | 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69 |
\Users\Admin\AppData\Local\Temp\C9C6.dll
| MD5 | da30e7111769af02730a498c7d635877 |
| SHA1 | 052813b8db392217776729867bf3e082d89edd15 |
| SHA256 | 1edd160ab194f1894469cce0d336ae3caa29f1434350c4a7a32dceb30b5ef2e4 |
| SHA512 | 02aa1608592043503b96c48d508699110009c729bbcda779b1def9fad0fd64394e5c78c29f70678d46548c7a1e48ac1620608b850a36c3d680de7dab4ccaa702 |
memory/2880-35-0x0000000010000000-0x0000000010202000-memory.dmp
memory/2512-34-0x0000000000400000-0x0000000000848000-memory.dmp
\Users\Admin\AppData\Local\Temp\C9C6.dll
| MD5 | 59aea6747b52ce5d9873161c36d99040 |
| SHA1 | 48e8d1088f82bd7dbf5aaa1069aefd8f8c5937b8 |
| SHA256 | 9fbe75ff662b4bdd2cf230dd4dc3ecfcbe8955c2c1c76b5194dbc1a2b086a35c |
| SHA512 | 3807d0942a0b2ee4f95a1a3b4ac1c59112ab0445caf909bc29fcbc53b6f8e8229af16cc49f83fa2067ca52c99dc5a81228dac147250743b84b9d13dfa7b6d7da |
memory/2880-37-0x0000000000170000-0x0000000000176000-memory.dmp
memory/2512-41-0x0000000000340000-0x0000000000346000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\D922.exe
| MD5 | e676de508550f39a075d84414394222e |
| SHA1 | c73d4d0010687c934b6cdd367099345a7a6cb6ca |
| SHA256 | aeec570258d51f770a9c54199630ee3e1d8202d3b0f9166bc5ef6edf9f74b52a |
| SHA512 | 88161f22b04a10e5a3992e081619314bae2900f26274d95e00af98ae803383a383ac81498a98199c93b250f24f7eee400bec1eb1fc4988ee56bab6c79207aaf3 |
C:\Users\Admin\AppData\Local\Temp\D922.exe
| MD5 | 7725fbb35a072d32b7d778cc58cd02ca |
| SHA1 | ba6c4e1eace9c922b29932708eb1fcbf519588ad |
| SHA256 | e02111daddc7625ec26a4e7551809699baf5e7ed0124b20beadc39837989a990 |
| SHA512 | 751311b22e8a81d72ea07429f15033872ab5faf8e71156a8a11ba47717baf47baf711d910a0565c9f508015e3812042f087e6a9716eb630e46ad9047264f078e |
C:\Users\Admin\AppData\Local\Temp\E2E3.exe
| MD5 | a1b5ee1b9649ab629a7ac257e2392f8d |
| SHA1 | dc1b14b6d57589440fb3021c9e06a3e3191968dc |
| SHA256 | 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65 |
| SHA512 | 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b |
memory/2884-54-0x0000000001AF0000-0x0000000001BF0000-memory.dmp
memory/2884-55-0x00000000002B0000-0x000000000031B000-memory.dmp
memory/2884-56-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/2428-57-0x0000000000080000-0x0000000000081000-memory.dmp
memory/2428-59-0x0000000000140000-0x0000000000A31000-memory.dmp
memory/2428-60-0x0000000000080000-0x0000000000081000-memory.dmp
memory/2428-63-0x0000000076FE0000-0x0000000076FE1000-memory.dmp
memory/2428-62-0x0000000000080000-0x0000000000081000-memory.dmp
memory/2428-68-0x0000000000110000-0x0000000000111000-memory.dmp
memory/2428-69-0x0000000000140000-0x0000000000A31000-memory.dmp
memory/2880-71-0x00000000021B0000-0x00000000022D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FA2B.exe
| MD5 | 9f01fae5adc49a20bd063cca47b197b6 |
| SHA1 | 597f09318d605ed5559d0ecca5ce70c51147226a |
| SHA256 | 406fb88a38bb307d4d946dd60c3aeef5b9bc6d29e32d3727302d7401460c8720 |
| SHA512 | 2ecbc0316032ef0ee1323bd0fdea4bc09c490ff038f5efa00c45b4f40c83426f100a7b30a6da2237a7bb71781ad7c0acbddc9dac3d2189fd18eedd379c65fe83 |
C:\Users\Admin\AppData\Local\Temp\FA2B.exe
| MD5 | 3544bde4d0d42d3c2321eb34c0d1cd82 |
| SHA1 | 4efb46e3d03fb428c6ef48b5e3f72358f99edb2a |
| SHA256 | 99e93e9f609c0a2916d4361a9a55f59d0dfdb37e1832706ff0644b43094d5da4 |
| SHA512 | 791dccb19ecd727db329fb3f6e4a2685bdc08cfbe4aab6c52b2f719d7dfe0b6f95268ebf42a4c3ff54a95ff73431dea6128ce361ec7281a551beb924a2551a0b |
memory/2880-76-0x00000000022E0000-0x00000000023ED000-memory.dmp
memory/2880-79-0x00000000022E0000-0x00000000023ED000-memory.dmp
memory/2880-80-0x0000000010000000-0x0000000010202000-memory.dmp
memory/2880-81-0x00000000022E0000-0x00000000023ED000-memory.dmp
memory/2512-82-0x0000000002A30000-0x0000000002B58000-memory.dmp
\Users\Admin\AppData\Local\Temp\D922.exe
| MD5 | 997595b8e522783f9ebdeb030da6d33c |
| SHA1 | 5d814c50ea11f7586ca540a651a55392a1839172 |
| SHA256 | f59bb9368a129cacc57a1d25990cea7d7c0271167d2887e8ca36d742806e9f6d |
| SHA512 | d49a7d1b768dd84c1d8fe43621571bc17370a41614e1b2f6ba021e58a2f3f85c612f7fb81027ecbd6adc7267f1083b7391072b83f4c142ad2075fe7d1b75030b |
\Users\Admin\AppData\Local\Temp\D922.exe
| MD5 | dc4ffafc0832b680cd716fe56e015585 |
| SHA1 | 8febcbc5e479d77b34604a44853d2ce1b578866b |
| SHA256 | 7b41f6a2b077ab7b5f656252a5673bdec11a2d862c9d8c9ce267dde001b662a2 |
| SHA512 | dee9b31309541f2fff8cbc1ffda62fc46af245ce1a8bebc681fce5df4beecea5f341ab8b80bfe5e55e955bc8d27cbca237a260c8849d855e80adda370a72e951 |
memory/2512-85-0x0000000002B60000-0x0000000002C6D000-memory.dmp
memory/2512-88-0x0000000002B60000-0x0000000002C6D000-memory.dmp
memory/1532-89-0x0000000000B20000-0x0000000000FAC000-memory.dmp
memory/2512-90-0x0000000002B60000-0x0000000002C6D000-memory.dmp
\Users\Admin\AppData\Local\Temp\D922.exe
| MD5 | d689d942a645a468007b85fdf9413de9 |
| SHA1 | c94e0a7ff515c05a73048f3c6d2dd0c95071c4b6 |
| SHA256 | 82177bd7ae6c995aa53d63d21e5c53883af16f3b84832d5557fe3dfce3cf58cd |
| SHA512 | 525184773ae2e1642e05bee15b58457a995a3225f417a8b26580d306bd292ab880d9768187b6e5c144bf9d4eb3f95f2a2b82f7402eb11b3239740f5412f7608c |
memory/2512-99-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1357.exe
| MD5 | 38617539f3925b6017474f088cc3769a |
| SHA1 | c689b57ab62eac790a204c8231b02bfe0bc243a6 |
| SHA256 | defe2d4c932a7ef607e8ef1a643fb57b9c69cbc53b52bf802f9471aae5caef49 |
| SHA512 | 15d87c6231a8f2115ae3f0f021949d175d3f36735637c7b508a229af5b2a93f70f32e19d9b8e3d1e0fa41bd21ee46ab5d9c6ef630c826afe2210a789e5da53e7 |
memory/1532-96-0x00000000738A0000-0x0000000073F8E000-memory.dmp
memory/2884-105-0x0000000000400000-0x0000000001A77000-memory.dmp
\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
| MD5 | 0564a9bf638169a89ccb3820a6b9a58e |
| SHA1 | 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb |
| SHA256 | 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058 |
| SHA512 | 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6 |
memory/2732-112-0x0000000000270000-0x0000000000370000-memory.dmp
memory/2732-113-0x0000000001A50000-0x0000000001AB7000-memory.dmp
memory/2732-116-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/1532-125-0x00000000738A0000-0x0000000073F8E000-memory.dmp
memory/2828-124-0x0000000003990000-0x0000000003D88000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 129f07a47dda0eda373fe0b97d3f6d93 |
| SHA1 | 621f2725c11ee9e6bcb2837ebea4e45159a611e4 |
| SHA256 | e4b41cd7aa1b6a974671892a62e051693129372f16260114fb4df52c72d5a31e |
| SHA512 | fb99d47e2f3deab69ddf30cccaa7aeb842692159aa6d0c9e9ab938fb13d827c5e537a56902bb063791269761e31c380084051817d23b94bbcc387d1ec4e026f0 |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | cc922bda24d5f67055b34abc7ee36af4 |
| SHA1 | daa699a47356589ba8907cb47952304536bc72d0 |
| SHA256 | 6f8a618434b096f8db0f811fb353cf02489e45a057c6f548d6a0d47621c2a423 |
| SHA512 | e54a04bc48f2d784196dec4a15b8be61fa7f4bbabefefc44d3e240f30bf723c7a1378cce54dc08fdab840f81757fd56ae0a0539743f07bf5457c48d543075770 |
\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 46f02883577ec05c278186b4fb44ba14 |
| SHA1 | 3c531d2845d2a0e958c3f5bcc487eb0fb98b2e73 |
| SHA256 | 39daf7bd5756b6337b1e3bd1e64384ef574401206b7917fe09a1157f15645e0b |
| SHA512 | 83cdbe66c8df76bc0a41976eabfbc3854cdffc57f8e4920b759936038d5c4d08a7d01344f4ee6e0e7b226550d4d2b24164dea50d5bce4f8ae6b177cda67dcf42 |
\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 41f9737bcca2aed18933b133edb464c3 |
| SHA1 | f934c4e710fba5427ab445fe13976a3aa1fe4605 |
| SHA256 | 5cc37323372416f87883f74138a88cc96f4034fb93b5e75381282640ae6599a8 |
| SHA512 | c28a2d254b48881cc168e271561e03860f652730d74181cbd12da1b80bed9301b35655d3d2d65662d10fbd95085b99cf1a8150cf78feeba26d73529a0bc5a491 |
memory/2828-126-0x0000000003990000-0x0000000003D88000-memory.dmp
memory/2828-128-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/840-129-0x00000000001B0000-0x00000000001BB000-memory.dmp
memory/840-130-0x0000000000400000-0x00000000022D3000-memory.dmp
memory/2828-131-0x0000000003D90000-0x000000000467B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\u23w.0.exe
| MD5 | 5c47e4602163dd29a39294b7192f0658 |
| SHA1 | 268d1bf1f4c8c8b696298f802b95af8bd3891c10 |
| SHA256 | 5c0b29d51d9b148c8c19ce0efca365ccb1bbe720f634a15897684abbd1dc5d76 |
| SHA512 | 7baa0359781ba21c378a0fbd37dfcde2d1b0c5a9ce3afcf8db0617f91a49dd552416c90963731798669002eda0a15f2296120cb9307c8cafef18dfdb4a52ad91 |
memory/840-148-0x00000000002F0000-0x00000000003F0000-memory.dmp
\Users\Admin\AppData\Local\Temp\u23w.1.exe
| MD5 | 5b87828ea000c7111084d8beed17175e |
| SHA1 | e8aa3848e39c449051702a333e608fafd2e5330f |
| SHA256 | 1a557fae2d39d06392f4bea760fb72c87f0959a7c3ac66865e36f316866f57d3 |
| SHA512 | 56b0d0e5422b89a4659969f59570962dbb267fde913ed051fbedf3d66653c9c23d15c945a6ae8ce5570af010b3671eb0be085e8afb44c3088def9f423290f385 |
C:\Users\Admin\AppData\Local\Temp\u23w.1.exe
| MD5 | 06246d5f1675d0680bccaa82ae2b26fd |
| SHA1 | a73d03970a916cfcd6108e042149eadc54b940eb |
| SHA256 | c8a160c92eda31a919466f81f8828eaaa9091f1d66830376e33b32dde7178579 |
| SHA512 | 57fa90a31f7f7e0cffc3b3e7f0dd23d240c1843cdf98da4e587efb8f0b9ab30649995a7dac4a2d57cac46a918f573402dab61d0d3d7fd89b474535ac8b644ad2 |
memory/2884-163-0x0000000001AF0000-0x0000000001BF0000-memory.dmp
memory/2732-164-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/1280-169-0x0000000002AA0000-0x0000000002AB6000-memory.dmp
memory/828-176-0x0000000000230000-0x0000000000231000-memory.dmp
memory/2884-177-0x00000000002B0000-0x000000000031B000-memory.dmp
memory/840-175-0x0000000000400000-0x00000000022D3000-memory.dmp
memory/828-179-0x0000000000400000-0x0000000000930000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | 18f39e948f3ea92553bb1ecebeb322ca |
| SHA1 | 4d982b89cc2c28b7dd7b0402b5527bb16db881f3 |
| SHA256 | aee0de28f462cafba0f32a83fc7249715e9fa8b83bde467fc36aba0e7910a435 |
| SHA512 | da83c871cf4f374825bf116bf202dbae0f9d9ce878bcc4f4144c9007c2229675efe07018245d9282f4eb59c579bb29b7df736ee62da5abc4b968420741e786ff |
memory/2512-180-0x0000000000400000-0x0000000000848000-memory.dmp
memory/3020-185-0x0000000000220000-0x0000000000247000-memory.dmp
memory/3020-186-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/3020-184-0x0000000002480000-0x0000000002580000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | 9574d92b6d78fecb8b026bb4a6286f57 |
| SHA1 | d1dc082ec821cbd7726b8782758c1268e1d1d9f4 |
| SHA256 | f371e5e5303dec431b010975f01a69f1b35f44cfc8a017af2d5750c537f80c1f |
| SHA512 | e1bc6f05b3d3228dd24ab52422a016f53c6335ff73177d75c860247e56ff7e4a8bfffd115fb424e5c9c1baed75867341ab389b33bec4ba3e03496cb551d72678 |
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
memory/2828-195-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/3020-203-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/828-205-0x0000000000400000-0x0000000000930000-memory.dmp
memory/3020-209-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 6d329ff620b9edfdf5e175e9ea3d0ef3 |
| SHA1 | 01c89e92f659991b79cd63c7e69542dc0f6b50db |
| SHA256 | 351e5921b965157f58847fafc01538e1764defbddd5938328e793f30efe43ffa |
| SHA512 | f768fdb1515f760f4ae13ae9f21392f3f182da48466293ce72b933dec20768036d5689cc024c5141b50d6033cc1daaf3bab16f47c1c42b9d0091d4caec96251e |
C:\Users\Admin\AppData\Roaming\sruhref
| MD5 | 91f8f6d9542afc52dd9f37e6eddf873d |
| SHA1 | 7688f5873d434e7d889764460962dedb312ca453 |
| SHA256 | 10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16 |
| SHA512 | a09b77178e2ae8a3836d640c9b1028c60857d971c3ed65ef736c6cd5360ef9b5ab2e039ef1929ce4fb9feb95975b740363b79b81916129a501c5f496d525759d |
memory/2828-278-0x0000000003990000-0x0000000003D88000-memory.dmp
memory/2828-279-0x0000000000400000-0x0000000001E0F000-memory.dmp
\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
\ProgramData\mozglue.dll
| MD5 | a47c9a22d04f7a89ffb338ec0d9163f2 |
| SHA1 | c779b4e0bd380889d053a5a2e64fac7e5c9f0d85 |
| SHA256 | c67b8f01d1b007cf0abea4f89d1272a146116b398d97c0873889e4f3bc1aa2a5 |
| SHA512 | 64ebbee2f2f0884096e5b0996b30adae289549ba24f19fb3858f638148f358cd9a6f2fb370c0b2a44e821cb00b5a49468f849c97e9aa8ee413bbae11b57d72f4 |
memory/3020-1222-0x0000000002480000-0x0000000002580000-memory.dmp
memory/3020-1367-0x0000000000400000-0x00000000022DA000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-29 04:48
Reported
2024-02-29 04:53
Platform
win10-20240221-en
Max time kernel
266s
Max time network
315s
Command Line
Signatures
DcRat
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\1D37.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
Pitou
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Windows security bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Contacts a large (779) amount of remote hosts
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1D37.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1D37.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\39BA.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3F2A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4CF6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6189.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u380.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u380.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\ajccjhd | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| N/A | N/A | C:\Windows\rss\csrss.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe | N/A |
| N/A | N/A | C:\Windows\windefender.exe | N/A |
| N/A | N/A | C:\Windows\windefender.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1D37.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u380.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u380.0.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Windows security modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" | C:\Windows\rss\csrss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\1D37.exe | N/A |
Checks installed software on the system
Manipulates WinMonFS driver.
| Description | Indicator | Process | Target |
| File opened for modification | \??\WinMonFS | C:\Windows\rss\csrss.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\3F2A.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1744 set thread context of 4864 | N/A | C:\Users\Admin\AppData\Local\Temp\1D37.exe | C:\Users\Admin\AppData\Local\Temp\1D37.exe |
Checks for VirtualBox DLLs, possible anti-VM trick
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\rss | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| File created | C:\Windows\rss\csrss.exe | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| File created | C:\Windows\windefender.exe | C:\Windows\rss\csrss.exe | N/A |
| File opened for modification | C:\Windows\windefender.exe | C:\Windows\rss\csrss.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6189.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6189.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\ajccjhd | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\ajccjhd | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6189.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\ajccjhd | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\u380.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\u380.0.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-448 = "Azerbaijan Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-411 = "E. Africa Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-301 = "Romance Daylight Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2571 = "Turks and Caicos Daylight Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-961 = "Paraguay Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-842 = "Argentina Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-112 = "Eastern Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-931 = "Coordinated Universal Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2842 = "Saratov Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2141 = "Transbaikal Daylight Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-272 = "Greenwich Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-121 = "SA Pacific Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-182 = "Mountain Standard Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-371 = "Jerusalem Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1912 = "Russia TZ 10 Standard Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-161 = "Central Daylight Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2162 = "Altai Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-12 = "Azores Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-772 = "Montevideo Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-211 = "Pacific Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2572 = "Turks and Caicos Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1042 = "Ulaanbaatar Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-792 = "SA Western Standard Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2341 = "Haiti Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-502 = "Nepal Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-201 = "US Mountain Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2612 = "Bougainville Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-351 = "FLE Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1821 = "Russia TZ 1 Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2572 = "Turks and Caicos Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-622 = "Korea Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2791 = "Novosibirsk Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6189.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\ajccjhd | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\rss\csrss.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u380.1.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe
"C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe"
C:\Users\Admin\AppData\Local\Temp\1D37.exe
C:\Users\Admin\AppData\Local\Temp\1D37.exe
C:\Users\Admin\AppData\Local\Temp\1D37.exe
C:\Users\Admin\AppData\Local\Temp\1D37.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\291F.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\291F.dll
C:\Users\Admin\AppData\Local\Temp\39BA.exe
C:\Users\Admin\AppData\Local\Temp\39BA.exe
C:\Users\Admin\AppData\Local\Temp\3F2A.exe
C:\Users\Admin\AppData\Local\Temp\3F2A.exe
C:\Users\Admin\AppData\Local\Temp\4CF6.exe
C:\Users\Admin\AppData\Local\Temp\4CF6.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\u380.0.exe
"C:\Users\Admin\AppData\Local\Temp\u380.0.exe"
C:\Users\Admin\AppData\Local\Temp\6189.exe
C:\Users\Admin\AppData\Local\Temp\6189.exe
C:\Users\Admin\AppData\Local\Temp\u380.1.exe
"C:\Users\Admin\AppData\Local\Temp\u380.1.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Roaming\ajccjhd
C:\Users\Admin\AppData\Roaming\ajccjhd
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\System32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\windefender.exe
"C:\Windows\windefender.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\SysWOW64\sc.exe
sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\windefender.exe
C:\Windows\windefender.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| US | 8.8.8.8:53 | 120.85.215.91.in-addr.arpa | udp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | resergvearyinitiani.shop | udp |
| US | 172.67.217.100:443 | resergvearyinitiani.shop | tcp |
| US | 8.8.8.8:53 | 19.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.217.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| KR | 210.182.29.70:80 | trmpc.com | tcp |
| US | 8.8.8.8:53 | 70.29.182.210.in-addr.arpa | udp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| US | 8.8.8.8:53 | 90.128.172.185.in-addr.arpa | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 8.8.8.8:53 | 127.128.172.185.in-addr.arpa | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| US | 8.8.8.8:53 | joly.bestsup.su | udp |
| US | 8.8.8.8:53 | 109.128.172.185.in-addr.arpa | udp |
| US | 172.67.171.112:80 | joly.bestsup.su | tcp |
| US | 8.8.8.8:53 | 112.171.67.172.in-addr.arpa | udp |
| FR | 163.172.68.222:9001 | tcp | |
| AT | 109.70.100.14:443 | tcp | |
| SE | 185.97.32.34:9001 | tcp | |
| NL | 94.142.241.226:9443 | tcp | |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| US | 8.8.8.8:53 | 145.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | 118.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 172.67.147.18:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 126.195.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.202.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.147.67.172.in-addr.arpa | udp |
| DE | 47.254.134.152:9001 | tcp | |
| NL | 45.66.33.45:443 | tcp | |
| N/A | 127.0.0.1:49904 | tcp | |
| NO | 88.88.79.90:80 | tcp | |
| US | 8.8.8.8:53 | kamsmad.com | udp |
| MX | 187.134.61.6:80 | kamsmad.com | tcp |
| MX | 187.134.61.6:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | 6.61.134.187.in-addr.arpa | udp |
| NL | 212.8.243.229:9001 | tcp | |
| US | 128.31.0.39:9101 | tcp | |
| MX | 187.134.61.6:80 | kamsmad.com | tcp |
| MX | 187.134.61.6:80 | kamsmad.com | tcp |
| MX | 187.134.61.6:80 | kamsmad.com | tcp |
| MX | 187.134.61.6:80 | kamsmad.com | tcp |
| AT | 192.36.38.33:443 | tcp | |
| MX | 187.134.61.6:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | 33.38.36.192.in-addr.arpa | udp |
| DE | 178.215.228.25:443 | tcp | |
| CH | 85.195.244.251:443 | tcp | |
| MX | 187.134.61.6:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | 25.228.215.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.244.195.85.in-addr.arpa | udp |
| MX | 187.134.61.6:80 | kamsmad.com | tcp |
| DE | 178.215.228.25:443 | tcp | |
| CH | 85.195.244.251:443 | tcp | |
| N/A | 127.0.0.1:60801 | tcp | |
| US | 8.8.8.8:53 | 63.141.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30cea8ac-819b-4d03-8d0b-8671424952ba.uuid.localstats.org | udp |
| CA | 51.161.35.113:9001 | tcp | |
| US | 8.8.8.8:53 | 113.35.161.51.in-addr.arpa | udp |
| N/A | 127.0.0.1:60801 | tcp | |
| N/A | 127.0.0.1:60801 | tcp | |
| N/A | 127.0.0.1:60801 | tcp | |
| US | 8.8.8.8:53 | 39-40.com | udp |
| US | 8.8.8.8:53 | gguuuj.com | udp |
| US | 8.8.8.8:53 | www.glybee.com | udp |
| US | 8.8.8.8:53 | gnimdu.com | udp |
| NL | 107.6.150.114:443 | 39-40.com | tcp |
| IT | 89.46.108.58:443 | www.glybee.com | tcp |
| N/A | 127.0.0.1:51910 | tcp | |
| US | 150.239.200.200:443 | gguuuj.com | tcp |
| US | 8.8.8.8:53 | omeinz.com | udp |
| FR | 185.221.182.115:443 | gnimdu.com | tcp |
| US | 8.8.8.8:53 | oorcaa.com | udp |
| US | 8.8.8.8:53 | plurmx.com | udp |
| US | 8.8.8.8:53 | orogrp.com | udp |
| SG | 209.58.171.111:443 | omeinz.com | tcp |
| US | 8.8.8.8:53 | wiyato.com | udp |
| US | 8.8.8.8:53 | 114.150.6.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.108.46.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.200.239.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.182.221.185.in-addr.arpa | udp |
| US | 162.241.253.21:443 | oorcaa.com | tcp |
| US | 8.8.8.8:53 | woslak.com | udp |
| US | 162.241.62.125:443 | plurmx.com | tcp |
| US | 8.8.8.8:53 | wp-jit.com | udp |
| US | 162.214.80.79:443 | orogrp.com | tcp |
| US | 8.8.8.8:53 | yugren.com | udp |
| US | 8.8.8.8:53 | asdalhm.com | udp |
| US | 8.8.8.8:53 | www.gguuuj.com | udp |
| ID | 153.92.11.42:80 | wiyato.com | tcp |
| US | 8.8.8.8:53 | asesplc.com | udp |
| US | 67.20.114.55:443 | woslak.com | tcp |
| US | 150.239.200.200:443 | www.gguuuj.com | tcp |
| US | 8.8.8.8:53 | atadays.com | udp |
| US | 104.219.248.25:443 | asesplc.com | tcp |
| US | 198.12.71.180:80 | asdalhm.com | tcp |
| US | 172.67.212.44:80 | yugren.com | tcp |
| US | 162.144.5.13:443 | wp-jit.com | tcp |
| US | 8.8.8.8:53 | avi-art.com | udp |
| US | 8.8.8.8:53 | avilaya.com | udp |
| US | 8.8.8.8:53 | ayephyu.com | udp |
| PL | 94.152.13.99:443 | avi-art.com | tcp |
| US | 8.8.8.8:53 | azliton.com | udp |
| US | 8.8.8.8:53 | 21.253.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.171.58.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.62.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.80.214.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.114.20.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.212.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.11.92.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.71.12.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | balmoon.com | udp |
| US | 66.235.200.146:80 | ayephyu.com | tcp |
| IN | 89.117.188.210:443 | avilaya.com | tcp |
| US | 8.8.8.8:53 | behzadf.com | udp |
| US | 8.8.8.8:53 | beplike.com | udp |
| JP | 202.172.26.33:80 | atadays.com | tcp |
| N/A | 127.0.0.1:51914 | tcp | |
| US | 8.8.8.8:53 | blog-gu.com | udp |
| US | 8.8.8.8:53 | bitboy2.com | udp |
| US | 8.8.8.8:53 | blogebe.com | udp |
| SG | 139.99.121.13:443 | azliton.com | tcp |
| US | 8.8.8.8:53 | bmetjob.com | udp |
| US | 8.8.8.8:53 | boleach.com | udp |
| US | 8.8.8.8:53 | boolepo.com | udp |
| US | 8.8.8.8:53 | www.asesplc.com | udp |
| US | 8.8.8.8:53 | boricab.com | udp |
| US | 8.8.8.8:53 | blogehe.com | udp |
| US | 172.67.212.85:443 | balmoon.com | tcp |
| US | 154.56.37.26:443 | bitboy2.com | tcp |
| US | 8.8.8.8:53 | claydan.com | udp |
| US | 8.8.8.8:53 | credipr.com | udp |
| US | 8.8.8.8:53 | 13.5.144.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.13.152.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.200.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.188.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.248.219.104.in-addr.arpa | udp |
| JP | 162.43.117.84:80 | beplike.com | tcp |
| US | 8.8.8.8:53 | cyhltda.com | udp |
| IR | 185.10.75.4:80 | behzadf.com | tcp |
| US | 172.67.204.94:443 | blogehe.com | tcp |
| US | 172.67.165.39:443 | boleach.com | tcp |
| KR | 183.111.183.30:443 | blog-gu.com | tcp |
| US | 104.21.43.35:443 | blogebe.com | tcp |
| US | 173.231.198.190:443 | bmetjob.com | tcp |
| US | 104.219.248.25:443 | www.asesplc.com | tcp |
| US | 69.163.177.212:443 | boolepo.com | tcp |
| US | 104.21.85.159:443 | claydan.com | tcp |
| SE | 5.42.94.113:443 | boricab.com | tcp |
| US | 8.8.8.8:53 | dacanva.com | udp |
| US | 8.8.8.8:53 | daraaty.com | udp |
| US | 104.21.83.56:443 | credipr.com | tcp |
| US | 179.61.12.111:443 | cyhltda.com | tcp |
| US | 74.208.236.117:80 | dacanva.com | tcp |
| US | 8.8.8.8:53 | www.daya-eg.com | udp |
| US | 8.8.8.8:53 | devcodz.com | udp |
| US | 8.8.8.8:53 | dinhuey.com | udp |
| US | 8.8.8.8:53 | 33.26.172.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.212.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.37.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.204.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.165.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.43.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.75.10.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.198.231.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.85.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.117.43.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.94.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.183.111.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.177.163.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | djiagri.com | udp |
| US | 8.8.8.8:53 | doitsoo.com | udp |
| US | 198.12.71.180:443 | asdalhm.com | tcp |
| US | 8.8.8.8:53 | doula56.com | udp |
| US | 86.38.202.231:443 | daraaty.com | tcp |
| JP | 202.172.26.33:443 | atadays.com | tcp |
| US | 8.8.8.8:53 | www.drogowe.com | udp |
| US | 8.8.8.8:53 | www.dueacca.com | udp |
| US | 104.21.66.175:443 | djiagri.com | tcp |
| US | 173.252.167.10:443 | devcodz.com | tcp |
| CA | 23.227.38.32:443 | dinhuey.com | tcp |
| FR | 109.234.165.178:443 | doula56.com | tcp |
| IR | 185.94.98.201:443 | www.daya-eg.com | tcp |
| US | 24.199.97.107:443 | doitsoo.com | tcp |
| PL | 85.128.163.169:80 | www.drogowe.com | tcp |
| US | 8.8.8.8:53 | dwlearn.com | udp |
| US | 8.8.8.8:53 | canrinamd.com | udp |
| US | 8.8.8.8:53 | dyttoys.com | udp |
| US | 8.8.8.8:53 | dydingy.com | udp |
| US | 8.8.8.8:53 | 56.83.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.121.99.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.12.61.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.236.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.202.38.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eeesind.com | udp |
| IT | 89.46.108.9:443 | www.dueacca.com | tcp |
| US | 8.8.8.8:53 | eit-est.com | udp |
| US | 8.8.8.8:53 | elopens.com | udp |
| US | 8.8.8.8:53 | elrocol.com | udp |
| US | 104.21.51.228:443 | dydingy.com | tcp |
| US | 137.220.39.139:443 | dyttoys.com | tcp |
| GB | 154.49.138.74:443 | eeesind.com | tcp |
| US | 8.8.8.8:53 | eno-mma.com | udp |
| HU | 193.39.14.2:443 | dwlearn.com | tcp |
| US | 8.8.8.8:53 | www.eraofdm.com | udp |
| US | 74.208.236.117:80 | canrinamd.com | tcp |
| US | 8.8.8.8:53 | equityrs.com | udp |
| US | 8.8.8.8:53 | esid-cv.com | udp |
| US | 8.8.8.8:53 | eyejoah.com | udp |
| US | 104.21.18.74:443 | eno-mma.com | tcp |
| US | 8.8.8.8:53 | ezinads.com | udp |
| US | 8.8.8.8:53 | 175.66.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.38.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.165.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.167.252.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.98.94.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.163.128.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.108.46.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.51.21.104.in-addr.arpa | udp |
| DE | 172.104.227.10:443 | elrocol.com | tcp |
| US | 8.8.8.8:53 | femriot.com | udp |
| US | 172.96.186.176:443 | www.eraofdm.com | tcp |
| N/A | 127.0.0.1:51918 | tcp | |
| US | 160.153.0.45:443 | eit-est.com | tcp |
| US | 8.8.8.8:53 | fimlabz.com | udp |
| US | 74.208.236.106:443 | equityrs.com | tcp |
| US | 8.8.8.8:53 | flixtrz.com | udp |
| US | 8.8.8.8:53 | fourskw.com | udp |
| N/A | 127.0.0.1:51922 | tcp | |
| US | 8.8.8.8:53 | foxitop.com | udp |
| US | 8.8.8.8:53 | frazmet.com | udp |
| US | 8.8.8.8:53 | www.fredura.com | udp |
| PL | 85.128.163.169:443 | www.drogowe.com | tcp |
| US | 172.67.185.6:443 | eyejoah.com | tcp |
| SG | 45.13.255.85:443 | esid-cv.com | tcp |
| US | 8.8.8.8:53 | fruzzen.com | udp |
| US | 8.8.8.8:53 | g-herbs.com | udp |
| GB | 154.49.138.147:443 | fimlabz.com | tcp |
| US | 8.8.8.8:53 | geulgam.com | udp |
| US | 8.8.8.8:53 | ggamagu.com | udp |
| US | 66.235.200.113:443 | ezinads.com | tcp |
| US | 172.67.132.97:443 | flixtrz.com | tcp |
| US | 149.100.151.143:443 | fourskw.com | tcp |
| US | 8.8.8.8:53 | frinedo.com | udp |
| US | 8.8.8.8:53 | www.giarlee.com | udp |
| US | 8.8.8.8:53 | www.boolepo.com | udp |
| US | 8.8.8.8:53 | glesshe.com | udp |
| US | 8.8.8.8:53 | givedms.com | udp |
| US | 8.8.8.8:53 | 74.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.14.39.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.39.220.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.18.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.227.104.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.186.96.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.0.153.160.in-addr.arpa | udp |
| N/A | 127.0.0.1:51929 | tcp | |
| US | 8.8.8.8:53 | 106.236.208.74.in-addr.arpa | udp |
| PL | 185.221.109.20:80 | frazmet.com | tcp |
| US | 104.21.39.209:443 | foxitop.com | tcp |
| US | 8.8.8.8:53 | gogevis.com | udp |
| N/A | 127.0.0.1:51935 | tcp | |
| US | 8.8.8.8:53 | goularq.com | udp |
| US | 8.8.8.8:53 | haedals.com | udp |
| US | 8.8.8.8:53 | halabtv.com | udp |
| US | 8.8.8.8:53 | hhlines.com | udp |
| US | 162.248.50.115:443 | givedms.com | tcp |
| US | 69.163.177.212:443 | www.boolepo.com | tcp |
| US | 172.67.199.138:443 | glesshe.com | tcp |
| NL | 75.102.57.85:443 | www.giarlee.com | tcp |
| ZA | 154.0.172.73:443 | www.fredura.com | tcp |
| HU | 217.13.111.100:443 | femriot.com | tcp |
| US | 104.21.54.53:443 | fruzzen.com | tcp |
| KR | 183.111.242.42:80 | ggamagu.com | tcp |
| US | 208.109.43.165:443 | g-herbs.com | tcp |
| US | 104.21.76.4:443 | frinedo.com | tcp |
| US | 8.8.8.8:53 | hilalpr.com | udp |
| US | 8.8.8.8:53 | stun.ipfire.org | udp |
| US | 146.190.116.250:443 | geulgam.com | tcp |
| BR | 185.211.7.117:443 | gogevis.com | tcp |
| US | 8.8.8.8:53 | www.hogarmv.com | udp |
| SG | 159.223.56.162:443 | haedals.com | tcp |
| US | 34.138.102.143:443 | goularq.com | tcp |
| US | 172.67.157.23:443 | hhlines.com | tcp |
| US | 8.8.8.8:53 | server15.localstats.org | udp |
| US | 149.100.151.175:443 | halabtv.com | tcp |
| US | 63.250.43.135:80 | hilalpr.com | tcp |
| US | 8.8.8.8:53 | hptagri.com | udp |
| US | 8.8.8.8:53 | 6.185.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.200.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.132.67.172.in-addr.arpa | udp |
| US | 172.96.186.150:443 | hptagri.com | tcp |
| CL | 186.64.114.120:443 | www.hogarmv.com | tcp |
| US | 8.8.8.8:53 | 147.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.255.13.45.in-addr.arpa | udp |
| DE | 81.3.27.44:3478 | stun.ipfire.org | udp |
| US | 8.8.8.8:53 | 209.39.21.104.in-addr.arpa | udp |
| BG | 185.82.216.111:443 | server15.localstats.org | tcp |
| US | 8.8.8.8:53 | 20.109.221.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.57.102.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.111.13.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.50.248.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hptwood.com | udp |
| US | 8.8.8.8:53 | iastrat.com | udp |
| US | 8.8.8.8:53 | ijafssr.com | udp |
| US | 8.8.8.8:53 | ikapete.com | udp |
| US | 8.8.8.8:53 | implice.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| N/A | 127.0.0.1:51939 | tcp | |
| US | 8.8.8.8:53 | itducku.com | udp |
| US | 8.8.8.8:53 | sashimi-sp.com | udp |
| US | 8.8.8.8:53 | jdcmcap.com | udp |
| US | 8.8.8.8:53 | jhingin.com | udp |
| US | 8.8.8.8:53 | jhshear.com | udp |
| US | 8.8.8.8:53 | jobehei.com | udp |
| US | 8.8.8.8:53 | joung-d.com | udp |
| US | 8.8.8.8:53 | kaffdha.com | udp |
| US | 8.8.8.8:53 | just-qr.com | udp |
| US | 8.8.8.8:53 | karfani.com | udp |
| US | 8.8.8.8:53 | 53.54.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.76.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.116.190.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.242.111.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.7.211.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.157.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.102.138.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kichoes.com | udp |
| US | 8.8.8.8:53 | www.kbapnyc.com | udp |
| US | 8.8.8.8:53 | kinioso.com | udp |
| US | 8.8.8.8:53 | kiknets.com | udp |
| US | 8.8.8.8:53 | kmmship.com | udp |
| US | 8.8.8.8:53 | yunaeduka.com | udp |
| SG | 217.21.73.221:443 | jobehei.com | tcp |
| US | 52.13.119.137:443 | implice.com | tcp |
| DE | 217.160.0.159:443 | iastrat.com | tcp |
| US | 104.218.8.139:80 | jdcmcap.com | tcp |
| US | 31.170.167.85:443 | ijafssr.com | tcp |
| US | 172.96.186.150:443 | hptwood.com | tcp |
| US | 8.8.8.8:53 | zet-godan.com | udp |
| US | 172.67.191.105:443 | sashimi-sp.com | tcp |
| US | 34.215.227.192:443 | just-qr.com | tcp |
| LT | 84.32.84.32:443 | kichoes.com | tcp |
| US | 154.49.142.202:443 | kinioso.com | tcp |
| US | 54.236.120.104:443 | www.kbapnyc.com | tcp |
| US | 161.35.225.125:443 | joung-d.com | tcp |
| SG | 103.21.221.23:80 | kmmship.com | tcp |
| DE | 8.209.105.91:443 | innally.com | tcp |
| SG | 45.130.230.54:443 | ikapete.com | tcp |
| US | 195.35.33.7:443 | kiknets.com | tcp |
| US | 66.235.200.113:443 | jhshear.com | tcp |
| FI | 65.109.100.200:443 | kaffdha.com | tcp |
| IR | 78.157.38.99:80 | karfani.com | tcp |
| US | 8.8.8.8:53 | www.zibalodge.com | udp |
| CH | 193.108.137.97:443 | jhingin.com | tcp |
| US | 8.8.8.8:53 | 34football.com | udp |
| US | 8.8.8.8:53 | aeccouncil.com | udp |
| US | 8.8.8.8:53 | aidigiflix.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | aihimalaya.com | udp |
| US | 8.8.8.8:53 | alinno1927.com | udp |
| US | 8.8.8.8:53 | www.alkaidnews.com | udp |
| US | 8.8.8.8:53 | 150.186.96.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.27.3.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.114.64.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.216.82.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | appgoldbet.com | udp |
| DE | 81.169.145.149:80 | zet-godan.com | tcp |
| N/A | 127.0.0.1:51943 | tcp | |
| US | 8.8.8.8:53 | carsalessystem.com | udp |
| US | 8.8.8.8:53 | asahispace.com | udp |
| US | 8.8.8.8:53 | aurumwings.com | udp |
| US | 8.8.8.8:53 | atyaliving.com | udp |
| GB | 5.77.63.70:443 | www.alkaidnews.com | tcp |
| ID | 103.163.138.44:443 | yunaeduka.com | tcp |
| US | 8.8.8.8:53 | bh-produce.com | udp |
| US | 8.8.8.8:53 | www.bipssports.com | udp |
| US | 8.8.8.8:53 | bookxplore.com | udp |
| US | 8.8.8.8:53 | bt42studio.com | udp |
| US | 104.21.94.82:443 | carsalessystem.com | tcp |
| US | 65.181.111.238:443 | www.bipssports.com | tcp |
| N/A | 127.0.0.1:51949 | tcp | |
| N/A | 127.0.0.1:51954 | tcp | |
| N/A | 127.0.0.1:51960 | tcp | |
| N/A | 127.0.0.1:51965 | tcp | |
| N/A | 127.0.0.1:51968 | tcp | |
| N/A | 127.0.0.1:51970 | tcp | |
| N/A | 127.0.0.1:51978 | tcp | |
| N/A | 127.0.0.1:51984 | tcp | |
| N/A | 127.0.0.1:51990 | tcp | |
| N/A | 127.0.0.1:52000 | tcp | |
| N/A | 127.0.0.1:52009 | tcp | |
| N/A | 127.0.0.1:52013 | tcp | |
| N/A | 127.0.0.1:52015 | tcp | |
| N/A | 127.0.0.1:52020 | tcp | |
| N/A | 127.0.0.1:52024 | tcp | |
| N/A | 127.0.0.1:52028 | tcp | |
| N/A | 127.0.0.1:52030 | tcp | |
| N/A | 127.0.0.1:52032 | tcp | |
| N/A | 127.0.0.1:52039 | tcp | |
| N/A | 127.0.0.1:52041 | tcp | |
| N/A | 127.0.0.1:52043 | tcp | |
| N/A | 127.0.0.1:52045 | tcp | |
| N/A | 127.0.0.1:52047 | tcp | |
| N/A | 127.0.0.1:52049 | tcp | |
| N/A | 127.0.0.1:52063 | tcp | |
| N/A | 127.0.0.1:52067 | tcp | |
| N/A | 127.0.0.1:52072 | tcp | |
| N/A | 127.0.0.1:52088 | tcp | |
| N/A | 127.0.0.1:52102 | tcp | |
| N/A | 127.0.0.1:52104 | tcp | |
| N/A | 127.0.0.1:52114 | tcp | |
| N/A | 127.0.0.1:52116 | tcp | |
| N/A | 127.0.0.1:52118 | tcp | |
| N/A | 127.0.0.1:52120 | tcp | |
| N/A | 127.0.0.1:52126 | tcp | |
| N/A | 127.0.0.1:52129 | tcp | |
| N/A | 127.0.0.1:52134 | tcp | |
| N/A | 127.0.0.1:52146 | tcp | |
| CA | 144.217.75.173:443 | aurumwings.com | tcp |
| US | 8.8.8.8:53 | 139.8.218.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.167.170.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.191.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.84.32.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.73.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.120.236.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.142.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.227.215.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.145.169.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.221.21.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.94.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.63.77.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chiisanavt.com | udp |
| SG | 156.67.213.54:443 | asahispace.com | tcp |
| SG | 151.106.119.246:443 | atyaliving.com | tcp |
| US | 8.8.8.8:53 | comicchills.com | udp |
| BR | 177.154.191.136:443 | appgoldbet.com | tcp |
| US | 8.8.8.8:53 | www.dallyupdate.com | udp |
| US | 8.8.8.8:53 | easy-advise.com | udp |
| US | 8.8.8.8:53 | ecnstrength.com | udp |
| JP | 155.248.160.55:443 | bh-produce.com | tcp |
| US | 8.8.8.8:53 | educazionit.com | udp |
| IN | 172.105.41.141:443 | bookxplore.com | tcp |
| US | 104.21.80.110:443 | aihimalaya.com | tcp |
| DE | 81.169.145.158:443 | 34football.com | tcp |
| SG | 85.187.128.52:443 | alinno1927.com | tcp |
| GB | 149.255.62.50:443 | www.zibalodge.com | tcp |
| DE | 88.198.22.18:80 | aeccouncil.com | tcp |
| US | 162.213.255.48:443 | comicchills.com | tcp |
| US | 104.225.208.26:443 | chiisanavt.com | tcp |
| US | 8.8.8.8:53 | eduwidfarah.com | udp |
| IN | 172.105.33.197:443 | aidigiflix.com | tcp |
| US | 8.8.8.8:53 | ei-junamiga.com | udp |
| US | 8.8.8.8:53 | elektrahome.com | udp |
| US | 8.8.8.8:53 | elevatesync.com | udp |
| US | 8.8.8.8:53 | elgigafarms.com | udp |
| JP | 183.90.180.104:443 | easy-advise.com | tcp |
| US | 8.8.8.8:53 | eliasorgino.com | udp |
| US | 8.8.8.8:53 | 238.111.181.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.138.163.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.0.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.213.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.145.169.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.41.105.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.62.255.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.22.198.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.191.154.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.160.248.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.119.106.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ellynmbaker.com | udp |
| US | 8.8.8.8:53 | 173.75.217.144.in-addr.arpa | udp |
| IN | 148.113.8.71:443 | www.dallyupdate.com | tcp |
| US | 172.67.193.229:443 | educazionit.com | tcp |
| US | 50.87.253.35:443 | ecnstrength.com | tcp |
| US | 8.8.8.8:53 | estudiobreu.com | udp |
| US | 8.8.8.8:53 | gcainfusion.com | udp |
| US | 8.8.8.8:53 | fitprovital.com | udp |
| US | 208.91.199.47:443 | eduwidfarah.com | tcp |
| US | 162.241.253.225:443 | elevatesync.com | tcp |
| N/A | 127.0.0.1:52153 | tcp | |
| US | 162.241.217.156:443 | ellynmbaker.com | tcp |
| US | 192.254.232.68:443 | gcainfusion.com | tcp |
| US | 8.8.8.8:53 | good-g-page.com | udp |
| US | 8.8.8.8:53 | gestunmybox.com | udp |
| US | 8.8.8.8:53 | www.korsett-butik.com | udp |
| US | 8.8.8.8:53 | kpuribrothers.com | udp |
| US | 65.181.111.169:443 | elgigafarms.com | tcp |
| US | 165.140.70.86:443 | ei-junamiga.com | tcp |
| US | 50.6.138.135:443 | estudiobreu.com | tcp |
| US | 8.8.8.8:53 | kvrestates-rk.com | udp |
| US | 8.8.8.8:53 | www.landsunenergy.com | udp |
| ES | 82.194.68.88:443 | fitprovital.com | tcp |
| US | 8.8.8.8:53 | lasaludmaxima.com | udp |
| US | 8.8.8.8:53 | divorceintheranch.com | udp |
| US | 8.8.8.8:53 | latelier-yoga.com | udp |
| US | 216.172.160.241:443 | eliasorgino.com | tcp |
| US | 8.8.8.8:53 | launchedsuite.com | udp |
| US | 8.8.8.8:53 | lendistry2stg.com | udp |
| US | 8.8.8.8:53 | 26.208.225.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:52162 | tcp | |
| US | 8.8.8.8:53 | 48.255.213.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.193.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.33.105.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.253.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.8.113.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.199.91.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.253.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.180.90.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.128.187.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | levieuxcastel.com | udp |
| US | 8.8.8.8:53 | letsgojayblog.com | udp |
| US | 8.8.8.8:53 | liftslindetox.com | udp |
| US | 8.8.8.8:53 | lifestylebell.com | udp |
| US | 8.8.8.8:53 | lindacarlberg.com | udp |
| US | 8.8.8.8:53 | lizbethgasque.com | udp |
| US | 8.8.8.8:53 | www.loanewsprince.com | udp |
| US | 8.8.8.8:53 | logrestaurant.com | udp |
| US | 8.8.8.8:53 | localelocator.com | udp |
| N/A | 127.0.0.1:52164 | tcp | |
| US | 72.167.125.248:443 | divorceintheranch.com | tcp |
| IN | 89.117.157.169:443 | kvrestates-rk.com | tcp |
| N/A | 127.0.0.1:52166 | tcp | |
| US | 104.21.64.28:443 | kpuribrothers.com | tcp |
| FR | 54.36.91.62:443 | latelier-yoga.com | tcp |
| DK | 77.111.241.66:443 | www.landsunenergy.com | tcp |
| N/A | 127.0.0.1:52170 | tcp | |
| N/A | 127.0.0.1:52185 | tcp | |
| N/A | 127.0.0.1:52191 | tcp | |
| FR | 109.234.166.248:443 | www.korsett-butik.com | tcp |
| US | 8.8.8.8:53 | lushnailbarsm.com | udp |
| US | 8.8.8.8:53 | m2beautespain.com | udp |
| US | 104.21.6.227:443 | www.loanewsprince.com | tcp |
| JP | 152.70.97.21:443 | good-g-page.com | tcp |
| LT | 84.32.84.32:443 | localelocator.com | tcp |
| US | 104.21.11.90:443 | lifestylebell.com | tcp |
| US | 54.203.82.175:443 | lindacarlberg.com | tcp |
| JP | 149.28.26.155:443 | letsgojayblog.com | tcp |
| BR | 186.202.157.79:80 | liftslindetox.com | tcp |
| ID | 153.92.13.32:80 | gestunmybox.com | tcp |
| BG | 185.82.216.111:443 | server15.localstats.org | tcp |
| US | 8.8.8.8:53 | 156.217.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.232.254.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.137.108.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.105.209.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.100.109.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.68.194.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.33.35.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.38.157.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.111.181.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.138.6.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.70.140.165.in-addr.arpa | udp |
| N/A | 127.0.0.1:52195 | tcp | |
| US | 8.8.8.8:53 | 54.230.130.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | maccabi-jaffa.com | udp |
| US | 8.8.8.8:53 | www.innally.com | udp |
| US | 8.8.8.8:53 | imunify-alert.com | udp |
| US | 8.8.8.8:53 | marcelocasiva.com | udp |
| US | 8.8.8.8:53 | mayaautohouse.com | udp |
| US | 8.8.8.8:53 | mayfair-elite.com | udp |
| US | 8.8.8.8:53 | mbsfinanceira.com | udp |
| US | 8.8.8.8:53 | mdrc-services.com | udp |
| US | 8.8.8.8:53 | www.medhelpbureau.com | udp |
| US | 104.21.61.155:443 | levieuxcastel.com | tcp |
| US | 8.8.8.8:53 | melaniejulien.com | udp |
| N/A | 127.0.0.1:52197 | tcp | |
| US | 104.200.17.166:443 | launchedsuite.com | tcp |
| IR | 78.157.38.99:443 | karfani.com | tcp |
| US | 8.8.8.8:53 | manaturestore.com | udp |
| US | 8.8.8.8:53 | metastore-saa.com | udp |
| US | 8.8.8.8:53 | michaelvassel.com | udp |
| US | 8.8.8.8:53 | modernrenov78.com | udp |
| US | 8.8.8.8:53 | microsoftquiz.com | udp |
| US | 8.8.8.8:53 | milasecretllc.com | udp |
| US | 8.8.8.8:53 | madeintheshadewoodlands.com | udp |
| US | 8.8.8.8:53 | mobilisdivers.com | udp |
| US | 8.8.8.8:53 | 28.64.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.91.36.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.241.111.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.157.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.166.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.6.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.157.202.186.in-addr.arpa | udp |
| US | 149.100.151.55:443 | maccabi-jaffa.com | tcp |
| LT | 84.32.84.32:443 | localelocator.com | tcp |
| US | 208.109.75.169:443 | logrestaurant.com | tcp |
| US | 23.50.52.35:443 | lendistry2stg.com | tcp |
| DE | 8.209.105.91:443 | www.innally.com | tcp |
| US | 45.79.42.71:443 | lushnailbarsm.com | tcp |
| ES | 89.248.96.120:443 | m2beautespain.com | tcp |
| FR | 54.36.91.62:443 | melaniejulien.com | tcp |
| US | 162.0.215.12:443 | mayaautohouse.com | tcp |
| US | 8.8.8.8:53 | crookedwingtravel.com | udp |
| CY | 85.190.230.2:443 | mdrc-services.com | tcp |
| BR | 185.211.7.59:443 | marcelocasiva.com | tcp |
| N/A | 127.0.0.1:52200 | tcp | |
| BR | 149.100.155.212:443 | manaturestore.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| DE | 38.242.255.91:443 | www.medhelpbureau.com | tcp |
| US | 86.38.202.25:443 | mayfair-elite.com | tcp |
| US | 66.29.132.116:443 | metastore-saa.com | tcp |
| US | 104.21.87.7:443 | michaelvassel.com | tcp |
| FR | 89.117.169.243:443 | modernrenov78.com | tcp |
| IN | 89.117.27.101:443 | microsoftquiz.com | tcp |
| US | 141.193.213.10:443 | madeintheshadewoodlands.com | tcp |
| US | 8.8.8.8:53 | crosswayssolution.com | udp |
| US | 142.93.72.4:443 | milasecretllc.com | tcp |
| US | 172.67.165.152:443 | mobilisdivers.com | tcp |
| US | 8.8.8.8:53 | dailydoseofmylife.com | udp |
| N/A | 127.0.0.1:52205 | tcp | |
| US | 8.8.8.8:53 | damac-golf-greens.com | udp |
| N/A | 127.0.0.1:52210 | tcp | |
| N/A | 127.0.0.1:52212 | tcp | |
| N/A | 127.0.0.1:52214 | tcp | |
| N/A | 127.0.0.1:52219 | tcp | |
| N/A | 127.0.0.1:52228 | tcp | |
| N/A | 127.0.0.1:52234 | tcp | |
| N/A | 127.0.0.1:52239 | tcp | |
| N/A | 127.0.0.1:52241 | tcp | |
| N/A | 127.0.0.1:52244 | tcp | |
| N/A | 127.0.0.1:52246 | tcp | |
| N/A | 127.0.0.1:52250 | tcp | |
| N/A | 127.0.0.1:52253 | tcp | |
| N/A | 127.0.0.1:52266 | tcp | |
| N/A | 127.0.0.1:52270 | tcp | |
| N/A | 127.0.0.1:52273 | tcp | |
| US | 162.241.24.158:443 | crookedwingtravel.com | tcp |
| US | 8.8.8.8:53 | derivativehedging.com | udp |
| GB | 77.95.113.183:443 | crosswayssolution.com | tcp |
| US | 8.8.8.8:53 | designbymarkdavid.com | udp |
| US | 162.241.225.87:443 | dailydoseofmylife.com | tcp |
| US | 8.8.8.8:53 | designedalignment.com | udp |
| US | 8.8.8.8:53 | 21.97.70.152.in-addr.arpa | udp |
| US | 66.235.200.146:80 | designbymarkdavid.com | tcp |
| US | 8.8.8.8:53 | 155.26.28.149.in-addr.arpa | udp |
| US | 104.200.17.166:443 | launchedsuite.com | tcp |
| US | 8.8.8.8:53 | 32.13.92.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.61.21.104.in-addr.arpa | udp |
| US | 162.241.219.14:443 | designedalignment.com | tcp |
| US | 8.8.8.8:53 | 166.17.200.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.52.50.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.96.248.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.42.79.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dharmapowersupply.com | udp |
| US | 8.8.8.8:53 | digitalpartnersbr.com | udp |
| US | 8.8.8.8:53 | disarlielektronik.com | udp |
| US | 8.8.8.8:53 | driveninnercircle.a2hosted.com | udp |
| US | 8.8.8.8:53 | www.levieuxcastel.com | udp |
| US | 8.8.8.8:53 | elorientaltattoos.com | udp |
| US | 8.8.8.8:53 | familyrealestates.com | udp |
| US | 8.8.8.8:53 | fitourtravelumroh.com | udp |
| US | 8.8.8.8:53 | fejashealinghands.com | udp |
| US | 8.8.8.8:53 | www.fotowandmetnatuur.nl | udp |
| US | 8.8.8.8:53 | framehotelbangkok.com | udp |
| IN | 103.138.189.139:80 | derivativehedging.com | tcp |
| N/A | 127.0.0.1:52278 | tcp | |
| NL | 45.82.191.120:443 | www.fotowandmetnatuur.nl | tcp |
| US | 68.66.200.219:443 | driveninnercircle.a2hosted.com | tcp |
| US | 8.8.8.8:53 | 2.230.190.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.215.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.176.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.255.242.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.193.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.169.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.165.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.7.211.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.202.38.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.132.29.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.27.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.113.95.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.24.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.160.172.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.225.241.162.in-addr.arpa | udp |
| GB | 109.70.148.130:443 | familyrealestates.com | tcp |
| US | 8.8.8.8:53 | gabuccicollection.com | udp |
| US | 108.179.193.17:443 | digitalpartnersbr.com | tcp |
| TR | 89.252.159.195:443 | disarlielektronik.com | tcp |
| US | 8.8.8.8:53 | www.garansi-insurance.com | udp |
| US | 162.241.169.155:443 | dharmapowersupply.com | tcp |
| US | 38.18.231.82:443 | elorientaltattoos.com | tcp |
| SG | 45.13.255.243:443 | fitourtravelumroh.com | tcp |
| TH | 203.170.190.138:443 | framehotelbangkok.com | tcp |
| DE | 81.169.145.84:80 | fejashealinghands.com | tcp |
| US | 172.67.211.137:443 | www.levieuxcastel.com | tcp |
| US | 8.8.8.8:53 | bluechartermenorca.com | udp |
| US | 8.8.8.8:53 | fastingmindfulness.com | udp |
| US | 8.8.8.8:53 | feyiogecollections.com | udp |
| US | 8.8.8.8:53 | faucheux-entretien.com | udp |
| US | 8.8.8.8:53 | figurasdragonballz.com | udp |
| US | 8.8.8.8:53 | firstcare-training.com | udp |
| US | 8.8.8.8:53 | filosofiaturistica.com | udp |
| US | 8.8.8.8:53 | forcedauctionsigns.com | udp |
| US | 8.8.8.8:53 | www.systemerisp.com | udp |
| US | 8.8.8.8:53 | inflightretrievers.com | udp |
| US | 8.8.8.8:53 | www.cellocandela.com | udp |
| US | 8.8.8.8:53 | ceriaslot123.com | udp |
| US | 8.8.8.8:53 | cesargrillet.com | udp |
| US | 8.8.8.8:53 | www.mobilisdivers.com | udp |
| US | 8.8.8.8:53 | chapa2cremec.com | udp |
| US | 8.8.8.8:53 | 14.219.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.189.138.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.191.82.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.200.66.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chhaharanews.com | udp |
| FI | 65.109.99.96:443 | www.garansi-insurance.com | tcp |
| N/A | 127.0.0.1:52280 | tcp | |
| US | 8.8.8.8:53 | choco-lamour.com | udp |
| SG | 156.67.213.49:443 | gabuccicollection.com | tcp |
| DE | 217.160.0.157:80 | bluechartermenorca.com | tcp |
| US | 86.38.202.16:443 | firstcare-training.com | tcp |
| FR | 89.117.169.13:443 | filosofiaturistica.com | tcp |
| US | 8.8.8.8:53 | cineplexnews.com | udp |
| US | 8.8.8.8:53 | clickonsight.com | udp |
| US | 8.8.8.8:53 | codingcokcok.com | udp |
| US | 8.8.8.8:53 | commeebridge.com | udp |
| US | 154.49.142.253:443 | fastingmindfulness.com | tcp |
| FR | 89.117.169.201:443 | figurasdragonballz.com | tcp |
| US | 162.241.216.32:443 | feyiogecollections.com | tcp |
| US | 66.85.26.245:80 | forcedauctionsigns.com | tcp |
| FR | 85.236.155.10:443 | faucheux-entretien.com | tcp |
| US | 104.21.77.144:443 | inflightretrievers.com | tcp |
| FR | 91.134.238.237:443 | www.systemerisp.com | tcp |
| US | 172.67.165.152:443 | www.mobilisdivers.com | tcp |
| ES | 164.138.210.89:80 | www.cellocandela.com | tcp |
| BR | 45.152.46.122:443 | cesargrillet.com | tcp |
| N/A | 127.0.0.1:52283 | tcp | |
| US | 8.8.8.8:53 | confidantica.com | udp |
| N/A | 127.0.0.1:52288 | tcp | |
| US | 8.8.8.8:53 | 130.148.70.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.159.252.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.193.179.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.211.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.145.169.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.231.18.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.169.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.190.170.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.255.13.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.99.109.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contentbymsd.com | udp |
| US | 8.8.8.8:53 | cookthefoods.com | udp |
| US | 8.8.8.8:53 | corporelaser.com | udp |
| US | 8.8.8.8:53 | crazydealstx.com | udp |
| BR | 149.100.155.29:443 | chapa2cremec.com | tcp |
| US | 162.0.235.109:443 | ceriaslot123.com | tcp |
| US | 8.8.8.8:53 | cre-activeus.com | udp |
| US | 8.8.8.8:53 | creationsrub.com | udp |
| US | 8.8.8.8:53 | dailybites24.com | udp |
| US | 8.8.8.8:53 | dajabonviral.com | udp |
| US | 8.8.8.8:53 | www.daniandgrace.com | udp |
| AU | 154.26.155.169:443 | chhaharanews.com | tcp |
| US | 154.49.142.232:443 | clickonsight.com | tcp |
| GB | 154.49.138.242:443 | choco-lamour.com | tcp |
| N/A | 127.0.0.1:52290 | tcp | |
| US | 104.21.84.151:443 | confidantica.com | tcp |
| US | 8.8.8.8:53 | datingpapapa.com | udp |
| US | 8.8.8.8:53 | dawahthreads.com | udp |
| US | 198.54.120.43:443 | cineplexnews.com | tcp |
| US | 8.8.8.8:53 | dayondisplay.com | udp |
| US | 8.8.8.8:53 | 13.169.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.0.160.217.in-addr.arpa | udp |
| N/A | 127.0.0.1:52286 | tcp | |
| US | 8.8.8.8:53 | 32.216.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.142.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.202.38.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.155.236.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.26.85.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.77.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.238.134.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.210.138.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.213.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.46.152.45.in-addr.arpa | udp |
| US | 151.106.105.11:443 | cre-activeus.com | tcp |
| US | 34.171.142.102:443 | contentbymsd.com | tcp |
| US | 172.67.162.209:443 | creationsrub.com | tcp |
| BR | 149.100.155.212:443 | crazydealstx.com | tcp |
| FR | 35.181.89.222:443 | cookthefoods.com | tcp |
| KR | 183.110.224.246:80 | codingcokcok.com | tcp |
| US | 107.155.89.42:80 | dajabonviral.com | tcp |
| ES | 37.153.89.124:443 | corporelaser.com | tcp |
| US | 8.8.8.8:53 | demirfashion.com | udp |
| US | 8.8.8.8:53 | digitalise24.com | udp |
| US | 8.8.8.8:53 | digitalwebdv.com | udp |
| US | 8.8.8.8:53 | djremodelers.com | udp |
| US | 8.8.8.8:53 | blickzwei.de | udp |
| US | 194.195.84.210:443 | dailybites24.com | tcp |
| US | 50.63.141.12:443 | datapaybtllc.com | tcp |
| US | 172.67.145.179:443 | datingpapapa.com | tcp |
| FR | 109.234.161.205:443 | www.daniandgrace.com | tcp |
| US | 8.8.8.8:53 | doodoobloger.com | udp |
| US | 8.8.8.8:53 | dramariaguia.com | udp |
| US | 8.8.8.8:53 | www.drivethruint.com | udp |
| GB | 78.141.226.188:443 | dayondisplay.com | tcp |
| GB | 144.126.194.248:443 | dawahthreads.com | tcp |
| US | 149.100.151.196:443 | digibizfacts.com | tcp |
| US | 8.8.8.8:53 | 109.235.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.155.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.142.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.155.26.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.120.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.162.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.89.181.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.105.106.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.142.171.34.in-addr.arpa | udp |
| US | 162.241.218.199:80 | djremodelers.com | tcp |
| US | 8.8.8.8:53 | drozlemoymak.com | udp |
| IN | 89.117.188.222:443 | digitalise24.com | tcp |
| US | 8.8.8.8:53 | dubonnetlive.com | udp |
| DE | 217.160.0.247:443 | blickzwei.de | tcp |
| US | 8.8.8.8:53 | eastbayphoto.com | udp |
| US | 160.153.0.40:443 | demirfashion.com | tcp |
| US | 86.38.202.125:443 | digitalwebdv.com | tcp |
| US | 8.8.8.8:53 | easychordsph.com | udp |
| US | 8.8.8.8:53 | economytechy.com | udp |
| US | 8.8.8.8:53 | edhomesgroup.com | udp |
| US | 8.8.8.8:53 | emka-negoces.com | udp |
| ZA | 169.239.218.51:443 | www.drivethruint.com | tcp |
| US | 8.8.8.8:53 | emresecurity.com | udp |
| US | 8.8.8.8:53 | emtrac-varta.com | udp |
| KR | 183.111.242.60:443 | doodoobloger.com | tcp |
| US | 8.8.8.8:53 | enjoycollect.com | udp |
| US | 107.155.89.42:443 | dajabonviral.com | tcp |
| US | 129.213.137.232:443 | dubonnetlive.com | tcp |
| US | 172.67.162.100:443 | edhomesgroup.com | tcp |
| CA | 69.161.159.27:443 | eastbayphoto.com | tcp |
| US | 8.8.8.8:53 | 42.89.155.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.224.110.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.145.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.161.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.84.195.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.226.141.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.194.126.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.0.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.218.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.202.38.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | enriqueumana.com | udp |
| TR | 78.135.106.170:443 | drozlemoymak.com | tcp |
| US | 8.8.8.8:53 | entourage2go.com | udp |
| US | 8.8.8.8:53 | epaperprudvi.com | udp |
| US | 8.8.8.8:53 | eskrimfamily.com | udp |
| US | 8.8.8.8:53 | estiqueleads.com | udp |
| FR | 51.91.236.193:443 | emka-negoces.com | tcp |
| US | 104.21.74.200:443 | emtrac-varta.com | tcp |
| SG | 156.67.222.60:443 | easychordsph.com | tcp |
| US | 8.8.8.8:53 | epicdealzone.com | udp |
| US | 8.8.8.8:53 | estribosrest.com | udp |
| US | 8.8.8.8:53 | estudioeduca.com | udp |
| US | 104.21.12.24:443 | enjoycollect.com | tcp |
| US | 160.153.0.65:443 | emresecurity.com | tcp |
| US | 204.197.243.181:443 | enriqueumana.com | tcp |
| US | 8.8.8.8:53 | exen-network.com | udp |
| US | 8.8.8.8:53 | ezspeedykart.com | udp |
| US | 8.8.8.8:53 | faisalkhamis.com | udp |
| US | 8.8.8.8:53 | falconryhubs.com | udp |
| US | 8.8.8.8:53 | 51.218.239.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.242.111.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.162.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.137.213.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.106.135.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.159.161.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.236.91.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blickzwei.de | udp |
| US | 45.79.94.170:443 | entourage2go.com | tcp |
| US | 8.8.8.8:53 | featherheavy.com | udp |
| US | 8.8.8.8:53 | felixrentals.com | udp |
| US | 8.8.8.8:53 | feelinganime.com | udp |
| ID | 103.179.86.130:443 | eskrimfamily.com | tcp |
| US | 162.240.97.189:80 | estribosrest.com | tcp |
| US | 204.93.224.87:443 | estudioeduca.com | tcp |
| IN | 68.178.158.82:443 | epaperprudvi.com | tcp |
| FR | 195.35.49.24:443 | estiqueleads.com | tcp |
| US | 63.250.43.4:443 | epicdealzone.com | tcp |
| US | 8.8.8.8:53 | finanzastips.com | udp |
| US | 8.8.8.8:53 | finbizglobal.com | udp |
| US | 8.8.8.8:53 | flashaitools.com | udp |
| US | 8.8.8.8:53 | www.florcamelias.com | udp |
| GB | 141.136.33.49:443 | falconryhubs.com | tcp |
| DE | 217.160.0.247:443 | www.blickzwei.de | tcp |
| US | 8.8.8.8:53 | sawyerairport.com | udp |
| FR | 154.41.237.38:443 | faisalkhamis.com | tcp |
| US | 160.153.0.186:443 | featherheavy.com | tcp |
| FR | 89.116.147.76:443 | exen-network.com | tcp |
| US | 8.8.8.8:53 | flytocomores.com | udp |
| US | 8.8.8.8:53 | foelledesign.com | udp |
| US | 8.8.8.8:53 | 200.74.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.12.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.222.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.243.197.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.49.35.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.224.93.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.97.240.162.in-addr.arpa | udp |
| CZ | 91.239.201.10:443 | felixrentals.com | tcp |
| US | 195.35.33.7:443 | finanzastips.com | tcp |
| US | 154.49.142.84:443 | finbizglobal.com | tcp |
| DE | 94.130.223.106:443 | flashaitools.com | tcp |
| US | 172.67.167.8:80 | www.florcamelias.com | tcp |
| US | 8.8.8.8:53 | codingcokcok.mycafe24.com | udp |
| US | 8.8.8.8:53 | formulawonks.com | udp |
| CN | 115.159.56.214:80 | feelinganime.com | tcp |
| US | 209.239.122.205:443 | fertintegral.com | tcp |
| US | 8.8.8.8:53 | vouchervortex.com | udp |
| ZA | 41.222.34.13:443 | flytocomores.com | tcp |
| FR | 92.204.212.171:80 | foelledesign.com | tcp |
| US | 70.39.251.129:443 | sawyerairport.com | tcp |
| US | 8.8.8.8:53 | vivamaisplena.com | udp |
| US | 159.203.145.199:443 | formulawonks.com | tcp |
| IN | 68.178.157.40:443 | vouchervortex.com | tcp |
| US | 8.8.8.8:53 | walworthalano.org | udp |
| US | 108.167.188.170:443 | vivamaisplena.com | tcp |
| US | 104.21.45.123:443 | walworthalano.org | tcp |
| N/A | 127.0.0.1:52309 | tcp | |
| N/A | 127.0.0.1:52317 | tcp | |
| N/A | 127.0.0.1:52320 | tcp | |
| N/A | 127.0.0.1:52322 | tcp | |
| N/A | 127.0.0.1:52325 | tcp | |
| N/A | 127.0.0.1:52334 | tcp | |
| N/A | 127.0.0.1:52348 | tcp | |
| N/A | 127.0.0.1:52355 | tcp | |
| N/A | 127.0.0.1:52360 | tcp | |
| N/A | 127.0.0.1:52362 | tcp | |
| N/A | 127.0.0.1:52364 | tcp | |
| N/A | 127.0.0.1:52366 | tcp | |
| KR | 183.110.224.246:80 | codingcokcok.mycafe24.com | tcp |
| US | 8.8.8.8:53 | 4.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.86.179.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.33.136.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.237.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.147.116.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.201.239.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.223.130.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.167.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.142.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.251.39.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.145.203.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.45.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.34.222.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wandererstrip.com | udp |
| US | 8.8.8.8:53 | wandertrip-kr.com | udp |
| US | 8.8.8.8:53 | aidat.emresecurity.com | udp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 149.28.10.105:443 | wandertrip-kr.com | tcp |
| N/A | 127.0.0.1:52373 | tcp | |
| US | 160.153.0.146:443 | aidat.emresecurity.com | tcp |
| US | 8.8.8.8:53 | wayowearstore.com | udp |
| US | 8.8.8.8:53 | webdigitallab.com | udp |
| US | 8.8.8.8:53 | wanersenblade.com | udp |
| US | 8.8.8.8:53 | wealthwiseusa.com | udp |
| US | 8.8.8.8:53 | webstorieslab.com | udp |
| US | 8.8.8.8:53 | website-so1vn.com | udp |
| US | 8.8.8.8:53 | weilanzhijian.com | udp |
| US | 8.8.8.8:53 | www.eskrimfamily.com | udp |
| N/A | 127.0.0.1:52378 | tcp | |
| N/A | 127.0.0.1:52384 | tcp | |
| N/A | 127.0.0.1:52390 | tcp | |
| N/A | 127.0.0.1:52394 | tcp | |
| N/A | 127.0.0.1:52405 | tcp | |
| N/A | 127.0.0.1:52408 | tcp | |
| N/A | 127.0.0.1:52415 | tcp | |
| N/A | 127.0.0.1:52418 | tcp | |
| N/A | 127.0.0.1:52420 | tcp | |
| N/A | 127.0.0.1:52423 | tcp | |
| N/A | 127.0.0.1:52425 | tcp | |
| N/A | 127.0.0.1:52428 | tcp | |
| N/A | 127.0.0.1:52433 | tcp | |
| N/A | 127.0.0.1:52438 | tcp | |
| N/A | 127.0.0.1:52441 | tcp | |
| N/A | 127.0.0.1:52447 | tcp | |
| N/A | 127.0.0.1:52450 | tcp | |
| N/A | 127.0.0.1:52455 | tcp | |
| N/A | 127.0.0.1:52460 | tcp | |
| N/A | 127.0.0.1:52464 | tcp | |
| N/A | 127.0.0.1:52467 | tcp | |
| US | 8.8.8.8:53 | 170.188.167.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.0.153.160.in-addr.arpa | udp |
| GB | 198.244.228.164:443 | webdigitallab.com | tcp |
| US | 8.8.8.8:53 | wesswoodstore.com | udp |
| US | 8.8.8.8:53 | westernnewsmm.com | udp |
| US | 8.8.8.8:53 | www.wheelhousecgi.com | udp |
| US | 8.8.8.8:53 | whitelightusa.com | udp |
| US | 86.38.202.105:443 | webstorieslab.com | tcp |
| CN | 123.56.116.175:443 | weilanzhijian.com | tcp |
| US | 3.33.130.190:443 | welkeaandelen.com | tcp |
| SG | 156.67.222.18:443 | wanersenblade.com | tcp |
| BD | 115.187.18.91:443 | wayowearstore.com | tcp |
| US | 8.8.8.8:53 | wilsonworksnv.com | udp |
| US | 8.8.8.8:53 | wishfulthinks.com | udp |
| VN | 103.173.227.99:443 | website-so1vn.com | tcp |
| ID | 103.179.86.130:443 | www.eskrimfamily.com | tcp |
| US | 8.8.8.8:53 | wikilottothai.com | udp |
| US | 172.67.151.81:443 | www.enjoycollect.com | tcp |
| US | 141.193.213.11:443 | www.wheelhousecgi.com | tcp |
| US | 8.8.8.8:53 | wptoolsonline.com | udp |
| US | 160.153.0.80:443 | wesswoodstore.com | tcp |
| US | 8.8.8.8:53 | writtenbytory.com | udp |
| US | 97.74.184.226:443 | whitelightusa.com | tcp |
| US | 8.8.8.8:53 | xtendmaxmedia.com | udp |
| US | 162.241.225.33:443 | westernnewsmm.com | tcp |
| US | 46.28.40.21:443 | wishfulthinks.com | tcp |
| US | 165.140.70.86:443 | wilsonworksnv.com | tcp |
| US | 8.8.8.8:53 | yassinechakik.com | udp |
| US | 8.8.8.8:53 | 164.228.244.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.130.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.18.187.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.151.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.213.193.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.227.173.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yellowfarmdog.com | udp |
| US | 8.8.8.8:53 | youbetter-now.com | udp |
| US | 8.8.8.8:53 | yesgiwear.com | udp |
| US | 8.8.8.8:53 | yourlifedepot.com | udp |
| US | 8.8.8.8:53 | yuanzhitianqi.com | udp |
| US | 104.21.7.136:443 | wptoolsonline.com | tcp |
| US | 50.87.138.230:443 | writtenbytory.com | tcp |
| DE | 23.88.66.234:443 | yassinechakik.com | tcp |
| SG | 172.96.191.158:443 | wikilottothai.com | tcp |
| US | 68.66.221.225:443 | xtendmaxmedia.com | tcp |
| DK | 46.30.213.150:443 | yesgiwear.com | tcp |
| US | 162.241.226.190:443 | yourlifedepot.com | tcp |
| US | 45.76.75.34:443 | yellowfarmdog.com | tcp |
| LT | 84.32.84.32:443 | youbetter-now.com | tcp |
| US | 8.8.8.8:53 | zaha-alliance.com | udp |
| US | 8.8.8.8:53 | zenzoneagency.com | udp |
| US | 8.8.8.8:53 | suanhahanoi365.com | udp |
| US | 8.8.8.8:53 | subashrupantar.com | udp |
| US | 8.8.8.8:53 | sunshinetucson.com | udp |
| US | 8.8.8.8:53 | bf00ba2140.nxcli.io | udp |
| GB | 185.61.152.64:443 | zaha-alliance.com | tcp |
| US | 8.8.8.8:53 | sustentaonline.com | udp |
| US | 8.8.8.8:53 | 33.225.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.7.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.40.28.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.66.88.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.138.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.221.66.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.213.30.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | swissgreenagro.com | udp |
| US | 8.8.8.8:53 | www.zhyekaestilos.com | udp |
| FR | 89.117.169.227:443 | zenzoneagency.com | tcp |
| CN | 101.42.135.56:443 | yuanzhitianqi.com | tcp |
| US | 8.8.8.8:53 | swpsuniversity.com | udp |
| US | 8.8.8.8:53 | sys-ingenieria.com | udp |
| US | 8.8.8.8:53 | www.supremerankseo.com | udp |
| US | 8.8.8.8:53 | syukurbahagiaa.com | udp |
| US | 8.8.8.8:53 | tacoislandbali.com | udp |
| US | 8.8.8.8:53 | www.takointernship.com | udp |
| US | 8.8.8.8:53 | www.talentbysidoli.com | udp |
| ID | 103.247.8.35:443 | zahraindoasia.com | tcp |
| US | 8.8.8.8:53 | tarolog-ksenia.com | udp |
| N/A | 127.0.0.1:52470 | tcp | |
| N/A | 127.0.0.1:52474 | tcp | |
| N/A | 127.0.0.1:52476 | tcp | |
| N/A | 127.0.0.1:52478 | tcp | |
| N/A | 127.0.0.1:52480 | tcp | |
| IN | 89.117.157.246:443 | swissgreenagro.com | tcp |
| DE | 88.198.82.124:443 | subashrupantar.com | tcp |
| US | 208.109.64.181:443 | sunshinetucson.com | tcp |
| US | 172.67.138.12:443 | www.zhyekaestilos.com | tcp |
| VN | 163.44.194.62:443 | suanhahanoi365.com | tcp |
| US | 8.8.8.8:53 | taxationrefund.com | udp |
| US | 8.8.8.8:53 | teamcarservice.com | udp |
| US | 8.8.8.8:53 | teamkingindian.com | udp |
| TR | 95.173.161.190:443 | swpsuniversity.com | tcp |
| US | 50.6.138.46:443 | sustentaonline.com | tcp |
| US | 216.69.172.57:443 | www.supremerankseo.com | tcp |
| US | 8.8.8.8:53 | 190.226.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.75.76.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.169.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.82.198.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.138.67.172.in-addr.arpa | udp |
| SG | 184.168.99.253:80 | tacoislandbali.com | tcp |
| GB | 45.77.91.70:443 | www.talentbysidoli.com | tcp |
| AU | 140.238.205.3:443 | taxationrefund.com | tcp |
| US | 8.8.8.8:53 | techgadgetsray.com | udp |
| US | 8.8.8.8:53 | techgadgetspin.com | udp |
| MY | 103.122.164.9:443 | syukurbahagiaa.com | tcp |
| IT | 185.201.65.177:443 | teamcarservice.com | tcp |
| US | 8.8.8.8:53 | techgadgetsusa.com | udp |
| US | 8.8.8.8:53 | www.yellowfarmdog.com | udp |
| US | 8.8.8.8:53 | techredgadgets.com | udp |
| US | 8.8.8.8:53 | www.wikilottothai.com | udp |
| US | 8.8.8.8:53 | teinvitoacomer.com | udp |
| MY | 103.6.196.78:443 | www.takointernship.com | tcp |
| US | 162.214.80.27:443 | teamkingindian.com | tcp |
| US | 8.8.8.8:53 | terapiholistic.com | udp |
| US | 8.8.8.8:53 | terdaleclasses.com | udp |
| US | 13.248.169.48:443 | teinvitoacomer.com | tcp |
| US | 172.67.220.236:443 | techredgadgets.com | tcp |
| US | 172.67.186.87:443 | techgadgetspin.com | tcp |
| US | 45.76.75.34:443 | www.yellowfarmdog.com | tcp |
| SG | 172.96.191.158:443 | www.wikilottothai.com | tcp |
| US | 86.38.202.131:443 | techgadgetsusa.com | tcp |
| US | 104.21.30.205:443 | techgadgetsray.com | tcp |
| US | 8.8.8.8:53 | terminaldefect.com | udp |
| US | 172.67.221.95:443 | terapiholistic.com | tcp |
| US | 8.8.8.8:53 | 246.157.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.161.173.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.8.247.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.138.6.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.194.44.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.65.201.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.80.214.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.205.238.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.164.122.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.196.6.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.186.67.172.in-addr.arpa | udp |
| GB | 185.77.97.99:443 | terdaleclasses.com | tcp |
| US | 8.8.8.8:53 | theartofplatin.com | udp |
| US | 8.8.8.8:53 | thebeautyhoney.com | udp |
| PL | 89.184.68.107:443 | tarolog-ksenia.com | tcp |
| US | 8.8.8.8:53 | rocketracersgame.com | udp |
| US | 8.8.8.8:53 | rjcymarketinginc.com | udp |
| US | 8.8.8.8:53 | sabineritzberger.com | udp |
| US | 8.8.8.8:53 | saison-africaine.com | udp |
| US | 63.250.43.8:80 | terminaldefect.com | tcp |
| US | 66.235.200.146:443 | thebeautyhoney.com | tcp |
| US | 8.8.8.8:53 | salesphereonline.com | udp |
| US | 54.85.199.254:443 | theartofplatin.com | tcp |
| FR | 146.59.209.152:80 | saison-africaine.com | tcp |
| US | 104.21.73.241:443 | rocketracersgame.com | tcp |
| US | 104.21.56.177:443 | sabineritzberger.com | tcp |
| US | 8.8.8.8:53 | salgadointeriors.com | udp |
| US | 8.8.8.8:53 | salgueroreformas.com | udp |
| US | 63.250.43.13:443 | rjcymarketinginc.com | tcp |
| US | 8.8.8.8:53 | sarcastichistory.com | udp |
| DE | 217.160.0.136:443 | salgueroreformas.com | tcp |
| US | 8.8.8.8:53 | sauravfoundation.com | udp |
| US | 8.8.8.8:53 | www.terminaldefect.com | udp |
| US | 8.8.8.8:53 | saveinvest-money.com | udp |
| US | 8.8.8.8:53 | sawdevelopmentfl.com | udp |
| US | 8.8.8.8:53 | 205.30.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.202.38.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.97.77.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.68.184.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.73.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.56.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.209.59.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.199.85.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.seedlingsproject.com | udp |
| US | 149.100.151.202:443 | salgadointeriors.com | tcp |
| US | 8.8.8.8:53 | serenitywanderer.com | udp |
| US | 8.8.8.8:53 | seeworthyescapes.com | udp |
| US | 8.8.8.8:53 | www.shirakami-ganka1.com | udp |
| US | 8.8.8.8:53 | shrirambodyworks.com | udp |
| US | 8.8.8.8:53 | siamesesmile2008.com | udp |
| FR | 35.181.89.222:443 | serenitywanderer.com | tcp |
| US | 154.56.47.58:443 | sawdevelopmentfl.com | tcp |
| US | 208.113.188.110:443 | sarcastichistory.com | tcp |
| US | 141.193.213.10:443 | seeworthyescapes.com | tcp |
| US | 172.67.160.163:443 | siamesesmile2008.com | tcp |
| US | 8.8.8.8:53 | siamwaterjetting.com | udp |
| US | 8.8.8.8:53 | silvidiolingerie.com | udp |
| US | 8.8.8.8:53 | simmcoproperties.com | udp |
| IN | 89.117.157.173:443 | sauravfoundation.com | tcp |
| JP | 183.90.183.26:443 | www.shirakami-ganka1.com | tcp |
| US | 172.67.217.137:443 | saveinvest-money.com | tcp |
| AU | 203.57.51.163:443 | www.seedlingsproject.com | tcp |
| US | 63.250.43.7:80 | www.terminaldefect.com | tcp |
| US | 8.8.8.8:53 | skinup-eboutique.com | udp |
| US | 8.8.8.8:53 | 136.0.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | smarthomelessons.com | udp |
| US | 8.8.8.8:53 | smilewhitecenter.com | udp |
| US | 8.8.8.8:53 | sneakpeachagency.com | udp |
| US | 8.8.8.8:53 | sodaipatiservice.com | udp |
| US | 8.8.8.8:53 | soloquierodormir.com | udp |
| US | 8.8.8.8:53 | soheilmiresmaili.com | udp |
| BR | 154.49.247.61:443 | silvidiolingerie.com | tcp |
| US | 154.56.37.121:443 | skinup-eboutique.com | tcp |
| GB | 5.180.60.11:443 | sneakpeachagency.com | tcp |
| ID | 153.92.9.83:443 | siamwaterjetting.com | tcp |
| US | 68.183.26.2:443 | smarthomelessons.com | tcp |
| US | 104.21.70.104:443 | smilewhitecenter.com | tcp |
| US | 8.8.8.8:53 | www.sonographerlexie.com | udp |
| US | 170.130.38.8:443 | simmcoproperties.com | tcp |
| US | 8.8.8.8:53 | sophisticatedbar.com | udp |
| LT | 84.32.84.32:443 | soloquierodormir.com | tcp |
| IR | 217.144.105.174:80 | soheilmiresmaili.com | tcp |
| US | 8.8.8.8:53 | sparx-immobilier.com | udp |
| SG | 15.235.181.184:443 | sodaipatiservice.com | tcp |
| N/A | 127.0.0.1:52527 | tcp | |
| N/A | 127.0.0.1:52529 | tcp | |
| N/A | 127.0.0.1:52531 | tcp | |
| N/A | 127.0.0.1:52538 | tcp | |
| N/A | 127.0.0.1:52540 | tcp | |
| N/A | 127.0.0.1:52542 | tcp | |
| N/A | 127.0.0.1:52544 | tcp | |
| N/A | 127.0.0.1:52557 | tcp | |
| N/A | 127.0.0.1:52561 | tcp | |
| N/A | 127.0.0.1:52563 | tcp | |
| N/A | 127.0.0.1:52565 | tcp | |
| N/A | 127.0.0.1:52567 | tcp | |
| N/A | 127.0.0.1:52573 | tcp | |
| N/A | 127.0.0.1:52587 | tcp | |
| N/A | 127.0.0.1:52589 | tcp | |
| N/A | 127.0.0.1:52592 | tcp | |
| N/A | 127.0.0.1:52595 | tcp | |
| N/A | 127.0.0.1:52603 | tcp | |
| N/A | 127.0.0.1:52612 | tcp | |
| N/A | 127.0.0.1:52614 | tcp | |
| N/A | 127.0.0.1:52621 | tcp | |
| US | 8.8.8.8:53 | spectrumofsmiles.com | udp |
| FR | 54.36.91.62:443 | sparx-immobilier.com | tcp |
| US | 208.97.149.194:443 | www.sonographerlexie.com | tcp |
| US | 8.8.8.8:53 | 58.47.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.188.113.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.217.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.157.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.183.90.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.37.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.60.180.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.51.57.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.70.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.26.183.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | spronkcatamarans.com | udp |
| US | 8.8.8.8:53 | squattsportswear.com | udp |
| US | 8.8.8.8:53 | srpowerengineers.com | udp |
| US | 8.8.8.8:53 | stpaulsschoolank.com | udp |
| US | 8.8.8.8:53 | strawberrypocket.com | udp |
| US | 63.250.43.12:80 | sophisticatedbar.com | tcp |
| US | 89.117.9.37:443 | spectrumofsmiles.com | tcp |
| US | 8.8.8.8:53 | streetdanceparis.com | udp |
| DE | 167.235.16.228:443 | squattsportswear.com | tcp |
| IN | 119.18.54.84:443 | srpowerengineers.com | tcp |
| N/A | 127.0.0.1:52630 | tcp | |
| FR | 185.221.182.11:443 | streetdanceparis.com | tcp |
| N/A | 127.0.0.1:52634 | tcp | |
| US | 66.235.200.112:443 | strawberrypocket.com | tcp |
| US | 8.8.8.8:53 | www.sundentalseaside.com | udp |
| US | 8.8.8.8:53 | sustainabletails.com | udp |
| US | 8.8.8.8:53 | survivalfoodnews.com | udp |
| US | 8.8.8.8:53 | teamexfoundation.com | udp |
| US | 8.8.8.8:53 | thachcaobinhtran.com | udp |
| US | 86.38.202.133:443 | stpaulsschoolank.com | tcp |
| US | 67.205.60.173:443 | spronkcatamarans.com | tcp |
| US | 8.8.8.8:53 | 174.105.144.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.38.130.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.9.92.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.181.235.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.149.97.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.54.18.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.182.221.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.200.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | the-pro-cleaners.com | udp |
| US | 8.8.8.8:53 | www.sabineritzberger.com | udp |
| US | 8.8.8.8:53 | thebreathingball.com | udp |
| US | 8.8.8.8:53 | theaddressevents.com | udp |
| US | 8.8.8.8:53 | theglobaltoyshop.com | udp |
| US | 8.8.8.8:53 | legacy-virtual.com | udp |
| US | 63.250.43.12:443 | sophisticatedbar.com | tcp |
| US | 172.67.191.19:443 | survivalfoodnews.com | tcp |
| US | 172.67.187.92:443 | www.sabineritzberger.com | tcp |
| NL | 89.116.153.90:443 | theglobaltoyshop.com | tcp |
| US | 217.21.76.246:443 | the-pro-cleaners.com | tcp |
| IN | 68.178.145.137:80 | theaddressevents.com | tcp |
| US | 138.68.13.159:443 | thebreathingball.com | tcp |
| IN | 46.28.46.29:443 | teamexfoundation.com | tcp |
| US | 8.8.8.8:53 | themarketechs360.com | udp |
| US | 8.8.8.8:53 | theodafoundation.com | udp |
| US | 8.8.8.8:53 | theonetradingllc.com | udp |
| VN | 103.75.185.14:443 | thachcaobinhtran.com | tcp |
| US | 8.8.8.8:53 | thepurplekompass.com | udp |
| JP | 183.90.183.49:443 | www.sundentalseaside.com | tcp |
| US | 66.235.200.147:443 | legacy-virtual.com | tcp |
| US | 66.235.200.251:443 | sustainabletails.com | tcp |
| US | 8.8.8.8:53 | thetechappliance.com | udp |
| US | 8.8.8.8:53 | www.sarcastichistory.com | udp |
| N/A | 127.0.0.1:52647 | tcp | |
| N/A | 127.0.0.1:52649 | tcp | |
| N/A | 127.0.0.1:52651 | tcp | |
| N/A | 127.0.0.1:52653 | tcp | |
| N/A | 127.0.0.1:52657 | tcp | |
| N/A | 127.0.0.1:52659 | tcp | |
| N/A | 127.0.0.1:52662 | tcp | |
| N/A | 127.0.0.1:52664 | tcp | |
| N/A | 127.0.0.1:52666 | tcp | |
| N/A | 127.0.0.1:52668 | tcp | |
| N/A | 127.0.0.1:52670 | tcp | |
| N/A | 127.0.0.1:52678 | tcp | |
| N/A | 127.0.0.1:52680 | tcp | |
| N/A | 127.0.0.1:52682 | tcp | |
| N/A | 127.0.0.1:52683 | tcp | |
| N/A | 127.0.0.1:52686 | tcp | |
| N/A | 127.0.0.1:52687 | tcp | |
| N/A | 127.0.0.1:52696 | tcp | |
| US | 208.113.188.110:443 | www.sarcastichistory.com | tcp |
| US | 8.8.8.8:53 | 173.60.205.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.202.38.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.191.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.187.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.153.116.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | globaltoysshop.com | udp |
| US | 162.0.229.120:443 | thetechappliance.com | tcp |
| FR | 89.116.147.128:443 | theonetradingllc.com | tcp |
| US | 162.159.137.9:443 | theodafoundation.com | tcp |
| US | 86.38.202.206:443 | thepurplekompass.com | tcp |
| US | 8.8.8.8:53 | thetechnicaldada.com | udp |
| N/A | 127.0.0.1:52702 | tcp | |
| US | 8.8.8.8:53 | thevikramfitness.com | udp |
| US | 8.8.8.8:53 | thrillingtidings.com | udp |
| US | 8.8.8.8:53 | timurkocagozoglu.com | udp |
| US | 154.49.142.59:443 | themarketechs360.com | tcp |
| US | 8.8.8.8:53 | todayfreshrecipe.com | udp |
| US | 8.8.8.8:53 | todayslowestrate.com | udp |
| US | 8.8.8.8:53 | tomorrowland-tml.com | udp |
| US | 8.8.8.8:53 | tonicopoderosobr.com | udp |
| N/A | 127.0.0.1:52704 | tcp | |
| NL | 89.116.153.90:443 | globaltoysshop.com | tcp |
| US | 8.8.8.8:53 | topfreelancetips.com | udp |
| US | 8.8.8.8:53 | totalcleaningllc.com | udp |
| US | 198.54.116.44:443 | thetechnicaldada.com | tcp |
| FR | 217.182.41.81:80 | tomorrowland-tml.com | tcp |
| US | 104.21.86.198:80 | tonicopoderosobr.com | tcp |
| US | 104.21.24.225:443 | todayfreshrecipe.com | tcp |
| US | 45.39.104.207:80 | todayslowestrate.com | tcp |
| N/A | 127.0.0.1:52721 | tcp | |
| TR | 77.245.159.37:443 | timurkocagozoglu.com | tcp |
| US | 45.76.225.196:80 | thrillingtidings.com | tcp |
| IN | 89.117.157.164:443 | thevikramfitness.com | tcp |
| US | 8.8.8.8:53 | 147.200.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.200.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.76.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.46.28.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.13.68.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.183.90.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.185.75.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.137.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.147.116.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.202.38.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.229.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.142.49.154.in-addr.arpa | udp |
| US | 68.65.122.35:80 | totalcleaningllc.com | tcp |
| US | 8.8.8.8:53 | trikunpromotions.com | udp |
| US | 8.8.8.8:53 | truekingventures.com | udp |
| US | 8.8.8.8:53 | triosolutionshub.com | udp |
| N/A | 127.0.0.1:52725 | tcp | |
| US | 8.8.8.8:53 | universalchanges.com | udp |
| US | 8.8.8.8:53 | ucakbahisoyunu12.com | udp |
| US | 8.8.8.8:53 | upgovtjobsportal.com | udp |
| IN | 103.152.79.182:443 | trendyfreelancer.com | tcp |
| IN | 89.117.157.110:443 | topfreelancetips.com | tcp |
| N/A | 127.0.0.1:52727 | tcp | |
| US | 8.8.8.8:53 | uweydaproperties.com | udp |
| US | 8.8.8.8:53 | vijethacontainer.com | udp |
| US | 66.235.200.147:443 | legacy-virtual.com | tcp |
| US | 8.8.8.8:53 | upturnmaticstech.com | udp |
| N/A | 127.0.0.1:52734 | tcp | |
| FR | 92.205.15.114:80 | truekingventures.com | tcp |
| US | 162.0.232.41:443 | triosolutionshub.com | tcp |
| FR | 217.182.41.81:443 | tomorrowland-tml.com | tcp |
| DE | 157.90.213.242:443 | trikunpromotions.com | tcp |
| US | 8.8.8.8:53 | petroleumemporium.com | udp |
| US | 8.8.8.8:53 | polosdonlinesells.com | udp |
| N/A | 127.0.0.1:52736 | tcp | |
| US | 107.161.23.171:443 | universalchanges.com | tcp |
| US | 104.21.82.123:443 | ucakbahisoyunu12.com | tcp |
| US | 8.8.8.8:53 | poshanddazrawhair.com | udp |
| US | 8.8.8.8:53 | 44.116.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.86.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.41.182.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.104.39.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.157.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.122.65.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.79.152.103.in-addr.arpa | udp |
| US | 172.67.209.92:443 | upgovtjobsportal.com | tcp |
| US | 8.8.8.8:53 | prottashacomputer.com | udp |
| US | 172.67.196.120:443 | upturnmaticstech.com | tcp |
| US | 154.56.36.98:443 | uweydaproperties.com | tcp |
| US | 8.8.8.8:53 | realmedialistings.com | udp |
| US | 8.8.8.8:53 | reliabletowingllc.com | udp |
| IN | 217.21.91.45:443 | vijethacontainer.com | tcp |
| US | 8.8.8.8:53 | revenue-rebellion.com | udp |
| N/A | 127.0.0.1:52740 | tcp | |
| US | 50.87.184.211:443 | polosdonlinesells.com | tcp |
| US | 8.8.8.8:53 | shawnwilliamscott.com | udp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 198.54.114.183:443 | prottashacomputer.com | tcp |
| US | 50.6.138.130:443 | raquelsaudebeleza.com | tcp |
| US | 162.241.225.216:80 | petroleumemporium.com | tcp |
| N/A | 127.0.0.1:52743 | tcp | |
| US | 162.241.224.119:443 | revenue-rebellion.com | tcp |
| US | 8.8.8.8:53 | wisehealhealthcare.com | udp |
| US | 8.8.8.8:53 | outsourcingsupportbd.com | udp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 50.116.94.181:443 | realmedialistings.com | tcp |
| US | 192.185.16.56:443 | reliabletowingllc.com | tcp |
| N/A | 127.0.0.1:52751 | tcp | |
| N/A | 127.0.0.1:52755 | tcp | |
| N/A | 127.0.0.1:52758 | tcp | |
| N/A | 127.0.0.1:52760 | tcp | |
| N/A | 127.0.0.1:52762 | tcp | |
| N/A | 127.0.0.1:52764 | tcp | |
| N/A | 127.0.0.1:52770 | tcp | |
| US | 8.8.8.8:53 | 110.157.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.213.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.23.161.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.82.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.209.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.196.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.36.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.91.21.217.in-addr.arpa | udp |
| US | 162.241.224.194:443 | shawnwilliamscott.com | tcp |
| US | 8.8.8.8:53 | professeurleilaelgnaoui.com | udp |
| US | 8.8.8.8:53 | premiumelectrovisionltd.com | udp |
| N/A | 127.0.0.1:52777 | tcp | |
| US | 8.8.8.8:53 | nathinestimablefinance.com | udp |
| US | 8.8.8.8:53 | runtzcannabisdispensary.com | udp |
| US | 162.241.85.107:443 | wisehealhealthcare.com | tcp |
| US | 66.29.141.139:443 | professeurleilaelgnaoui.com | tcp |
| US | 66.29.132.226:443 | nathinestimablefinance.com | tcp |
| US | 131.153.165.35:443 | outsourcingsupportbd.com | tcp |
| US | 66.29.132.222:443 | runtzcannabisdispensary.com | tcp |
| DE | 162.55.131.89:443 | premiumelectrovisionltd.com | tcp |
| US | 132.148.77.219:443 | www.power-bank-manufacturer.com | tcp |
| US | 8.8.8.8:53 | wildlife-science-studio.com | udp |
| US | 8.8.8.8:53 | shippingexpressdelivery.com | udp |
| US | 8.8.8.8:53 | springbeautiesaesthetics.com | udp |
| US | 8.8.8.8:53 | protocollocabelorapunzel.com | udp |
| US | 8.8.8.8:53 | sydneyrichardphotography.com | udp |
| US | 8.8.8.8:53 | yumeyayakinikurestaurant.com | udp |
| US | 8.8.8.8:53 | affordablemedicareselect.com | udp |
| US | 8.8.8.8:53 | www.daihatsujabodetabekpromo.com | udp |
| US | 8.8.8.8:53 | charlottemarijuanadoctor.com | udp |
| US | 8.8.8.8:53 | dekhixuyseei1413gmailcom.com | udp |
| US | 8.8.8.8:53 | vanityflairdressagencycy.com | udp |
| US | 8.8.8.8:53 | 211.184.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.138.6.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.114.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.225.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.16.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.224.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.94.116.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.224.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.85.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | familyeyeclinictownelake.com | udp |
| US | 8.8.8.8:53 | ishwardinews24.net | udp |
| US | 8.8.8.8:53 | sbaik7.online | udp |
| US | 8.8.8.8:53 | lxkeys.online | udp |
| US | 198.54.115.121:443 | shippingexpressdelivery.com | tcp |
| DE | 188.40.107.86:443 | ishwardinews24.net | tcp |
| US | 66.81.203.198:80 | springbeautiesaesthetics.com | tcp |
| DE | 5.9.68.102:443 | vanityflairdressagencycy.com | tcp |
| US | 89.116.192.89:443 | bloozz.online | tcp |
| US | 3.33.130.190:80 | affordablemedicareselect.com | tcp |
| US | 8.8.8.8:53 | recaptcha.cloud | udp |
| US | 192.254.188.84:80 | dekhixuyseei1413gmailcom.com | tcp |
| NL | 191.96.63.119:443 | sbaik7.online | tcp |
| ID | 103.131.51.16:443 | www.daihatsujabodetabekpromo.com | tcp |
| US | 162.144.13.173:443 | charlottemarijuanadoctor.com | tcp |
| US | 165.140.70.70:443 | familyeyeclinictownelake.com | tcp |
| US | 108.167.151.98:443 | protocollocabelorapunzel.com | tcp |
| US | 141.193.213.10:443 | sydneyrichardphotography.com | tcp |
| JP | 160.251.152.23:443 | wildlife-science-studio.com | tcp |
| DE | 217.160.0.166:80 | lxkeys.online | tcp |
| ID | 203.175.8.79:443 | yumeyayakinikurestaurant.com | tcp |
| N/A | 127.0.0.1:52794 | tcp | |
| N/A | 127.0.0.1:52799 | tcp | |
| N/A | 127.0.0.1:52801 | tcp | |
| N/A | 127.0.0.1:52803 | tcp | |
| N/A | 127.0.0.1:52805 | tcp | |
| N/A | 127.0.0.1:52807 | tcp | |
| N/A | 127.0.0.1:52818 | tcp | |
| N/A | 127.0.0.1:52838 | tcp | |
| N/A | 127.0.0.1:52840 | tcp | |
| US | 8.8.8.8:53 | pramey.online | udp |
| US | 8.8.8.8:53 | 139.141.29.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.131.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.165.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.132.29.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.132.29.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.107.40.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.115.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.203.81.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mcares.online | udp |
| DE | 78.47.205.166:443 | recaptcha.cloud | tcp |
| US | 8.8.8.8:53 | dusess.com | udp |
| IN | 89.117.157.232:443 | mcares.online | tcp |
| US | 8.8.8.8:53 | wacays.online | udp |
| IN | 13.232.155.227:443 | pramey.online | tcp |
| US | 154.49.142.231:443 | nocaps.online | tcp |
| US | 8.8.8.8:53 | fmjobz.online | udp |
| US | 8.8.8.8:53 | fuxion.online | udp |
| US | 8.8.8.8:53 | my4ktv.online | udp |
| N/A | 127.0.0.1:52846 | tcp | |
| SG | 217.21.73.207:443 | skjobz.online | tcp |
| US | 3.33.130.190:443 | affordablemedicareselect.com | tcp |
| DE | 78.47.205.166:443 | recaptcha.cloud | tcp |
| ES | 185.162.55.118:443 | wacays.online | tcp |
| N/A | 127.0.0.1:52853 | tcp | |
| DE | 217.160.0.166:443 | lxkeys.online | tcp |
| US | 8.8.8.8:53 | jkjobz.online | udp |
| US | 8.8.8.8:53 | mkjobz.online | udp |
| US | 8.8.8.8:53 | promkes.online | udp |
| US | 8.8.8.8:53 | www.alzcare.org | udp |
| US | 8.8.8.8:53 | redraid.online | udp |
| US | 8.8.8.8:53 | zeeinfo.online | udp |
| US | 8.8.8.8:53 | 119.63.96.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.0.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.151.167.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.70.140.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.188.254.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.192.116.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.205.47.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.13.144.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.51.131.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.8.175.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.152.251.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.157.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.142.49.154.in-addr.arpa | udp |
| US | 172.67.199.180:443 | dusess.com | tcp |
| US | 8.8.8.8:53 | mbalit7.online | udp |
| US | 8.8.8.8:53 | fbviral.online | udp |
| GB | 145.14.152.229:443 | my4ktv.online | tcp |
| PL | 195.78.66.96:80 | fuxion.online | tcp |
| US | 8.8.8.8:53 | gamerpg.online | udp |
| N/A | 127.0.0.1:52855 | tcp | |
| US | 8.8.8.8:53 | ilaudos.online | udp |
| N/A | 127.0.0.1:52857 | tcp | |
| US | 35.238.244.227:443 | www.alzcare.org | tcp |
| US | 172.67.192.220:443 | fbviral.online | tcp |
| US | 8.8.8.8:53 | lcmusic.online | udp |
| US | 8.8.8.8:53 | inacios.online | udp |
| US | 8.8.8.8:53 | paywalls.online | udp |
| US | 8.8.8.8:53 | rafikapp.online | udp |
| NL | 185.166.188.18:443 | mbalit7.online | tcp |
| SG | 156.67.213.167:443 | promkes.online | tcp |
| EE | 193.228.128.131:443 | jkjobz.online | tcp |
| US | 8.8.8.8:53 | poscloud.online | udp |
| KZ | 185.121.82.103:443 | zeeinfo.online | tcp |
| FR | 178.16.128.10:443 | redraid.online | tcp |
| US | 8.8.8.8:53 | colclean.online | udp |
| BR | 170.81.42.63:443 | ilaudos.online | tcp |
| US | 8.8.8.8:53 | dautubcr.online | udp |
| US | 8.8.8.8:53 | viralito.online | udp |
| US | 8.8.8.8:53 | 207.73.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.152.14.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.66.78.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.55.162.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store111.online | udp |
| US | 8.8.8.8:53 | printmex.online | udp |
| US | 8.8.8.8:53 | lenouveau.online | udp |
| US | 62.72.50.125:443 | inacios.online | tcp |
| US | 8.8.8.8:53 | lyphaypro.online | udp |
| US | 154.49.241.154:443 | poscloud.online | tcp |
| US | 185.212.70.135:443 | rafikapp.online | tcp |
| US | 8.8.8.8:53 | beer-shop.online | udp |
| BR | 154.49.247.81:443 | colclean.online | tcp |
| DE | 217.160.0.198:443 | lcmusic.online | tcp |
| US | 198.252.98.97:443 | dautubcr.online | tcp |
| IN | 89.117.157.75:443 | store111.online | tcp |
| US | 82.180.160.152:80 | paywalls.online | tcp |
| US | 195.35.38.117:443 | printmex.online | tcp |
| US | 8.8.8.8:53 | bezotoken.online | udp |
| US | 8.8.8.8:53 | smagulova.online | udp |
| US | 8.8.8.8:53 | osfriends.online | udp |
| US | 216.246.112.168:443 | viralito.online | tcp |
| US | 8.8.8.8:53 | bophinpro.online | udp |
| PL | 195.78.66.96:80 | lenouveau.online | tcp |
| US | 8.8.8.8:53 | wingvip88.online | udp |
| US | 8.8.8.8:53 | 227.244.238.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.192.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.188.166.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.128.228.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.128.16.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.82.121.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.213.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.42.81.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.0.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | salemnews.online | udp |
| US | 172.67.162.14:443 | beer-shop.online | tcp |
| N/A | 127.0.0.1:52870 | tcp | |
| PL | 46.242.233.85:443 | osfriends.online | tcp |
| US | 82.180.163.133:443 | bophinpro.online | tcp |
| US | 104.21.73.47:443 | wingvip88.online | tcp |
| US | 82.180.163.133:443 | bophinpro.online | tcp |
| US | 8.8.8.8:53 | earnhindi.online | udp |
| RU | 82.146.54.190:80 | smagulova.online | tcp |
| US | 8.8.8.8:53 | skooknews.online | udp |
| US | 8.8.8.8:53 | plansavvy.online | udp |
| US | 8.8.8.8:53 | phonegyan.online | udp |
| US | 8.8.8.8:53 | hijabmart.online | udp |
| US | 8.8.8.8:53 | inaneboys.online | udp |
| US | 8.8.8.8:53 | 24newslive.online | udp |
| US | 8.8.8.8:53 | 7smoonnoon.online | udp |
| ID | 153.92.13.230:443 | desasusup.online | tcp |
| GB | 154.49.138.9:443 | tecnicali.online | tcp |
| US | 8.8.8.8:53 | abu-kharsh.online | udp |
| US | 8.8.8.8:53 | ampmcasino.online | udp |
| US | 8.8.8.8:53 | techslearn.online | udp |
| US | 8.8.8.8:53 | appoint-me.online | udp |
| IN | 217.21.91.50:443 | earnhindi.online | tcp |
| US | 8.8.8.8:53 | 125.50.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.241.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.70.212.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.98.252.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.157.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.160.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.112.246.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.38.35.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.162.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.233.242.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.73.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.163.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | appremiado.online | udp |
| N/A | 127.0.0.1:52892 | tcp | |
| N/A | 127.0.0.1:52894 | tcp | |
| N/A | 127.0.0.1:52897 | tcp | |
| N/A | 127.0.0.1:52900 | tcp | |
| N/A | 127.0.0.1:52907 | tcp | |
| IN | 89.117.157.80:443 | inaneboys.online | tcp |
| US | 154.49.142.55:443 | hijabmart.online | tcp |
| US | 8.8.8.8:53 | awgpodisha.online | udp |
| US | 8.8.8.8:53 | neurovitte.online | udp |
| US | 8.8.8.8:53 | blockquery.online | udp |
| US | 8.8.8.8:53 | bugatti168.online | udp |
| LT | 84.32.84.32:443 | appoint-me.online | tcp |
| US | 172.67.210.102:443 | skooknews.online | tcp |
| US | 191.101.79.115:443 | abu-kharsh.online | tcp |
| US | 146.190.140.148:443 | plansavvy.online | tcp |
| DE | 144.76.3.17:443 | 24newslive.online | tcp |
| US | 104.21.27.142:443 | ampmcasino.online | tcp |
| US | 89.117.139.218:443 | techslearn.online | tcp |
| IN | 154.41.233.19:443 | phonegyan.online | tcp |
| US | 8.8.8.8:53 | sparkysaim.online | udp |
| US | 8.8.8.8:53 | clubriches.online | udp |
| RU | 82.146.54.190:443 | smagulova.online | tcp |
| DE | 38.54.13.175:443 | blockquery.online | tcp |
| US | 8.8.8.8:53 | colouraxom.online | udp |
| US | 8.8.8.8:53 | devandplay.online | udp |
| US | 8.8.8.8:53 | 9.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.91.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.13.92.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.157.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.142.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.210.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | offertobuy.online | udp |
| US | 8.8.8.8:53 | dogtoknows.online | udp |
| US | 8.8.8.8:53 | ngocmayman.online | udp |
| IN | 178.16.136.134:443 | awgpodisha.online | tcp |
| BR | 149.62.37.106:443 | neurovitte.online | tcp |
| US | 82.180.160.152:443 | paywalls.online | tcp |
| US | 8.8.8.8:53 | filesharee.online | udp |
| US | 172.67.212.191:443 | bugatti168.online | tcp |
| IN | 217.21.85.208:443 | sparkysaim.online | tcp |
| US | 172.67.140.194:443 | clubriches.online | tcp |
| BR | 149.100.155.238:443 | offertobuy.online | tcp |
| BR | 154.49.247.148:443 | devandplay.online | tcp |
| US | 82.180.163.133:443 | ngocmayman.online | tcp |
| LT | 84.32.84.32:443 | dogtoknows.online | tcp |
| US | 8.8.8.8:53 | fruitsabzi.online | udp |
| FI | 95.217.145.143:443 | filesharee.online | tcp |
| US | 8.8.8.8:53 | hilwastore.online | udp |
| GB | 154.49.138.98:443 | fruitsabzi.online | tcp |
| SG | 217.21.72.123:80 | hilwastore.online | tcp |
| US | 8.8.8.8:53 | shipcarsus.com | udp |
| US | 8.8.8.8:53 | ecoenviron.com | udp |
| US | 8.8.8.8:53 | pluszleven.online | udp |
| US | 8.8.8.8:53 | apstockmann.com | udp |
| US | 8.8.8.8:53 | fsc-africa.com | udp |
| US | 8.8.8.8:53 | shoppersby.com | udp |
| US | 8.8.8.8:53 | 142.27.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.3.76.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.79.101.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.139.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.212.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.136.16.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.140.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.37.62.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.85.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.145.217.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.155.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.247.49.154.in-addr.arpa | udp |
| US | 162.0.215.24:443 | ecoenviron.com | tcp |
| US | 8.8.8.8:53 | bharatgodam.com | udp |
| N/A | 127.0.0.1:52912 | tcp | |
| N/A | 127.0.0.1:52915 | tcp | |
| N/A | 127.0.0.1:52917 | tcp | |
| N/A | 127.0.0.1:52919 | tcp | |
| NL | 141.138.169.243:443 | pluszleven.online | tcp |
| US | 66.29.132.222:443 | apstockmann.com | tcp |
| US | 149.100.151.66:443 | shipcarsus.com | tcp |
| IN | 68.178.145.118:80 | bharatgodam.com | tcp |
| US | 8.8.8.8:53 | bheemmarket.com | udp |
| US | 8.8.8.8:53 | bikeshopltd.com | udp |
| US | 198.54.120.21:80 | fsc-africa.com | tcp |
| US | 8.8.8.8:53 | bkgcleaning.com | udp |
| US | 8.8.8.8:53 | craftherbbs.com | udp |
| US | 8.8.8.8:53 | thesuitking.com | udp |
| US | 8.8.8.8:53 | thesolarnxt.com | udp |
| US | 8.8.8.8:53 | timbrstudio.com | udp |
| US | 8.8.8.8:53 | tinchapshfc.com | udp |
| US | 8.8.8.8:53 | tomerzelona.com | udp |
| US | 8.8.8.8:53 | tokosenayan.com | udp |
| US | 8.8.8.8:53 | tommyhaller.com | udp |
| US | 8.8.8.8:53 | top1gamevui.com | udp |
| US | 198.54.116.83:443 | bikeshopltd.com | tcp |
| US | 198.54.116.135:443 | bheemmarket.com | tcp |
| US | 8.8.8.8:53 | topclinicfa.com | udp |
| US | 66.29.132.176:443 | bkgcleaning.com | tcp |
| US | 8.8.8.8:53 | 98.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.169.138.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.215.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.72.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.120.54.198.in-addr.arpa | udp |
| US | 82.180.138.184:443 | thesynergix.com | tcp |
| GB | 154.49.138.247:443 | thesolarnxt.com | tcp |
| IN | 68.178.145.225:443 | craftherbbs.com | tcp |
| FR | 89.117.169.225:443 | tomerzelona.com | tcp |
| N/A | 127.0.0.1:52929 | tcp | |
| DE | 46.4.17.159:443 | topclinicfa.com | tcp |
| SG | 156.67.222.7:443 | tokosenayan.com | tcp |
| US | 8.8.8.8:53 | toprealeasy.com | udp |
| US | 8.8.8.8:53 | tornellihme.com | udp |
| GB | 154.49.138.156:443 | tommyhaller.com | tcp |
| US | 162.0.229.249:443 | timbrstudio.com | tcp |
| VN | 103.221.222.22:443 | top1gamevui.com | tcp |
| VN | 14.225.210.162:443 | tinchapshfc.com | tcp |
| US | 8.8.8.8:53 | travelgrape.com | udp |
| US | 8.8.8.8:53 | trending24h.com | udp |
| US | 149.100.151.235:443 | tornellihme.com | tcp |
| US | 8.8.8.8:53 | trendinglah.com | udp |
| US | 8.8.8.8:53 | trendyrover.com | udp |
| US | 8.8.8.8:53 | troskicorps.com | udp |
| US | 185.150.191.220:443 | toprealeasy.com | tcp |
| US | 8.8.8.8:53 | trust-peter.com | udp |
| US | 104.21.16.253:443 | travelgrape.com | tcp |
| US | 8.8.8.8:53 | tryicecream.com | udp |
| IN | 154.41.233.101:443 | trendyrover.com | tcp |
| FR | 35.181.89.222:443 | trending24h.com | tcp |
| BE | 213.158.94.166:443 | troskicorps.com | tcp |
| US | 8.8.8.8:53 | 83.116.54.198.in-addr.arpa | udp |
| US | 104.21.71.117:443 | trendinglah.com | tcp |
| US | 8.8.8.8:53 | 176.132.29.66.in-addr.arpa | udp |
| IN | 154.41.233.127:443 | tryicecream.com | tcp |
| US | 8.8.8.8:53 | 247.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.169.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.138.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.229.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.17.4.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.222.221.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.222.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.16.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.191.150.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.116.54.198.in-addr.arpa | udp |
| N/A | 127.0.0.1:52936 | tcp | |
| N/A | 127.0.0.1:52938 | tcp | |
| N/A | 127.0.0.1:52940 | tcp | |
| N/A | 127.0.0.1:52942 | tcp | |
| N/A | 127.0.0.1:52944 | tcp | |
| N/A | 127.0.0.1:52946 | tcp | |
| N/A | 127.0.0.1:52948 | tcp | |
| N/A | 127.0.0.1:52950 | tcp | |
| N/A | 127.0.0.1:52952 | tcp | |
| N/A | 127.0.0.1:52954 | tcp | |
| N/A | 127.0.0.1:52961 | tcp | |
| N/A | 127.0.0.1:52967 | tcp | |
| N/A | 127.0.0.1:52970 | tcp | |
| N/A | 127.0.0.1:52972 | tcp | |
| US | 8.8.8.8:53 | www.tsietrading.com | udp |
| US | 8.8.8.8:53 | www.pluszleven.nl | udp |
| JP | 172.105.235.119:443 | trust-peter.com | tcp |
| US | 8.8.8.8:53 | tubephoneca.com | udp |
| US | 8.8.8.8:53 | tuguiasucre.com | udp |
| US | 8.8.8.8:53 | tvcablecast.com | udp |
| US | 8.8.8.8:53 | tylebongda8.com | udp |
| US | 8.8.8.8:53 | findhealthinecuador.com | udp |
| US | 8.8.8.8:53 | ufabet7x-th.com | udp |
| NL | 141.138.169.243:443 | www.pluszleven.nl | tcp |
| US | 8.8.8.8:53 | upper-scale.com | udp |
| US | 8.8.8.8:53 | usaretailco.com | udp |
| US | 8.8.8.8:53 | unagi-tuhan.com | udp |
| US | 70.39.147.127:443 | findhealthinecuador.com | tcp |
| N/A | 127.0.0.1:52974 | tcp | |
| PL | 154.194.52.229:443 | tvcablecast.com | tcp |
| US | 104.21.22.13:443 | ufabet7x-th.com | tcp |
| CN | 103.172.191.1:443 | tubephoneca.com | tcp |
| US | 8.8.8.8:53 | usaspeeding.com | udp |
| US | 8.8.8.8:53 | ustaxincome.com | udp |
| US | 173.236.140.244:443 | www.tsietrading.com | tcp |
| US | 135.148.72.141:443 | tuguiasucre.com | tcp |
| US | 8.8.8.8:53 | vakilazmoon.com | udp |
| N/A | 127.0.0.1:52983 | tcp | |
| US | 50.63.142.235:443 | upper-scale.com | tcp |
| US | 8.8.8.8:53 | 235.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.210.225.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.71.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.94.158.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.147.39.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.235.105.172.in-addr.arpa | udp |
| JP | 160.251.151.166:443 | unagi-tuhan.com | tcp |
| GB | 206.189.119.167:443 | usaspeeding.com | tcp |
| HK | 156.234.72.14:80 | tylebongda8.com | tcp |
| US | 8.8.8.8:53 | www.valpadanatv.com | udp |
| US | 8.8.8.8:53 | valwoolrugs.com | udp |
| US | 66.228.55.6:443 | ustaxincome.com | tcp |
| US | 8.8.8.8:53 | vandadchoob.com | udp |
| US | 8.8.8.8:53 | vaycasino10.com | udp |
| IT | 89.46.108.38:443 | www.valpadanatv.com | tcp |
| IR | 178.239.158.23:80 | vandadchoob.com | tcp |
| US | 8.8.8.8:53 | ventyusshop.com | udp |
| US | 8.8.8.8:53 | via-venture.com | udp |
| US | 8.8.8.8:53 | viajamerida.com | udp |
| US | 104.21.21.236:443 | vaycasino10.com | tcp |
| US | 8.8.8.8:53 | vickilargen.com | udp |
| US | 8.8.8.8:53 | victorsedit.com | udp |
| US | 8.8.8.8:53 | vivirdelaia.com | udp |
| US | 8.8.8.8:53 | videoagepro.com | udp |
| US | 8.8.8.8:53 | vioneclinic.com | udp |
| US | 8.8.8.8:53 | www.vortexhosts.com | udp |
| US | 8.8.8.8:53 | vwintrading.com | udp |
| BG | 185.45.67.70:443 | valwoolrugs.com | tcp |
| US | 8.8.8.8:53 | 229.52.194.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.22.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.140.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.72.148.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.119.189.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.55.228.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.151.251.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.72.234.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wagnerbreit.com | udp |
| US | 8.8.8.8:53 | walthallcec.com | udp |
| N/A | 127.0.0.1:52988 | tcp | |
| US | 8.8.8.8:53 | wanythepooh.com | udp |
| US | 8.8.8.8:53 | webreachhub.com | udp |
| US | 154.49.142.180:443 | viajamerida.com | tcp |
| FR | 185.135.132.102:443 | wabgroup-ci.com | tcp |
| US | 8.8.8.8:53 | wellbeingnl.ca | udp |
| N/A | 127.0.0.1:52994 | tcp | |
| US | 8.8.8.8:53 | wegovykopen.com | udp |
| US | 8.8.8.8:53 | wellingtonn.com | udp |
| US | 205.196.208.97:443 | vr-hangouts.com | tcp |
| US | 172.67.217.242:443 | vickilargen.com | tcp |
| US | 8.8.8.8:53 | wellshotads.com | udp |
| SG | 185.232.14.16:443 | vwintrading.com | tcp |
| TH | 210.246.201.242:443 | vioneclinic.com | tcp |
| US | 149.100.151.65:443 | victorsedit.com | tcp |
| US | 104.21.2.241:443 | ventyusshop.com | tcp |
| US | 160.153.0.137:443 | via-venture.com | tcp |
| US | 172.67.203.160:443 | www.vortexhosts.com | tcp |
| FR | 51.255.26.63:443 | vivirdelaia.com | tcp |
| US | 160.153.0.180:443 | weeditphoto.com | tcp |
| US | 8.8.8.8:53 | 38.108.46.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.21.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.158.239.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.67.45.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.132.135.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.142.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wendyhertel.com | udp |
| US | 74.208.236.186:443 | videoagepro.com | tcp |
| US | 8.8.8.8:53 | www.wfacservice.com | udp |
| US | 151.101.194.159:443 | wellbeingnl.ca | tcp |
| FR | 154.49.245.152:443 | wanythepooh.com | tcp |
| FR | 154.49.245.191:443 | webreachhub.com | tcp |
| BR | 149.100.155.214:443 | wagnerbreit.com | tcp |
| US | 8.8.8.8:53 | wintinnitus.com | udp |
| US | 8.8.8.8:53 | www.wiserentapp.com | udp |
| LU | 198.251.84.7:443 | wegovykopen.com | tcp |
| US | 198.46.94.166:443 | walthallcec.com | tcp |
| US | 8.8.8.8:53 | weplay168th.com | udp |
| US | 8.8.8.8:53 | wooatvparts.com | udp |
| US | 76.223.67.189:443 | wellingtonn.com | tcp |
| US | 8.8.8.8:53 | woodstockcr.com | udp |
| SG | 109.106.254.82:443 | wellshotads.com | tcp |
| US | 8.8.8.8:53 | workswithwp.com | udp |
| US | 8.8.8.8:53 | worldchainx.com | udp |
| LT | 45.84.206.45:443 | wintinnitus.com | tcp |
| US | 8.8.8.8:53 | worldtoursm.com | udp |
| US | 8.8.8.8:53 | wysiwygfrag.com | udp |
| US | 8.8.8.8:53 | x-plorewear.com | udp |
| US | 8.8.8.8:53 | 242.217.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.2.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.203.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.208.196.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.26.255.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.14.232.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.245.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.84.251.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.236.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.155.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xuumpinamar.com | udp |
| TR | 77.245.159.12:443 | www.wiserentapp.com | tcp |
| PL | 51.77.63.100:443 | www.wfacservice.com | tcp |
| US | 104.21.35.189:443 | weplay168th.com | tcp |
| US | 162.0.215.34:443 | wendyhertel.com | tcp |
| US | 172.67.171.143:443 | wooatvparts.com | tcp |
| US | 8.8.8.8:53 | yamanligida.com | udp |
| US | 8.8.8.8:53 | yhoctamthuc.com | udp |
| US | 8.8.8.8:53 | yunnleeblog.com | udp |
| US | 8.8.8.8:53 | www.zaabr-daaga.com | udp |
| US | 8.8.8.8:53 | zaininanyan.com | udp |
| US | 8.8.8.8:53 | zaymvisuals.com | udp |
| US | 8.8.8.8:53 | zdc789joker.com | udp |
| US | 8.8.8.8:53 | zedgarstore.com | udp |
| US | 8.8.8.8:53 | www.zeegeegames.com | udp |
| US | 8.8.8.8:53 | zhangmingxu.com | udp |
| US | 8.8.8.8:53 | zhuoyazhang.com | udp |
| US | 8.8.8.8:53 | 166.94.46.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.67.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zonakristen.com | udp |
| US | 8.8.8.8:53 | zidanefixed.com | udp |
| US | 8.8.8.8:53 | grasconnect.com | udp |
| US | 8.8.8.8:53 | zulefagroup.com | udp |
| US | 8.8.8.8:53 | graze-thyme.com | udp |
| CA | 142.44.241.188:443 | woodstockcr.com | tcp |
| BR | 154.49.247.161:443 | xuumpinamar.com | tcp |
| US | 172.67.152.36:443 | workswithwp.com | tcp |
| NL | 136.144.205.189:443 | x-plorewear.com | tcp |
| US | 67.227.167.13:443 | wysiwygfrag.com | tcp |
| GB | 154.49.138.15:443 | worldchainx.com | tcp |
| TR | 77.245.159.21:443 | yamanligida.com | tcp |
| US | 8.8.8.8:53 | green-bakes.com | udp |
| US | 8.8.8.8:53 | greenbergtt.com | udp |
| FR | 91.234.195.212:443 | www.zaabr-daaga.com | tcp |
| US | 8.8.8.8:53 | greenpurnia.com | udp |
| SG | 146.190.97.174:443 | yunnleeblog.com | tcp |
| SG | 51.79.190.175:443 | worldtoursm.com | tcp |
| US | 104.21.21.112:443 | zdc789joker.com | tcp |
| GB | 154.49.138.22:443 | grasconnect.com | tcp |
| US | 8.8.8.8:53 | www.greenspecth.com | udp |
| US | 8.8.8.8:53 | cv-wits.com | udp |
| DE | 89.163.145.59:80 | zulefagroup.com | tcp |
| NL | 2.56.90.126:443 | zidanefixed.com | tcp |
| FR | 89.116.147.22:443 | zedgarstore.com | tcp |
| US | 165.140.70.145:443 | graze-thyme.com | tcp |
| SG | 165.22.106.39:443 | zaininanyan.com | tcp |
| US | 8.8.8.8:53 | www.vr-hangouts.com | udp |
| US | 8.8.8.8:53 | 82.254.106.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.206.84.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.35.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.171.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.63.77.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.159.245.77.in-addr.arpa | udp |
| JP | 49.212.196.177:80 | www.zeegeegames.com | tcp |
| US | 8.8.8.8:53 | 34.215.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.241.44.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ehr-sme.com | udp |
| HK | 103.135.35.134:443 | zhangmingxu.com | tcp |
| US | 8.8.8.8:53 | elyadak.com | udp |
| US | 104.249.63.34:443 | zaymvisuals.com | tcp |
| GB | 109.70.148.41:443 | green-bakes.com | tcp |
| US | 8.8.8.8:53 | www.erprose.com | udp |
| FR | 154.49.245.125:443 | zhuoyazhang.com | tcp |
| SG | 194.163.35.150:443 | yhoctamthuc.com | tcp |
| US | 8.8.8.8:53 | fabxeng.com | udp |
| IN | 103.117.180.2:443 | greenpurnia.com | tcp |
| US | 8.8.8.8:53 | fitupai.com | udp |
| US | 8.8.8.8:53 | www.gaon-qr.com | udp |
| US | 198.46.94.166:443 | walthallcec.com | tcp |
| US | 3.33.130.190:443 | ehr-sme.com | tcp |
| US | 205.196.208.97:443 | www.vr-hangouts.com | tcp |
| IR | 185.94.96.101:443 | elyadak.com | tcp |
| SG | 156.67.212.225:443 | cv-wits.com | tcp |
| US | 8.8.8.8:53 | gathoda.com | udp |
| US | 8.8.8.8:53 | 36.152.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.167.227.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.159.245.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.195.234.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.205.144.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.90.56.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.21.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.147.116.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.145.163.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.97.190.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.63.249.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.190.79.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.70.140.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.106.22.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.148.70.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.35.135.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.196.212.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gmz168x.com | udp |
| US | 8.8.8.8:53 | hadhami.com | udp |
| US | 8.8.8.8:53 | heimayk.com | udp |
| TH | 103.86.51.166:443 | www.greenspecth.com | tcp |
| NL | 136.144.205.189:443 | x-plorewear.com | tcp |
| NL | 2.56.90.194:443 | fabxeng.com | tcp |
| US | 8.8.8.8:53 | heviglo.com | udp |
| US | 8.8.8.8:53 | www.hfbgqrz.com | udp |
| DE | 89.163.145.59:443 | zulefagroup.com | tcp |
| US | 8.8.8.8:53 | isachot.com | udp |
| KR | 115.68.168.176:443 | www.gaon-qr.com | tcp |
| US | 104.21.11.176:443 | fitupai.com | tcp |
| US | 8.8.8.8:53 | isynews.com | udp |
| US | 8.8.8.8:53 | iusbuys.com | udp |
| US | 8.8.8.8:53 | iusites.com | udp |
| IN | 89.117.157.197:443 | gathoda.com | tcp |
| NL | 185.224.137.26:443 | hadhami.com | tcp |
| US | 8.8.8.8:53 | janooni.com | udp |
| US | 8.8.8.8:53 | 125.245.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.117.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.35.163.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.90.56.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.212.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | doubleJpro.com | udp |
| US | 8.8.8.8:53 | javhd99.com | udp |
| CN | 139.224.208.16:80 | heimayk.com | tcp |
| US | 104.21.35.200:443 | www.hfbgqrz.com | tcp |
| FR | 51.91.236.193:443 | heviglo.com | tcp |
| US | 8.8.8.8:53 | jen-den.com | udp |
| US | 8.8.8.8:53 | jewerys.com | udp |
| US | 8.8.8.8:53 | jobnohm.com | udp |
| PT | 31.129.22.69:443 | isachot.com | tcp |
| IN | 103.191.209.63:443 | hirefex.com | tcp |
| US | 8.8.8.8:53 | jqjapan.com | udp |
| US | 74.208.236.112:80 | doubleJpro.com | tcp |
| US | 8.8.8.8:53 | jricaut.com | udp |
| US | 172.67.204.142:443 | javhd99.com | tcp |
| IR | 5.144.131.247:443 | janooni.com | tcp |
| US | 172.67.208.149:443 | iusbuys.com | tcp |
| US | 75.102.22.183:443 | isynews.com | tcp |
| US | 8.8.8.8:53 | k9wintv.com | udp |
| US | 8.8.8.8:53 | 166.51.86.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.137.224.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.35.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kajurry.com | udp |
| US | 104.21.43.225:443 | jewerys.com | tcp |
| US | 104.21.34.23:443 | upturnmaticstech.com | tcp |
| DE | 78.47.205.166:443 | recaptcha.cloud | tcp |
| DE | 78.47.205.166:443 | recaptcha.cloud | tcp |
| US | 8.8.8.8:53 | kcdfood.com | udp |
| US | 8.8.8.8:53 | katzsv4.com | udp |
| US | 8.8.8.8:53 | kdadorn.com | udp |
| SG | 159.223.78.100:443 | jobnohm.com | tcp |
| US | 104.21.22.105:443 | k9wintv.com | tcp |
| N/A | 127.0.0.1:53006 | tcp | |
| US | 8.8.8.8:53 | keksweb.com | udp |
| US | 8.8.8.8:53 | kennant.com | udp |
| US | 8.8.8.8:53 | kiligcc.com | udp |
| US | 8.8.8.8:53 | www.kins247.com | udp |
| US | 8.8.8.8:53 | kiztalk.com | udp |
| US | 8.8.8.8:53 | knblogs.com | udp |
| KR | 175.214.50.180:443 | jrstudy.com | tcp |
| IN | 103.110.127.102:443 | jen-den.com | tcp |
| US | 162.241.216.140:443 | jqjapan.com | tcp |
| US | 8.8.8.8:53 | 142.204.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.208.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.209.191.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.236.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.131.144.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.43.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.34.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | knfinan.com | udp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 8.8.8.8:53 | koilube.com | udp |
| US | 8.8.8.8:53 | koreaog.com | udp |
| US | 8.8.8.8:53 | www.kpbtyal.com | udp |
| N/A | 127.0.0.1:53016 | tcp | |
| US | 8.8.8.8:53 | www.kqqswuj.com | udp |
| IN | 154.41.233.164:443 | kajurry.com | tcp |
| US | 8.8.8.8:53 | kranjit.com | udp |
| US | 8.8.8.8:53 | kuciart.com | udp |
| US | 8.8.8.8:53 | kxoso66.com | udp |
| US | 8.8.8.8:53 | leemoes.com | udp |
| US | 8.8.8.8:53 | labarjo.com | udp |
| US | 8.8.8.8:53 | elyadak.ir | udp |
| US | 8.8.8.8:53 | www.lemolto.com | udp |
| US | 8.8.8.8:53 | lelkul1.com | udp |
| US | 8.8.8.8:53 | lesiasm.com | udp |
| N/A | 127.0.0.1:53018 | tcp | |
| US | 8.8.8.8:53 | lma-mki.com | udp |
| US | 31.170.166.160:443 | knblogs.com | tcp |
| US | 8.8.8.8:53 | logdmcc.com | udp |
| US | 35.244.245.121:443 | kiligcc.com | tcp |
| US | 50.62.220.22:443 | www.kins247.com | tcp |
| US | 104.21.25.116:443 | kdadorn.com | tcp |
| US | 104.21.71.75:443 | kiztalk.com | tcp |
| US | 172.67.180.15:443 | knfinan.com | tcp |
| HR | 185.58.73.235:443 | keksweb.com | tcp |
| US | 8.8.8.8:53 | 105.22.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.216.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | logossa.com | udp |
| US | 104.21.56.30:443 | www.kpbtyal.com | tcp |
| US | 104.21.35.93:443 | kennant.com | tcp |
| N/A | 127.0.0.1:53020 | tcp | |
| TH | 119.59.100.53:443 | kcdfood.com | tcp |
| SG | 156.67.222.37:443 | koreaog.com | tcp |
| MY | 103.6.244.18:443 | kranjit.com | tcp |
| SI | 212.44.112.114:443 | kuciart.com | tcp |
| N/A | 127.0.0.1:53022 | tcp | |
| NL | 45.93.125.4:443 | lelkul1.com | tcp |
| FR | 51.91.236.193:443 | labarjo.com | tcp |
| US | 172.67.164.164:443 | lesiasm.com | tcp |
| US | 8.8.8.8:53 | loki389.com | udp |
| US | 172.67.165.183:443 | kxoso66.com | tcp |
| US | 8.8.8.8:53 | lumixal.com | udp |
| SG | 154.26.128.195:443 | leemoes.com | tcp |
| FR | 109.234.165.181:443 | www.lemolto.com | tcp |
| US | 154.56.47.119:443 | logossa.com | tcp |
| ID | 119.235.250.52:443 | lma-mki.com | tcp |
| US | 162.241.218.19:443 | logdmcc.com | tcp |
| IR | 185.94.96.101:443 | elyadak.ir | tcp |
| US | 8.8.8.8:53 | lsdbaau.com | udp |
| DE | 78.47.205.166:443 | recaptcha.cloud | tcp |
| US | 8.8.8.8:53 | lvsg788.com | udp |
| US | 8.8.8.8:53 | lynphan.com | udp |
| US | 8.8.8.8:53 | m-hbaby.com | udp |
| FR | 141.95.233.131:443 | lumixal.com | tcp |
| US | 8.8.8.8:53 | www.kiztalk.com | udp |
| US | 8.8.8.8:53 | 121.245.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.71.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.25.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.35.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.166.170.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.73.58.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.100.59.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | macisms.com | udp |
| US | 8.8.8.8:53 | maftllc.com | udp |
| US | 8.8.8.8:53 | majlajt.com | udp |
| US | 8.8.8.8:53 | marhite.com | udp |
| US | 8.8.8.8:53 | masunca.com | udp |
| US | 8.8.8.8:53 | mbvital.com | udp |
| US | 8.8.8.8:53 | mcdmath.com | udp |
| US | 172.67.181.92:80 | lvsg788.com | tcp |
| US | 162.241.217.66:80 | lsdbaau.com | tcp |
| US | 8.8.8.8:53 | www.mdblets.com | udp |
| US | 104.21.44.212:443 | macisms.com | tcp |
| TH | 27.254.96.244:80 | loki389.com | tcp |
| US | 172.67.200.106:443 | mda-hub.com | tcp |
| US | 104.21.71.75:443 | www.kiztalk.com | tcp |
| NL | 68.66.248.11:443 | majlajt.com | tcp |
| US | 162.241.225.15:443 | mcdmath.com | tcp |
| US | 8.8.8.8:53 | www.me-shot.com | udp |
| GB | 185.77.97.222:443 | marhite.com | tcp |
| US | 160.153.0.131:443 | masunca.com | tcp |
| DE | 167.235.182.213:443 | maftllc.com | tcp |
| US | 82.180.172.127:443 | lynphan.com | tcp |
| US | 8.8.8.8:53 | 18.244.6.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.164.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.125.93.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.165.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.165.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.47.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.218.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.128.26.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.233.95.141.in-addr.arpa | udp |
| US | 172.67.177.118:443 | m-hbaby.com | tcp |
| US | 8.8.8.8:53 | mediebc.com | udp |
| US | 8.8.8.8:53 | memoset.com | udp |
| US | 8.8.8.8:53 | merkhut.com | udp |
| US | 8.8.8.8:53 | meroyar.com | udp |
| US | 8.8.8.8:53 | merstra.com | udp |
| US | 104.21.4.197:443 | me88moi.com | tcp |
| US | 8.8.8.8:53 | mhdwood.com | udp |
| FR | 109.234.165.183:443 | www.mdblets.com | tcp |
| US | 8.8.8.8:53 | mimolme.com | udp |
| FR | 51.91.236.193:443 | memoset.com | tcp |
| GB | 68.183.37.41:443 | www.me-shot.com | tcp |
| US | 8.8.8.8:53 | minikah.com | udp |
| US | 8.8.8.8:53 | mizalhs.com | udp |
| US | 172.67.181.92:443 | lvsg788.com | tcp |
| US | 8.8.8.8:53 | mncpost.com | udp |
| US | 8.8.8.8:53 | mopscon.com | udp |
| US | 8.8.8.8:53 | www.mrgowns.com | udp |
| US | 8.8.8.8:53 | motornc.com | udp |
| US | 8.8.8.8:53 | 212.44.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.181.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.200.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.97.77.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.248.66.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.217.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.182.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.177.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.225.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.172.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.4.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.37.183.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.165.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crazitoo.com | udp |
| US | 8.8.8.8:53 | www.leemoes.com | udp |
| US | 8.8.8.8:53 | www.creaaron.com | udp |
| US | 8.8.8.8:53 | crisbelo.com | udp |
| US | 8.8.8.8:53 | cubezllc.com | udp |
| US | 8.8.8.8:53 | d9betmoi.com | udp |
| US | 8.8.8.8:53 | danakron.com | udp |
| IN | 217.21.91.184:443 | merstra.com | tcp |
| US | 216.172.172.79:443 | merkhut.com | tcp |
| US | 173.236.236.248:443 | meroyar.com | tcp |
| FR | 92.205.8.128:443 | mhdwood.com | tcp |
| JP | 52.69.237.81:443 | mimolme.com | tcp |
| US | 104.21.18.120:80 | minikah.com | tcp |
| DE | 148.251.114.233:443 | mizalhs.com | tcp |
| US | 8.8.8.8:53 | dansolam.com | udp |
| N/A | 127.0.0.1:53028 | tcp | |
| US | 8.8.8.8:53 | dansscho.com | udp |
| US | 8.8.8.8:53 | dcgtruck.com | udp |
| US | 8.8.8.8:53 | dehuerta.com | udp |
| LT | 45.84.206.42:443 | crisbelo.com | tcp |
| US | 104.21.4.215:443 | d9betmoi.com | tcp |
| US | 141.193.213.10:443 | mopscon.com | tcp |
| US | 8.8.8.8:53 | delmaspa.com | udp |
| US | 8.8.8.8:53 | www.loki389.com | udp |
| US | 104.21.39.183:443 | danakron.com | tcp |
| GB | 185.77.97.14:443 | motornc.com | tcp |
| US | 8.8.8.8:53 | 120.18.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.114.251.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.172.172.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.236.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.91.21.217.in-addr.arpa | udp |
| US | 172.67.166.207:443 | dansolam.com | tcp |
| FR | 83.229.19.72:443 | mncpost.com | tcp |
| US | 8.8.8.8:53 | depannup.com | udp |
| US | 8.8.8.8:53 | demahoue.com | udp |
| N/A | 127.0.0.1:53040 | tcp | |
| US | 8.8.8.8:53 | jamarmasonryrestoration.com | udp |
| SG | 154.26.128.195:443 | www.leemoes.com | tcp |
| FR | 176.31.1.233:443 | www.creaaron.com | tcp |
| US | 172.67.158.108:443 | crazitoo.com | tcp |
| GB | 91.238.162.87:443 | www.mrgowns.com | tcp |
| N/A | 127.0.0.1:53044 | tcp | |
| US | 217.196.55.174:443 | darkmktg.com | tcp |
| BR | 154.49.247.173:443 | dehuerta.com | tcp |
| US | 8.8.8.8:53 | www.chitarredarredo.it | udp |
| US | 8.8.8.8:53 | choosevrchicago.com | udp |
| US | 62.72.4.152:443 | dcgtruck.com | tcp |
| US | 8.8.8.8:53 | chupanhchandung.com | udp |
| FR | 51.91.236.193:80 | demahoue.com | tcp |
| CA | 104.255.152.78:443 | dansscho.com | tcp |
| FR | 35.181.89.222:443 | trending24h.com | tcp |
| US | 8.8.8.8:53 | circlemcfencing.com | udp |
| US | 8.8.8.8:53 | citadelaccounts.com | udp |
| US | 209.182.199.238:443 | jamarmasonryrestoration.com | tcp |
| US | 192.163.196.170:443 | delmaspa.com | tcp |
| N/A | 127.0.0.1:53046 | tcp | |
| TH | 27.254.96.244:80 | www.loki389.com | tcp |
| DE | 217.160.0.193:80 | depannup.com | tcp |
| US | 8.8.8.8:53 | 81.237.69.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.4.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.206.84.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.39.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.166.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.19.229.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.1.31.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.158.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cocinasfigueres.com | udp |
| US | 8.8.8.8:53 | 87.162.238.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | coldfinservices.com | udp |
| US | 8.8.8.8:53 | www.comancheisdbond.com | udp |
| US | 8.8.8.8:53 | construction-sr.com | udp |
| N/A | 127.0.0.1:53048 | tcp | |
| N/A | 127.0.0.1:53051 | tcp | |
| N/A | 127.0.0.1:53056 | tcp | |
| N/A | 127.0.0.1:53059 | tcp | |
| N/A | 127.0.0.1:53061 | tcp | |
| US | 74.208.236.219:80 | choosevrchicago.com | tcp |
| US | 8.8.8.8:53 | construhogarsac.com | udp |
| US | 104.21.29.14:443 | www.chitarredarredo.it | tcp |
| US | 8.8.8.8:53 | larileylogistics.com | udp |
| US | 154.56.47.80:443 | construction-sr.com | tcp |
| US | 141.193.213.10:443 | www.comancheisdbond.com | tcp |
| US | 131.153.147.50:443 | coldfinservices.com | tcp |
| US | 8.8.8.8:53 | lastunitsonoffer.com | udp |
| US | 159.89.178.93:443 | circlemcfencing.com | tcp |
| US | 173.236.236.248:443 | meroyar.com | tcp |
| SG | 151.106.124.58:443 | citadelaccounts.com | tcp |
| ES | 37.153.89.67:443 | cocinasfigueres.com | tcp |
| US | 8.8.8.8:53 | leadexconference.com | udp |
| VN | 103.188.167.191:443 | chupanhchandung.com | tcp |
| US | 8.8.8.8:53 | laundryhutjaipur.com | udp |
| US | 8.8.8.8:53 | lifeinalgorithms.com | udp |
| US | 8.8.8.8:53 | www.limosinasalcaraz.com | udp |
| US | 8.8.8.8:53 | www.lifewavesolution.com | udp |
| US | 8.8.8.8:53 | 174.55.196.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.152.255.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.4.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.199.182.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.0.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.196.163.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.29.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.236.208.74.in-addr.arpa | udp |
| US | 154.56.47.247:443 | larileylogistics.com | tcp |
| US | 198.23.62.250:443 | construhogarsac.com | tcp |
| US | 8.8.8.8:53 | www.demahoue.com | udp |
| US | 8.8.8.8:53 | linacapitalgroup.com | udp |
| US | 162.241.3.14:443 | lastunitsonoffer.com | tcp |
| SG | 151.106.124.237:443 | leadexconference.com | tcp |
| US | 8.8.8.8:53 | localoxygen.com | udp |
| DE | 157.90.36.209:443 | laundryhutjaipur.com | tcp |
| US | 154.56.47.100:443 | lifeinalgorithms.com | tcp |
| US | 50.31.174.169:443 | www.limosinasalcaraz.com | tcp |
| US | 160.153.0.201:443 | linacapitalgroup.com | tcp |
| US | 34.68.234.4:80 | localoxygen.com | tcp |
| FR | 51.91.236.193:443 | www.demahoue.com | tcp |
| JP | 202.181.97.25:443 | www.lifewavesolution.com | tcp |
| US | 8.8.8.8:53 | www.luckylobsterbham.com | udp |
| US | 8.8.8.8:53 | lodestar-digital.com | udp |
| US | 8.8.8.8:53 | memoset.fr | udp |
| US | 8.8.8.8:53 | maharashtrakatta.com | udp |
| US | 8.8.8.8:53 | mail002orangepro.com | udp |
| US | 8.8.8.8:53 | mailmatecouriers.com | udp |
| US | 8.8.8.8:53 | mangofoodvillage.com | udp |
| US | 8.8.8.8:53 | manhaconsultancy.com | udp |
| US | 8.8.8.8:53 | 93.178.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.147.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.89.153.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.47.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.124.106.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.167.188.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.62.23.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.47.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.36.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.174.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.47.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.124.106.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.97.181.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | manifestmagic365.com | udp |
| N/A | 127.0.0.1:53071 | tcp | |
| N/A | 127.0.0.1:53089 | tcp | |
| N/A | 127.0.0.1:53091 | tcp | |
| N/A | 127.0.0.1:53094 | tcp | |
| N/A | 127.0.0.1:53103 | tcp | |
| N/A | 127.0.0.1:53113 | tcp | |
| N/A | 127.0.0.1:53115 | tcp | |
| N/A | 127.0.0.1:53119 | tcp | |
| N/A | 127.0.0.1:53121 | tcp | |
| N/A | 127.0.0.1:53130 | tcp | |
| N/A | 127.0.0.1:53132 | tcp | |
| N/A | 127.0.0.1:53148 | tcp | |
| N/A | 127.0.0.1:53153 | tcp | |
| N/A | 127.0.0.1:53155 | tcp | |
| US | 172.67.216.204:443 | manhaconsultancy.com | tcp |
| US | 34.68.234.4:443 | localoxygen.com | tcp |
| US | 149.100.151.233:443 | manifestmagic365.com | tcp |
| US | 8.8.8.8:53 | manuelabartolini.com | udp |
| US | 217.196.55.30:443 | maharashtrakatta.com | tcp |
| IN | 206.189.140.15:443 | mangofoodvillage.com | tcp |
| US | 67.217.63.74:443 | mailmatecouriers.com | tcp |
| US | 64.90.48.54:443 | www.luckylobsterbham.com | tcp |
| US | 8.8.8.8:53 | www.circlemcfencing.com | udp |
| US | 8.8.8.8:53 | manurussellnutri.com | udp |
| US | 173.252.167.40:443 | mailmarketingjob.com | tcp |
| US | 66.81.203.198:80 | mail002orangepro.com | tcp |
| US | 8.8.8.8:53 | mariachisenchile.com | udp |
| US | 8.8.8.8:53 | maryalexgonzalez.com | udp |
| US | 8.8.8.8:53 | marketingbyswati.com | udp |
| NL | 185.224.137.30:443 | lodestar-digital.com | tcp |
| FR | 51.91.236.193:443 | memoset.fr | tcp |
| US | 8.8.8.8:53 | maseruconsulting.com | udp |
| US | 8.8.8.8:53 | maticictim-audio.com | udp |
| US | 8.8.8.8:53 | mcdbreakfastmenu.com | udp |
| US | 208.113.188.112:443 | www.manobikshailkupa.com | tcp |
| US | 8.8.8.8:53 | medspanorthidaho.com | udp |
| US | 8.8.8.8:53 | melollevoenlinea.com | udp |
| US | 8.8.8.8:53 | merakiskytravels.com | udp |
| US | 172.67.173.240:443 | manuelabartolini.com | tcp |
| US | 50.6.138.154:443 | mariachisenchile.com | tcp |
| US | 74.208.236.219:443 | choosevrchicago.com | tcp |
| US | 159.89.178.93:443 | www.circlemcfencing.com | tcp |
| US | 162.241.63.10:443 | manurussellnutri.com | tcp |
| US | 66.235.200.147:443 | maseruconsulting.com | tcp |
| IN | 154.41.233.150:443 | marketingbyswati.com | tcp |
| US | 62.72.50.57:443 | maryalexgonzalez.com | tcp |
| US | 8.8.8.8:53 | www.danakron.com | udp |
| US | 8.8.8.8:53 | meridianoffshore.com | udp |
| US | 8.8.8.8:53 | mickeyshapedblog.com | udp |
| US | 8.8.8.8:53 | mimbarminangnews.com | udp |
| US | 8.8.8.8:53 | minddesigndirect.com | udp |
| US | 8.8.8.8:53 | mindhealingpower.com | udp |
| US | 89.117.139.168:443 | mcdbreakfastmenu.com | tcp |
| US | 8.8.8.8:53 | miradorpark.com.tr | udp |
| US | 66.81.203.198:443 | maticictim-audio.com | tcp |
| US | 141.193.213.10:80 | medspanorthidaho.com | tcp |
| US | 8.8.8.8:53 | mizangeridonusum.com | udp |
| GB | 141.136.33.18:443 | merakiskytravels.com | tcp |
| BR | 154.49.247.203:443 | melollevoenlinea.com | tcp |
| US | 8.8.8.8:53 | 204.216.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.137.224.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.63.217.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.55.196.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.140.189.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.48.90.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.167.252.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.188.113.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.173.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.138.6.50.in-addr.arpa | udp |
| US | 104.21.39.183:443 | www.danakron.com | tcp |
| US | 8.8.8.8:53 | 10.63.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mlobowatercolors.com | udp |
| TR | 94.73.146.81:443 | miradorpark.com.tr | tcp |
| US | 154.56.47.151:443 | mindhealingpower.com | tcp |
| US | 160.153.0.79:443 | mickeyshapedblog.com | tcp |
| US | 66.29.146.58:443 | meridianoffshore.com | tcp |
| N/A | 127.0.0.1:53168 | tcp | |
| US | 8.8.8.8:53 | modernfitmastery.com | udp |
| US | 3.221.225.26:443 | minddesigndirect.com | tcp |
| US | 8.8.8.8:53 | momisalwaysright.com | udp |
| US | 154.56.47.78:443 | mirandacontreras.com | tcp |
| N/A | 127.0.0.1:53177 | tcp | |
| TR | 31.192.214.172:443 | mizangeridonusum.com | tcp |
| ID | 103.16.198.94:443 | mimbarminangnews.com | tcp |
| US | 8.8.8.8:53 | moneyandservltda.com | udp |
| US | 104.21.6.100:443 | mlobowatercolors.com | tcp |
| US | 8.8.8.8:53 | mondial-house-sn.com | udp |
| US | 8.8.8.8:53 | mostacitamoraita.com | udp |
| US | 8.8.8.8:53 | www.motorhometrekkers.com | udp |
| US | 8.8.8.8:53 | mqdigitalfashion.com | udp |
| US | 8.8.8.8:53 | myitalianfashion.com | udp |
| US | 8.8.8.8:53 | mylearningchoice.com | udp |
| US | 8.8.8.8:53 | mypensionplanned.com | udp |
| US | 8.8.8.8:53 | mystiqueambition.com | udp |
| GB | 185.77.97.138:443 | modernfitmastery.com | tcp |
| N/A | 127.0.0.1:53179 | tcp | |
| FR | 35.181.89.222:443 | momisalwaysright.com | tcp |
| DE | 195.201.58.155:443 | mondial-house-sn.com | tcp |
| DE | 217.160.0.108:443 | www.motorhometrekkers.com | tcp |
| SG | 156.67.222.18:443 | mqdigitalfashion.com | tcp |
| US | 66.235.200.145:443 | mylearningchoice.com | tcp |
| US | 172.67.156.94:443 | myitalianfashion.com | tcp |
| US | 8.8.8.8:53 | nardorestaurante.com | udp |
| US | 8.8.8.8:53 | 150.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.50.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.139.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.33.136.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.146.73.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.47.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.146.29.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.225.221.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.6.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.192.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.47.56.154.in-addr.arpa | udp |
| NL | 75.102.58.24:443 | mostacitamoraita.com | tcp |
| DE | 81.169.145.84:80 | mystiqueambition.com | tcp |
| US | 8.8.8.8:53 | naturalbem-estar.com | udp |
| US | 8.8.8.8:53 | naveenramkrishna.com | udp |
| US | 8.8.8.8:53 | newhomerebatenow.com | udp |
| US | 8.8.8.8:53 | ncroofinspection.com | udp |
| US | 8.8.8.8:53 | nexusdgmarketing.com | udp |
| US | 8.8.8.8:53 | newlyamplebazaar.com | udp |
| BG | 185.82.216.111:443 | server15.localstats.org | tcp |
| N/A | 127.0.0.1:53182 | tcp | |
| US | 173.231.214.233:443 | nardorestaurante.com | tcp |
| N/A | 127.0.0.1:53186 | tcp | |
| US | 8.8.8.8:53 | officialsitemart.com | udp |
| US | 8.8.8.8:53 | ogmiosconsulting.com | udp |
| US | 8.8.8.8:53 | odontocaredental.com | udp |
| US | 8.8.8.8:53 | onecompanystudio.com | udp |
| US | 8.8.8.8:53 | oneillhomebuyers.com | udp |
| US | 8.8.8.8:53 | onestopfoodjoint.com | udp |
| US | 8.8.8.8:53 | onlinefoodsstore.com | udp |
| US | 162.241.203.220:443 | naturalbem-estar.com | tcp |
| US | 104.21.11.78:443 | newlyamplebazaar.com | tcp |
| US | 82.180.172.216:443 | newhomerebatenow.com | tcp |
| US | 154.56.47.99:443 | nexusdgmarketing.com | tcp |
| DE | 167.235.182.50:443 | naveenramkrishna.com | tcp |
| US | 172.67.212.200:443 | ncroofinspection.com | tcp |
| N/A | 127.0.0.1:53188 | tcp | |
| N/A | 127.0.0.1:53195 | tcp | |
| N/A | 127.0.0.1:53199 | tcp | |
| N/A | 127.0.0.1:53203 | tcp | |
| N/A | 127.0.0.1:53207 | tcp | |
| N/A | 127.0.0.1:53219 | tcp | |
| US | 8.8.8.8:53 | 138.97.77.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.58.201.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.0.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.200.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.156.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.58.102.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | motorhometrekkers.com | udp |
| US | 8.8.8.8:53 | onlinegamesfield.com | udp |
| US | 8.8.8.8:53 | onlinemarketiing.com | udp |
| US | 8.8.8.8:53 | www.onlinetechrescue.com | udp |
| US | 8.8.8.8:53 | www.onlylightdigital.com | udp |
| US | 8.8.8.8:53 | openhorizonspace.com | udp |
| US | 8.8.8.8:53 | operationdadduty.com | udp |
| US | 8.8.8.8:53 | www.manuelabartolini.com | udp |
| US | 62.72.25.85:443 | onlinefoodsstore.com | tcp |
| US | 50.87.147.159:443 | oneillhomebuyers.com | tcp |
| US | 8.8.8.8:53 | orendapsikologji.com | udp |
| US | 8.8.8.8:53 | www.marketingbyswati.com | udp |
| US | 172.96.141.80:443 | nongorfoundation.com | tcp |
| US | 8.8.8.8:53 | originalesonline.com | udp |
| US | 8.8.8.8:53 | ecomstorenetwork.com | udp |
| US | 8.8.8.8:53 | outsightlearning.com | udp |
| US | 8.8.8.8:53 | www.pamelasuejackson.com | udp |
| DE | 217.160.0.226:443 | ogmiosconsulting.com | tcp |
| US | 66.29.141.192:443 | onecompanystudio.com | tcp |
| IN | 62.72.14.156:443 | odontocaredental.com | tcp |
| US | 162.144.3.63:80 | onestopfoodjoint.com | tcp |
| US | 8.8.8.8:53 | papillonhomepets.com | udp |
| DE | 217.160.0.108:443 | motorhometrekkers.com | tcp |
| BR | 154.56.48.97:443 | officialsitemart.com | tcp |
| IT | 185.221.175.25:443 | www.onlylightdigital.com | tcp |
| US | 8.8.8.8:53 | parentingnesthub.com | udp |
| US | 104.21.30.214:443 | www.manuelabartolini.com | tcp |
| US | 66.235.200.146:443 | operationdadduty.com | tcp |
| US | 8.8.8.8:53 | 233.214.231.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.182.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.212.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.203.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.47.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.172.180.82.in-addr.arpa | udp |
| SG | 194.163.42.34:443 | onlinemarketiing.com | tcp |
| US | 173.236.65.130:443 | www.onlinetechrescue.com | tcp |
| US | 216.246.46.70:443 | onlinegamesfield.com | tcp |
| US | 154.56.47.78:443 | openhorizonspace.com | tcp |
| US | 172.67.172.86:443 | ecomstorenetwork.com | tcp |
| IN | 154.41.233.150:443 | www.marketingbyswati.com | tcp |
| US | 160.153.0.122:443 | orendapsikologji.com | tcp |
| US | 8.8.8.8:53 | parqueunapelotas.com | udp |
| US | 149.100.151.219:443 | papillonhomepets.com | tcp |
| US | 107.180.47.65:443 | outsightlearning.com | tcp |
| BR | 154.56.50.13:443 | originalesonline.com | tcp |
| US | 162.241.203.15:443 | parentingnesthub.com | tcp |
| US | 8.8.8.8:53 | patrick-solution.com | udp |
| US | 8.8.8.8:53 | pastesrealminero.com | udp |
| US | 8.8.8.8:53 | pazinteriortotal.com | udp |
| US | 8.8.8.8:53 | pbsconsultingllc.com | udp |
| US | 65.181.111.151:443 | www.pamelasuejackson.com | tcp |
| US | 8.8.8.8:53 | pechitotvdigital.com | udp |
| US | 8.8.8.8:53 | www.personalgrowthk9.com | udp |
| US | 8.8.8.8:53 | picasso-wellness.com | udp |
| US | 8.8.8.8:53 | pinelakecleaning.com | udp |
| US | 8.8.8.8:53 | pelagicequipment.com | udp |
| US | 162.214.162.193:443 | parqueunapelotas.com | tcp |
| US | 8.8.8.8:53 | 85.25.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.147.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.0.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.175.221.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.141.96.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.30.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.3.144.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.14.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.141.29.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.48.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.65.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.172.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.42.163.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.151.100.149.in-addr.arpa | udp |
| GB | 185.77.97.89:443 | pazinteriortotal.com | tcp |
| US | 154.7.253.149:443 | pbsconsultingllc.com | tcp |
| N/A | 127.0.0.1:53226 | tcp | |
| US | 160.153.0.135:443 | pelagicequipment.com | tcp |
| US | 159.203.76.80:443 | picasso-wellness.com | tcp |
| US | 8.8.8.8:53 | pintoresengandia.com | udp |
| US | 104.21.95.26:443 | pinelakecleaning.com | tcp |
| FR | 193.70.117.88:443 | pastesrealminero.com | tcp |
| US | 190.8.176.166:443 | www.personalgrowthk9.com | tcp |
| US | 8.8.8.8:53 | pitambaratravels.com | udp |
| JP | 139.162.67.176:443 | patrick-solution.com | tcp |
| US | 172.67.140.182:443 | pintoresengandia.com | tcp |
| N/A | 127.0.0.1:53231 | tcp | |
| N/A | 127.0.0.1:53233 | tcp | |
| N/A | 127.0.0.1:53235 | tcp | |
| N/A | 127.0.0.1:53238 | tcp | |
| N/A | 127.0.0.1:53243 | tcp | |
| N/A | 127.0.0.1:53251 | tcp | |
| N/A | 127.0.0.1:53253 | tcp | |
| N/A | 127.0.0.1:53261 | tcp | |
| N/A | 127.0.0.1:53269 | tcp | |
| N/A | 127.0.0.1:53271 | tcp | |
| N/A | 127.0.0.1:53273 | tcp | |
| N/A | 127.0.0.1:53275 | tcp | |
| N/A | 127.0.0.1:53286 | tcp | |
| N/A | 127.0.0.1:53290 | tcp | |
| N/A | 127.0.0.1:53292 | tcp | |
| N/A | 127.0.0.1:53298 | tcp | |
| N/A | 127.0.0.1:53300 | tcp | |
| N/A | 127.0.0.1:53302 | tcp | |
| N/A | 127.0.0.1:53304 | tcp | |
| US | 8.8.8.8:53 | www.parqueunapelotas.com | udp |
| SG | 82.180.152.129:443 | pitambaratravels.com | tcp |
| US | 8.8.8.8:53 | 15.203.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.111.181.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.162.214.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.97.77.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.253.7.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.95.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.117.70.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.140.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.76.203.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.176.8.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.67.162.139.in-addr.arpa | udp |
| US | 162.214.162.193:443 | www.parqueunapelotas.com | tcp |
| US | 8.8.8.8:53 | 129.152.180.82.in-addr.arpa | udp |
| N/A | 127.0.0.1:53311 | tcp | |
| N/A | 127.0.0.1:53322 | tcp | |
| N/A | 127.0.0.1:53332 | tcp | |
| N/A | 127.0.0.1:53334 | tcp | |
| N/A | 127.0.0.1:53341 | tcp | |
| N/A | 127.0.0.1:53348 | tcp | |
| N/A | 127.0.0.1:53356 | tcp | |
| N/A | 127.0.0.1:53365 | tcp | |
| N/A | 127.0.0.1:53387 | tcp | |
| N/A | 127.0.0.1:53394 | tcp | |
| N/A | 127.0.0.1:53396 | tcp | |
| N/A | 127.0.0.1:53398 | tcp | |
| N/A | 127.0.0.1:53400 | tcp | |
| N/A | 127.0.0.1:53414 | tcp | |
| N/A | 127.0.0.1:53416 | tcp | |
| N/A | 127.0.0.1:53418 | tcp | |
| N/A | 127.0.0.1:53420 | tcp | |
| N/A | 127.0.0.1:53422 | tcp | |
| N/A | 127.0.0.1:53424 | tcp | |
| N/A | 127.0.0.1:53426 | tcp | |
| N/A | 127.0.0.1:53428 | tcp | |
| N/A | 127.0.0.1:53431 | tcp | |
| N/A | 127.0.0.1:53442 | tcp | |
| N/A | 127.0.0.1:53444 | tcp | |
| N/A | 127.0.0.1:53446 | tcp | |
| N/A | 127.0.0.1:53448 | tcp | |
| N/A | 127.0.0.1:53450 | tcp | |
| N/A | 127.0.0.1:53457 | tcp | |
| N/A | 127.0.0.1:53459 | tcp | |
| N/A | 127.0.0.1:53463 | tcp | |
| N/A | 127.0.0.1:53480 | tcp | |
| N/A | 127.0.0.1:53482 | tcp | |
| N/A | 127.0.0.1:53485 | tcp | |
| N/A | 127.0.0.1:53497 | tcp | |
| N/A | 127.0.0.1:53502 | tcp | |
| N/A | 127.0.0.1:53504 | tcp | |
| N/A | 127.0.0.1:53506 | tcp | |
| N/A | 127.0.0.1:53508 | tcp | |
| N/A | 127.0.0.1:53510 | tcp | |
| N/A | 127.0.0.1:53527 | tcp | |
| N/A | 127.0.0.1:53531 | tcp | |
| N/A | 127.0.0.1:53537 | tcp | |
| N/A | 127.0.0.1:53546 | tcp | |
| N/A | 127.0.0.1:53550 | tcp | |
| N/A | 127.0.0.1:53552 | tcp | |
| N/A | 127.0.0.1:53554 | tcp | |
| N/A | 127.0.0.1:53557 | tcp | |
| N/A | 127.0.0.1:53563 | tcp | |
| N/A | 127.0.0.1:53565 | tcp | |
| N/A | 127.0.0.1:53567 | tcp | |
| N/A | 127.0.0.1:53574 | tcp | |
| N/A | 127.0.0.1:53577 | tcp | |
| N/A | 127.0.0.1:53580 | tcp | |
| N/A | 127.0.0.1:53587 | tcp | |
| N/A | 127.0.0.1:53589 | tcp | |
| N/A | 127.0.0.1:53591 | tcp | |
| N/A | 127.0.0.1:53597 | tcp | |
| N/A | 127.0.0.1:53602 | tcp | |
| N/A | 127.0.0.1:53605 | tcp | |
| N/A | 127.0.0.1:53612 | tcp | |
| N/A | 127.0.0.1:53631 | tcp | |
| N/A | 127.0.0.1:53633 | tcp | |
| N/A | 127.0.0.1:53642 | tcp | |
| N/A | 127.0.0.1:53644 | tcp | |
| N/A | 127.0.0.1:53646 | tcp | |
| N/A | 127.0.0.1:53649 | tcp | |
| N/A | 127.0.0.1:53652 | tcp | |
| N/A | 127.0.0.1:53666 | tcp | |
| N/A | 127.0.0.1:53669 | tcp | |
| N/A | 127.0.0.1:53680 | tcp | |
| N/A | 127.0.0.1:53694 | tcp | |
| N/A | 127.0.0.1:53696 | tcp | |
| N/A | 127.0.0.1:53703 | tcp | |
| N/A | 127.0.0.1:53705 | tcp | |
| N/A | 127.0.0.1:53709 | tcp | |
| N/A | 127.0.0.1:53712 | tcp | |
| N/A | 127.0.0.1:53722 | tcp | |
| N/A | 127.0.0.1:53724 | tcp | |
| N/A | 127.0.0.1:53726 | tcp | |
| N/A | 127.0.0.1:53743 | tcp | |
| N/A | 127.0.0.1:53746 | tcp | |
| N/A | 127.0.0.1:53748 | tcp | |
| N/A | 127.0.0.1:53750 | tcp | |
| N/A | 127.0.0.1:53752 | tcp | |
| N/A | 127.0.0.1:53754 | tcp | |
| N/A | 127.0.0.1:53757 | tcp | |
| N/A | 127.0.0.1:53759 | tcp | |
| N/A | 127.0.0.1:53761 | tcp | |
| N/A | 127.0.0.1:53766 | tcp | |
| N/A | 127.0.0.1:53769 | tcp | |
| N/A | 127.0.0.1:53782 | tcp | |
| N/A | 127.0.0.1:53784 | tcp | |
| N/A | 127.0.0.1:53786 | tcp | |
| N/A | 127.0.0.1:53789 | tcp | |
| N/A | 127.0.0.1:53794 | tcp | |
| N/A | 127.0.0.1:53799 | tcp | |
| N/A | 127.0.0.1:53801 | tcp | |
| N/A | 127.0.0.1:53806 | tcp | |
| N/A | 127.0.0.1:53819 | tcp | |
| N/A | 127.0.0.1:53822 | tcp | |
| N/A | 127.0.0.1:53835 | tcp | |
| N/A | 127.0.0.1:53841 | tcp | |
| N/A | 127.0.0.1:53847 | tcp | |
| N/A | 127.0.0.1:53861 | tcp | |
| N/A | 127.0.0.1:53864 | tcp | |
| N/A | 127.0.0.1:53866 | tcp | |
| N/A | 127.0.0.1:53869 | tcp | |
| N/A | 127.0.0.1:53871 | tcp | |
| N/A | 127.0.0.1:53875 | tcp | |
| N/A | 127.0.0.1:53884 | tcp | |
| N/A | 127.0.0.1:53894 | tcp | |
| N/A | 127.0.0.1:53896 | tcp | |
| N/A | 127.0.0.1:53898 | tcp | |
| N/A | 127.0.0.1:53900 | tcp | |
| N/A | 127.0.0.1:53902 | tcp | |
| N/A | 127.0.0.1:53910 | tcp | |
| N/A | 127.0.0.1:53913 | tcp | |
| N/A | 127.0.0.1:53915 | tcp | |
| N/A | 127.0.0.1:53917 | tcp | |
| N/A | 127.0.0.1:53919 | tcp | |
| N/A | 127.0.0.1:53921 | tcp | |
| N/A | 127.0.0.1:53927 | tcp | |
| N/A | 127.0.0.1:53941 | tcp | |
| N/A | 127.0.0.1:53943 | tcp | |
| N/A | 127.0.0.1:53945 | tcp | |
| N/A | 127.0.0.1:53950 | tcp | |
| N/A | 127.0.0.1:53957 | tcp | |
| N/A | 127.0.0.1:53960 | tcp | |
| N/A | 127.0.0.1:53980 | tcp | |
| N/A | 127.0.0.1:53982 | tcp | |
| N/A | 127.0.0.1:53984 | tcp | |
| N/A | 127.0.0.1:53986 | tcp | |
| N/A | 127.0.0.1:53988 | tcp | |
| N/A | 127.0.0.1:53993 | tcp | |
| N/A | 127.0.0.1:53996 | tcp | |
| N/A | 127.0.0.1:53998 | tcp | |
| N/A | 127.0.0.1:54000 | tcp | |
| N/A | 127.0.0.1:54011 | tcp | |
| N/A | 127.0.0.1:54020 | tcp | |
| N/A | 127.0.0.1:54022 | tcp | |
| N/A | 127.0.0.1:54037 | tcp | |
| N/A | 127.0.0.1:54039 | tcp | |
| N/A | 127.0.0.1:54041 | tcp | |
| N/A | 127.0.0.1:54043 | tcp | |
| N/A | 127.0.0.1:54045 | tcp | |
| N/A | 127.0.0.1:54047 | tcp | |
| N/A | 127.0.0.1:54049 | tcp | |
| N/A | 127.0.0.1:54058 | tcp | |
| N/A | 127.0.0.1:54072 | tcp | |
| N/A | 127.0.0.1:54076 | tcp | |
| N/A | 127.0.0.1:54078 | tcp | |
| N/A | 127.0.0.1:54082 | tcp | |
| N/A | 127.0.0.1:54084 | tcp | |
| N/A | 127.0.0.1:54090 | tcp | |
| N/A | 127.0.0.1:54092 | tcp | |
| N/A | 127.0.0.1:54095 | tcp | |
| N/A | 127.0.0.1:54105 | tcp | |
| N/A | 127.0.0.1:54107 | tcp | |
| N/A | 127.0.0.1:54109 | tcp | |
| N/A | 127.0.0.1:54119 | tcp | |
| N/A | 127.0.0.1:54133 | tcp | |
| N/A | 127.0.0.1:54136 | tcp | |
| N/A | 127.0.0.1:54139 | tcp | |
| N/A | 127.0.0.1:54143 | tcp | |
| N/A | 127.0.0.1:54165 | tcp | |
| N/A | 127.0.0.1:54167 | tcp | |
| N/A | 127.0.0.1:54169 | tcp | |
| N/A | 127.0.0.1:54171 | tcp | |
| N/A | 127.0.0.1:54173 | tcp | |
| N/A | 127.0.0.1:54184 | tcp | |
| N/A | 127.0.0.1:54186 | tcp | |
| N/A | 127.0.0.1:54188 | tcp | |
| N/A | 127.0.0.1:54190 | tcp | |
| N/A | 127.0.0.1:54192 | tcp | |
| N/A | 127.0.0.1:54194 | tcp | |
| N/A | 127.0.0.1:54196 | tcp | |
| N/A | 127.0.0.1:54199 | tcp | |
| N/A | 127.0.0.1:54201 | tcp | |
| N/A | 127.0.0.1:54203 | tcp | |
| N/A | 127.0.0.1:54205 | tcp | |
| N/A | 127.0.0.1:54217 | tcp | |
| N/A | 127.0.0.1:54221 | tcp | |
| N/A | 127.0.0.1:54223 | tcp | |
| N/A | 127.0.0.1:54225 | tcp | |
| N/A | 127.0.0.1:54230 | tcp | |
| N/A | 127.0.0.1:54244 | tcp | |
| N/A | 127.0.0.1:54253 | tcp | |
| N/A | 127.0.0.1:54263 | tcp | |
| N/A | 127.0.0.1:54267 | tcp | |
| N/A | 127.0.0.1:54283 | tcp | |
| N/A | 127.0.0.1:54290 | tcp | |
| N/A | 127.0.0.1:54295 | tcp | |
| N/A | 127.0.0.1:54298 | tcp | |
| N/A | 127.0.0.1:54300 | tcp | |
| N/A | 127.0.0.1:54302 | tcp | |
| N/A | 127.0.0.1:54305 | tcp | |
| N/A | 127.0.0.1:54309 | tcp | |
| N/A | 127.0.0.1:54312 | tcp | |
| N/A | 127.0.0.1:54324 | tcp | |
| N/A | 127.0.0.1:54326 | tcp | |
| N/A | 127.0.0.1:54328 | tcp | |
| N/A | 127.0.0.1:54330 | tcp | |
| N/A | 127.0.0.1:54332 | tcp | |
| N/A | 127.0.0.1:54334 | tcp | |
| N/A | 127.0.0.1:54340 | tcp | |
| N/A | 127.0.0.1:54342 | tcp | |
| N/A | 127.0.0.1:54348 | tcp | |
| N/A | 127.0.0.1:54366 | tcp | |
| N/A | 127.0.0.1:54370 | tcp | |
| N/A | 127.0.0.1:54372 | tcp | |
| N/A | 127.0.0.1:54374 | tcp | |
| N/A | 127.0.0.1:54376 | tcp | |
| N/A | 127.0.0.1:54378 | tcp | |
| N/A | 127.0.0.1:54380 | tcp | |
| N/A | 127.0.0.1:54382 | tcp | |
| N/A | 127.0.0.1:54384 | tcp | |
| N/A | 127.0.0.1:54392 | tcp | |
| N/A | 127.0.0.1:54400 | tcp | |
| N/A | 127.0.0.1:54405 | tcp | |
| N/A | 127.0.0.1:54415 | tcp | |
| N/A | 127.0.0.1:54422 | tcp | |
| N/A | 127.0.0.1:54429 | tcp | |
| N/A | 127.0.0.1:54432 | tcp | |
| N/A | 127.0.0.1:54435 | tcp | |
| N/A | 127.0.0.1:54439 | tcp | |
| N/A | 127.0.0.1:54454 | tcp | |
| N/A | 127.0.0.1:54458 | tcp | |
| N/A | 127.0.0.1:54468 | tcp | |
| N/A | 127.0.0.1:54470 | tcp | |
| N/A | 127.0.0.1:54481 | tcp | |
| N/A | 127.0.0.1:54487 | tcp | |
| N/A | 127.0.0.1:54490 | tcp | |
| N/A | 127.0.0.1:54492 | tcp | |
| N/A | 127.0.0.1:54494 | tcp | |
| N/A | 127.0.0.1:54496 | tcp | |
| N/A | 127.0.0.1:54498 | tcp | |
| N/A | 127.0.0.1:54500 | tcp | |
| N/A | 127.0.0.1:54504 | tcp | |
| N/A | 127.0.0.1:54506 | tcp | |
| N/A | 127.0.0.1:54508 | tcp | |
| N/A | 127.0.0.1:54510 | tcp | |
| N/A | 127.0.0.1:54516 | tcp | |
| N/A | 127.0.0.1:54531 | tcp | |
| N/A | 127.0.0.1:54534 | tcp | |
| N/A | 127.0.0.1:54536 | tcp | |
| N/A | 127.0.0.1:54538 | tcp | |
| N/A | 127.0.0.1:54540 | tcp | |
| N/A | 127.0.0.1:54545 | tcp | |
| N/A | 127.0.0.1:54553 | tcp | |
| N/A | 127.0.0.1:54558 | tcp | |
| N/A | 127.0.0.1:54568 | tcp | |
| N/A | 127.0.0.1:54573 | tcp | |
| N/A | 127.0.0.1:54577 | tcp | |
| N/A | 127.0.0.1:54579 | tcp | |
| N/A | 127.0.0.1:54586 | tcp | |
| N/A | 127.0.0.1:54590 | tcp | |
| N/A | 127.0.0.1:54619 | tcp | |
| N/A | 127.0.0.1:54624 | tcp | |
| N/A | 127.0.0.1:54629 | tcp | |
| N/A | 127.0.0.1:54631 | tcp | |
| N/A | 127.0.0.1:54633 | tcp | |
| N/A | 127.0.0.1:54635 | tcp | |
| N/A | 127.0.0.1:54637 | tcp | |
| N/A | 127.0.0.1:54639 | tcp | |
| N/A | 127.0.0.1:54646 | tcp | |
| N/A | 127.0.0.1:54660 | tcp | |
| N/A | 127.0.0.1:54662 | tcp | |
| N/A | 127.0.0.1:54669 | tcp | |
| N/A | 127.0.0.1:54673 | tcp | |
| N/A | 127.0.0.1:54677 | tcp | |
| N/A | 127.0.0.1:54680 | tcp | |
| N/A | 127.0.0.1:54682 | tcp | |
| N/A | 127.0.0.1:54684 | tcp | |
| N/A | 127.0.0.1:54686 | tcp | |
| N/A | 127.0.0.1:54688 | tcp | |
| N/A | 127.0.0.1:54690 | tcp | |
| N/A | 127.0.0.1:54692 | tcp | |
| N/A | 127.0.0.1:54694 | tcp | |
| N/A | 127.0.0.1:54704 | tcp | |
| N/A | 127.0.0.1:54715 | tcp | |
| N/A | 127.0.0.1:54717 | tcp | |
| N/A | 127.0.0.1:54732 | tcp | |
| N/A | 127.0.0.1:54741 | tcp | |
| N/A | 127.0.0.1:54745 | tcp | |
| N/A | 127.0.0.1:54750 | tcp | |
| N/A | 127.0.0.1:54752 | tcp | |
| N/A | 127.0.0.1:54756 | tcp | |
| N/A | 127.0.0.1:54766 | tcp | |
| N/A | 127.0.0.1:54780 | tcp | |
| N/A | 127.0.0.1:54782 | tcp | |
| N/A | 127.0.0.1:54785 | tcp | |
| N/A | 127.0.0.1:54787 | tcp | |
| N/A | 127.0.0.1:54789 | tcp | |
| N/A | 127.0.0.1:54791 | tcp | |
| N/A | 127.0.0.1:54793 | tcp | |
| N/A | 127.0.0.1:54796 | tcp | |
| N/A | 127.0.0.1:54798 | tcp | |
| N/A | 127.0.0.1:54800 | tcp | |
| N/A | 127.0.0.1:54802 | tcp | |
| N/A | 127.0.0.1:54819 | tcp | |
| N/A | 127.0.0.1:54821 | tcp | |
| N/A | 127.0.0.1:54823 | tcp | |
| N/A | 127.0.0.1:54840 | tcp | |
| N/A | 127.0.0.1:54843 | tcp | |
| N/A | 127.0.0.1:54845 | tcp | |
| N/A | 127.0.0.1:54853 | tcp | |
| N/A | 127.0.0.1:54862 | tcp | |
| N/A | 127.0.0.1:54864 | tcp | |
| N/A | 127.0.0.1:54866 | tcp | |
| N/A | 127.0.0.1:54868 | tcp | |
| N/A | 127.0.0.1:54870 | tcp | |
| N/A | 127.0.0.1:54872 | tcp | |
| N/A | 127.0.0.1:54874 | tcp | |
| N/A | 127.0.0.1:54876 | tcp | |
| N/A | 127.0.0.1:54878 | tcp | |
| N/A | 127.0.0.1:54880 | tcp | |
| N/A | 127.0.0.1:54882 | tcp | |
| N/A | 127.0.0.1:54884 | tcp | |
| N/A | 127.0.0.1:54888 | tcp | |
| N/A | 127.0.0.1:54899 | tcp | |
| N/A | 127.0.0.1:54905 | tcp | |
| N/A | 127.0.0.1:54909 | tcp | |
| N/A | 127.0.0.1:54914 | tcp | |
| N/A | 127.0.0.1:54919 | tcp | |
| N/A | 127.0.0.1:54922 | tcp | |
| N/A | 127.0.0.1:54924 | tcp | |
| N/A | 127.0.0.1:54928 | tcp | |
| N/A | 127.0.0.1:54943 | tcp | |
| N/A | 127.0.0.1:54946 | tcp | |
| N/A | 127.0.0.1:54950 | tcp | |
| N/A | 127.0.0.1:54954 | tcp | |
| N/A | 127.0.0.1:54956 | tcp | |
| N/A | 127.0.0.1:54970 | tcp | |
| N/A | 127.0.0.1:54980 | tcp | |
| N/A | 127.0.0.1:54991 | tcp | |
| N/A | 127.0.0.1:54994 | tcp | |
| N/A | 127.0.0.1:54997 | tcp | |
| N/A | 127.0.0.1:55000 | tcp | |
| N/A | 127.0.0.1:55002 | tcp | |
| N/A | 127.0.0.1:55004 | tcp | |
| N/A | 127.0.0.1:55009 | tcp | |
| N/A | 127.0.0.1:55011 | tcp | |
| N/A | 127.0.0.1:55013 | tcp | |
| N/A | 127.0.0.1:55015 | tcp | |
| N/A | 127.0.0.1:55020 | tcp | |
| N/A | 127.0.0.1:55024 | tcp | |
| N/A | 127.0.0.1:55028 | tcp | |
| N/A | 127.0.0.1:55031 | tcp | |
| N/A | 127.0.0.1:55038 | tcp | |
| N/A | 127.0.0.1:55040 | tcp | |
| N/A | 127.0.0.1:55047 | tcp | |
| N/A | 127.0.0.1:55050 | tcp | |
| N/A | 127.0.0.1:55052 | tcp | |
| N/A | 127.0.0.1:55054 | tcp | |
| N/A | 127.0.0.1:55056 | tcp | |
| N/A | 127.0.0.1:55058 | tcp | |
| N/A | 127.0.0.1:55060 | tcp | |
| N/A | 127.0.0.1:55079 | tcp | |
| N/A | 127.0.0.1:55083 | tcp | |
| N/A | 127.0.0.1:55094 | tcp | |
| N/A | 127.0.0.1:55098 | tcp | |
| N/A | 127.0.0.1:55100 | tcp | |
| N/A | 127.0.0.1:55103 | tcp | |
| N/A | 127.0.0.1:55106 | tcp | |
| N/A | 127.0.0.1:55110 | tcp | |
| N/A | 127.0.0.1:55124 | tcp | |
| N/A | 127.0.0.1:55130 | tcp | |
| N/A | 127.0.0.1:55139 | tcp | |
| N/A | 127.0.0.1:55143 | tcp | |
| N/A | 127.0.0.1:55159 | tcp | |
| N/A | 127.0.0.1:55162 | tcp | |
| N/A | 127.0.0.1:55166 | tcp | |
| N/A | 127.0.0.1:55170 | tcp | |
| N/A | 127.0.0.1:55174 | tcp | |
| N/A | 127.0.0.1:55187 | tcp | |
| N/A | 127.0.0.1:55189 | tcp | |
| N/A | 127.0.0.1:55192 | tcp | |
| N/A | 127.0.0.1:55198 | tcp | |
| N/A | 127.0.0.1:55206 | tcp | |
| N/A | 127.0.0.1:55216 | tcp | |
| N/A | 127.0.0.1:55218 | tcp | |
| N/A | 127.0.0.1:55222 | tcp | |
| N/A | 127.0.0.1:55224 | tcp | |
| N/A | 127.0.0.1:55226 | tcp | |
| N/A | 127.0.0.1:55234 | tcp | |
| N/A | 127.0.0.1:55244 | tcp | |
| N/A | 127.0.0.1:55246 | tcp | |
| N/A | 127.0.0.1:55248 | tcp | |
| N/A | 127.0.0.1:55254 | tcp | |
| N/A | 127.0.0.1:55261 | tcp | |
| N/A | 127.0.0.1:55264 | tcp | |
| N/A | 127.0.0.1:55266 | tcp | |
| N/A | 127.0.0.1:55269 | tcp | |
| N/A | 127.0.0.1:55272 | tcp | |
| N/A | 127.0.0.1:55274 | tcp | |
| N/A | 127.0.0.1:55300 | tcp | |
| N/A | 127.0.0.1:55302 | tcp | |
| N/A | 127.0.0.1:55304 | tcp | |
| N/A | 127.0.0.1:55308 | tcp | |
| N/A | 127.0.0.1:55310 | tcp | |
| N/A | 127.0.0.1:55312 | tcp | |
| N/A | 127.0.0.1:55314 | tcp | |
| N/A | 127.0.0.1:55316 | tcp | |
| N/A | 127.0.0.1:55318 | tcp | |
| N/A | 127.0.0.1:55320 | tcp | |
| N/A | 127.0.0.1:55333 | tcp | |
| N/A | 127.0.0.1:55338 | tcp | |
| N/A | 127.0.0.1:55342 | tcp | |
| N/A | 127.0.0.1:55345 | tcp | |
| N/A | 127.0.0.1:55347 | tcp | |
| N/A | 127.0.0.1:55350 | tcp | |
| N/A | 127.0.0.1:55357 | tcp | |
| N/A | 127.0.0.1:55363 | tcp | |
| N/A | 127.0.0.1:55365 | tcp | |
| N/A | 127.0.0.1:55368 | tcp | |
| N/A | 127.0.0.1:55372 | tcp | |
| N/A | 127.0.0.1:55375 | tcp | |
| N/A | 127.0.0.1:55377 | tcp | |
| N/A | 127.0.0.1:55379 | tcp | |
| N/A | 127.0.0.1:55387 | tcp | |
| N/A | 127.0.0.1:55390 | tcp | |
| N/A | 127.0.0.1:55399 | tcp | |
| N/A | 127.0.0.1:55419 | tcp | |
| N/A | 127.0.0.1:55428 | tcp | |
| N/A | 127.0.0.1:55432 | tcp | |
| N/A | 127.0.0.1:55436 | tcp | |
| N/A | 127.0.0.1:55438 | tcp | |
| N/A | 127.0.0.1:55440 | tcp | |
| N/A | 127.0.0.1:55452 | tcp | |
| N/A | 127.0.0.1:55454 | tcp | |
| N/A | 127.0.0.1:55458 | tcp | |
| N/A | 127.0.0.1:55461 | tcp | |
| N/A | 127.0.0.1:55465 | tcp | |
| N/A | 127.0.0.1:55468 | tcp | |
| N/A | 127.0.0.1:55474 | tcp | |
| N/A | 127.0.0.1:55481 | tcp | |
| N/A | 127.0.0.1:55488 | tcp | |
| N/A | 127.0.0.1:55496 | tcp | |
| N/A | 127.0.0.1:55506 | tcp | |
| N/A | 127.0.0.1:55510 | tcp | |
| N/A | 127.0.0.1:55512 | tcp | |
| N/A | 127.0.0.1:55515 | tcp | |
| N/A | 127.0.0.1:55521 | tcp | |
| N/A | 127.0.0.1:55536 | tcp | |
| N/A | 127.0.0.1:55548 | tcp | |
| N/A | 127.0.0.1:55550 | tcp | |
| N/A | 127.0.0.1:55558 | tcp | |
| N/A | 127.0.0.1:55560 | tcp | |
| N/A | 127.0.0.1:55562 | tcp | |
| N/A | 127.0.0.1:55566 | tcp | |
| N/A | 127.0.0.1:55568 | tcp | |
| N/A | 127.0.0.1:55580 | tcp | |
| N/A | 127.0.0.1:55584 | tcp | |
| N/A | 127.0.0.1:55586 | tcp | |
| N/A | 127.0.0.1:55588 | tcp | |
| N/A | 127.0.0.1:55590 | tcp | |
| N/A | 127.0.0.1:55592 | tcp | |
| N/A | 127.0.0.1:55594 | tcp | |
| N/A | 127.0.0.1:55596 | tcp | |
| N/A | 127.0.0.1:55598 | tcp | |
| N/A | 127.0.0.1:55600 | tcp | |
| N/A | 127.0.0.1:55602 | tcp | |
| N/A | 127.0.0.1:55604 | tcp | |
| N/A | 127.0.0.1:55614 | tcp | |
| N/A | 127.0.0.1:55621 | tcp | |
| N/A | 127.0.0.1:55623 | tcp | |
| N/A | 127.0.0.1:55628 | tcp | |
| N/A | 127.0.0.1:55636 | tcp | |
| N/A | 127.0.0.1:55648 | tcp | |
| N/A | 127.0.0.1:55650 | tcp | |
| N/A | 127.0.0.1:55652 | tcp | |
| N/A | 127.0.0.1:55654 | tcp | |
| N/A | 127.0.0.1:55656 | tcp | |
| N/A | 127.0.0.1:55669 | tcp | |
| N/A | 127.0.0.1:55675 | tcp | |
| N/A | 127.0.0.1:55688 | tcp | |
| N/A | 127.0.0.1:55693 | tcp | |
| N/A | 127.0.0.1:55695 | tcp | |
| N/A | 127.0.0.1:55697 | tcp | |
| N/A | 127.0.0.1:55705 | tcp | |
| N/A | 127.0.0.1:55709 | tcp | |
| N/A | 127.0.0.1:55714 | tcp | |
| N/A | 127.0.0.1:55718 | tcp | |
| N/A | 127.0.0.1:55734 | tcp | |
| N/A | 127.0.0.1:55739 | tcp | |
| N/A | 127.0.0.1:55743 | tcp | |
| N/A | 127.0.0.1:55745 | tcp | |
| N/A | 127.0.0.1:55749 | tcp | |
| N/A | 127.0.0.1:55759 | tcp | |
| N/A | 127.0.0.1:55763 | tcp | |
| N/A | 127.0.0.1:55772 | tcp | |
| N/A | 127.0.0.1:55780 | tcp | |
| N/A | 127.0.0.1:55783 | tcp | |
| N/A | 127.0.0.1:55785 | tcp | |
| N/A | 127.0.0.1:55812 | tcp | |
| N/A | 127.0.0.1:55814 | tcp | |
| N/A | 127.0.0.1:55816 | tcp | |
| N/A | 127.0.0.1:55818 | tcp | |
| N/A | 127.0.0.1:55820 | tcp | |
| N/A | 127.0.0.1:55822 | tcp | |
| N/A | 127.0.0.1:55824 | tcp | |
| N/A | 127.0.0.1:55826 | tcp | |
| N/A | 127.0.0.1:55828 | tcp | |
| N/A | 127.0.0.1:55833 | tcp | |
| N/A | 127.0.0.1:55836 | tcp | |
| N/A | 127.0.0.1:55843 | tcp | |
| N/A | 127.0.0.1:55848 | tcp | |
| N/A | 127.0.0.1:55851 | tcp | |
| N/A | 127.0.0.1:55853 | tcp | |
| N/A | 127.0.0.1:55855 | tcp | |
| N/A | 127.0.0.1:55857 | tcp | |
| N/A | 127.0.0.1:55859 | tcp | |
| N/A | 127.0.0.1:55861 | tcp | |
| N/A | 127.0.0.1:55864 | tcp | |
| N/A | 127.0.0.1:55867 | tcp | |
| N/A | 127.0.0.1:55880 | tcp | |
| N/A | 127.0.0.1:55887 | tcp | |
| N/A | 127.0.0.1:55900 | tcp | |
| N/A | 127.0.0.1:55904 | tcp | |
| N/A | 127.0.0.1:55912 | tcp | |
| N/A | 127.0.0.1:55917 | tcp | |
| N/A | 127.0.0.1:55921 | tcp | |
| N/A | 127.0.0.1:55923 | tcp | |
| N/A | 127.0.0.1:55926 | tcp | |
| N/A | 127.0.0.1:55928 | tcp | |
| N/A | 127.0.0.1:55930 | tcp | |
| N/A | 127.0.0.1:55943 | tcp | |
| N/A | 127.0.0.1:55947 | tcp | |
| N/A | 127.0.0.1:55960 | tcp | |
| N/A | 127.0.0.1:55964 | tcp | |
| N/A | 127.0.0.1:55971 | tcp | |
| N/A | 127.0.0.1:55975 | tcp | |
| N/A | 127.0.0.1:55984 | tcp | |
| N/A | 127.0.0.1:55988 | tcp | |
| N/A | 127.0.0.1:55991 | tcp | |
| N/A | 127.0.0.1:55993 | tcp | |
| N/A | 127.0.0.1:55995 | tcp | |
| N/A | 127.0.0.1:55999 | tcp | |
| N/A | 127.0.0.1:56001 | tcp | |
| N/A | 127.0.0.1:56010 | tcp | |
| N/A | 127.0.0.1:56022 | tcp | |
| N/A | 127.0.0.1:56028 | tcp | |
| N/A | 127.0.0.1:56033 | tcp | |
| N/A | 127.0.0.1:56036 | tcp | |
| N/A | 127.0.0.1:56042 | tcp | |
| N/A | 127.0.0.1:56044 | tcp | |
| N/A | 127.0.0.1:56047 | tcp | |
| N/A | 127.0.0.1:56062 | tcp | |
| N/A | 127.0.0.1:56064 | tcp | |
| N/A | 127.0.0.1:56066 | tcp | |
| N/A | 127.0.0.1:56068 | tcp | |
| N/A | 127.0.0.1:56070 | tcp | |
| N/A | 127.0.0.1:56072 | tcp | |
| N/A | 127.0.0.1:56075 | tcp | |
| N/A | 127.0.0.1:56077 | tcp | |
| N/A | 127.0.0.1:56081 | tcp | |
| N/A | 127.0.0.1:56083 | tcp | |
| N/A | 127.0.0.1:56088 | tcp | |
| N/A | 127.0.0.1:56093 | tcp | |
| N/A | 127.0.0.1:56098 | tcp | |
| N/A | 127.0.0.1:56104 | tcp | |
| N/A | 127.0.0.1:56107 | tcp | |
| N/A | 127.0.0.1:56110 | tcp | |
| N/A | 127.0.0.1:56121 | tcp | |
| N/A | 127.0.0.1:56125 | tcp | |
| N/A | 127.0.0.1:56128 | tcp | |
| N/A | 127.0.0.1:56130 | tcp | |
| N/A | 127.0.0.1:56132 | tcp | |
| N/A | 127.0.0.1:56134 | tcp | |
| N/A | 127.0.0.1:56136 | tcp | |
| N/A | 127.0.0.1:56140 | tcp | |
| N/A | 127.0.0.1:56173 | tcp | |
| N/A | 127.0.0.1:56186 | tcp | |
| N/A | 127.0.0.1:56188 | tcp | |
| N/A | 127.0.0.1:56190 | tcp | |
| N/A | 127.0.0.1:56195 | tcp | |
| N/A | 127.0.0.1:56201 | tcp | |
| N/A | 127.0.0.1:56204 | tcp | |
| N/A | 127.0.0.1:56206 | tcp | |
| N/A | 127.0.0.1:56208 | tcp | |
| N/A | 127.0.0.1:56210 | tcp | |
| N/A | 127.0.0.1:56228 | tcp | |
| N/A | 127.0.0.1:56237 | tcp | |
| N/A | 127.0.0.1:56252 | tcp | |
| US | 8.8.8.8:53 | www.mqdigitalfashion.com | udp |
| SG | 156.67.222.18:443 | www.mqdigitalfashion.com | tcp |
| N/A | 127.0.0.1:56310 | tcp | |
| N/A | 127.0.0.1:60801 | tcp | |
| N/A | 127.0.0.1:60801 | tcp | |
| N/A | 127.0.0.1:60801 | tcp | |
| US | 8.8.8.8:53 | cateringler.com | udp |
| US | 8.8.8.8:53 | cateringler.com | udp |
| US | 8.8.8.8:53 | insaid.co | udp |
| US | 8.8.8.8:53 | insaid.co | udp |
| US | 8.8.8.8:53 | enlisted.net | udp |
| US | 8.8.8.8:53 | enlisted.net | udp |
| US | 8.8.8.8:53 | imobiliariacruzalta.com.br | udp |
| US | 15.197.142.173:22 | insaid.co | tcp |
| US | 8.8.8.8:53 | imobiliariacruzalta.com.br | udp |
| US | 8.8.8.8:53 | chamados.ipem.sp.gov.br | udp |
| N/A | 127.0.0.1:56353 | tcp | |
| N/A | 127.0.0.1:56359 | tcp | |
| N/A | 127.0.0.1:56361 | tcp | |
| N/A | 127.0.0.1:56369 | tcp | |
| N/A | 127.0.0.1:56371 | tcp | |
| N/A | 127.0.0.1:56375 | tcp | |
| N/A | 127.0.0.1:56381 | tcp | |
| N/A | 127.0.0.1:56386 | tcp | |
| US | 15.197.142.173:21 | insaid.co | tcp |
| US | 15.197.142.173:443 | insaid.co | tcp |
| US | 8.8.8.8:53 | chamados.ipem.sp.gov.br | udp |
| US | 8.8.8.8:53 | d28crcn30lx9cn.cloudfront.net | udp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| US | 104.22.43.210:22 | enlisted.net | tcp |
| US | 31.170.166.243:21 | imobiliariacruzalta.com.br | tcp |
| US | 104.22.43.210:21 | enlisted.net | tcp |
| US | 8.8.8.8:53 | d28crcn30lx9cn.cloudfront.net | udp |
| US | 8.8.8.8:53 | ww3.servipag.com | udp |
| US | 31.170.166.243:22 | imobiliariacruzalta.com.br | tcp |
| US | 104.22.43.210:443 | enlisted.net | tcp |
| US | 8.8.8.8:53 | ww3.servipag.com | udp |
| N/A | 127.0.0.1:56391 | tcp | |
| US | 8.8.8.8:53 | web.facebook.com | udp |
| N/A | 127.0.0.1:56396 | tcp | |
| N/A | 127.0.0.1:56398 | tcp | |
| NL | 142.250.153.26:465 | alt1.aspmx.l.google.com | tcp |
| US | 31.170.166.243:443 | imobiliariacruzalta.com.br | tcp |
| US | 8.8.8.8:53 | web.facebook.com | udp |
| US | 8.8.8.8:53 | animezone.pl | udp |
| NL | 142.250.153.26:143 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mx1.hostinger.com.br | udp |
| US | 15.197.142.173:80 | insaid.co | tcp |
| BE | 13.225.239.72:22 | d28crcn30lx9cn.cloudfront.net | tcp |
| BE | 13.225.239.72:21 | d28crcn30lx9cn.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 243.166.170.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.43.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | animezone.pl | udp |
| US | 3.33.152.147:22 | insaid.co | tcp |
| N/A | 127.0.0.1:56403 | tcp | |
| N/A | 127.0.0.1:56405 | tcp | |
| N/A | 127.0.0.1:56408 | tcp | |
| N/A | 127.0.0.1:56413 | tcp | |
| HU | 213.163.39.217:143 | hu-is-mx-01.gaijin.team | tcp |
| US | 8.8.8.8:53 | members.bet365.com | udp |
| US | 8.8.8.8:53 | cateringler.com | udp |
| NL | 142.250.153.26:995 | alt1.aspmx.l.google.com | tcp |
| BE | 13.225.239.72:443 | d28crcn30lx9cn.cloudfront.net | tcp |
| US | 104.18.14.248:22 | ww3.servipag.com | tcp |
| US | 104.18.14.248:21 | ww3.servipag.com | tcp |
| GB | 163.70.147.22:22 | web.facebook.com | tcp |
| US | 3.33.152.147:21 | insaid.co | tcp |
| US | 3.33.152.147:443 | insaid.co | tcp |
| US | 8.8.8.8:53 | members.bet365.com | udp |
| US | 8.8.8.8:53 | empirecraft.hu | udp |
| US | 172.65.182.103:143 | mx1.hostinger.com.br | tcp |
| US | 104.22.42.210:22 | enlisted.net | tcp |
| GB | 163.70.147.22:21 | web.facebook.com | tcp |
| US | 172.67.217.23:22 | animezone.pl | tcp |
| US | 104.22.42.210:21 | enlisted.net | tcp |
| US | 172.67.217.23:21 | animezone.pl | tcp |
| US | 104.22.43.210:80 | enlisted.net | tcp |
| HU | 213.163.39.217:465 | hu-is-mx-01.gaijin.team | tcp |
| US | 172.65.182.103:465 | mx1.hostinger.com.br | tcp |
| US | 31.170.166.243:80 | imobiliariacruzalta.com.br | tcp |
| N/A | 127.0.0.1:56422 | tcp | |
| N/A | 127.0.0.1:56425 | tcp | |
| N/A | 127.0.0.1:56429 | tcp | |
| GB | 163.70.147.22:443 | web.facebook.com | tcp |
| BE | 13.225.239.72:143 | d28crcn30lx9cn.cloudfront.net | tcp |
| US | 104.18.14.248:443 | ww3.servipag.com | tcp |
| N/A | 127.0.0.1:56433 | tcp | |
| US | 104.22.43.210:80 | enlisted.net | tcp |
| GB | 5.226.179.10:22 | members.bet365.com | tcp |
| US | 172.67.14.1:22 | enlisted.net | tcp |
| BE | 13.225.239.28:22 | d28crcn30lx9cn.cloudfront.net | tcp |
| BE | 13.225.239.28:21 | d28crcn30lx9cn.cloudfront.net | tcp |
| US | 31.170.166.243:22 | imobiliariacruzalta.com.br | tcp |
| US | 172.67.14.1:21 | enlisted.net | tcp |
| US | 104.18.15.248:22 | ww3.servipag.com | tcp |
| HU | 213.163.39.217:995 | hu-is-mx-01.gaijin.team | tcp |
| US | 104.18.15.248:21 | ww3.servipag.com | tcp |
| N/A | 127.0.0.1:56435 | tcp | |
| N/A | 127.0.0.1:56438 | tcp | |
| N/A | 127.0.0.1:56445 | tcp | |
| N/A | 127.0.0.1:56452 | tcp | |
| N/A | 127.0.0.1:56455 | tcp | |
| N/A | 127.0.0.1:56458 | tcp | |
| N/A | 127.0.0.1:56465 | tcp | |
| N/A | 127.0.0.1:56467 | tcp | |
| N/A | 127.0.0.1:56470 | tcp | |
| N/A | 127.0.0.1:56475 | tcp | |
| N/A | 127.0.0.1:56485 | tcp | |
| US | 172.65.182.103:995 | mx1.hostinger.com.br | tcp |
| BE | 13.225.239.45:22 | d28crcn30lx9cn.cloudfront.net | tcp |
| US | 104.21.16.242:22 | animezone.pl | tcp |
| US | 104.21.16.242:21 | animezone.pl | tcp |
| BE | 13.225.239.45:21 | d28crcn30lx9cn.cloudfront.net | tcp |
| BE | 13.225.239.124:22 | d28crcn30lx9cn.cloudfront.net | tcp |
| US | 15.197.142.173:80 | insaid.co | tcp |
| BE | 13.225.239.28:143 | d28crcn30lx9cn.cloudfront.net | tcp |
| BE | 13.225.239.124:21 | d28crcn30lx9cn.cloudfront.net | tcp |
| N/A | 127.0.0.1:56497 | tcp | |
| N/A | 127.0.0.1:56499 | tcp | |
| N/A | 127.0.0.1:56504 | tcp | |
| N/A | 127.0.0.1:56510 | tcp | |
| N/A | 127.0.0.1:56513 | tcp | |
| N/A | 127.0.0.1:56515 | tcp | |
| N/A | 127.0.0.1:56517 | tcp | |
| N/A | 127.0.0.1:56524 | tcp | |
| N/A | 127.0.0.1:56531 | tcp | |
| N/A | 127.0.0.1:56533 | tcp | |
| N/A | 127.0.0.1:56537 | tcp | |
| N/A | 127.0.0.1:56540 | tcp | |
| N/A | 127.0.0.1:56544 | tcp | |
| N/A | 127.0.0.1:56548 | tcp | |
| US | 104.18.14.248:143 | ww3.servipag.com | tcp |
| BE | 13.225.239.72:465 | d28crcn30lx9cn.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 173.142.197.15.in-addr.arpa | udp |
| BE | 13.225.239.72:80 | d28crcn30lx9cn.cloudfront.net | tcp |
| US | 172.67.217.23:443 | animezone.pl | tcp |
| BE | 13.225.239.45:143 | d28crcn30lx9cn.cloudfront.net | tcp |
| US | 8.8.8.8:53 | empirecraft.hu | udp |
| GB | 5.226.179.10:21 | members.bet365.com | tcp |
| US | 104.18.15.248:143 | ww3.servipag.com | tcp |
| N/A | 127.0.0.1:56552 | tcp | |
| N/A | 127.0.0.1:56555 | tcp | |
| N/A | 127.0.0.1:56557 | tcp | |
| N/A | 127.0.0.1:56566 | tcp | |
| N/A | 127.0.0.1:56569 | tcp | |
| N/A | 127.0.0.1:56570 | tcp | |
| N/A | 127.0.0.1:56573 | tcp | |
| N/A | 127.0.0.1:56581 | tcp | |
| N/A | 127.0.0.1:56586 | tcp | |
| N/A | 127.0.0.1:56591 | tcp | |
| N/A | 127.0.0.1:56594 | tcp | |
| N/A | 127.0.0.1:56596 | tcp | |
| N/A | 127.0.0.1:56602 | tcp | |
| N/A | 127.0.0.1:56605 | tcp | |
| BE | 13.225.239.28:465 | d28crcn30lx9cn.cloudfront.net | tcp |
| US | 8.8.8.8:53 | members.seotoolguru.com | udp |
| BE | 13.225.239.124:143 | d28crcn30lx9cn.cloudfront.net | tcp |
| US | 31.170.166.243:80 | imobiliariacruzalta.com.br | tcp |
| US | 104.21.76.133:22 | empirecraft.hu | tcp |
| BE | 13.225.239.45:465 | d28crcn30lx9cn.cloudfront.net | tcp |
| BE | 13.225.239.72:995 | d28crcn30lx9cn.cloudfront.net | tcp |
| US | 172.67.195.187:22 | empirecraft.hu | tcp |
| US | 104.18.14.248:465 | ww3.servipag.com | tcp |
| BE | 13.225.239.28:995 | d28crcn30lx9cn.cloudfront.net | tcp |
| US | 104.18.15.248:465 | ww3.servipag.com | tcp |
| BE | 13.225.239.72:80 | d28crcn30lx9cn.cloudfront.net | tcp |
| US | 104.18.14.248:80 | ww3.servipag.com | tcp |
| N/A | 127.0.0.1:56608 | tcp | |
| N/A | 127.0.0.1:56613 | tcp | |
| N/A | 127.0.0.1:56618 | tcp | |
| N/A | 127.0.0.1:56624 | tcp | |
| N/A | 127.0.0.1:56627 | tcp | |
| N/A | 127.0.0.1:56631 | tcp | |
| N/A | 127.0.0.1:56639 | tcp | |
| N/A | 127.0.0.1:56642 | tcp | |
| N/A | 127.0.0.1:56645 | tcp | |
| N/A | 127.0.0.1:56650 | tcp | |
| N/A | 127.0.0.1:56652 | tcp | |
| BE | 13.225.239.45:995 | d28crcn30lx9cn.cloudfront.net | tcp |
| US | 8.8.8.8:53 | members.seotoolguru.com | udp |
| US | 8.8.8.8:53 | sodel2.jkuat.ac.ke | udp |
| US | 8.8.8.8:53 | mail3.mydevil.net | udp |
| US | 8.8.8.8:53 | cateringler.com | udp |
| US | 8.8.8.8:53 | chamados.ipem.sp.gov.br | udp |
| N/A | 127.0.0.1:56655 | tcp | |
| N/A | 127.0.0.1:56657 | tcp | |
| US | 8.8.8.8:53 | sodel2.jkuat.ac.ke | udp |
| N/A | 127.0.0.1:56683 | tcp | |
| N/A | 127.0.0.1:56686 | tcp | |
| N/A | 127.0.0.1:56689 | tcp | |
| N/A | 127.0.0.1:56693 | tcp | |
| N/A | 127.0.0.1:56700 | tcp | |
| N/A | 127.0.0.1:56706 | tcp | |
| N/A | 127.0.0.1:56709 | tcp | |
| US | 8.8.8.8:53 | 103.182.65.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 172.67.217.23:80 | animezone.pl | tcp |
| N/A | 127.0.0.1:56711 | tcp | |
| N/A | 127.0.0.1:56717 | tcp | |
| N/A | 127.0.0.1:56720 | tcp | |
| N/A | 127.0.0.1:56727 | tcp | |
| N/A | 127.0.0.1:56730 | tcp | |
| N/A | 127.0.0.1:56733 | tcp | |
| N/A | 127.0.0.1:56735 | tcp | |
| N/A | 127.0.0.1:56743 | tcp | |
| N/A | 127.0.0.1:56755 | tcp | |
| N/A | 127.0.0.1:56761 | tcp | |
| N/A | 127.0.0.1:56763 | tcp | |
| N/A | 127.0.0.1:56766 | tcp | |
| N/A | 127.0.0.1:56773 | tcp | |
| N/A | 127.0.0.1:56776 | tcp | |
| N/A | 127.0.0.1:56782 | tcp | |
| N/A | 127.0.0.1:56784 | tcp | |
| N/A | 127.0.0.1:56788 | tcp | |
| N/A | 127.0.0.1:56790 | tcp | |
| N/A | 127.0.0.1:56794 | tcp | |
| N/A | 127.0.0.1:56805 | tcp | |
| N/A | 127.0.0.1:56810 | tcp | |
| N/A | 127.0.0.1:56802 | tcp | |
| US | 104.22.43.210:443 | enlisted.net | tcp |
| US | 8.8.8.8:53 | cateringler.com | udp |
| US | 8.8.8.8:53 | chamados.ipem.sp.gov.br | udp |
| GB | 163.70.147.22:80 | web.facebook.com | tcp |
| N/A | 127.0.0.1:56817 | tcp | |
| N/A | 127.0.0.1:56820 | tcp | |
| N/A | 127.0.0.1:56822 | tcp | |
| N/A | 127.0.0.1:56825 | tcp | |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | webmail.its.ac.id | udp |
| US | 8.8.8.8:53 | 248.14.18.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:56830 | tcp | |
| N/A | 127.0.0.1:56834 | tcp | |
| US | 8.8.8.8:53 | 22.147.70.163.in-addr.arpa | udp |
| N/A | 127.0.0.1:56843 | tcp | |
| US | 8.8.8.8:53 | mxavas.forpsi.com | udp |
| US | 31.170.166.243:443 | imobiliariacruzalta.com.br | tcp |
| N/A | 127.0.0.1:56846 | tcp | |
| N/A | 127.0.0.1:56848 | tcp | |
| N/A | 127.0.0.1:56850 | tcp | |
| N/A | 127.0.0.1:56852 | tcp | |
| N/A | 127.0.0.1:56855 | tcp | |
| N/A | 127.0.0.1:56863 | tcp | |
| N/A | 127.0.0.1:56866 | tcp | |
| N/A | 127.0.0.1:56870 | tcp | |
| N/A | 127.0.0.1:56877 | tcp | |
| US | 31.170.166.243:80 | imobiliariacruzalta.com.br | tcp |
| US | 8.8.8.8:53 | avon.com.ar | udp |
| N/A | 127.0.0.1:56880 | tcp | |
| N/A | 127.0.0.1:56883 | tcp | |
| GB | 5.226.179.10:80 | members.bet365.com | tcp |
| US | 8.8.8.8:53 | avon.com.ar | udp |
| US | 104.21.76.133:80 | empirecraft.hu | tcp |
| US | 8.8.8.8:53 | webmail.its.ac.id | udp |
| N/A | 127.0.0.1:56894 | tcp | |
| N/A | 127.0.0.1:56893 | tcp | |
| N/A | 127.0.0.1:56898 | tcp | |
| N/A | 127.0.0.1:56905 | tcp | |
| N/A | 127.0.0.1:56908 | tcp | |
| N/A | 127.0.0.1:56910 | tcp | |
| N/A | 127.0.0.1:56912 | tcp | |
| N/A | 127.0.0.1:56922 | tcp | |
| N/A | 127.0.0.1:56929 | tcp | |
| US | 8.8.8.8:53 | join.secondlife.com | udp |
| US | 8.8.8.8:53 | english.lmap.ir | udp |
| N/A | 127.0.0.1:56936 | tcp | |
| N/A | 127.0.0.1:56940 | tcp | |
| N/A | 127.0.0.1:56942 | tcp | |
| N/A | 127.0.0.1:56945 | tcp | |
| N/A | 127.0.0.1:56953 | tcp | |
| N/A | 127.0.0.1:56955 | tcp | |
| N/A | 127.0.0.1:56961 | tcp | |
| N/A | 127.0.0.1:56965 | tcp | |
| N/A | 127.0.0.1:56967 | tcp | |
| N/A | 127.0.0.1:56972 | tcp | |
| US | 8.8.8.8:53 | cateringler.com | udp |
| US | 8.8.8.8:53 | english.lmap.ir | udp |
| US | 8.8.8.8:53 | takipcimx.unaux.com | udp |
| US | 8.8.8.8:53 | chamados.ipem.sp.gov.br | udp |
| N/A | 127.0.0.1:56979 | tcp | |
| N/A | 127.0.0.1:56982 | tcp | |
| N/A | 127.0.0.1:56985 | tcp | |
| N/A | 127.0.0.1:56987 | tcp | |
| N/A | 127.0.0.1:56995 | tcp | |
| N/A | 127.0.0.1:56999 | tcp | |
| N/A | 127.0.0.1:57003 | tcp | |
| N/A | 127.0.0.1:57007 | tcp | |
| N/A | 127.0.0.1:57011 | tcp | |
| N/A | 127.0.0.1:57016 | tcp | |
| N/A | 127.0.0.1:57022 | tcp | |
| N/A | 127.0.0.1:57028 | tcp | |
| N/A | 127.0.0.1:57031 | tcp | |
| N/A | 127.0.0.1:57033 | tcp | |
| N/A | 127.0.0.1:57035 | tcp | |
| N/A | 127.0.0.1:57037 | tcp | |
| N/A | 127.0.0.1:57039 | tcp | |
| US | 8.8.8.8:53 | takipcimx.unaux.com | udp |
| N/A | 127.0.0.1:57045 | tcp | |
| N/A | 127.0.0.1:57057 | tcp | |
| N/A | 127.0.0.1:57059 | tcp | |
| N/A | 127.0.0.1:57062 | tcp | |
| N/A | 127.0.0.1:57068 | tcp | |
| N/A | 127.0.0.1:57074 | tcp | |
| N/A | 127.0.0.1:57077 | tcp | |
| N/A | 127.0.0.1:57080 | tcp | |
| N/A | 127.0.0.1:57083 | tcp | |
| US | 8.8.8.8:53 | subscribe.free.fr | udp |
| US | 15.197.142.173:80 | insaid.co | tcp |
| N/A | 127.0.0.1:57088 | tcp | |
| N/A | 127.0.0.1:57091 | tcp | |
| N/A | 127.0.0.1:57096 | tcp | |
| N/A | 127.0.0.1:57099 | tcp | |
| N/A | 127.0.0.1:57101 | tcp | |
| N/A | 127.0.0.1:57105 | tcp | |
| US | 8.8.8.8:53 | pass-insurance.lloyd.com.tn | udp |
| US | 8.8.8.8:53 | pass-insurance.lloyd.com.tn | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| N/A | 127.0.0.1:57109 | tcp | |
| N/A | 127.0.0.1:57120 | tcp | |
| N/A | 127.0.0.1:57122 | tcp | |
| N/A | 127.0.0.1:57125 | tcp | |
| N/A | 127.0.0.1:57127 | tcp | |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.servipag.com | udp |
| N/A | 127.0.0.1:57129 | tcp | |
| N/A | 127.0.0.1:57131 | tcp | |
| N/A | 127.0.0.1:57144 | tcp | |
| N/A | 127.0.0.1:57147 | tcp | |
| N/A | 127.0.0.1:57149 | tcp | |
| N/A | 127.0.0.1:57153 | tcp | |
| US | 8.8.8.8:53 | pcpartpicker.com | udp |
| US | 8.8.8.8:53 | z8games.com | udp |
| N/A | 127.0.0.1:57160 | tcp | |
| N/A | 127.0.0.1:57164 | tcp | |
| N/A | 127.0.0.1:57168 | tcp | |
| N/A | 127.0.0.1:57172 | tcp | |
| N/A | 127.0.0.1:57175 | tcp | |
| US | 8.8.8.8:53 | z8games.com | udp |
| US | 8.8.8.8:53 | account.fifa.com | udp |
| US | 8.8.8.8:53 | 23.217.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | account.fifa.com | udp |
| N/A | 127.0.0.1:57182 | tcp | |
| N/A | 127.0.0.1:57187 | tcp | |
| N/A | 127.0.0.1:57191 | tcp | |
| US | 8.8.8.8:53 | ameli.moncompte.mobi | udp |
| US | 8.8.8.8:53 | katy.schoolobjects.com | udp |
| US | 8.8.8.8:53 | e-plataformaanterior.sunat.gob.pe | udp |
| US | 8.8.8.8:53 | e-plataformaanterior.sunat.gob.pe | udp |
| US | 8.8.8.8:53 | account.mojang.com | udp |
| US | 8.8.8.8:53 | chamados.ipem.sp.gov.br | udp |
| N/A | 127.0.0.1:57202 | tcp | |
| N/A | 127.0.0.1:57204 | tcp | |
| N/A | 127.0.0.1:57206 | tcp | |
| US | 8.8.8.8:53 | app.scalehot.com | udp |
| US | 8.8.8.8:53 | account.mojang.com | udp |
| US | 8.8.8.8:53 | members.seotoolguru.com | udp |
| US | 8.8.8.8:53 | app.scalehot.com | udp |
| US | 8.8.8.8:53 | psaonline.utiitsl.com | udp |
Files
memory/3532-1-0x00000000026B0000-0x00000000027B0000-memory.dmp
memory/3532-2-0x0000000002620000-0x000000000262B000-memory.dmp
memory/3532-3-0x0000000000400000-0x00000000022D2000-memory.dmp
memory/3308-5-0x00000000009D0000-0x00000000009E6000-memory.dmp
memory/3532-7-0x0000000000400000-0x00000000022D2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1D37.exe
| MD5 | 398ab69b1cdc624298fbc00526ea8aca |
| SHA1 | b2c76463ae08bb3a08accfcbf609ec4c2a9c0821 |
| SHA256 | ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be |
| SHA512 | 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739 |
memory/1744-17-0x0000000003860000-0x0000000003A1D000-memory.dmp
memory/4864-18-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4864-22-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4864-23-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1744-19-0x0000000003A20000-0x0000000003BD7000-memory.dmp
memory/4864-24-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4864-26-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\291F.dll
| MD5 | 9b1697d40dfd386fdd7e9327844f301a |
| SHA1 | e75defb119e2c7b7d3f75ab70a100ec504af5ebf |
| SHA256 | 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d |
| SHA512 | 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69 |
memory/4864-28-0x0000000000400000-0x0000000000848000-memory.dmp
\Users\Admin\AppData\Local\Temp\291F.dll
| MD5 | 61b17fa5f09a2e15041b12e43de58c55 |
| SHA1 | b72473c13ed24dba14f496de8fec65bb9fbbd6b6 |
| SHA256 | d6825bc48acb15682d63b0e3504184e573197ee4212f000011cf28a226e565e0 |
| SHA512 | 09d1bcdaf48c6d46c85ee5d7ad92c18b54f3ea2a30b039db3d134922a5ece0b850528c2b396eb75addcc1fab8185c7e20b47db76f1728681e63db251abadd65b |
\Users\Admin\AppData\Local\Temp\291F.dll
| MD5 | ebafb00849387b7a2b6c7d45732a4b07 |
| SHA1 | 5711ff056da95a5d81a42d4fd8e81f12623cd4df |
| SHA256 | e8e1fe2137acc102ec930d39a5224037a30b235029007d3b89ba31117c7de237 |
| SHA512 | 630a61821441975e0a0d1e3ccbbf078e1d2a96a92d70f54434db61eceabf594b33a3ee436050c6458ffefdf276f85be84fc0750e54c835fd5a6ead77964a387a |
memory/4940-35-0x00000000009E0000-0x00000000009E6000-memory.dmp
memory/4864-32-0x0000000010000000-0x0000000010202000-memory.dmp
memory/4864-31-0x0000000000E40000-0x0000000000E46000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\39BA.exe
| MD5 | 920b7ad323afa8b9edbd3e3af262865d |
| SHA1 | 326c61fcb499c08d1f6b4da1bcc194e0ed9e5489 |
| SHA256 | efc95d62117ecf6dcf54af272f5b86e167514f77b923c1b1c9a725fbe80ddc88 |
| SHA512 | c3e7fcfb720ab1470c4c586747a288827584f488d8388fa2276651d2504814385804a2fcdc1aabfd989d258bbaf8b7c628d2466c4ad423665feb0cc6f054f69a |
memory/1464-41-0x0000000001A50000-0x0000000001A51000-memory.dmp
memory/1464-43-0x0000000000C20000-0x0000000001511000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3F2A.exe
| MD5 | a1b5ee1b9649ab629a7ac257e2392f8d |
| SHA1 | dc1b14b6d57589440fb3021c9e06a3e3191968dc |
| SHA256 | 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65 |
| SHA512 | 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b |
memory/1624-50-0x0000000001BB0000-0x0000000001CB0000-memory.dmp
memory/1624-52-0x0000000003700000-0x000000000376B000-memory.dmp
memory/1624-51-0x0000000000400000-0x0000000001A77000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4CF6.exe
| MD5 | 361629d8f4fdcb4f6d55cfcd15c38649 |
| SHA1 | 06ca8af3c9e2a5616a9ab3001990591a92e90efe |
| SHA256 | 0109cd771b177124f2deaeab803b09fabeb01aac7e71e68c4a30f92736571f9e |
| SHA512 | de85afc8eb9f2c338c6b03865e91e712ec6e0cda426bf4a74b74040ed3b815326bbc9102ec0a47a2811c734d64247e273fdaaef7bc380cba12334d52c04b0f1c |
C:\Users\Admin\AppData\Local\Temp\4CF6.exe
| MD5 | acfa7eba7ac6a171c87cb4be768108e2 |
| SHA1 | 2564de015a08f5b4546b7c61a73445ff32e36d10 |
| SHA256 | 9780217a8c953f9a5427d7f31ef8f9994dcd52a6df8ecd919bc9e63b0c815f08 |
| SHA512 | 2b0725a222fbb8e538dd1656dc4a96ff9b2908737ebfc891d57439fc7412d78c3a628044c35bb279052ab8cfcb9323180344df3e116daa80fa6e56121ceeef78 |
memory/4864-57-0x0000000000400000-0x0000000000848000-memory.dmp
memory/516-59-0x0000000000490000-0x000000000091C000-memory.dmp
memory/516-60-0x00000000728D0000-0x0000000072FBE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
| MD5 | 0564a9bf638169a89ccb3820a6b9a58e |
| SHA1 | 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb |
| SHA256 | 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058 |
| SHA512 | 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6 |
memory/4176-69-0x0000000001AC0000-0x0000000001BC0000-memory.dmp
memory/4176-70-0x00000000036C0000-0x0000000003727000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 46f02883577ec05c278186b4fb44ba14 |
| SHA1 | 3c531d2845d2a0e958c3f5bcc487eb0fb98b2e73 |
| SHA256 | 39daf7bd5756b6337b1e3bd1e64384ef574401206b7917fe09a1157f15645e0b |
| SHA512 | 83cdbe66c8df76bc0a41976eabfbc3854cdffc57f8e4920b759936038d5c4d08a7d01344f4ee6e0e7b226550d4d2b24164dea50d5bce4f8ae6b177cda67dcf42 |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 3c20f2e7db8b75326455d3522cfc906b |
| SHA1 | b5c5fb3952d1c7232ae8f7893cae99c83c81780a |
| SHA256 | 00965991e367cf0a7d39b102ebdb18a7b7bc59adf9480a1fa3ea9b678c450db9 |
| SHA512 | d8055775463096afaf4f7569e6a631c0de7c9c44ee0fcd8e4d84d62fc429655abd29eb1617da205359363cafcd1e609da6894ba34a653b413220b693fd1a4d1d |
memory/4176-77-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/516-78-0x00000000728D0000-0x0000000072FBE000-memory.dmp
memory/3248-80-0x0000000003A10000-0x0000000003E0D000-memory.dmp
memory/3248-81-0x0000000003F10000-0x00000000047FB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\6189.exe
| MD5 | 38617539f3925b6017474f088cc3769a |
| SHA1 | c689b57ab62eac790a204c8231b02bfe0bc243a6 |
| SHA256 | defe2d4c932a7ef607e8ef1a643fb57b9c69cbc53b52bf802f9471aae5caef49 |
| SHA512 | 15d87c6231a8f2115ae3f0f021949d175d3f36735637c7b508a229af5b2a93f70f32e19d9b8e3d1e0fa41bd21ee46ab5d9c6ef630c826afe2210a789e5da53e7 |
C:\Users\Admin\AppData\Local\Temp\6189.exe
| MD5 | c3fbf18bf539700026803828831877e7 |
| SHA1 | 56fb18564dd953193e356c06286f5b0c5fd912f7 |
| SHA256 | fd945081a0d38ccda9f17e87d2e663b550eaff708c5fee1cef8aa9c644be880c |
| SHA512 | d497741369b10da6c695809242d34d12ad8ce3178123fe9bdc283e9d47cde9722e36de483d7bb1843a59b69e4b51ade079e082a8d9b2ca016ab710cece1906a3 |
C:\Users\Admin\AppData\Local\Temp\u380.0.exe
| MD5 | 9138b3911de9fd72e602a79fb607ab98 |
| SHA1 | 50c2245a5c17d1dbadec43e026ddb21603834e36 |
| SHA256 | c02d1221a17d8502c86709708e98056afad9dbf01e6351b509fdb46a706a094c |
| SHA512 | 3af4f1f1f07a92a60acbb0921e4ffb5516942f61d71132c695afb96fb447175d0be66ae7a2e508d5439fcf857b99de85f41f872894810594448d6f97caedc7b0 |
memory/4940-88-0x0000000004B60000-0x0000000004C88000-memory.dmp
memory/4864-86-0x0000000002E10000-0x0000000002F38000-memory.dmp
memory/3248-89-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/4864-93-0x0000000002F40000-0x000000000304D000-memory.dmp
memory/4940-95-0x0000000004C90000-0x0000000004D9D000-memory.dmp
memory/4864-98-0x0000000002F40000-0x000000000304D000-memory.dmp
memory/4940-101-0x0000000004C90000-0x0000000004D9D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\u380.1.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4176-106-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/1624-105-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/5112-107-0x0000000000400000-0x0000000000930000-memory.dmp
memory/4864-109-0x0000000010000000-0x0000000010202000-memory.dmp
memory/1464-115-0x0000000000C20000-0x0000000001511000-memory.dmp
memory/4864-110-0x0000000002F40000-0x000000000304D000-memory.dmp
memory/5112-112-0x0000000000CD0000-0x0000000000CD1000-memory.dmp
memory/4940-111-0x0000000004C90000-0x0000000004D9D000-memory.dmp
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
memory/3248-123-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/816-124-0x0000000000400000-0x00000000022D3000-memory.dmp
memory/816-127-0x0000000002350000-0x000000000235B000-memory.dmp
memory/816-126-0x00000000023B0000-0x00000000024B0000-memory.dmp
memory/4864-128-0x0000000000400000-0x0000000000848000-memory.dmp
memory/3308-130-0x0000000002A20000-0x0000000002A36000-memory.dmp
memory/4316-132-0x00000000024D0000-0x00000000025D0000-memory.dmp
memory/4316-135-0x0000000002480000-0x00000000024A7000-memory.dmp
memory/5112-131-0x0000000000400000-0x0000000000930000-memory.dmp
memory/816-134-0x0000000000400000-0x00000000022D3000-memory.dmp
memory/4316-137-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/4316-141-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/1624-143-0x0000000001BB0000-0x0000000001CB0000-memory.dmp
memory/4392-178-0x0000000004BB0000-0x0000000004BE6000-memory.dmp
memory/4392-179-0x00000000072A0000-0x00000000078C8000-memory.dmp
memory/4392-185-0x00000000715A0000-0x0000000071C8E000-memory.dmp
memory/4392-186-0x00000000047F0000-0x0000000004800000-memory.dmp
memory/4392-187-0x00000000047F0000-0x0000000004800000-memory.dmp
memory/4392-191-0x0000000007930000-0x0000000007952000-memory.dmp
memory/4392-192-0x0000000007C70000-0x0000000007CD6000-memory.dmp
memory/4392-193-0x0000000007D10000-0x0000000007D76000-memory.dmp
memory/4392-195-0x0000000007D80000-0x00000000080D0000-memory.dmp
memory/3248-196-0x0000000003A10000-0x0000000003E0D000-memory.dmp
\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/4392-212-0x0000000006ED0000-0x0000000006EEC000-memory.dmp
memory/4392-214-0x0000000008230000-0x000000000827B000-memory.dmp
memory/1464-216-0x0000000000C20000-0x0000000001511000-memory.dmp
C:\Users\Admin\AppData\Roaming\ajccjhd
| MD5 | 91f8f6d9542afc52dd9f37e6eddf873d |
| SHA1 | 7688f5873d434e7d889764460962dedb312ca453 |
| SHA256 | 10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16 |
| SHA512 | a09b77178e2ae8a3836d640c9b1028c60857d971c3ed65ef736c6cd5360ef9b5ab2e039ef1929ce4fb9feb95975b740363b79b81916129a501c5f496d525759d |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4g5cmi04.nlr.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
memory/4392-248-0x00000000091D0000-0x000000000920C000-memory.dmp
memory/3248-255-0x0000000003F10000-0x00000000047FB000-memory.dmp
memory/4392-282-0x0000000009290000-0x0000000009306000-memory.dmp
memory/4316-285-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/4392-295-0x000000000A110000-0x000000000A143000-memory.dmp
memory/4392-296-0x000000006E130000-0x000000006E17B000-memory.dmp
memory/4392-297-0x000000006E490000-0x000000006E7E0000-memory.dmp
memory/3248-298-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/4392-299-0x0000000008200000-0x000000000821E000-memory.dmp
memory/4392-305-0x000000000A150000-0x000000000A1F5000-memory.dmp
memory/5112-306-0x0000000000CD0000-0x0000000000CD1000-memory.dmp
memory/4560-307-0x0000000002670000-0x0000000002770000-memory.dmp
memory/4560-308-0x0000000000400000-0x00000000022D2000-memory.dmp
memory/4392-309-0x000000000A350000-0x000000000A3E4000-memory.dmp
memory/4560-386-0x0000000000400000-0x00000000022D2000-memory.dmp
memory/4392-512-0x000000000A220000-0x000000000A23A000-memory.dmp
memory/4392-517-0x000000000A210000-0x000000000A218000-memory.dmp
memory/4392-537-0x00000000715A0000-0x0000000071C8E000-memory.dmp
memory/4392-539-0x00000000715A0000-0x0000000071C8E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 14a51bd9bcd50a7de4e4c7f3be243294 |
| SHA1 | 058b9962697644087087dd2c81f158a676ed044a |
| SHA256 | 66c2f28ee6d0c3bf54525c0ebb55c4c10f7065e5abf2555a3193c89405ad8e91 |
| SHA512 | 2c0556c494c4574aa52104a12f7ed5d73ff754f5b4d9b6613f95ca2a94592f6552103f7aad790f814076fbe619abc207501c507e900fd823454f406ad1b76f44 |
memory/3248-543-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/3372-545-0x0000000003C60000-0x0000000004066000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | 46b1068f4a605358281eafb05bf4f7ce |
| SHA1 | acdaf418f82cb4fdaa43c5e41c3c1381b14faa23 |
| SHA256 | df3c7e15390ddbf8b5a191788af6a5e3adaa25915deeecc34b664cc7b2f061ba |
| SHA512 | 3a1df0477ab7bfd322a2e382aa85c385017c7bf5435847344dd6a811f32d6a503da326453b89b81613ffa34257a7f765c71a2202bba89252f22e0b66d4bbbadb |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | d3dce443c0776c711a94c9cdc959d3cf |
| SHA1 | 3f4be766843daa8b66f74af0fbccef09a3356db0 |
| SHA256 | 9425a5ced97ed177f7e87c4a3eec027ea7a03dd93ecd05a570a76f4d4ea659cc |
| SHA512 | 3f45534add7ac0eb6dc6130f4a376bc9bd353f696d2702b18b72c5095b8c33a15defd490775fad3bdd6c59d27c8a7910995199540e366f7ad5e7125603e79a6f |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | db01a2c1c7e70b2b038edf8ad5ad9826 |
| SHA1 | 540217c647a73bad8d8a79e3a0f3998b5abd199b |
| SHA256 | 413da361d77055dae7007f82b58b366c8783aa72e0b8fbe41519b940c253b38d |
| SHA512 | c76ff57fcee5cdf9fdf3116d4e1dc0cf106867bf19ab474b763e242acf5dca9a7509cb837c35e130c3e056636b4e8a4e135512a978bcd3dd641e20f5bf76c3d6 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | c00f20ada2db7b973d7d5904fe9f0684 |
| SHA1 | 318fe1ba726eac1a0c6ab2b0e887eee339bb22bd |
| SHA256 | a1aced01d4c3f87b914896f0202c549da78d42f9557168d314830308180dee2f |
| SHA512 | 7ca4d1655c56a05c54c98d990250c764fb78995438afa6d99a7f9cda8f895210c8521d77499643eaf143f9349ca2affb04cf98d135642d6e27f0bc3b10de6c46 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | dec1b5b9dbf04b70a0bc69552c0f332b |
| SHA1 | 93467e418eb613a224dadff6bb6d7a547a626211 |
| SHA256 | 66d5c4d590524718f52e24c24409b16a579edf9654d532039a79f63c8feefdc8 |
| SHA512 | 6252b77b27080ac033553424c7cb1bda05502a7571f5cf90c5d0bd686cb5a81164e6fd4b13d8ec0430a10548f07f20ad5fb3cad207d5178bd6584658ee36200d |
C:\Windows\rss\csrss.exe
| MD5 | 0c7b8daa9b09bcdf947a020bf28c2f19 |
| SHA1 | 738f89f4da5256d14fe11394cf79e42060a7e98b |
| SHA256 | ff0c709f06a8850794f2501c7dc9ce4ffc75f1ab3039218952cd87a067d3d3ff |
| SHA512 | b069ef6d30a5afafc4b4e2632cb4f9da65e58dcedb66706921d85a6be97a024c1e786ec51299ba52668a65fe948d499609aa2b4978fb20738dd0b643d84cbcf6 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | b0a31bb8a1a65db4ec2e082688492516 |
| SHA1 | 6ab39dbafea5e32650e8515978bc72ec16652d19 |
| SHA256 | 8c13b7796995331b2ccb22871245fae1aa6b57d92ae0ef76ff80d2630ce3bcfd |
| SHA512 | bf52a31320f3a6b3d249d8d44bf85eba64ee4993af8777b3480a49c12c98079d51b527634cc800a89ae42d05e382f57642bd935c37b7ba5f0ef2a828cf569033 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | b05d4b6da68160a46cebe5356d5d4a00 |
| SHA1 | ac370a0f73b646f53596e6ad5111bb3aa2e41afc |
| SHA256 | 5f1491aec878733807ddf1c7eec1858b3941e338a0fdb91256c670c18b56a76c |
| SHA512 | 370cf7ceadc1fc7dc2034b0a14ce6a80c9a4a46dc65c2b0fa1cfe56834a85b61bea427a5faeab7aa16e11cc2291df2432660fa70963470277cc92b5ed230ba2c |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 56a7072c47a19d3a5277080c19372097 |
| SHA1 | ffe3708642fa0039fcd6d7c23dacc11ded713021 |
| SHA256 | 1fcd441f7e11d4df4fc7245a2273ba5cbee7180e6a2cd7d9613a93eb5eac12bc |
| SHA512 | aa4ceeac9e135aa7fbdbc8b7e6804ce2ec38f5dd87ca7c256b4ac3009108e8e9a9405918c0acf7171fda50d46d3c901ae22419cec49990a5aa15ac0f404cebda |
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
| MD5 | d98e33b66343e7c96158444127a117f6 |
| SHA1 | bb716c5509a2bf345c6c1152f6e3e1452d39d50d |
| SHA256 | 5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1 |
| SHA512 | 705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5 |
C:\Windows\windefender.exe
| MD5 | 3cee364c54a316d5e1640b0875636b19 |
| SHA1 | ac2ce8ed4fee293ce66517dd5d9e54d99336e07f |
| SHA256 | fed9f01b17df8d0a1d7442ffb96e95f9f88e7c25cb38fc8872722928cdcffd01 |
| SHA512 | b1bebf4644790af4651afd3b2d770c3e46370b4526f7220c3c4ab85224da0574f681daa94041737305d483b2ae73092b43f2881fbd4d6e1dfa124b688d9f1969 |
C:\Windows\windefender.exe
| MD5 | eac3c94e166a4ac3e7d3dbf26d505ebb |
| SHA1 | c231e723ad6077f9b6bd12c5e7bd3fd208f7fa45 |
| SHA256 | 662eb9030b85d481e53772eb13a1b747a62bc68a862e0e4ba90f4e6acb3fe124 |
| SHA512 | b5b0f2d3205ebf43593ae73318cc078b5eafed92be6c8d113cf0e7dbef9f84da759301393b9528ac7f11b2f82dd8a190ad5c2b9066c84afbc1c9fb775fcff1a0 |
C:\Windows\windefender.exe
| MD5 | 960af5b5ae4f82427666734c280f00e4 |
| SHA1 | a7e216ee29113acaec28eb4043fe3cf8b40c46b7 |
| SHA256 | 52311eaf67b77bad0abac58797dd0749cb544cea3001d9cd37804c314149bd85 |
| SHA512 | e6f94ea6a74343bccb9e5bad99d9d500f18565806dc146bd04fa9839bafbec431d8c27da650bd4bbed2fd58ba4260cec02dbc032b7d6a989e25ae6c98697465d |