Malware Analysis Report

2024-11-30 04:58

Sample ID 240229-ffdsjsdg44
Target 10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16
SHA256 10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16
Tags
dcrat glupteba smokeloader pub1 backdoor bootkit discovery dropper infostealer loader persistence rat spyware stealer trojan upx lumma evasion rootkit
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16

Threat Level: Known bad

The file 10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16 was found to be: Known bad.

Malicious Activity Summary

dcrat glupteba smokeloader pub1 backdoor bootkit discovery dropper infostealer loader persistence rat spyware stealer trojan upx lumma evasion rootkit

Glupteba

Glupteba payload

SmokeLoader

Windows security bypass

Pitou

Lumma Stealer

DcRat

Modifies Windows Firewall

Contacts a large (779) amount of remote hosts

Downloads MZ/PE file

Executes dropped EXE

Reads data files stored by FTP clients

Deletes itself

Windows security modification

Reads user/profile data of web browsers

Loads dropped DLL

UPX packed file

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Manipulates WinMonFS driver.

Writes to the Master Boot Record (MBR)

Suspicious use of SetThreadContext

Drops file in System32 directory

Launches sc.exe

Drops file in Windows directory

Checks for VirtualBox DLLs, possible anti-VM trick

Program crash

Unsigned PE

Enumerates physical storage devices

Uses Task Scheduler COM API

Suspicious behavior: MapViewOfSection

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious behavior: GetForegroundWindowSpam

Checks SCSI registry key(s)

Creates scheduled task(s)

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-29 04:48

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-29 04:48

Reported

2024-02-29 04:53

Platform

win7-20240221-en

Max time kernel

96s

Max time network

312s

Command Line

"C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe"

Signatures

DcRat

rat infostealer dcrat

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Pitou

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Downloads MZ/PE file

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\C16B.exe N/A

Checks installed software on the system

discovery

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\AppData\Local\Temp\E2E3.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2532 set thread context of 2512 N/A C:\Users\Admin\AppData\Local\Temp\C16B.exe C:\Users\Admin\AppData\Local\Temp\C16B.exe

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\D922.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\1357.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\1357.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\1357.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\u23w.0.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\u23w.0.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\u23w.1.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1280 wrote to memory of 2532 N/A N/A C:\Users\Admin\AppData\Local\Temp\C16B.exe
PID 1280 wrote to memory of 2532 N/A N/A C:\Users\Admin\AppData\Local\Temp\C16B.exe
PID 1280 wrote to memory of 2532 N/A N/A C:\Users\Admin\AppData\Local\Temp\C16B.exe
PID 1280 wrote to memory of 2532 N/A N/A C:\Users\Admin\AppData\Local\Temp\C16B.exe
PID 2532 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\C16B.exe C:\Users\Admin\AppData\Local\Temp\C16B.exe
PID 2532 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\C16B.exe C:\Users\Admin\AppData\Local\Temp\C16B.exe
PID 2532 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\C16B.exe C:\Users\Admin\AppData\Local\Temp\C16B.exe
PID 2532 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\C16B.exe C:\Users\Admin\AppData\Local\Temp\C16B.exe
PID 2532 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\C16B.exe C:\Users\Admin\AppData\Local\Temp\C16B.exe
PID 2532 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\C16B.exe C:\Users\Admin\AppData\Local\Temp\C16B.exe
PID 2532 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\C16B.exe C:\Users\Admin\AppData\Local\Temp\C16B.exe
PID 2532 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\C16B.exe C:\Users\Admin\AppData\Local\Temp\C16B.exe
PID 2532 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\C16B.exe C:\Users\Admin\AppData\Local\Temp\C16B.exe
PID 1280 wrote to memory of 2692 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1280 wrote to memory of 2692 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1280 wrote to memory of 2692 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1280 wrote to memory of 2692 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1280 wrote to memory of 2692 N/A N/A C:\Windows\system32\regsvr32.exe
PID 2692 wrote to memory of 2880 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2692 wrote to memory of 2880 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2692 wrote to memory of 2880 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2692 wrote to memory of 2880 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2692 wrote to memory of 2880 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2692 wrote to memory of 2880 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2692 wrote to memory of 2880 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1280 wrote to memory of 2428 N/A N/A C:\Users\Admin\AppData\Local\Temp\D922.exe
PID 1280 wrote to memory of 2428 N/A N/A C:\Users\Admin\AppData\Local\Temp\D922.exe
PID 1280 wrote to memory of 2428 N/A N/A C:\Users\Admin\AppData\Local\Temp\D922.exe
PID 1280 wrote to memory of 2428 N/A N/A C:\Users\Admin\AppData\Local\Temp\D922.exe
PID 1280 wrote to memory of 2884 N/A N/A C:\Users\Admin\AppData\Local\Temp\E2E3.exe
PID 1280 wrote to memory of 2884 N/A N/A C:\Users\Admin\AppData\Local\Temp\E2E3.exe
PID 1280 wrote to memory of 2884 N/A N/A C:\Users\Admin\AppData\Local\Temp\E2E3.exe
PID 1280 wrote to memory of 2884 N/A N/A C:\Users\Admin\AppData\Local\Temp\E2E3.exe
PID 1280 wrote to memory of 1532 N/A N/A C:\Users\Admin\AppData\Local\Temp\FA2B.exe
PID 1280 wrote to memory of 1532 N/A N/A C:\Users\Admin\AppData\Local\Temp\FA2B.exe
PID 1280 wrote to memory of 1532 N/A N/A C:\Users\Admin\AppData\Local\Temp\FA2B.exe
PID 1280 wrote to memory of 1532 N/A N/A C:\Users\Admin\AppData\Local\Temp\FA2B.exe
PID 2428 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\D922.exe C:\Windows\SysWOW64\WerFault.exe
PID 2428 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\D922.exe C:\Windows\SysWOW64\WerFault.exe
PID 2428 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\D922.exe C:\Windows\SysWOW64\WerFault.exe
PID 2428 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\D922.exe C:\Windows\SysWOW64\WerFault.exe
PID 1280 wrote to memory of 840 N/A N/A C:\Users\Admin\AppData\Local\Temp\1357.exe
PID 1280 wrote to memory of 840 N/A N/A C:\Users\Admin\AppData\Local\Temp\1357.exe
PID 1280 wrote to memory of 840 N/A N/A C:\Users\Admin\AppData\Local\Temp\1357.exe
PID 1280 wrote to memory of 840 N/A N/A C:\Users\Admin\AppData\Local\Temp\1357.exe
PID 1532 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\FA2B.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 1532 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\FA2B.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 1532 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\FA2B.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 1532 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\FA2B.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 1532 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\FA2B.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 1532 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\FA2B.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 1532 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\FA2B.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 1532 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\FA2B.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 1532 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\FA2B.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 1532 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\FA2B.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 1532 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\FA2B.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 2732 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u23w.0.exe
PID 2732 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u23w.0.exe
PID 2732 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u23w.0.exe
PID 2732 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u23w.0.exe
PID 2732 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u23w.1.exe
PID 2732 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u23w.1.exe
PID 2732 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u23w.1.exe
PID 2732 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u23w.1.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe

"C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe"

C:\Users\Admin\AppData\Local\Temp\C16B.exe

C:\Users\Admin\AppData\Local\Temp\C16B.exe

C:\Users\Admin\AppData\Local\Temp\C16B.exe

C:\Users\Admin\AppData\Local\Temp\C16B.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\C9C6.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\C9C6.dll

C:\Users\Admin\AppData\Local\Temp\D922.exe

C:\Users\Admin\AppData\Local\Temp\D922.exe

C:\Users\Admin\AppData\Local\Temp\E2E3.exe

C:\Users\Admin\AppData\Local\Temp\E2E3.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 124

C:\Users\Admin\AppData\Local\Temp\FA2B.exe

C:\Users\Admin\AppData\Local\Temp\FA2B.exe

C:\Users\Admin\AppData\Local\Temp\1357.exe

C:\Users\Admin\AppData\Local\Temp\1357.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Users\Admin\AppData\Local\Temp\u23w.0.exe

"C:\Users\Admin\AppData\Local\Temp\u23w.0.exe"

C:\Users\Admin\AppData\Local\Temp\u23w.1.exe

"C:\Users\Admin\AppData\Local\Temp\u23w.1.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F

C:\Windows\system32\taskeng.exe

taskeng.exe {A682DF57-8FB0-471A-A41E-7C3FCB4A3F2C} S-1-5-21-2461186416-2307104501-1787948496-1000:MGILJUBR\Admin:Interactive:[1]

C:\Windows\system32\makecab.exe

"C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20240229045009.log C:\Windows\Logs\CBS\CbsPersist_20240229045009.cab

C:\Users\Admin\AppData\Roaming\sruhref

C:\Users\Admin\AppData\Roaming\sruhref

Network

Country Destination Domain Proto
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 trmpc.com udp
PA 200.46.202.73:80 trmpc.com tcp
N/A 127.0.0.1:49298 tcp
FR 163.172.68.222:9001 tcp
AT 109.70.100.29:443 tcp
NO 88.88.79.90:80 tcp
US 8.8.8.8:53 joly.bestsup.su udp
US 172.67.171.112:80 joly.bestsup.su tcp
DE 185.172.128.90:80 185.172.128.90 tcp
DE 173.249.63.227:9001 tcp
DE 185.172.128.127:80 185.172.128.127 tcp
DE 185.172.128.127:80 185.172.128.127 tcp
DE 185.172.128.109:80 185.172.128.109 tcp
DE 131.188.40.189:443 tcp
LU 104.244.72.91:9001 tcp
DE 144.76.200.80:9001 tcp
DE 185.172.128.145:80 185.172.128.145 tcp
DE 144.76.200.80:9001 tcp
LU 104.244.72.91:9001 tcp
N/A 127.0.0.1:18513 tcp
N/A 127.0.0.1:18513 tcp
N/A 127.0.0.1:18513 tcp
N/A 127.0.0.1:18513 tcp
N/A 127.0.0.1:18513 tcp
N/A 127.0.0.1:49515 tcp
US 8.8.8.8:53 varealtyprofessionals.com udp
US 8.8.8.8:53 sigcomt.com udp
N/A 127.0.0.1:49520 tcp
N/A 127.0.0.1:49526 tcp
N/A 127.0.0.1:49528 tcp
N/A 127.0.0.1:49536 tcp
N/A 127.0.0.1:49540 tcp
N/A 127.0.0.1:49542 tcp
N/A 127.0.0.1:49546 tcp
N/A 127.0.0.1:49550 tcp
N/A 127.0.0.1:49554 tcp
N/A 127.0.0.1:49560 tcp
N/A 127.0.0.1:49566 tcp
N/A 127.0.0.1:49569 tcp
N/A 127.0.0.1:49571 tcp
N/A 127.0.0.1:49575 tcp
N/A 127.0.0.1:49583 tcp
N/A 127.0.0.1:49592 tcp
N/A 127.0.0.1:49595 tcp
N/A 127.0.0.1:49599 tcp
N/A 127.0.0.1:49602 tcp
US 8.8.8.8:53 proinv.com.com udp
US 8.8.8.8:53 edulena.com udp
US 8.8.8.8:53 putsbox.com udp
US 8.8.8.8:53 sigcomt.com udp
US 8.8.8.8:53 proinv.com.com udp
US 8.8.8.8:53 vietmaslow.com udp
US 8.8.8.8:53 posta.istruzione.it udp
US 8.8.8.8:53 varealtyprofessionals.com udp
US 8.8.8.8:53 edulena.com udp
US 8.8.8.8:53 edulena.com udp
US 8.8.8.8:53 proinv.com.com udp
US 8.8.8.8:53 putsbox.com udp
US 8.8.8.8:53 vietmaslow.com udp
US 8.8.8.8:53 putsbox.com udp
US 8.8.8.8:53 posta.istruzione.it udp
US 8.8.8.8:53 hotmok.com udp
US 8.8.8.8:53 isueir.com udp
US 8.8.8.8:53 hotmok.com udp
US 8.8.8.8:53 alt4.aspmx.l.google.com udp
US 8.8.8.8:53 alt4.aspmx.l.google.com udp
US 8.8.8.8:53 isueir.com udp
N/A 127.0.0.1:49606 tcp
N/A 127.0.0.1:49610 tcp
N/A 127.0.0.1:49613 tcp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 pmg.sigcomt.com udp
US 8.8.8.8:53 mx.sendgrid.net udp
US 8.8.8.8:53 mx203.inbound-mx.net udp
US 8.8.8.8:53 mx.mail-data.net udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
N/A 127.0.0.1:49618 tcp
US 8.8.8.8:53 tactar.com udp
US 8.8.8.8:53 tactar.com udp
US 8.8.8.8:53 em4.rejecthost.com udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 imaja.co udp
US 8.8.8.8:53 davincidigital.co udp
US 8.8.8.8:53 imaja.co udp
US 8.8.8.8:53 davincidigital.co udp
US 8.8.8.8:53 easymc.com udp
US 8.8.8.8:53 easymc.com udp
US 8.8.8.8:53 guidelia.site udp
US 8.8.8.8:53 guidelia.site udp
US 8.8.8.8:53 dolce.fr udp
US 8.8.8.8:53 ispaedu.com udp
US 8.8.8.8:53 dolce.fr udp
US 8.8.8.8:53 guidelia.site udp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 emea.nttdata.com udp
US 8.8.8.8:53 ispaedu.com udp
US 8.8.8.8:53 aspmx.l.google.com udp
FR 5.135.3.114:22 dolce.fr tcp
US 143.244.202.96:465 mx.mail-data.net tcp
US 8.8.8.8:53 hauptstadt-it.de udp
US 143.244.202.96:143 mx.mail-data.net tcp
US 34.193.204.92:443 davincidigital.co tcp
US 143.244.202.96:995 mx.mail-data.net tcp
US 172.67.191.120:21 easymc.com tcp
US 172.67.191.120:443 easymc.com tcp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
FR 54.36.91.62:22 ispaedu.com tcp
FR 5.135.3.114:21 dolce.fr tcp
US 104.21.65.185:21 easymc.com tcp
FR 5.135.3.114:443 dolce.fr tcp
US 8.8.8.8:53 hauptstadt-it.de udp
FR 54.36.91.62:21 ispaedu.com tcp
BE 66.102.1.26:143 aspmx.l.google.com tcp
DE 46.38.249.174:22 hauptstadt-it.de tcp
US 8.8.8.8:53 subredsuroccidente.gov.co udp
US 8.8.8.8:53 easymc-com.mail.protection.outlook.com udp
US 8.8.8.8:53 emea.nttdata.com udp
US 8.8.8.8:53 superblohey.com udp
US 8.8.8.8:53 alcorconsultinginc.com udp
US 34.193.204.92:80 davincidigital.co tcp
BE 66.102.1.26:465 aspmx.l.google.com tcp
FR 54.36.91.62:443 ispaedu.com tcp
DE 46.38.249.174:21 hauptstadt-it.de tcp
GB 213.198.51.18:22 emea.nttdata.com tcp
N/A 127.0.0.1:49621 tcp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 subredsuroccidente.gov.co udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 superblohey.com udp
US 8.8.8.8:53 subredsuroccidente.gov.co udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 mx2.mail.ovh.net udp
US 8.8.8.8:53 aloebotondeoro.com udp
US 8.8.8.8:53 vadim.in.tmes.trendmicro.eu udp
US 8.8.8.8:53 alcorconsultinginc.com udp
US 8.8.8.8:53 vadim.in.tmes.trendmicro.eu udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 aloebotondeoro.com udp
US 8.8.8.8:53 gla.om udp
US 8.8.8.8:53 psaxtiri.com udp
US 8.8.8.8:53 bs-klimop.be udp
US 8.8.8.8:53 mxa-004dc302.gslb.pphosted.com udp
US 8.8.8.8:53 psaxtiri.com udp
US 8.8.8.8:53 ftp.posta.istruzione.it udp
US 8.8.8.8:53 bs-klimop.be udp
US 8.8.8.8:53 gla.om udp
US 8.8.8.8:53 hauptstadtit-de02e.mail.protection.outlook.com udp
US 8.8.8.8:53 www.davincidigital.co udp
US 8.8.8.8:53 aloebotondeoro.com udp
US 8.8.8.8:53 www.dolce.fr udp
NL 185.183.30.93:143 mxa-004dc302.gslb.pphosted.com tcp
N/A 127.0.0.1:49626 tcp
N/A 127.0.0.1:49628 tcp
US 172.67.191.120:80 easymc.com tcp
US 8.8.8.8:53 soupletube.com udp
US 8.8.8.8:53 9bros.io udp
FR 5.135.3.114:80 dolce.fr tcp
FR 54.36.91.62:80 ispaedu.com tcp
GB 213.198.51.18:80 emea.nttdata.com tcp
FR 5.135.3.114:21 dolce.fr tcp
IE 34.249.200.254:443 www.davincidigital.co tcp
FR 54.36.91.62:22 ispaedu.com tcp
BE 185.3.216.209:21 bs-klimop.be tcp
US 8.8.8.8:53 soupletube.com udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 subredsuroccidente-gov-co.mail.protection.outlook.com udp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 west.smtp.mx.exch083.serverdata.net udp
US 8.8.8.8:53 park-mx.above.com udp
US 8.8.8.8:53 outlook.salis.com.tr udp
US 8.8.8.8:53 lbull.fr udp
US 8.8.8.8:53 easymc-com.mail.protection.outlook.com udp
US 8.8.8.8:53 9bros.io udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 outlook.salis.com.tr udp
US 8.8.8.8:53 reproconcept69.onmicrosoft.com udp
US 8.8.8.8:53 reproconcept69.onmicrosoft.com udp
US 8.8.8.8:53 hauptstadt-it.de udp
N/A 127.0.0.1:49638 tcp
DE 46.38.249.174:80 hauptstadt-it.de tcp
CO 201.245.188.172:80 subredsuroccidente.gov.co tcp
DE 46.38.249.174:80 hauptstadt-it.de tcp
US 8.8.8.8:53 outlook.cocanl.nc udp
BE 66.102.1.26:995 aspmx.l.google.com tcp
N/A 127.0.0.1:49640 tcp
N/A 127.0.0.1:49647 tcp
N/A 127.0.0.1:49653 tcp
N/A 127.0.0.1:49656 tcp
N/A 127.0.0.1:49658 tcp
N/A 127.0.0.1:49661 tcp
N/A 127.0.0.1:49663 tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
US 8.8.8.8:53 subredsuroccidente-gov-co.mail.protection.outlook.com udp
US 8.8.8.8:53 lbull.fr udp
US 8.8.8.8:53 3bf.comd udp
US 8.8.8.8:53 gmailfree.fr udp
US 8.8.8.8:53 inteduce.com.pl udp
US 8.8.8.8:53 pe.amcoedu.org udp
US 8.8.8.8:53 easymc-com.mail.protection.outlook.com udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 9bros-io.mail.protection.outlook.com udp
US 8.8.8.8:53 hauptstadtit-de02e.mail.protection.outlook.com udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 skonare3.onmicrosoft.com udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 172.67.191.120:80 easymc.com tcp
US 50.63.9.28:80 alcorconsultinginc.com tcp
US 8.8.8.8:53 3bf.comd udp
N/A 127.0.0.1:49667 tcp
N/A 127.0.0.1:49673 tcp
US 8.8.8.8:53 outlook.cocanl.nc udp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 reproconcept69.mail.protection.outlook.com udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 outlook.cocanl.nc udp
US 8.8.8.8:53 reproconcept69.mail.protection.outlook.com udp
US 8.8.8.8:53 gmailfree.fr udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 inteduce.com.pl udp
US 8.8.8.8:53 ftp.edulena.com udp
US 8.8.8.8:53 skonare3.onmicrosoft.com udp
US 8.8.8.8:53 pe.amcoedu.org udp
US 8.8.8.8:53 g.eg udp
US 8.8.8.8:53 vulcanite.com udp
US 8.8.8.8:53 g.eg udp
FR 51.254.108.50:443 www.dolce.fr tcp
US 8.8.8.8:53 vulcanite.com udp
US 8.8.8.8:53 yspate.fr udp
SG 191.101.230.200:80 9bros.io tcp
US 103.224.212.212:80 superblohey.com tcp
US 34.193.204.92:80 davincidigital.co tcp
BE 185.3.216.209:80 bs-klimop.be tcp
DE 46.38.249.174:443 hauptstadt-it.de tcp
GB 213.198.51.18:80 emea.nttdata.com tcp
FR 54.36.91.62:80 ispaedu.com tcp
US 8.8.8.8:53 guiasprepago.com udp
FR 51.254.108.50:443 www.dolce.fr tcp
N/A 127.0.0.1:49678 tcp
N/A 127.0.0.1:49680 tcp
CO 201.245.188.172:80 subredsuroccidente.gov.co tcp
US 8.8.8.8:53 yspate.fr udp
US 8.8.8.8:53 mxa-004dc302.gslb.pphosted.com udp
US 8.8.8.8:53 nicecc.pw udp
US 8.8.8.8:53 ssh.posta.istruzione.it udp
US 8.8.8.8:53 guiasprepago.com udp
US 8.8.8.8:53 subredsuroccidente-gov-co.mail.protection.outlook.com udp
US 8.8.8.8:53 hauptstadtit-de02e.mail.protection.outlook.com udp
US 8.8.8.8:53 skonare3.mail.protection.outlook.com udp
US 8.8.8.8:53 easymc-com.mail.protection.outlook.com udp
US 172.67.191.120:80 easymc.com tcp
US 50.63.9.28:80 alcorconsultinginc.com tcp
US 8.8.8.8:53 mx2.mail.ovh.net udp
US 8.8.8.8:53 9bros-io.mail.protection.outlook.com udp
US 8.8.8.8:53 ftp.vietmaslow.com udp
US 8.8.8.8:53 mail.posta.istruzione.it udp
US 8.8.8.8:53 ftp.hotmok.com udp
N/A 127.0.0.1:49683 tcp
N/A 127.0.0.1:49686 tcp
N/A 127.0.0.1:49689 tcp
N/A 127.0.0.1:49692 tcp
N/A 127.0.0.1:49695 tcp
N/A 127.0.0.1:49697 tcp
N/A 127.0.0.1:49702 tcp
N/A 127.0.0.1:49704 tcp
N/A 127.0.0.1:49709 tcp
N/A 127.0.0.1:49713 tcp
N/A 127.0.0.1:49716 tcp
IE 34.249.200.254:443 www.davincidigital.co tcp
US 8.8.8.8:53 ftp.isueir.com udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
IE 34.249.200.254:443 www.davincidigital.co tcp
US 8.8.8.8:53 mail.vietmaslow.com udp
US 8.8.8.8:53 vulcanite-com.mail.protection.outlook.com udp
US 8.8.8.8:53 faithpos.com udp
BE 185.3.216.209:80 bs-klimop.be tcp
BE 185.3.216.209:443 bs-klimop.be tcp
US 8.8.8.8:53 huvacliq.ck udp
US 8.8.8.8:53 myfiforlif.com udp
US 8.8.8.8:53 febi.it udp
US 8.8.8.8:53 uorak.com udp
US 8.8.8.8:53 mertboru.com.tr udp
N/A 127.0.0.1:49720 tcp
US 8.8.8.8:53 alumno.msev.gob.mx udp
US 8.8.8.8:53 upds.net.bo udp
US 8.8.8.8:53 office365.sut.ac.th udp
US 8.8.8.8:53 kixotl.com udp
US 8.8.8.8:53 stoppelmanexcavating.com udp
N/A 127.0.0.1:49722 tcp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 ww25.superblohey.com udp
US 8.8.8.8:53 skonare3.mail.protection.outlook.com udp
US 8.8.8.8:53 nicecc.pw udp
US 8.8.8.8:53 easymc-com.mail.protection.outlook.com udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 reproconcept69.mail.protection.outlook.com udp
US 8.8.8.8:53 subredsuroccidente-gov-co.mail.protection.outlook.com udp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 gmail.lf.org.uk udp
US 8.8.8.8:53 myfiforlif.com udp
US 8.8.8.8:53 ftp.team.sman1lmj.sch.id udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 huvacliq.ck udp
US 8.8.8.8:53 mail.guiasprepago.com udp
US 8.8.8.8:53 faithpos.com udp
US 8.8.8.8:53 febi.it udp
US 8.8.8.8:53 allegorie.group udp
US 8.8.8.8:53 ftp.easymc.com udp
US 8.8.8.8:53 uorak.com udp
US 8.8.8.8:53 hauptstadtit-de02e.mail.protection.outlook.com udp
US 8.8.8.8:53 alumno.msev.gob.mx udp
US 8.8.8.8:53 mertboru.com.tr udp
US 8.8.8.8:53 office365.sut.ac.th udp
US 8.8.8.8:53 kixotl.com udp
US 8.8.8.8:53 upds.net.bo udp
US 8.8.8.8:53 gmasseguros.com udp
US 8.8.8.8:53 avenir.fr udp
US 8.8.8.8:53 ftp.dolce.fr udp
US 8.8.8.8:53 ftp.ispaedu.com udp
US 8.8.8.8:53 stoppelmanexcavating.com udp
US 8.8.8.8:53 stoppelmanexcavating.com udp
US 8.8.8.8:53 9bros-io.mail.protection.outlook.com udp
US 8.8.8.8:53 allegorie.group udp
US 8.8.8.8:53 gmail.lf.org.uk udp
US 8.8.8.8:53 9bros-io.mail.protection.outlook.com udp
US 8.8.8.8:53 gmail.lf.org.uk udp
US 8.8.8.8:53 avenir.fr udp
DE 46.38.249.174:80 hauptstadt-it.de tcp
N/A 127.0.0.1:49732 tcp
US 185.230.63.107:80 guiasprepago.com tcp
US 165.160.15.20:80 vulcanite.com tcp
US 199.127.60.238:80 nicecc.pw tcp
SG 191.101.230.200:80 9bros.io tcp
US 103.224.212.212:80 superblohey.com tcp
FR 54.36.91.62:80 ftp.ispaedu.com tcp
US 8.8.8.8:53 easymc-com.mail.protection.outlook.com udp
US 172.67.191.120:80 easymc.com tcp
BE 185.3.216.209:80 bs-klimop.be tcp
US 34.193.204.92:80 davincidigital.co tcp
US 199.127.60.238:80 nicecc.pw tcp
US 8.8.8.8:53 gmasseguros.com udp
N/A 127.0.0.1:49738 tcp
US 8.8.8.8:53 gmailnline.de udp
US 8.8.8.8:53 premiercricket.live udp
US 8.8.8.8:53 searpen.com udp
US 8.8.8.8:53 ensign.edu.gh udp
N/A 127.0.0.1:49742 tcp
N/A 127.0.0.1:49745 tcp
N/A 127.0.0.1:49750 tcp
N/A 127.0.0.1:49756 tcp
N/A 127.0.0.1:49759 tcp
N/A 127.0.0.1:49766 tcp
N/A 127.0.0.1:49768 tcp
N/A 127.0.0.1:49770 tcp
US 8.8.8.8:53 gmail.ccionpatrimonial.net udp
US 8.8.8.8:53 vulcanite-com.mail.protection.outlook.com udp
US 8.8.8.8:53 vadim.in.tmes.trendmicro.eu udp
US 8.8.8.8:53 gmailnline.de udp
US 8.8.8.8:53 ftp.guidelia.site udp
US 8.8.8.8:53 mail.faithpos.com udp
US 8.8.8.8:53 9bros-io.mail.protection.outlook.com udp
US 8.8.8.8:53 mail.hotmok.com udp
US 8.8.8.8:53 upds-net-bo.mail.protection.outlook.com udp
US 8.8.8.8:53 mx.turkticaret.net udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 premiercricket.live udp
US 8.8.8.8:53 office365-sut-ac-th.mail.protection.outlook.com udp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 reproconcept69.mail.protection.outlook.com udp
US 8.8.8.8:53 hauptstadtit-de02e.mail.protection.outlook.com udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 easymc-com.mail.protection.outlook.com udp
US 8.8.8.8:53 skonare3.mail.protection.outlook.com udp
US 8.8.8.8:53 alumno-msev-gob-mx.mail.protection.outlook.com udp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 mx.febi.it udp
US 8.8.8.8:53 mxa-004dc302.gslb.pphosted.com udp
US 185.230.63.107:80 guiasprepago.com tcp
US 216.239.36.21:80 varealtyprofessionals.com tcp
N/A 127.0.0.1:49776 tcp
N/A 127.0.0.1:49778 tcp
N/A 127.0.0.1:49782 tcp
US 199.59.243.225:80 ww25.superblohey.com tcp
IN 68.178.145.219:80 mail.faithpos.com tcp
GB 213.198.51.18:80 emea.nttdata.com tcp
TR 31.186.11.105:80 mertboru.com.tr tcp
CO 201.245.188.172:80 subredsuroccidente.gov.co tcp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 ftp.subredsuroccidente.gov.co udp
US 8.8.8.8:53 alumno-msev-gob-mx.mail.protection.outlook.com udp
IN 68.178.145.219:80 mail.faithpos.com tcp
N/A 127.0.0.1:49785 tcp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 ssh.edulena.com udp
US 8.8.8.8:53 ftp.alcorconsultinginc.com udp
US 8.8.8.8:53 ftp.9bros.io udp
US 8.8.8.8:53 ftp.aloebotondeoro.com udp
FR 5.135.3.114:80 dolce.fr tcp
US 3.228.97.49:80 uorak.com tcp
IT 62.149.128.166:80 mx.febi.it tcp
HK 65.55.88.202:80 office365.sut.ac.th tcp
GB 213.198.51.18:80 emea.nttdata.com tcp
US 8.8.8.8:53 usacivil.com udp
N/A 127.0.0.1:49790 tcp
N/A 127.0.0.1:49795 tcp
N/A 127.0.0.1:49797 tcp
US 8.8.8.8:53 kuljetusturva.fi udp
N/A 127.0.0.1:49799 tcp
US 8.8.8.8:53 secomecuador.onmicrosoft.com udp
US 8.8.8.8:53 easymc-com.mail.protection.outlook.com udp
US 8.8.8.8:53 ftp.imaja.co udp
US 8.8.8.8:53 ftp.superblohey.com udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 mxb-004dc302.gslb.pphosted.com udp
US 8.8.8.8:53 subredsuroccidente-gov-co.mail.protection.outlook.com udp
US 8.8.8.8:53 office365-sut-ac-th.mail.protection.outlook.com udp
N/A 127.0.0.1:49803 tcp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 mxa-00114401.gslb.pphosted.com udp
US 8.8.8.8:53 searpen.com udp
US 8.8.8.8:53 themillenniumschoolsurat.org udp
KR 65.55.88.10:80 office365.sut.ac.th tcp
US 199.127.60.238:80 nicecc.pw tcp
US 8.8.8.8:53 mx2.mail.ovh.net udp
US 8.8.8.8:53 ftp.team.sman1lmj.sch.id udp
DE 3.64.163.50:80 gmail.lf.org.uk tcp
MX 189.203.73.30:80 alumno.msev.gob.mx tcp
MX 189.203.73.30:80 alumno.msev.gob.mx tcp
BE 185.3.216.209:80 bs-klimop.be tcp
FR 54.36.91.62:443 ftp.ispaedu.com tcp
HK 65.55.88.202:80 office365.sut.ac.th tcp
CO 201.245.188.172:80 subredsuroccidente.gov.co tcp
US 8.8.8.8:53 mx1.mail.ovh.net udp
US 199.127.60.238:80 nicecc.pw tcp
US 172.67.191.120:80 easymc.com tcp
US 8.8.8.8:53 ssh.vietmaslow.com udp
US 8.8.8.8:53 ftp.tactar.com udp
US 8.8.8.8:53 9bros-io.mail.protection.outlook.com udp
US 8.8.8.8:53 9bros-io.mail.protection.outlook.com udp
US 8.8.8.8:53 ftp.bs-klimop.be udp
US 8.8.8.8:53 skonare3.mail.protection.outlook.com udp
US 8.8.8.8:53 vulcanite.com.au udp
US 8.8.8.8:53 arensus.om udp
US 8.8.8.8:53 ruhrmedia.de udp
US 8.8.8.8:53 fostco.com udp
US 8.8.8.8:53 gmail.poste.net udp
US 8.8.8.8:53 vikasmassey.org udp
US 8.8.8.8:53 otc-corse.fr udp
US 8.8.8.8:53 betomateriais.com.br udp
US 8.8.8.8:53 ensign.edu.gh udp
US 8.8.8.8:53 gmail.ccionpatrimonial.net udp
US 8.8.8.8:53 mailinator.comgmail.com udp
US 8.8.8.8:53 gmail.coir.net udp
US 8.8.8.8:53 ftp.emea.nttdata.com udp
US 8.8.8.8:53 www.davincidigital.co udp
US 8.8.8.8:53 alumno-msev-gob-mx.mail.protection.outlook.com udp
US 8.8.8.8:53 hauptstadtit-de02e.mail.protection.outlook.com udp
US 8.8.8.8:53 mail.imaja.co udp
US 8.8.8.8:53 usacivil.com udp
US 8.8.8.8:53 upds-net-bo.mail.protection.outlook.com udp
US 8.8.8.8:53 secomecuador.onmicrosoft.com udp
US 8.8.8.8:53 kuljetusturva.fi udp
US 8.8.8.8:53 pussport.com udp
US 8.8.8.8:53 desertsundesigns.com udp
US 8.8.8.8:53 perfect.productions udp
US 8.8.8.8:53 sp.raszkow.pl udp
US 8.8.8.8:53 8knk.com udp
US 8.8.8.8:53 live.comgmail.com udp
US 8.8.8.8:53 admin.sd.belajar.id udp
US 8.8.8.8:53 bendigotruss.com.au udp
US 8.8.8.8:53 arensus.om udp
US 8.8.8.8:53 arensus.om udp
US 8.8.8.8:53 ruhrmedia.de udp
US 8.8.8.8:53 themillenniumschoolsurat.org udp
US 8.8.8.8:53 vulcanite-com.mail.protection.outlook.com udp
US 8.8.8.8:53 fostco.com udp
US 8.8.8.8:53 easymc-com.mail.protection.outlook.com udp
US 8.8.8.8:53 office365-sut-ac-th.mail.protection.outlook.com udp
US 8.8.8.8:53 www.lauramcguirerealestate.com udp
US 8.8.8.8:53 ftp.soupletube.com udp
US 8.8.8.8:53 subredsuroccidente-gov-co.mail.protection.outlook.com udp
US 8.8.8.8:53 ssh.isueir.com udp
US 35.208.231.179:80 upds.net.bo tcp
US 8.8.8.8:53 ssh.tactar.com udp
US 8.8.8.8:53 mail.team.sman1lmj.sch.id udp
US 165.160.15.20:80 vulcanite.com tcp
SG 191.101.230.200:80 ftp.9bros.io tcp
US 8.8.8.8:53 mxa-004dc302.gslb.pphosted.com udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 ssh.hotmok.com udp
US 8.8.8.8:53 mxa-004dc302.gslb.pphosted.com udp
US 8.8.8.8:53 gmail.poste.net udp
US 8.8.8.8:53 east.smtp.mx.exch083.serverdata.net udp
US 8.8.8.8:53 reproconcept69.mail.protection.outlook.com udp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 ssh.dolce.fr udp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 hauptstadt-it.de udp
DE 217.160.0.87:80 allegorie.group tcp
N/A 127.0.0.1:49812 tcp
N/A 127.0.0.1:49818 tcp
N/A 127.0.0.1:49820 tcp
N/A 127.0.0.1:49831 tcp
N/A 127.0.0.1:49833 tcp
N/A 127.0.0.1:49835 tcp
N/A 127.0.0.1:49839 tcp
N/A 127.0.0.1:49846 tcp
KR 65.55.88.10:80 office365.sut.ac.th tcp
US 8.8.8.8:53 otc-corse.fr udp
TR 31.186.11.105:80 mertboru.com.tr tcp
N/A 127.0.0.1:49852 tcp
US 103.224.212.212:80 ftp.superblohey.com tcp
US 8.8.8.8:53 www.febi.it udp
US 8.8.8.8:53 vikasmassey.org udp
US 8.8.8.8:53 alumno-msev-gob-mx.mail.protection.outlook.com udp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 reproconcept69.mail.protection.outlook.com udp
US 8.8.8.8:53 skonare3.mail.protection.outlook.com udp
US 8.8.8.8:53 betomateriais.com.br udp
US 8.8.8.8:53 betomateriais.com.br udp
US 8.8.8.8:53 mailinator.comgmail.com udp
TR 31.186.11.105:80 mertboru.com.tr tcp
US 199.79.62.121:80 ensign.edu.gh tcp
US 8.8.8.8:53 gmail.coir.net udp
US 8.8.8.8:53 ftp.psaxtiri.com udp
US 8.8.8.8:53 gmail.coir.net udp
US 8.8.8.8:53 gmail.coir.net udp
US 8.8.8.8:53 rjsmithcos.in.tmes.trendmicro.com udp
US 8.8.8.8:53 pussport.com udp
US 8.8.8.8:53 perfect.productions udp
US 3.228.97.49:80 uorak.com tcp
US 8.8.8.8:53 desertsundesigns.com udp
US 8.8.8.8:53 mail8.neutech.fi udp
US 8.8.8.8:53 sp.raszkow.pl udp
US 8.8.8.8:53 desertsundesigns.com udp
US 8.8.8.8:53 sp.raszkow.pl udp
US 8.8.8.8:53 desertsundesigns.com udp
US 8.8.8.8:53 live.comgmail.com udp
US 8.8.8.8:53 8knk.com udp
US 8.8.8.8:53 8knk.com udp
US 8.8.8.8:53 8knk.com udp
US 8.8.8.8:53 ftp.reproconcept69.onmicrosoft.com udp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 easymc-com.mail.protection.outlook.com udp
US 8.8.8.8:53 admin.sd.belajar.id udp
US 8.8.8.8:53 bendigotruss.com.au udp
US 8.8.8.8:53 mxb-004dc302.gslb.pphosted.com udp
US 8.8.8.8:53 yahoo.com.argmail.com udp
US 8.8.8.8:53 bahiaemail.com udp
US 8.8.8.8:53 egydrill.om udp
US 8.8.8.8:53 starchestnut.com udp
US 8.8.8.8:53 vadim.in.tmes.trendmicro.eu udp
US 8.8.8.8:53 yahoo.com.mxmail.com udp
US 8.8.8.8:53 fluefix.com udp
US 8.8.8.8:53 yahoo.com.argmail.com udp
US 8.8.8.8:53 mxa-00114401.gslb.pphosted.com udp
US 8.8.8.8:53 ecspartners.com udp
US 8.8.8.8:53 blokom.com udp
US 8.8.8.8:53 redcolegiospatagonia.cl udp
US 8.8.8.8:53 ftp.outlook.cocanl.nc udp
US 8.8.8.8:53 office365-sut-ac-th.mail.protection.outlook.com udp
US 8.8.8.8:53 ssh.team.sman1lmj.sch.id udp
US 8.8.8.8:53 bahiaemail.com udp
US 8.8.8.8:53 egydrill.om udp
US 8.8.8.8:53 ftp.outlook.salis.com.tr udp
US 8.8.8.8:53 ssh.ispaedu.com udp
US 8.8.8.8:53 subredsuroccidente-gov-co.mail.protection.outlook.com udp
US 8.8.8.8:53 ssh.imaja.co udp
US 8.8.8.8:53 mail.guidelia.site udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
N/A 127.0.0.1:49854 tcp
US 8.8.8.8:53 ftp.gla.om udp
US 199.168.114.96:80 fostco.com tcp
FR 213.251.158.201:80 otc-corse.fr tcp
FR 213.251.158.201:80 otc-corse.fr tcp
US 199.168.114.96:80 fostco.com tcp
US 8.8.8.8:53 ftp.team.sman1lmj.sch.id udp
US 8.8.8.8:53 9bros-io.mail.protection.outlook.com udp
US 8.8.8.8:53 skonare3.mail.protection.outlook.com udp
US 8.8.8.8:53 w01d80d6.kasserver.com udp
US 8.8.8.8:53 mx.uhserver.com udp
US 8.8.8.8:53 mx3.mail.ovh.net udp
US 8.8.8.8:53 mx156.hostedmxserver.com udp
US 8.8.8.8:53 mail.8knk.com udp
US 8.8.8.8:53 upds-net-bo.mail.protection.outlook.com udp
US 8.8.8.8:53 em4.rejecthost.com udp
US 8.8.8.8:53 fostco-com.mail.protection.outlook.com udp
US 8.8.8.8:53 fostco-com.mail.protection.outlook.com udp
US 8.8.8.8:53 starchestnut.com udp
US 8.8.8.8:53 hauptstadtit-de02e.mail.protection.outlook.com udp
US 8.8.8.8:53 in.mail.tm udp
US 8.8.8.8:53 www.allegorie.group udp
US 8.8.8.8:53 bendigotruss-com-au.mail.protection.outlook.com udp
US 8.8.8.8:53 fluefix.com udp
US 8.8.8.8:53 sp-raszkow-pl.mail.protection.outlook.com udp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
US 8.8.8.8:53 vulcanite-com.mail.protection.outlook.com udp
US 8.8.8.8:53 alumno-msev-gob-mx.mail.protection.outlook.com udp
US 8.8.8.8:53 ssh.guidelia.site udp
US 8.8.8.8:53 ftp.gmailfree.fr udp
US 8.8.8.8:53 easymc-com.mail.protection.outlook.com udp
US 8.8.8.8:53 ecspartners.com udp
US 8.8.8.8:53 office365-sut-ac-th.mail.protection.outlook.com udp
US 8.8.8.8:53 subredsuroccidente-gov-co.mail.protection.outlook.com udp
US 8.8.8.8:53 ftp.g.eg udp
US 8.8.8.8:53 yahoo.com.mxmail.com udp
US 8.8.8.8:53 mail.outlook.salis.com.tr udp
US 8.8.8.8:53 reproconcept69.mail.protection.outlook.com udp
US 8.8.8.8:53 ftp.pe.amcoedu.org udp
US 8.8.8.8:53 ftp.skonare3.onmicrosoft.com udp
US 8.8.8.8:53 team.sman1lmj.sch.id udp
US 8.8.8.8:53 mail.team.sman1lmj.sch.id udp
US 8.8.8.8:53 ssh.alcorconsultinginc.com udp
US 8.8.8.8:53 mail.team.sman1lmj.sch.id udp
US 8.8.8.8:53 mxa-004dc302.gslb.pphosted.com udp
US 8.8.8.8:53 blokom.com udp
US 8.8.8.8:53 redcolegiospatagonia.cl udp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 kamsmad.com udp
US 35.208.231.179:80 upds.net.bo tcp
US 8.8.8.8:53 hauptstadt-it.de udp
US 8.8.8.8:53 mail.aloebotondeoro.com udp
US 8.8.8.8:53 vusra.coowoso udp
US 8.8.8.8:53 ubutu2.onmicrosoft.c.com udp
US 8.8.8.8:53 cmpardo.pe udp
US 8.8.8.8:53 villadjati.com udp
US 8.8.8.8:53 vfe.watchit.com udp
US 8.8.8.8:53 kohlyahoo.com udp
US 8.8.8.8:53 skonare3.mail.protection.outlook.com udp
US 8.8.8.8:53 ssh.hauptstadt-it.de udp
US 216.239.36.21:80 varealtyprofessionals.com tcp
US 35.208.231.179:80 upds.net.bo tcp
HK 43.132.173.84:80 8knk.com tcp
US 193.243.189.83:80 gmail.coir.net tcp
PL 194.181.228.40:80 sp.raszkow.pl tcp
US 69.16.230.226:80 live.comgmail.com tcp
US 8.8.8.8:53 sp-raszkow-pl.mail.protection.outlook.com udp
US 8.8.8.8:53 ubutu2.onmicrosoft.c.com udp
US 8.8.8.8:53 alumno-msev-gob-mx.mail.protection.outlook.com udp
US 8.8.8.8:53 vusra.coowoso udp
US 8.8.8.8:53 villadjati.com udp

Files

memory/2040-1-0x0000000002440000-0x0000000002540000-memory.dmp

memory/2040-2-0x0000000000220000-0x000000000022B000-memory.dmp

memory/2040-3-0x0000000000400000-0x00000000022D2000-memory.dmp

memory/1280-4-0x0000000002990000-0x00000000029A6000-memory.dmp

memory/2040-5-0x0000000000400000-0x00000000022D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\C16B.exe

MD5 9df04112ee272246e537077b87e3d35c
SHA1 cc3c7c8324d4e5f63b3ae96b9ed6028c0eb0a948
SHA256 cf88087be3560c201dd207a85ffbe860ad92b2ea8f0e56c725e3b1229a157635
SHA512 52bf711e82cfb1ffbe5cabef3fe060603d1b864e91495ee0fb521c02374cfba87e30205c397b82efbce7d7e9fd2b0290e120effde3a6a2f029591ddfbab80c22

C:\Users\Admin\AppData\Local\Temp\C16B.exe

MD5 7e0b0057bfa166c42bbcad570322ee7c
SHA1 b57065cebd9402b43e63d6e331905407343b1e0f
SHA256 7cfac6497e8500a539b1531226c3f9dca7234db9bbc70f28f92da50177c9e65e
SHA512 d8d3fdf7b6809aae33a433f267d53903a1a30729ffab72d7c0f5495ab1345d3eb31751e071c550840f9bae46b32a19cd95749bd0dda5909595ff763fafe343db

memory/2532-17-0x0000000003570000-0x0000000003728000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\C16B.exe

MD5 398ab69b1cdc624298fbc00526ea8aca
SHA1 b2c76463ae08bb3a08accfcbf609ec4c2a9c0821
SHA256 ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be
SHA512 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739

memory/2532-22-0x0000000003730000-0x00000000038E7000-memory.dmp

memory/2532-21-0x0000000003570000-0x0000000003728000-memory.dmp

memory/2512-20-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2512-24-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2512-27-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2512-28-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2512-29-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2512-30-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\C9C6.dll

MD5 9b1697d40dfd386fdd7e9327844f301a
SHA1 e75defb119e2c7b7d3f75ab70a100ec504af5ebf
SHA256 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d
SHA512 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69

\Users\Admin\AppData\Local\Temp\C9C6.dll

MD5 da30e7111769af02730a498c7d635877
SHA1 052813b8db392217776729867bf3e082d89edd15
SHA256 1edd160ab194f1894469cce0d336ae3caa29f1434350c4a7a32dceb30b5ef2e4
SHA512 02aa1608592043503b96c48d508699110009c729bbcda779b1def9fad0fd64394e5c78c29f70678d46548c7a1e48ac1620608b850a36c3d680de7dab4ccaa702

memory/2880-35-0x0000000010000000-0x0000000010202000-memory.dmp

memory/2512-34-0x0000000000400000-0x0000000000848000-memory.dmp

\Users\Admin\AppData\Local\Temp\C9C6.dll

MD5 59aea6747b52ce5d9873161c36d99040
SHA1 48e8d1088f82bd7dbf5aaa1069aefd8f8c5937b8
SHA256 9fbe75ff662b4bdd2cf230dd4dc3ecfcbe8955c2c1c76b5194dbc1a2b086a35c
SHA512 3807d0942a0b2ee4f95a1a3b4ac1c59112ab0445caf909bc29fcbc53b6f8e8229af16cc49f83fa2067ca52c99dc5a81228dac147250743b84b9d13dfa7b6d7da

memory/2880-37-0x0000000000170000-0x0000000000176000-memory.dmp

memory/2512-41-0x0000000000340000-0x0000000000346000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D922.exe

MD5 e676de508550f39a075d84414394222e
SHA1 c73d4d0010687c934b6cdd367099345a7a6cb6ca
SHA256 aeec570258d51f770a9c54199630ee3e1d8202d3b0f9166bc5ef6edf9f74b52a
SHA512 88161f22b04a10e5a3992e081619314bae2900f26274d95e00af98ae803383a383ac81498a98199c93b250f24f7eee400bec1eb1fc4988ee56bab6c79207aaf3

C:\Users\Admin\AppData\Local\Temp\D922.exe

MD5 7725fbb35a072d32b7d778cc58cd02ca
SHA1 ba6c4e1eace9c922b29932708eb1fcbf519588ad
SHA256 e02111daddc7625ec26a4e7551809699baf5e7ed0124b20beadc39837989a990
SHA512 751311b22e8a81d72ea07429f15033872ab5faf8e71156a8a11ba47717baf47baf711d910a0565c9f508015e3812042f087e6a9716eb630e46ad9047264f078e

C:\Users\Admin\AppData\Local\Temp\E2E3.exe

MD5 a1b5ee1b9649ab629a7ac257e2392f8d
SHA1 dc1b14b6d57589440fb3021c9e06a3e3191968dc
SHA256 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65
SHA512 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b

memory/2884-54-0x0000000001AF0000-0x0000000001BF0000-memory.dmp

memory/2884-55-0x00000000002B0000-0x000000000031B000-memory.dmp

memory/2884-56-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/2428-57-0x0000000000080000-0x0000000000081000-memory.dmp

memory/2428-59-0x0000000000140000-0x0000000000A31000-memory.dmp

memory/2428-60-0x0000000000080000-0x0000000000081000-memory.dmp

memory/2428-63-0x0000000076FE0000-0x0000000076FE1000-memory.dmp

memory/2428-62-0x0000000000080000-0x0000000000081000-memory.dmp

memory/2428-68-0x0000000000110000-0x0000000000111000-memory.dmp

memory/2428-69-0x0000000000140000-0x0000000000A31000-memory.dmp

memory/2880-71-0x00000000021B0000-0x00000000022D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\FA2B.exe

MD5 9f01fae5adc49a20bd063cca47b197b6
SHA1 597f09318d605ed5559d0ecca5ce70c51147226a
SHA256 406fb88a38bb307d4d946dd60c3aeef5b9bc6d29e32d3727302d7401460c8720
SHA512 2ecbc0316032ef0ee1323bd0fdea4bc09c490ff038f5efa00c45b4f40c83426f100a7b30a6da2237a7bb71781ad7c0acbddc9dac3d2189fd18eedd379c65fe83

C:\Users\Admin\AppData\Local\Temp\FA2B.exe

MD5 3544bde4d0d42d3c2321eb34c0d1cd82
SHA1 4efb46e3d03fb428c6ef48b5e3f72358f99edb2a
SHA256 99e93e9f609c0a2916d4361a9a55f59d0dfdb37e1832706ff0644b43094d5da4
SHA512 791dccb19ecd727db329fb3f6e4a2685bdc08cfbe4aab6c52b2f719d7dfe0b6f95268ebf42a4c3ff54a95ff73431dea6128ce361ec7281a551beb924a2551a0b

memory/2880-76-0x00000000022E0000-0x00000000023ED000-memory.dmp

memory/2880-79-0x00000000022E0000-0x00000000023ED000-memory.dmp

memory/2880-80-0x0000000010000000-0x0000000010202000-memory.dmp

memory/2880-81-0x00000000022E0000-0x00000000023ED000-memory.dmp

memory/2512-82-0x0000000002A30000-0x0000000002B58000-memory.dmp

\Users\Admin\AppData\Local\Temp\D922.exe

MD5 997595b8e522783f9ebdeb030da6d33c
SHA1 5d814c50ea11f7586ca540a651a55392a1839172
SHA256 f59bb9368a129cacc57a1d25990cea7d7c0271167d2887e8ca36d742806e9f6d
SHA512 d49a7d1b768dd84c1d8fe43621571bc17370a41614e1b2f6ba021e58a2f3f85c612f7fb81027ecbd6adc7267f1083b7391072b83f4c142ad2075fe7d1b75030b

\Users\Admin\AppData\Local\Temp\D922.exe

MD5 dc4ffafc0832b680cd716fe56e015585
SHA1 8febcbc5e479d77b34604a44853d2ce1b578866b
SHA256 7b41f6a2b077ab7b5f656252a5673bdec11a2d862c9d8c9ce267dde001b662a2
SHA512 dee9b31309541f2fff8cbc1ffda62fc46af245ce1a8bebc681fce5df4beecea5f341ab8b80bfe5e55e955bc8d27cbca237a260c8849d855e80adda370a72e951

memory/2512-85-0x0000000002B60000-0x0000000002C6D000-memory.dmp

memory/2512-88-0x0000000002B60000-0x0000000002C6D000-memory.dmp

memory/1532-89-0x0000000000B20000-0x0000000000FAC000-memory.dmp

memory/2512-90-0x0000000002B60000-0x0000000002C6D000-memory.dmp

\Users\Admin\AppData\Local\Temp\D922.exe

MD5 d689d942a645a468007b85fdf9413de9
SHA1 c94e0a7ff515c05a73048f3c6d2dd0c95071c4b6
SHA256 82177bd7ae6c995aa53d63d21e5c53883af16f3b84832d5557fe3dfce3cf58cd
SHA512 525184773ae2e1642e05bee15b58457a995a3225f417a8b26580d306bd292ab880d9768187b6e5c144bf9d4eb3f95f2a2b82f7402eb11b3239740f5412f7608c

memory/2512-99-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1357.exe

MD5 38617539f3925b6017474f088cc3769a
SHA1 c689b57ab62eac790a204c8231b02bfe0bc243a6
SHA256 defe2d4c932a7ef607e8ef1a643fb57b9c69cbc53b52bf802f9471aae5caef49
SHA512 15d87c6231a8f2115ae3f0f021949d175d3f36735637c7b508a229af5b2a93f70f32e19d9b8e3d1e0fa41bd21ee46ab5d9c6ef630c826afe2210a789e5da53e7

memory/1532-96-0x00000000738A0000-0x0000000073F8E000-memory.dmp

memory/2884-105-0x0000000000400000-0x0000000001A77000-memory.dmp

\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

MD5 0564a9bf638169a89ccb3820a6b9a58e
SHA1 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb
SHA256 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058
SHA512 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6

memory/2732-112-0x0000000000270000-0x0000000000370000-memory.dmp

memory/2732-113-0x0000000001A50000-0x0000000001AB7000-memory.dmp

memory/2732-116-0x0000000000400000-0x0000000001A4B000-memory.dmp

memory/1532-125-0x00000000738A0000-0x0000000073F8E000-memory.dmp

memory/2828-124-0x0000000003990000-0x0000000003D88000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 129f07a47dda0eda373fe0b97d3f6d93
SHA1 621f2725c11ee9e6bcb2837ebea4e45159a611e4
SHA256 e4b41cd7aa1b6a974671892a62e051693129372f16260114fb4df52c72d5a31e
SHA512 fb99d47e2f3deab69ddf30cccaa7aeb842692159aa6d0c9e9ab938fb13d827c5e537a56902bb063791269761e31c380084051817d23b94bbcc387d1ec4e026f0

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 cc922bda24d5f67055b34abc7ee36af4
SHA1 daa699a47356589ba8907cb47952304536bc72d0
SHA256 6f8a618434b096f8db0f811fb353cf02489e45a057c6f548d6a0d47621c2a423
SHA512 e54a04bc48f2d784196dec4a15b8be61fa7f4bbabefefc44d3e240f30bf723c7a1378cce54dc08fdab840f81757fd56ae0a0539743f07bf5457c48d543075770

\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 46f02883577ec05c278186b4fb44ba14
SHA1 3c531d2845d2a0e958c3f5bcc487eb0fb98b2e73
SHA256 39daf7bd5756b6337b1e3bd1e64384ef574401206b7917fe09a1157f15645e0b
SHA512 83cdbe66c8df76bc0a41976eabfbc3854cdffc57f8e4920b759936038d5c4d08a7d01344f4ee6e0e7b226550d4d2b24164dea50d5bce4f8ae6b177cda67dcf42

\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 41f9737bcca2aed18933b133edb464c3
SHA1 f934c4e710fba5427ab445fe13976a3aa1fe4605
SHA256 5cc37323372416f87883f74138a88cc96f4034fb93b5e75381282640ae6599a8
SHA512 c28a2d254b48881cc168e271561e03860f652730d74181cbd12da1b80bed9301b35655d3d2d65662d10fbd95085b99cf1a8150cf78feeba26d73529a0bc5a491

memory/2828-126-0x0000000003990000-0x0000000003D88000-memory.dmp

memory/2828-128-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/840-129-0x00000000001B0000-0x00000000001BB000-memory.dmp

memory/840-130-0x0000000000400000-0x00000000022D3000-memory.dmp

memory/2828-131-0x0000000003D90000-0x000000000467B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\u23w.0.exe

MD5 5c47e4602163dd29a39294b7192f0658
SHA1 268d1bf1f4c8c8b696298f802b95af8bd3891c10
SHA256 5c0b29d51d9b148c8c19ce0efca365ccb1bbe720f634a15897684abbd1dc5d76
SHA512 7baa0359781ba21c378a0fbd37dfcde2d1b0c5a9ce3afcf8db0617f91a49dd552416c90963731798669002eda0a15f2296120cb9307c8cafef18dfdb4a52ad91

memory/840-148-0x00000000002F0000-0x00000000003F0000-memory.dmp

\Users\Admin\AppData\Local\Temp\u23w.1.exe

MD5 5b87828ea000c7111084d8beed17175e
SHA1 e8aa3848e39c449051702a333e608fafd2e5330f
SHA256 1a557fae2d39d06392f4bea760fb72c87f0959a7c3ac66865e36f316866f57d3
SHA512 56b0d0e5422b89a4659969f59570962dbb267fde913ed051fbedf3d66653c9c23d15c945a6ae8ce5570af010b3671eb0be085e8afb44c3088def9f423290f385

C:\Users\Admin\AppData\Local\Temp\u23w.1.exe

MD5 06246d5f1675d0680bccaa82ae2b26fd
SHA1 a73d03970a916cfcd6108e042149eadc54b940eb
SHA256 c8a160c92eda31a919466f81f8828eaaa9091f1d66830376e33b32dde7178579
SHA512 57fa90a31f7f7e0cffc3b3e7f0dd23d240c1843cdf98da4e587efb8f0b9ab30649995a7dac4a2d57cac46a918f573402dab61d0d3d7fd89b474535ac8b644ad2

memory/2884-163-0x0000000001AF0000-0x0000000001BF0000-memory.dmp

memory/2732-164-0x0000000000400000-0x0000000001A4B000-memory.dmp

memory/1280-169-0x0000000002AA0000-0x0000000002AB6000-memory.dmp

memory/828-176-0x0000000000230000-0x0000000000231000-memory.dmp

memory/2884-177-0x00000000002B0000-0x000000000031B000-memory.dmp

memory/840-175-0x0000000000400000-0x00000000022D3000-memory.dmp

memory/828-179-0x0000000000400000-0x0000000000930000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 18f39e948f3ea92553bb1ecebeb322ca
SHA1 4d982b89cc2c28b7dd7b0402b5527bb16db881f3
SHA256 aee0de28f462cafba0f32a83fc7249715e9fa8b83bde467fc36aba0e7910a435
SHA512 da83c871cf4f374825bf116bf202dbae0f9d9ce878bcc4f4144c9007c2229675efe07018245d9282f4eb59c579bb29b7df736ee62da5abc4b968420741e786ff

memory/2512-180-0x0000000000400000-0x0000000000848000-memory.dmp

memory/3020-185-0x0000000000220000-0x0000000000247000-memory.dmp

memory/3020-186-0x0000000000400000-0x00000000022DA000-memory.dmp

memory/3020-184-0x0000000002480000-0x0000000002580000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 9574d92b6d78fecb8b026bb4a6286f57
SHA1 d1dc082ec821cbd7726b8782758c1268e1d1d9f4
SHA256 f371e5e5303dec431b010975f01a69f1b35f44cfc8a017af2d5750c537f80c1f
SHA512 e1bc6f05b3d3228dd24ab52422a016f53c6335ff73177d75c860247e56ff7e4a8bfffd115fb424e5c9c1baed75867341ab389b33bec4ba3e03496cb551d72678

C:\Users\Admin\AppData\Roaming\Temp\Task.bat

MD5 11bb3db51f701d4e42d3287f71a6a43e
SHA1 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86
SHA256 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331
SHA512 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2

memory/2828-195-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/3020-203-0x0000000000400000-0x00000000022DA000-memory.dmp

memory/828-205-0x0000000000400000-0x0000000000930000-memory.dmp

memory/3020-209-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 6d329ff620b9edfdf5e175e9ea3d0ef3
SHA1 01c89e92f659991b79cd63c7e69542dc0f6b50db
SHA256 351e5921b965157f58847fafc01538e1764defbddd5938328e793f30efe43ffa
SHA512 f768fdb1515f760f4ae13ae9f21392f3f182da48466293ce72b933dec20768036d5689cc024c5141b50d6033cc1daaf3bab16f47c1c42b9d0091d4caec96251e

C:\Users\Admin\AppData\Roaming\sruhref

MD5 91f8f6d9542afc52dd9f37e6eddf873d
SHA1 7688f5873d434e7d889764460962dedb312ca453
SHA256 10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16
SHA512 a09b77178e2ae8a3836d640c9b1028c60857d971c3ed65ef736c6cd5360ef9b5ab2e039ef1929ce4fb9feb95975b740363b79b81916129a501c5f496d525759d

memory/2828-278-0x0000000003990000-0x0000000003D88000-memory.dmp

memory/2828-279-0x0000000000400000-0x0000000001E0F000-memory.dmp

\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

\ProgramData\mozglue.dll

MD5 a47c9a22d04f7a89ffb338ec0d9163f2
SHA1 c779b4e0bd380889d053a5a2e64fac7e5c9f0d85
SHA256 c67b8f01d1b007cf0abea4f89d1272a146116b398d97c0873889e4f3bc1aa2a5
SHA512 64ebbee2f2f0884096e5b0996b30adae289549ba24f19fb3858f638148f358cd9a6f2fb370c0b2a44e821cb00b5a49468f849c97e9aa8ee413bbae11b57d72f4

memory/3020-1222-0x0000000002480000-0x0000000002580000-memory.dmp

memory/3020-1367-0x0000000000400000-0x00000000022DA000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-29 04:48

Reported

2024-02-29 04:53

Platform

win10-20240221-en

Max time kernel

266s

Max time network

315s

Command Line

"C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe"

Signatures

DcRat

rat infostealer dcrat
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\1D37.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

Pitou

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Windows security bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A

Contacts a large (779) amount of remote hosts

discovery

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Windows security modification

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" C:\Windows\rss\csrss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\1D37.exe N/A

Checks installed software on the system

discovery

Manipulates WinMonFS driver.

rootkit evasion
Description Indicator Process Target
File opened for modification \??\WinMonFS C:\Windows\rss\csrss.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\AppData\Local\Temp\3F2A.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1744 set thread context of 4864 N/A C:\Users\Admin\AppData\Local\Temp\1D37.exe C:\Users\Admin\AppData\Local\Temp\1D37.exe

Checks for VirtualBox DLLs, possible anti-VM trick

Description Indicator Process Target
File opened (read-only) \??\VBoxMiniRdrDN C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\rss C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
File created C:\Windows\rss\csrss.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
File created C:\Windows\windefender.exe C:\Windows\rss\csrss.exe N/A
File opened for modification C:\Windows\windefender.exe C:\Windows\rss\csrss.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\6189.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\6189.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\ajccjhd N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\ajccjhd N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\6189.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\ajccjhd N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\u380.0.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\u380.0.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-448 = "Azerbaijan Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-411 = "E. Africa Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-301 = "Romance Daylight Time" C:\Windows\windefender.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2571 = "Turks and Caicos Daylight Time" C:\Windows\windefender.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-961 = "Paraguay Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-842 = "Argentina Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-112 = "Eastern Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-931 = "Coordinated Universal Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2842 = "Saratov Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2141 = "Transbaikal Daylight Time" C:\Windows\windefender.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-272 = "Greenwich Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-121 = "SA Pacific Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-182 = "Mountain Standard Time (Mexico)" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-371 = "Jerusalem Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1912 = "Russia TZ 10 Standard Time" C:\Windows\windefender.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-161 = "Central Daylight Time" C:\Windows\windefender.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2162 = "Altai Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-12 = "Azores Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-772 = "Montevideo Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-211 = "Pacific Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2572 = "Turks and Caicos Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1042 = "Ulaanbaatar Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-792 = "SA Western Standard Time" C:\Windows\windefender.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2341 = "Haiti Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-502 = "Nepal Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-201 = "US Mountain Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2612 = "Bougainville Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-351 = "FLE Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1821 = "Russia TZ 1 Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2572 = "Turks and Caicos Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-622 = "Korea Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2791 = "Novosibirsk Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\rss\csrss.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\sc.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\sc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\u380.1.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3308 wrote to memory of 1744 N/A N/A C:\Users\Admin\AppData\Local\Temp\1D37.exe
PID 3308 wrote to memory of 1744 N/A N/A C:\Users\Admin\AppData\Local\Temp\1D37.exe
PID 3308 wrote to memory of 1744 N/A N/A C:\Users\Admin\AppData\Local\Temp\1D37.exe
PID 1744 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\1D37.exe C:\Users\Admin\AppData\Local\Temp\1D37.exe
PID 1744 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\1D37.exe C:\Users\Admin\AppData\Local\Temp\1D37.exe
PID 1744 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\1D37.exe C:\Users\Admin\AppData\Local\Temp\1D37.exe
PID 1744 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\1D37.exe C:\Users\Admin\AppData\Local\Temp\1D37.exe
PID 1744 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\1D37.exe C:\Users\Admin\AppData\Local\Temp\1D37.exe
PID 1744 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\1D37.exe C:\Users\Admin\AppData\Local\Temp\1D37.exe
PID 1744 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\1D37.exe C:\Users\Admin\AppData\Local\Temp\1D37.exe
PID 1744 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\1D37.exe C:\Users\Admin\AppData\Local\Temp\1D37.exe
PID 3308 wrote to memory of 2368 N/A N/A C:\Windows\system32\regsvr32.exe
PID 3308 wrote to memory of 2368 N/A N/A C:\Windows\system32\regsvr32.exe
PID 2368 wrote to memory of 4940 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2368 wrote to memory of 4940 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2368 wrote to memory of 4940 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3308 wrote to memory of 1464 N/A N/A C:\Users\Admin\AppData\Local\Temp\39BA.exe
PID 3308 wrote to memory of 1464 N/A N/A C:\Users\Admin\AppData\Local\Temp\39BA.exe
PID 3308 wrote to memory of 1464 N/A N/A C:\Users\Admin\AppData\Local\Temp\39BA.exe
PID 3308 wrote to memory of 1624 N/A N/A C:\Users\Admin\AppData\Local\Temp\3F2A.exe
PID 3308 wrote to memory of 1624 N/A N/A C:\Users\Admin\AppData\Local\Temp\3F2A.exe
PID 3308 wrote to memory of 1624 N/A N/A C:\Users\Admin\AppData\Local\Temp\3F2A.exe
PID 3308 wrote to memory of 516 N/A N/A C:\Users\Admin\AppData\Local\Temp\4CF6.exe
PID 3308 wrote to memory of 516 N/A N/A C:\Users\Admin\AppData\Local\Temp\4CF6.exe
PID 3308 wrote to memory of 516 N/A N/A C:\Users\Admin\AppData\Local\Temp\4CF6.exe
PID 516 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\4CF6.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 516 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\4CF6.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 516 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\4CF6.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 516 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\4CF6.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 516 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\4CF6.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 516 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\4CF6.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 4176 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u380.0.exe
PID 4176 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u380.0.exe
PID 4176 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u380.0.exe
PID 3308 wrote to memory of 816 N/A N/A C:\Users\Admin\AppData\Local\Temp\6189.exe
PID 3308 wrote to memory of 816 N/A N/A C:\Users\Admin\AppData\Local\Temp\6189.exe
PID 3308 wrote to memory of 816 N/A N/A C:\Users\Admin\AppData\Local\Temp\6189.exe
PID 4176 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u380.1.exe
PID 4176 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u380.1.exe
PID 4176 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u380.1.exe
PID 5112 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\u380.1.exe C:\Windows\SysWOW64\cmd.exe
PID 5112 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\u380.1.exe C:\Windows\SysWOW64\cmd.exe
PID 5112 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\u380.1.exe C:\Windows\SysWOW64\cmd.exe
PID 868 wrote to memory of 684 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 868 wrote to memory of 684 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 868 wrote to memory of 684 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 868 wrote to memory of 68 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 868 wrote to memory of 68 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 868 wrote to memory of 68 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3248 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3248 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3248 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3372 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3372 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3372 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3372 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\System32\cmd.exe
PID 3372 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\System32\cmd.exe
PID 4548 wrote to memory of 3100 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\netsh.exe
PID 4548 wrote to memory of 3100 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\netsh.exe
PID 3372 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3372 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3372 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3372 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3372 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe

"C:\Users\Admin\AppData\Local\Temp\10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16.exe"

C:\Users\Admin\AppData\Local\Temp\1D37.exe

C:\Users\Admin\AppData\Local\Temp\1D37.exe

C:\Users\Admin\AppData\Local\Temp\1D37.exe

C:\Users\Admin\AppData\Local\Temp\1D37.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\291F.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\291F.dll

C:\Users\Admin\AppData\Local\Temp\39BA.exe

C:\Users\Admin\AppData\Local\Temp\39BA.exe

C:\Users\Admin\AppData\Local\Temp\3F2A.exe

C:\Users\Admin\AppData\Local\Temp\3F2A.exe

C:\Users\Admin\AppData\Local\Temp\4CF6.exe

C:\Users\Admin\AppData\Local\Temp\4CF6.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Users\Admin\AppData\Local\Temp\u380.0.exe

"C:\Users\Admin\AppData\Local\Temp\u380.0.exe"

C:\Users\Admin\AppData\Local\Temp\6189.exe

C:\Users\Admin\AppData\Local\Temp\6189.exe

C:\Users\Admin\AppData\Local\Temp\u380.1.exe

"C:\Users\Admin\AppData\Local\Temp\u380.1.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Roaming\ajccjhd

C:\Users\Admin\AppData\Roaming\ajccjhd

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\rss\csrss.exe

C:\Windows\rss\csrss.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SYSTEM32\schtasks.exe

schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F

C:\Windows\SYSTEM32\schtasks.exe

schtasks /delete /tn ScheduledUpdate /f

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll

C:\Windows\SYSTEM32\schtasks.exe

schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F

C:\Windows\windefender.exe

"C:\Windows\windefender.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Windows\SysWOW64\sc.exe

sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Windows\windefender.exe

C:\Windows\windefender.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
US 8.8.8.8:53 120.85.215.91.in-addr.arpa udp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 resergvearyinitiani.shop udp
US 172.67.217.100:443 resergvearyinitiani.shop tcp
US 8.8.8.8:53 19.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 100.217.67.172.in-addr.arpa udp
US 8.8.8.8:53 trmpc.com udp
KR 210.182.29.70:80 trmpc.com tcp
US 8.8.8.8:53 70.29.182.210.in-addr.arpa udp
DE 185.172.128.90:80 185.172.128.90 tcp
US 8.8.8.8:53 90.128.172.185.in-addr.arpa udp
DE 185.172.128.127:80 185.172.128.127 tcp
US 8.8.8.8:53 127.128.172.185.in-addr.arpa udp
DE 185.172.128.127:80 185.172.128.127 tcp
DE 185.172.128.109:80 185.172.128.109 tcp
US 8.8.8.8:53 joly.bestsup.su udp
US 8.8.8.8:53 109.128.172.185.in-addr.arpa udp
US 172.67.171.112:80 joly.bestsup.su tcp
US 8.8.8.8:53 112.171.67.172.in-addr.arpa udp
FR 163.172.68.222:9001 tcp
AT 109.70.100.14:443 tcp
SE 185.97.32.34:9001 tcp
NL 94.142.241.226:9443 tcp
DE 185.172.128.145:80 185.172.128.145 tcp
US 8.8.8.8:53 145.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 technologyenterdo.shop udp
US 104.21.80.118:443 technologyenterdo.shop tcp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 118.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 detectordiscusser.shop udp
US 172.67.195.126:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 associationokeo.shop udp
US 172.67.147.18:443 associationokeo.shop tcp
US 8.8.8.8:53 126.195.67.172.in-addr.arpa udp
US 8.8.8.8:53 191.202.67.172.in-addr.arpa udp
US 8.8.8.8:53 18.147.67.172.in-addr.arpa udp
DE 47.254.134.152:9001 tcp
NL 45.66.33.45:443 tcp
N/A 127.0.0.1:49904 tcp
NO 88.88.79.90:80 tcp
US 8.8.8.8:53 kamsmad.com udp
MX 187.134.61.6:80 kamsmad.com tcp
MX 187.134.61.6:80 kamsmad.com tcp
US 8.8.8.8:53 6.61.134.187.in-addr.arpa udp
NL 212.8.243.229:9001 tcp
US 128.31.0.39:9101 tcp
MX 187.134.61.6:80 kamsmad.com tcp
MX 187.134.61.6:80 kamsmad.com tcp
MX 187.134.61.6:80 kamsmad.com tcp
MX 187.134.61.6:80 kamsmad.com tcp
AT 192.36.38.33:443 tcp
MX 187.134.61.6:80 kamsmad.com tcp
US 8.8.8.8:53 33.38.36.192.in-addr.arpa udp
DE 178.215.228.25:443 tcp
CH 85.195.244.251:443 tcp
MX 187.134.61.6:80 kamsmad.com tcp
US 8.8.8.8:53 25.228.215.178.in-addr.arpa udp
US 8.8.8.8:53 251.244.195.85.in-addr.arpa udp
MX 187.134.61.6:80 kamsmad.com tcp
DE 178.215.228.25:443 tcp
CH 85.195.244.251:443 tcp
N/A 127.0.0.1:60801 tcp
US 8.8.8.8:53 63.141.182.52.in-addr.arpa udp
US 8.8.8.8:53 30cea8ac-819b-4d03-8d0b-8671424952ba.uuid.localstats.org udp
CA 51.161.35.113:9001 tcp
US 8.8.8.8:53 113.35.161.51.in-addr.arpa udp
N/A 127.0.0.1:60801 tcp
N/A 127.0.0.1:60801 tcp
N/A 127.0.0.1:60801 tcp
US 8.8.8.8:53 39-40.com udp
US 8.8.8.8:53 gguuuj.com udp
US 8.8.8.8:53 www.glybee.com udp
US 8.8.8.8:53 gnimdu.com udp
NL 107.6.150.114:443 39-40.com tcp
IT 89.46.108.58:443 www.glybee.com tcp
N/A 127.0.0.1:51910 tcp
US 150.239.200.200:443 gguuuj.com tcp
US 8.8.8.8:53 omeinz.com udp
FR 185.221.182.115:443 gnimdu.com tcp
US 8.8.8.8:53 oorcaa.com udp
US 8.8.8.8:53 plurmx.com udp
US 8.8.8.8:53 orogrp.com udp
SG 209.58.171.111:443 omeinz.com tcp
US 8.8.8.8:53 wiyato.com udp
US 8.8.8.8:53 114.150.6.107.in-addr.arpa udp
US 8.8.8.8:53 58.108.46.89.in-addr.arpa udp
US 8.8.8.8:53 200.200.239.150.in-addr.arpa udp
US 8.8.8.8:53 115.182.221.185.in-addr.arpa udp
US 162.241.253.21:443 oorcaa.com tcp
US 8.8.8.8:53 woslak.com udp
US 162.241.62.125:443 plurmx.com tcp
US 8.8.8.8:53 wp-jit.com udp
US 162.214.80.79:443 orogrp.com tcp
US 8.8.8.8:53 yugren.com udp
US 8.8.8.8:53 asdalhm.com udp
US 8.8.8.8:53 www.gguuuj.com udp
ID 153.92.11.42:80 wiyato.com tcp
US 8.8.8.8:53 asesplc.com udp
US 67.20.114.55:443 woslak.com tcp
US 150.239.200.200:443 www.gguuuj.com tcp
US 8.8.8.8:53 atadays.com udp
US 104.219.248.25:443 asesplc.com tcp
US 198.12.71.180:80 asdalhm.com tcp
US 172.67.212.44:80 yugren.com tcp
US 162.144.5.13:443 wp-jit.com tcp
US 8.8.8.8:53 avi-art.com udp
US 8.8.8.8:53 avilaya.com udp
US 8.8.8.8:53 ayephyu.com udp
PL 94.152.13.99:443 avi-art.com tcp
US 8.8.8.8:53 azliton.com udp
US 8.8.8.8:53 21.253.241.162.in-addr.arpa udp
US 8.8.8.8:53 111.171.58.209.in-addr.arpa udp
US 8.8.8.8:53 125.62.241.162.in-addr.arpa udp
US 8.8.8.8:53 79.80.214.162.in-addr.arpa udp
US 8.8.8.8:53 55.114.20.67.in-addr.arpa udp
US 8.8.8.8:53 44.212.67.172.in-addr.arpa udp
US 8.8.8.8:53 42.11.92.153.in-addr.arpa udp
US 8.8.8.8:53 180.71.12.198.in-addr.arpa udp
US 8.8.8.8:53 balmoon.com udp
US 66.235.200.146:80 ayephyu.com tcp
IN 89.117.188.210:443 avilaya.com tcp
US 8.8.8.8:53 behzadf.com udp
US 8.8.8.8:53 beplike.com udp
JP 202.172.26.33:80 atadays.com tcp
N/A 127.0.0.1:51914 tcp
US 8.8.8.8:53 blog-gu.com udp
US 8.8.8.8:53 bitboy2.com udp
US 8.8.8.8:53 blogebe.com udp
SG 139.99.121.13:443 azliton.com tcp
US 8.8.8.8:53 bmetjob.com udp
US 8.8.8.8:53 boleach.com udp
US 8.8.8.8:53 boolepo.com udp
US 8.8.8.8:53 www.asesplc.com udp
US 8.8.8.8:53 boricab.com udp
US 8.8.8.8:53 blogehe.com udp
US 172.67.212.85:443 balmoon.com tcp
US 154.56.37.26:443 bitboy2.com tcp
US 8.8.8.8:53 claydan.com udp
US 8.8.8.8:53 credipr.com udp
US 8.8.8.8:53 13.5.144.162.in-addr.arpa udp
US 8.8.8.8:53 99.13.152.94.in-addr.arpa udp
US 8.8.8.8:53 146.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 210.188.117.89.in-addr.arpa udp
US 8.8.8.8:53 25.248.219.104.in-addr.arpa udp
JP 162.43.117.84:80 beplike.com tcp
US 8.8.8.8:53 cyhltda.com udp
IR 185.10.75.4:80 behzadf.com tcp
US 172.67.204.94:443 blogehe.com tcp
US 172.67.165.39:443 boleach.com tcp
KR 183.111.183.30:443 blog-gu.com tcp
US 104.21.43.35:443 blogebe.com tcp
US 173.231.198.190:443 bmetjob.com tcp
US 104.219.248.25:443 www.asesplc.com tcp
US 69.163.177.212:443 boolepo.com tcp
US 104.21.85.159:443 claydan.com tcp
SE 5.42.94.113:443 boricab.com tcp
US 8.8.8.8:53 dacanva.com udp
US 8.8.8.8:53 daraaty.com udp
US 104.21.83.56:443 credipr.com tcp
US 179.61.12.111:443 cyhltda.com tcp
US 74.208.236.117:80 dacanva.com tcp
US 8.8.8.8:53 www.daya-eg.com udp
US 8.8.8.8:53 devcodz.com udp
US 8.8.8.8:53 dinhuey.com udp
US 8.8.8.8:53 33.26.172.202.in-addr.arpa udp
US 8.8.8.8:53 85.212.67.172.in-addr.arpa udp
US 8.8.8.8:53 26.37.56.154.in-addr.arpa udp
US 8.8.8.8:53 94.204.67.172.in-addr.arpa udp
US 8.8.8.8:53 39.165.67.172.in-addr.arpa udp
US 8.8.8.8:53 35.43.21.104.in-addr.arpa udp
US 8.8.8.8:53 4.75.10.185.in-addr.arpa udp
US 8.8.8.8:53 190.198.231.173.in-addr.arpa udp
US 8.8.8.8:53 159.85.21.104.in-addr.arpa udp
US 8.8.8.8:53 84.117.43.162.in-addr.arpa udp
US 8.8.8.8:53 113.94.42.5.in-addr.arpa udp
US 8.8.8.8:53 30.183.111.183.in-addr.arpa udp
US 8.8.8.8:53 212.177.163.69.in-addr.arpa udp
US 8.8.8.8:53 djiagri.com udp
US 8.8.8.8:53 doitsoo.com udp
US 198.12.71.180:443 asdalhm.com tcp
US 8.8.8.8:53 doula56.com udp
US 86.38.202.231:443 daraaty.com tcp
JP 202.172.26.33:443 atadays.com tcp
US 8.8.8.8:53 www.drogowe.com udp
US 8.8.8.8:53 www.dueacca.com udp
US 104.21.66.175:443 djiagri.com tcp
US 173.252.167.10:443 devcodz.com tcp
CA 23.227.38.32:443 dinhuey.com tcp
FR 109.234.165.178:443 doula56.com tcp
IR 185.94.98.201:443 www.daya-eg.com tcp
US 24.199.97.107:443 doitsoo.com tcp
PL 85.128.163.169:80 www.drogowe.com tcp
US 8.8.8.8:53 dwlearn.com udp
US 8.8.8.8:53 canrinamd.com udp
US 8.8.8.8:53 dyttoys.com udp
US 8.8.8.8:53 dydingy.com udp
US 8.8.8.8:53 56.83.21.104.in-addr.arpa udp
US 8.8.8.8:53 13.121.99.139.in-addr.arpa udp
US 8.8.8.8:53 111.12.61.179.in-addr.arpa udp
US 8.8.8.8:53 117.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 231.202.38.86.in-addr.arpa udp
US 8.8.8.8:53 eeesind.com udp
IT 89.46.108.9:443 www.dueacca.com tcp
US 8.8.8.8:53 eit-est.com udp
US 8.8.8.8:53 elopens.com udp
US 8.8.8.8:53 elrocol.com udp
US 104.21.51.228:443 dydingy.com tcp
US 137.220.39.139:443 dyttoys.com tcp
GB 154.49.138.74:443 eeesind.com tcp
US 8.8.8.8:53 eno-mma.com udp
HU 193.39.14.2:443 dwlearn.com tcp
US 8.8.8.8:53 www.eraofdm.com udp
US 74.208.236.117:80 canrinamd.com tcp
US 8.8.8.8:53 equityrs.com udp
US 8.8.8.8:53 esid-cv.com udp
US 8.8.8.8:53 eyejoah.com udp
US 104.21.18.74:443 eno-mma.com tcp
US 8.8.8.8:53 ezinads.com udp
US 8.8.8.8:53 175.66.21.104.in-addr.arpa udp
US 8.8.8.8:53 32.38.227.23.in-addr.arpa udp
US 8.8.8.8:53 178.165.234.109.in-addr.arpa udp
US 8.8.8.8:53 10.167.252.173.in-addr.arpa udp
US 8.8.8.8:53 201.98.94.185.in-addr.arpa udp
US 8.8.8.8:53 169.163.128.85.in-addr.arpa udp
US 8.8.8.8:53 9.108.46.89.in-addr.arpa udp
US 8.8.8.8:53 228.51.21.104.in-addr.arpa udp
DE 172.104.227.10:443 elrocol.com tcp
US 8.8.8.8:53 femriot.com udp
US 172.96.186.176:443 www.eraofdm.com tcp
N/A 127.0.0.1:51918 tcp
US 160.153.0.45:443 eit-est.com tcp
US 8.8.8.8:53 fimlabz.com udp
US 74.208.236.106:443 equityrs.com tcp
US 8.8.8.8:53 flixtrz.com udp
US 8.8.8.8:53 fourskw.com udp
N/A 127.0.0.1:51922 tcp
US 8.8.8.8:53 foxitop.com udp
US 8.8.8.8:53 frazmet.com udp
US 8.8.8.8:53 www.fredura.com udp
PL 85.128.163.169:443 www.drogowe.com tcp
US 172.67.185.6:443 eyejoah.com tcp
SG 45.13.255.85:443 esid-cv.com tcp
US 8.8.8.8:53 fruzzen.com udp
US 8.8.8.8:53 g-herbs.com udp
GB 154.49.138.147:443 fimlabz.com tcp
US 8.8.8.8:53 geulgam.com udp
US 8.8.8.8:53 ggamagu.com udp
US 66.235.200.113:443 ezinads.com tcp
US 172.67.132.97:443 flixtrz.com tcp
US 149.100.151.143:443 fourskw.com tcp
US 8.8.8.8:53 frinedo.com udp
US 8.8.8.8:53 www.giarlee.com udp
US 8.8.8.8:53 www.boolepo.com udp
US 8.8.8.8:53 glesshe.com udp
US 8.8.8.8:53 givedms.com udp
US 8.8.8.8:53 74.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 2.14.39.193.in-addr.arpa udp
US 8.8.8.8:53 139.39.220.137.in-addr.arpa udp
US 8.8.8.8:53 74.18.21.104.in-addr.arpa udp
US 8.8.8.8:53 10.227.104.172.in-addr.arpa udp
US 8.8.8.8:53 176.186.96.172.in-addr.arpa udp
US 8.8.8.8:53 45.0.153.160.in-addr.arpa udp
N/A 127.0.0.1:51929 tcp
US 8.8.8.8:53 106.236.208.74.in-addr.arpa udp
PL 185.221.109.20:80 frazmet.com tcp
US 104.21.39.209:443 foxitop.com tcp
US 8.8.8.8:53 gogevis.com udp
N/A 127.0.0.1:51935 tcp
US 8.8.8.8:53 goularq.com udp
US 8.8.8.8:53 haedals.com udp
US 8.8.8.8:53 halabtv.com udp
US 8.8.8.8:53 hhlines.com udp
US 162.248.50.115:443 givedms.com tcp
US 69.163.177.212:443 www.boolepo.com tcp
US 172.67.199.138:443 glesshe.com tcp
NL 75.102.57.85:443 www.giarlee.com tcp
ZA 154.0.172.73:443 www.fredura.com tcp
HU 217.13.111.100:443 femriot.com tcp
US 104.21.54.53:443 fruzzen.com tcp
KR 183.111.242.42:80 ggamagu.com tcp
US 208.109.43.165:443 g-herbs.com tcp
US 104.21.76.4:443 frinedo.com tcp
US 8.8.8.8:53 hilalpr.com udp
US 8.8.8.8:53 stun.ipfire.org udp
US 146.190.116.250:443 geulgam.com tcp
BR 185.211.7.117:443 gogevis.com tcp
US 8.8.8.8:53 www.hogarmv.com udp
SG 159.223.56.162:443 haedals.com tcp
US 34.138.102.143:443 goularq.com tcp
US 172.67.157.23:443 hhlines.com tcp
US 8.8.8.8:53 server15.localstats.org udp
US 149.100.151.175:443 halabtv.com tcp
US 63.250.43.135:80 hilalpr.com tcp
US 8.8.8.8:53 hptagri.com udp
US 8.8.8.8:53 6.185.67.172.in-addr.arpa udp
US 8.8.8.8:53 113.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 97.132.67.172.in-addr.arpa udp
US 172.96.186.150:443 hptagri.com tcp
CL 186.64.114.120:443 www.hogarmv.com tcp
US 8.8.8.8:53 147.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 143.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 85.255.13.45.in-addr.arpa udp
DE 81.3.27.44:3478 stun.ipfire.org udp
US 8.8.8.8:53 209.39.21.104.in-addr.arpa udp
BG 185.82.216.111:443 server15.localstats.org tcp
US 8.8.8.8:53 20.109.221.185.in-addr.arpa udp
US 8.8.8.8:53 138.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 85.57.102.75.in-addr.arpa udp
US 8.8.8.8:53 100.111.13.217.in-addr.arpa udp
US 8.8.8.8:53 115.50.248.162.in-addr.arpa udp
US 8.8.8.8:53 hptwood.com udp
US 8.8.8.8:53 iastrat.com udp
US 8.8.8.8:53 ijafssr.com udp
US 8.8.8.8:53 ikapete.com udp
US 8.8.8.8:53 implice.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
N/A 127.0.0.1:51939 tcp
US 8.8.8.8:53 itducku.com udp
US 8.8.8.8:53 sashimi-sp.com udp
US 8.8.8.8:53 jdcmcap.com udp
US 8.8.8.8:53 jhingin.com udp
US 8.8.8.8:53 jhshear.com udp
US 8.8.8.8:53 jobehei.com udp
US 8.8.8.8:53 joung-d.com udp
US 8.8.8.8:53 kaffdha.com udp
US 8.8.8.8:53 just-qr.com udp
US 8.8.8.8:53 karfani.com udp
US 8.8.8.8:53 53.54.21.104.in-addr.arpa udp
US 8.8.8.8:53 4.76.21.104.in-addr.arpa udp
US 8.8.8.8:53 250.116.190.146.in-addr.arpa udp
US 8.8.8.8:53 42.242.111.183.in-addr.arpa udp
US 8.8.8.8:53 117.7.211.185.in-addr.arpa udp
US 8.8.8.8:53 23.157.67.172.in-addr.arpa udp
US 8.8.8.8:53 143.102.138.34.in-addr.arpa udp
US 8.8.8.8:53 175.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 135.43.250.63.in-addr.arpa udp
US 8.8.8.8:53 kichoes.com udp
US 8.8.8.8:53 www.kbapnyc.com udp
US 8.8.8.8:53 kinioso.com udp
US 8.8.8.8:53 kiknets.com udp
US 8.8.8.8:53 kmmship.com udp
US 8.8.8.8:53 yunaeduka.com udp
SG 217.21.73.221:443 jobehei.com tcp
US 52.13.119.137:443 implice.com tcp
DE 217.160.0.159:443 iastrat.com tcp
US 104.218.8.139:80 jdcmcap.com tcp
US 31.170.167.85:443 ijafssr.com tcp
US 172.96.186.150:443 hptwood.com tcp
US 8.8.8.8:53 zet-godan.com udp
US 172.67.191.105:443 sashimi-sp.com tcp
US 34.215.227.192:443 just-qr.com tcp
LT 84.32.84.32:443 kichoes.com tcp
US 154.49.142.202:443 kinioso.com tcp
US 54.236.120.104:443 www.kbapnyc.com tcp
US 161.35.225.125:443 joung-d.com tcp
SG 103.21.221.23:80 kmmship.com tcp
DE 8.209.105.91:443 innally.com tcp
SG 45.130.230.54:443 ikapete.com tcp
US 195.35.33.7:443 kiknets.com tcp
US 66.235.200.113:443 jhshear.com tcp
FI 65.109.100.200:443 kaffdha.com tcp
IR 78.157.38.99:80 karfani.com tcp
US 8.8.8.8:53 www.zibalodge.com udp
CH 193.108.137.97:443 jhingin.com tcp
US 8.8.8.8:53 34football.com udp
US 8.8.8.8:53 aeccouncil.com udp
US 8.8.8.8:53 aidigiflix.com udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 aihimalaya.com udp
US 8.8.8.8:53 alinno1927.com udp
US 8.8.8.8:53 www.alkaidnews.com udp
US 8.8.8.8:53 150.186.96.172.in-addr.arpa udp
US 8.8.8.8:53 44.27.3.81.in-addr.arpa udp
US 8.8.8.8:53 120.114.64.186.in-addr.arpa udp
US 8.8.8.8:53 111.216.82.185.in-addr.arpa udp
US 8.8.8.8:53 appgoldbet.com udp
DE 81.169.145.149:80 zet-godan.com tcp
N/A 127.0.0.1:51943 tcp
US 8.8.8.8:53 carsalessystem.com udp
US 8.8.8.8:53 asahispace.com udp
US 8.8.8.8:53 aurumwings.com udp
US 8.8.8.8:53 atyaliving.com udp
GB 5.77.63.70:443 www.alkaidnews.com tcp
ID 103.163.138.44:443 yunaeduka.com tcp
US 8.8.8.8:53 bh-produce.com udp
US 8.8.8.8:53 www.bipssports.com udp
US 8.8.8.8:53 bookxplore.com udp
US 8.8.8.8:53 bt42studio.com udp
US 104.21.94.82:443 carsalessystem.com tcp
US 65.181.111.238:443 www.bipssports.com tcp
N/A 127.0.0.1:51949 tcp
N/A 127.0.0.1:51954 tcp
N/A 127.0.0.1:51960 tcp
N/A 127.0.0.1:51965 tcp
N/A 127.0.0.1:51968 tcp
N/A 127.0.0.1:51970 tcp
N/A 127.0.0.1:51978 tcp
N/A 127.0.0.1:51984 tcp
N/A 127.0.0.1:51990 tcp
N/A 127.0.0.1:52000 tcp
N/A 127.0.0.1:52009 tcp
N/A 127.0.0.1:52013 tcp
N/A 127.0.0.1:52015 tcp
N/A 127.0.0.1:52020 tcp
N/A 127.0.0.1:52024 tcp
N/A 127.0.0.1:52028 tcp
N/A 127.0.0.1:52030 tcp
N/A 127.0.0.1:52032 tcp
N/A 127.0.0.1:52039 tcp
N/A 127.0.0.1:52041 tcp
N/A 127.0.0.1:52043 tcp
N/A 127.0.0.1:52045 tcp
N/A 127.0.0.1:52047 tcp
N/A 127.0.0.1:52049 tcp
N/A 127.0.0.1:52063 tcp
N/A 127.0.0.1:52067 tcp
N/A 127.0.0.1:52072 tcp
N/A 127.0.0.1:52088 tcp
N/A 127.0.0.1:52102 tcp
N/A 127.0.0.1:52104 tcp
N/A 127.0.0.1:52114 tcp
N/A 127.0.0.1:52116 tcp
N/A 127.0.0.1:52118 tcp
N/A 127.0.0.1:52120 tcp
N/A 127.0.0.1:52126 tcp
N/A 127.0.0.1:52129 tcp
N/A 127.0.0.1:52134 tcp
N/A 127.0.0.1:52146 tcp
CA 144.217.75.173:443 aurumwings.com tcp
US 8.8.8.8:53 139.8.218.104.in-addr.arpa udp
US 8.8.8.8:53 85.167.170.31.in-addr.arpa udp
US 8.8.8.8:53 105.191.67.172.in-addr.arpa udp
US 8.8.8.8:53 32.84.32.84.in-addr.arpa udp
US 8.8.8.8:53 221.73.21.217.in-addr.arpa udp
US 8.8.8.8:53 104.120.236.54.in-addr.arpa udp
US 8.8.8.8:53 202.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 192.227.215.34.in-addr.arpa udp
US 8.8.8.8:53 149.145.169.81.in-addr.arpa udp
US 8.8.8.8:53 23.221.21.103.in-addr.arpa udp
US 8.8.8.8:53 82.94.21.104.in-addr.arpa udp
US 8.8.8.8:53 70.63.77.5.in-addr.arpa udp
US 8.8.8.8:53 chiisanavt.com udp
SG 156.67.213.54:443 asahispace.com tcp
SG 151.106.119.246:443 atyaliving.com tcp
US 8.8.8.8:53 comicchills.com udp
BR 177.154.191.136:443 appgoldbet.com tcp
US 8.8.8.8:53 www.dallyupdate.com udp
US 8.8.8.8:53 easy-advise.com udp
US 8.8.8.8:53 ecnstrength.com udp
JP 155.248.160.55:443 bh-produce.com tcp
US 8.8.8.8:53 educazionit.com udp
IN 172.105.41.141:443 bookxplore.com tcp
US 104.21.80.110:443 aihimalaya.com tcp
DE 81.169.145.158:443 34football.com tcp
SG 85.187.128.52:443 alinno1927.com tcp
GB 149.255.62.50:443 www.zibalodge.com tcp
DE 88.198.22.18:80 aeccouncil.com tcp
US 162.213.255.48:443 comicchills.com tcp
US 104.225.208.26:443 chiisanavt.com tcp
US 8.8.8.8:53 eduwidfarah.com udp
IN 172.105.33.197:443 aidigiflix.com tcp
US 8.8.8.8:53 ei-junamiga.com udp
US 8.8.8.8:53 elektrahome.com udp
US 8.8.8.8:53 elevatesync.com udp
US 8.8.8.8:53 elgigafarms.com udp
JP 183.90.180.104:443 easy-advise.com tcp
US 8.8.8.8:53 eliasorgino.com udp
US 8.8.8.8:53 238.111.181.65.in-addr.arpa udp
US 8.8.8.8:53 44.138.163.103.in-addr.arpa udp
US 8.8.8.8:53 159.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 54.213.67.156.in-addr.arpa udp
US 8.8.8.8:53 110.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 158.145.169.81.in-addr.arpa udp
US 8.8.8.8:53 141.41.105.172.in-addr.arpa udp
US 8.8.8.8:53 50.62.255.149.in-addr.arpa udp
US 8.8.8.8:53 18.22.198.88.in-addr.arpa udp
US 8.8.8.8:53 136.191.154.177.in-addr.arpa udp
US 8.8.8.8:53 55.160.248.155.in-addr.arpa udp
US 8.8.8.8:53 246.119.106.151.in-addr.arpa udp
US 8.8.8.8:53 ellynmbaker.com udp
US 8.8.8.8:53 173.75.217.144.in-addr.arpa udp
IN 148.113.8.71:443 www.dallyupdate.com tcp
US 172.67.193.229:443 educazionit.com tcp
US 50.87.253.35:443 ecnstrength.com tcp
US 8.8.8.8:53 estudiobreu.com udp
US 8.8.8.8:53 gcainfusion.com udp
US 8.8.8.8:53 fitprovital.com udp
US 208.91.199.47:443 eduwidfarah.com tcp
US 162.241.253.225:443 elevatesync.com tcp
N/A 127.0.0.1:52153 tcp
US 162.241.217.156:443 ellynmbaker.com tcp
US 192.254.232.68:443 gcainfusion.com tcp
US 8.8.8.8:53 good-g-page.com udp
US 8.8.8.8:53 gestunmybox.com udp
US 8.8.8.8:53 www.korsett-butik.com udp
US 8.8.8.8:53 kpuribrothers.com udp
US 65.181.111.169:443 elgigafarms.com tcp
US 165.140.70.86:443 ei-junamiga.com tcp
US 50.6.138.135:443 estudiobreu.com tcp
US 8.8.8.8:53 kvrestates-rk.com udp
US 8.8.8.8:53 www.landsunenergy.com udp
ES 82.194.68.88:443 fitprovital.com tcp
US 8.8.8.8:53 lasaludmaxima.com udp
US 8.8.8.8:53 divorceintheranch.com udp
US 8.8.8.8:53 latelier-yoga.com udp
US 216.172.160.241:443 eliasorgino.com tcp
US 8.8.8.8:53 launchedsuite.com udp
US 8.8.8.8:53 lendistry2stg.com udp
US 8.8.8.8:53 26.208.225.104.in-addr.arpa udp
N/A 127.0.0.1:52162 tcp
US 8.8.8.8:53 48.255.213.162.in-addr.arpa udp
US 8.8.8.8:53 229.193.67.172.in-addr.arpa udp
US 8.8.8.8:53 197.33.105.172.in-addr.arpa udp
US 8.8.8.8:53 35.253.87.50.in-addr.arpa udp
US 8.8.8.8:53 71.8.113.148.in-addr.arpa udp
US 8.8.8.8:53 47.199.91.208.in-addr.arpa udp
US 8.8.8.8:53 225.253.241.162.in-addr.arpa udp
US 8.8.8.8:53 104.180.90.183.in-addr.arpa udp
US 8.8.8.8:53 52.128.187.85.in-addr.arpa udp
US 8.8.8.8:53 levieuxcastel.com udp
US 8.8.8.8:53 letsgojayblog.com udp
US 8.8.8.8:53 liftslindetox.com udp
US 8.8.8.8:53 lifestylebell.com udp
US 8.8.8.8:53 lindacarlberg.com udp
US 8.8.8.8:53 lizbethgasque.com udp
US 8.8.8.8:53 www.loanewsprince.com udp
US 8.8.8.8:53 logrestaurant.com udp
US 8.8.8.8:53 localelocator.com udp
N/A 127.0.0.1:52164 tcp
US 72.167.125.248:443 divorceintheranch.com tcp
IN 89.117.157.169:443 kvrestates-rk.com tcp
N/A 127.0.0.1:52166 tcp
US 104.21.64.28:443 kpuribrothers.com tcp
FR 54.36.91.62:443 latelier-yoga.com tcp
DK 77.111.241.66:443 www.landsunenergy.com tcp
N/A 127.0.0.1:52170 tcp
N/A 127.0.0.1:52185 tcp
N/A 127.0.0.1:52191 tcp
FR 109.234.166.248:443 www.korsett-butik.com tcp
US 8.8.8.8:53 lushnailbarsm.com udp
US 8.8.8.8:53 m2beautespain.com udp
US 104.21.6.227:443 www.loanewsprince.com tcp
JP 152.70.97.21:443 good-g-page.com tcp
LT 84.32.84.32:443 localelocator.com tcp
US 104.21.11.90:443 lifestylebell.com tcp
US 54.203.82.175:443 lindacarlberg.com tcp
JP 149.28.26.155:443 letsgojayblog.com tcp
BR 186.202.157.79:80 liftslindetox.com tcp
ID 153.92.13.32:80 gestunmybox.com tcp
BG 185.82.216.111:443 server15.localstats.org tcp
US 8.8.8.8:53 156.217.241.162.in-addr.arpa udp
US 8.8.8.8:53 68.232.254.192.in-addr.arpa udp
US 8.8.8.8:53 97.137.108.193.in-addr.arpa udp
US 8.8.8.8:53 233.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 91.105.209.8.in-addr.arpa udp
US 8.8.8.8:53 200.100.109.65.in-addr.arpa udp
US 8.8.8.8:53 88.68.194.82.in-addr.arpa udp
US 8.8.8.8:53 7.33.35.195.in-addr.arpa udp
US 8.8.8.8:53 99.38.157.78.in-addr.arpa udp
US 8.8.8.8:53 169.111.181.65.in-addr.arpa udp
US 8.8.8.8:53 135.138.6.50.in-addr.arpa udp
US 8.8.8.8:53 86.70.140.165.in-addr.arpa udp
N/A 127.0.0.1:52195 tcp
US 8.8.8.8:53 54.230.130.45.in-addr.arpa udp
US 8.8.8.8:53 maccabi-jaffa.com udp
US 8.8.8.8:53 www.innally.com udp
US 8.8.8.8:53 imunify-alert.com udp
US 8.8.8.8:53 marcelocasiva.com udp
US 8.8.8.8:53 mayaautohouse.com udp
US 8.8.8.8:53 mayfair-elite.com udp
US 8.8.8.8:53 mbsfinanceira.com udp
US 8.8.8.8:53 mdrc-services.com udp
US 8.8.8.8:53 www.medhelpbureau.com udp
US 104.21.61.155:443 levieuxcastel.com tcp
US 8.8.8.8:53 melaniejulien.com udp
N/A 127.0.0.1:52197 tcp
US 104.200.17.166:443 launchedsuite.com tcp
IR 78.157.38.99:443 karfani.com tcp
US 8.8.8.8:53 manaturestore.com udp
US 8.8.8.8:53 metastore-saa.com udp
US 8.8.8.8:53 michaelvassel.com udp
US 8.8.8.8:53 modernrenov78.com udp
US 8.8.8.8:53 microsoftquiz.com udp
US 8.8.8.8:53 milasecretllc.com udp
US 8.8.8.8:53 madeintheshadewoodlands.com udp
US 8.8.8.8:53 mobilisdivers.com udp
US 8.8.8.8:53 28.64.21.104.in-addr.arpa udp
US 8.8.8.8:53 62.91.36.54.in-addr.arpa udp
US 8.8.8.8:53 66.241.111.77.in-addr.arpa udp
US 8.8.8.8:53 169.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 248.166.234.109.in-addr.arpa udp
US 8.8.8.8:53 227.6.21.104.in-addr.arpa udp
US 8.8.8.8:53 90.11.21.104.in-addr.arpa udp
US 8.8.8.8:53 79.157.202.186.in-addr.arpa udp
US 149.100.151.55:443 maccabi-jaffa.com tcp
LT 84.32.84.32:443 localelocator.com tcp
US 208.109.75.169:443 logrestaurant.com tcp
US 23.50.52.35:443 lendistry2stg.com tcp
DE 8.209.105.91:443 www.innally.com tcp
US 45.79.42.71:443 lushnailbarsm.com tcp
ES 89.248.96.120:443 m2beautespain.com tcp
FR 54.36.91.62:443 melaniejulien.com tcp
US 162.0.215.12:443 mayaautohouse.com tcp
US 8.8.8.8:53 crookedwingtravel.com udp
CY 85.190.230.2:443 mdrc-services.com tcp
BR 185.211.7.59:443 marcelocasiva.com tcp
N/A 127.0.0.1:52200 tcp
BR 149.100.155.212:443 manaturestore.com tcp
US 172.67.176.47:443 imunify-alert.com tcp
DE 38.242.255.91:443 www.medhelpbureau.com tcp
US 86.38.202.25:443 mayfair-elite.com tcp
US 66.29.132.116:443 metastore-saa.com tcp
US 104.21.87.7:443 michaelvassel.com tcp
FR 89.117.169.243:443 modernrenov78.com tcp
IN 89.117.27.101:443 microsoftquiz.com tcp
US 141.193.213.10:443 madeintheshadewoodlands.com tcp
US 8.8.8.8:53 crosswayssolution.com udp
US 142.93.72.4:443 milasecretllc.com tcp
US 172.67.165.152:443 mobilisdivers.com tcp
US 8.8.8.8:53 dailydoseofmylife.com udp
N/A 127.0.0.1:52205 tcp
US 8.8.8.8:53 damac-golf-greens.com udp
N/A 127.0.0.1:52210 tcp
N/A 127.0.0.1:52212 tcp
N/A 127.0.0.1:52214 tcp
N/A 127.0.0.1:52219 tcp
N/A 127.0.0.1:52228 tcp
N/A 127.0.0.1:52234 tcp
N/A 127.0.0.1:52239 tcp
N/A 127.0.0.1:52241 tcp
N/A 127.0.0.1:52244 tcp
N/A 127.0.0.1:52246 tcp
N/A 127.0.0.1:52250 tcp
N/A 127.0.0.1:52253 tcp
N/A 127.0.0.1:52266 tcp
N/A 127.0.0.1:52270 tcp
N/A 127.0.0.1:52273 tcp
US 162.241.24.158:443 crookedwingtravel.com tcp
US 8.8.8.8:53 derivativehedging.com udp
GB 77.95.113.183:443 crosswayssolution.com tcp
US 8.8.8.8:53 designbymarkdavid.com udp
US 162.241.225.87:443 dailydoseofmylife.com tcp
US 8.8.8.8:53 designedalignment.com udp
US 8.8.8.8:53 21.97.70.152.in-addr.arpa udp
US 66.235.200.146:80 designbymarkdavid.com tcp
US 8.8.8.8:53 155.26.28.149.in-addr.arpa udp
US 104.200.17.166:443 launchedsuite.com tcp
US 8.8.8.8:53 32.13.92.153.in-addr.arpa udp
US 8.8.8.8:53 155.61.21.104.in-addr.arpa udp
US 162.241.219.14:443 designedalignment.com tcp
US 8.8.8.8:53 166.17.200.104.in-addr.arpa udp
US 8.8.8.8:53 35.52.50.23.in-addr.arpa udp
US 8.8.8.8:53 55.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 120.96.248.89.in-addr.arpa udp
US 8.8.8.8:53 71.42.79.45.in-addr.arpa udp
US 8.8.8.8:53 dharmapowersupply.com udp
US 8.8.8.8:53 digitalpartnersbr.com udp
US 8.8.8.8:53 disarlielektronik.com udp
US 8.8.8.8:53 driveninnercircle.a2hosted.com udp
US 8.8.8.8:53 www.levieuxcastel.com udp
US 8.8.8.8:53 elorientaltattoos.com udp
US 8.8.8.8:53 familyrealestates.com udp
US 8.8.8.8:53 fitourtravelumroh.com udp
US 8.8.8.8:53 fejashealinghands.com udp
US 8.8.8.8:53 www.fotowandmetnatuur.nl udp
US 8.8.8.8:53 framehotelbangkok.com udp
IN 103.138.189.139:80 derivativehedging.com tcp
N/A 127.0.0.1:52278 tcp
NL 45.82.191.120:443 www.fotowandmetnatuur.nl tcp
US 68.66.200.219:443 driveninnercircle.a2hosted.com tcp
US 8.8.8.8:53 2.230.190.85.in-addr.arpa udp
US 8.8.8.8:53 12.215.0.162.in-addr.arpa udp
US 8.8.8.8:53 47.176.67.172.in-addr.arpa udp
US 8.8.8.8:53 91.255.242.38.in-addr.arpa udp
US 8.8.8.8:53 7.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 10.213.193.141.in-addr.arpa udp
US 8.8.8.8:53 243.169.117.89.in-addr.arpa udp
US 8.8.8.8:53 152.165.67.172.in-addr.arpa udp
US 8.8.8.8:53 59.7.211.185.in-addr.arpa udp
US 8.8.8.8:53 25.202.38.86.in-addr.arpa udp
US 8.8.8.8:53 116.132.29.66.in-addr.arpa udp
US 8.8.8.8:53 101.27.117.89.in-addr.arpa udp
US 8.8.8.8:53 183.113.95.77.in-addr.arpa udp
US 8.8.8.8:53 158.24.241.162.in-addr.arpa udp
US 8.8.8.8:53 241.160.172.216.in-addr.arpa udp
US 8.8.8.8:53 87.225.241.162.in-addr.arpa udp
GB 109.70.148.130:443 familyrealestates.com tcp
US 8.8.8.8:53 gabuccicollection.com udp
US 108.179.193.17:443 digitalpartnersbr.com tcp
TR 89.252.159.195:443 disarlielektronik.com tcp
US 8.8.8.8:53 www.garansi-insurance.com udp
US 162.241.169.155:443 dharmapowersupply.com tcp
US 38.18.231.82:443 elorientaltattoos.com tcp
SG 45.13.255.243:443 fitourtravelumroh.com tcp
TH 203.170.190.138:443 framehotelbangkok.com tcp
DE 81.169.145.84:80 fejashealinghands.com tcp
US 172.67.211.137:443 www.levieuxcastel.com tcp
US 8.8.8.8:53 bluechartermenorca.com udp
US 8.8.8.8:53 fastingmindfulness.com udp
US 8.8.8.8:53 feyiogecollections.com udp
US 8.8.8.8:53 faucheux-entretien.com udp
US 8.8.8.8:53 figurasdragonballz.com udp
US 8.8.8.8:53 firstcare-training.com udp
US 8.8.8.8:53 filosofiaturistica.com udp
US 8.8.8.8:53 forcedauctionsigns.com udp
US 8.8.8.8:53 www.systemerisp.com udp
US 8.8.8.8:53 inflightretrievers.com udp
US 8.8.8.8:53 www.cellocandela.com udp
US 8.8.8.8:53 ceriaslot123.com udp
US 8.8.8.8:53 cesargrillet.com udp
US 8.8.8.8:53 www.mobilisdivers.com udp
US 8.8.8.8:53 chapa2cremec.com udp
US 8.8.8.8:53 14.219.241.162.in-addr.arpa udp
US 8.8.8.8:53 139.189.138.103.in-addr.arpa udp
US 8.8.8.8:53 120.191.82.45.in-addr.arpa udp
US 8.8.8.8:53 219.200.66.68.in-addr.arpa udp
US 8.8.8.8:53 chhaharanews.com udp
FI 65.109.99.96:443 www.garansi-insurance.com tcp
N/A 127.0.0.1:52280 tcp
US 8.8.8.8:53 choco-lamour.com udp
SG 156.67.213.49:443 gabuccicollection.com tcp
DE 217.160.0.157:80 bluechartermenorca.com tcp
US 86.38.202.16:443 firstcare-training.com tcp
FR 89.117.169.13:443 filosofiaturistica.com tcp
US 8.8.8.8:53 cineplexnews.com udp
US 8.8.8.8:53 clickonsight.com udp
US 8.8.8.8:53 codingcokcok.com udp
US 8.8.8.8:53 commeebridge.com udp
US 154.49.142.253:443 fastingmindfulness.com tcp
FR 89.117.169.201:443 figurasdragonballz.com tcp
US 162.241.216.32:443 feyiogecollections.com tcp
US 66.85.26.245:80 forcedauctionsigns.com tcp
FR 85.236.155.10:443 faucheux-entretien.com tcp
US 104.21.77.144:443 inflightretrievers.com tcp
FR 91.134.238.237:443 www.systemerisp.com tcp
US 172.67.165.152:443 www.mobilisdivers.com tcp
ES 164.138.210.89:80 www.cellocandela.com tcp
BR 45.152.46.122:443 cesargrillet.com tcp
N/A 127.0.0.1:52283 tcp
US 8.8.8.8:53 confidantica.com udp
N/A 127.0.0.1:52288 tcp
US 8.8.8.8:53 130.148.70.109.in-addr.arpa udp
US 8.8.8.8:53 195.159.252.89.in-addr.arpa udp
US 8.8.8.8:53 17.193.179.108.in-addr.arpa udp
US 8.8.8.8:53 137.211.67.172.in-addr.arpa udp
US 8.8.8.8:53 84.145.169.81.in-addr.arpa udp
US 8.8.8.8:53 82.231.18.38.in-addr.arpa udp
US 8.8.8.8:53 155.169.241.162.in-addr.arpa udp
US 8.8.8.8:53 138.190.170.203.in-addr.arpa udp
US 8.8.8.8:53 243.255.13.45.in-addr.arpa udp
US 8.8.8.8:53 96.99.109.65.in-addr.arpa udp
US 8.8.8.8:53 contentbymsd.com udp
US 8.8.8.8:53 cookthefoods.com udp
US 8.8.8.8:53 corporelaser.com udp
US 8.8.8.8:53 crazydealstx.com udp
BR 149.100.155.29:443 chapa2cremec.com tcp
US 162.0.235.109:443 ceriaslot123.com tcp
US 8.8.8.8:53 cre-activeus.com udp
US 8.8.8.8:53 creationsrub.com udp
US 8.8.8.8:53 dailybites24.com udp
US 8.8.8.8:53 dajabonviral.com udp
US 8.8.8.8:53 www.daniandgrace.com udp
AU 154.26.155.169:443 chhaharanews.com tcp
US 154.49.142.232:443 clickonsight.com tcp
GB 154.49.138.242:443 choco-lamour.com tcp
N/A 127.0.0.1:52290 tcp
US 104.21.84.151:443 confidantica.com tcp
US 8.8.8.8:53 datingpapapa.com udp
US 8.8.8.8:53 dawahthreads.com udp
US 198.54.120.43:443 cineplexnews.com tcp
US 8.8.8.8:53 dayondisplay.com udp
US 8.8.8.8:53 13.169.117.89.in-addr.arpa udp
US 8.8.8.8:53 157.0.160.217.in-addr.arpa udp
N/A 127.0.0.1:52286 tcp
US 8.8.8.8:53 32.216.241.162.in-addr.arpa udp
US 8.8.8.8:53 253.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 16.202.38.86.in-addr.arpa udp
US 8.8.8.8:53 10.155.236.85.in-addr.arpa udp
US 8.8.8.8:53 245.26.85.66.in-addr.arpa udp
US 8.8.8.8:53 144.77.21.104.in-addr.arpa udp
US 8.8.8.8:53 237.238.134.91.in-addr.arpa udp
US 8.8.8.8:53 89.210.138.164.in-addr.arpa udp
US 8.8.8.8:53 49.213.67.156.in-addr.arpa udp
US 8.8.8.8:53 122.46.152.45.in-addr.arpa udp
US 151.106.105.11:443 cre-activeus.com tcp
US 34.171.142.102:443 contentbymsd.com tcp
US 172.67.162.209:443 creationsrub.com tcp
BR 149.100.155.212:443 crazydealstx.com tcp
FR 35.181.89.222:443 cookthefoods.com tcp
KR 183.110.224.246:80 codingcokcok.com tcp
US 107.155.89.42:80 dajabonviral.com tcp
ES 37.153.89.124:443 corporelaser.com tcp
US 8.8.8.8:53 demirfashion.com udp
US 8.8.8.8:53 digitalise24.com udp
US 8.8.8.8:53 digitalwebdv.com udp
US 8.8.8.8:53 djremodelers.com udp
US 8.8.8.8:53 blickzwei.de udp
US 194.195.84.210:443 dailybites24.com tcp
US 50.63.141.12:443 datapaybtllc.com tcp
US 172.67.145.179:443 datingpapapa.com tcp
FR 109.234.161.205:443 www.daniandgrace.com tcp
US 8.8.8.8:53 doodoobloger.com udp
US 8.8.8.8:53 dramariaguia.com udp
US 8.8.8.8:53 www.drivethruint.com udp
GB 78.141.226.188:443 dayondisplay.com tcp
GB 144.126.194.248:443 dawahthreads.com tcp
US 149.100.151.196:443 digibizfacts.com tcp
US 8.8.8.8:53 109.235.0.162.in-addr.arpa udp
US 8.8.8.8:53 29.155.100.149.in-addr.arpa udp
US 8.8.8.8:53 242.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 232.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 169.155.26.154.in-addr.arpa udp
US 8.8.8.8:53 151.84.21.104.in-addr.arpa udp
US 8.8.8.8:53 43.120.54.198.in-addr.arpa udp
US 8.8.8.8:53 209.162.67.172.in-addr.arpa udp
US 8.8.8.8:53 222.89.181.35.in-addr.arpa udp
US 8.8.8.8:53 11.105.106.151.in-addr.arpa udp
US 8.8.8.8:53 102.142.171.34.in-addr.arpa udp
US 162.241.218.199:80 djremodelers.com tcp
US 8.8.8.8:53 drozlemoymak.com udp
IN 89.117.188.222:443 digitalise24.com tcp
US 8.8.8.8:53 dubonnetlive.com udp
DE 217.160.0.247:443 blickzwei.de tcp
US 8.8.8.8:53 eastbayphoto.com udp
US 160.153.0.40:443 demirfashion.com tcp
US 86.38.202.125:443 digitalwebdv.com tcp
US 8.8.8.8:53 easychordsph.com udp
US 8.8.8.8:53 economytechy.com udp
US 8.8.8.8:53 edhomesgroup.com udp
US 8.8.8.8:53 emka-negoces.com udp
ZA 169.239.218.51:443 www.drivethruint.com tcp
US 8.8.8.8:53 emresecurity.com udp
US 8.8.8.8:53 emtrac-varta.com udp
KR 183.111.242.60:443 doodoobloger.com tcp
US 8.8.8.8:53 enjoycollect.com udp
US 107.155.89.42:443 dajabonviral.com tcp
US 129.213.137.232:443 dubonnetlive.com tcp
US 172.67.162.100:443 edhomesgroup.com tcp
CA 69.161.159.27:443 eastbayphoto.com tcp
US 8.8.8.8:53 42.89.155.107.in-addr.arpa udp
US 8.8.8.8:53 246.224.110.183.in-addr.arpa udp
US 8.8.8.8:53 179.145.67.172.in-addr.arpa udp
US 8.8.8.8:53 205.161.234.109.in-addr.arpa udp
US 8.8.8.8:53 210.84.195.194.in-addr.arpa udp
US 8.8.8.8:53 188.226.141.78.in-addr.arpa udp
US 8.8.8.8:53 248.194.126.144.in-addr.arpa udp
US 8.8.8.8:53 196.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 247.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 40.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 199.218.241.162.in-addr.arpa udp
US 8.8.8.8:53 125.202.38.86.in-addr.arpa udp
US 8.8.8.8:53 enriqueumana.com udp
TR 78.135.106.170:443 drozlemoymak.com tcp
US 8.8.8.8:53 entourage2go.com udp
US 8.8.8.8:53 epaperprudvi.com udp
US 8.8.8.8:53 eskrimfamily.com udp
US 8.8.8.8:53 estiqueleads.com udp
FR 51.91.236.193:443 emka-negoces.com tcp
US 104.21.74.200:443 emtrac-varta.com tcp
SG 156.67.222.60:443 easychordsph.com tcp
US 8.8.8.8:53 epicdealzone.com udp
US 8.8.8.8:53 estribosrest.com udp
US 8.8.8.8:53 estudioeduca.com udp
US 104.21.12.24:443 enjoycollect.com tcp
US 160.153.0.65:443 emresecurity.com tcp
US 204.197.243.181:443 enriqueumana.com tcp
US 8.8.8.8:53 exen-network.com udp
US 8.8.8.8:53 ezspeedykart.com udp
US 8.8.8.8:53 faisalkhamis.com udp
US 8.8.8.8:53 falconryhubs.com udp
US 8.8.8.8:53 51.218.239.169.in-addr.arpa udp
US 8.8.8.8:53 60.242.111.183.in-addr.arpa udp
US 8.8.8.8:53 100.162.67.172.in-addr.arpa udp
US 8.8.8.8:53 232.137.213.129.in-addr.arpa udp
US 8.8.8.8:53 170.106.135.78.in-addr.arpa udp
US 8.8.8.8:53 27.159.161.69.in-addr.arpa udp
US 8.8.8.8:53 193.236.91.51.in-addr.arpa udp
US 8.8.8.8:53 www.blickzwei.de udp
US 45.79.94.170:443 entourage2go.com tcp
US 8.8.8.8:53 featherheavy.com udp
US 8.8.8.8:53 felixrentals.com udp
US 8.8.8.8:53 feelinganime.com udp
ID 103.179.86.130:443 eskrimfamily.com tcp
US 162.240.97.189:80 estribosrest.com tcp
US 204.93.224.87:443 estudioeduca.com tcp
IN 68.178.158.82:443 epaperprudvi.com tcp
FR 195.35.49.24:443 estiqueleads.com tcp
US 63.250.43.4:443 epicdealzone.com tcp
US 8.8.8.8:53 finanzastips.com udp
US 8.8.8.8:53 finbizglobal.com udp
US 8.8.8.8:53 flashaitools.com udp
US 8.8.8.8:53 www.florcamelias.com udp
GB 141.136.33.49:443 falconryhubs.com tcp
DE 217.160.0.247:443 www.blickzwei.de tcp
US 8.8.8.8:53 sawyerairport.com udp
FR 154.41.237.38:443 faisalkhamis.com tcp
US 160.153.0.186:443 featherheavy.com tcp
FR 89.116.147.76:443 exen-network.com tcp
US 8.8.8.8:53 flytocomores.com udp
US 8.8.8.8:53 foelledesign.com udp
US 8.8.8.8:53 200.74.21.104.in-addr.arpa udp
US 8.8.8.8:53 24.12.21.104.in-addr.arpa udp
US 8.8.8.8:53 65.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 60.222.67.156.in-addr.arpa udp
US 8.8.8.8:53 181.243.197.204.in-addr.arpa udp
US 8.8.8.8:53 24.49.35.195.in-addr.arpa udp
US 8.8.8.8:53 87.224.93.204.in-addr.arpa udp
US 8.8.8.8:53 189.97.240.162.in-addr.arpa udp
CZ 91.239.201.10:443 felixrentals.com tcp
US 195.35.33.7:443 finanzastips.com tcp
US 154.49.142.84:443 finbizglobal.com tcp
DE 94.130.223.106:443 flashaitools.com tcp
US 172.67.167.8:80 www.florcamelias.com tcp
US 8.8.8.8:53 codingcokcok.mycafe24.com udp
US 8.8.8.8:53 formulawonks.com udp
CN 115.159.56.214:80 feelinganime.com tcp
US 209.239.122.205:443 fertintegral.com tcp
US 8.8.8.8:53 vouchervortex.com udp
ZA 41.222.34.13:443 flytocomores.com tcp
FR 92.204.212.171:80 foelledesign.com tcp
US 70.39.251.129:443 sawyerairport.com tcp
US 8.8.8.8:53 vivamaisplena.com udp
US 159.203.145.199:443 formulawonks.com tcp
IN 68.178.157.40:443 vouchervortex.com tcp
US 8.8.8.8:53 walworthalano.org udp
US 108.167.188.170:443 vivamaisplena.com tcp
US 104.21.45.123:443 walworthalano.org tcp
N/A 127.0.0.1:52309 tcp
N/A 127.0.0.1:52317 tcp
N/A 127.0.0.1:52320 tcp
N/A 127.0.0.1:52322 tcp
N/A 127.0.0.1:52325 tcp
N/A 127.0.0.1:52334 tcp
N/A 127.0.0.1:52348 tcp
N/A 127.0.0.1:52355 tcp
N/A 127.0.0.1:52360 tcp
N/A 127.0.0.1:52362 tcp
N/A 127.0.0.1:52364 tcp
N/A 127.0.0.1:52366 tcp
KR 183.110.224.246:80 codingcokcok.mycafe24.com tcp
US 8.8.8.8:53 4.43.250.63.in-addr.arpa udp
US 8.8.8.8:53 130.86.179.103.in-addr.arpa udp
US 8.8.8.8:53 49.33.136.141.in-addr.arpa udp
US 8.8.8.8:53 38.237.41.154.in-addr.arpa udp
US 8.8.8.8:53 186.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 76.147.116.89.in-addr.arpa udp
US 8.8.8.8:53 10.201.239.91.in-addr.arpa udp
US 8.8.8.8:53 106.223.130.94.in-addr.arpa udp
US 8.8.8.8:53 8.167.67.172.in-addr.arpa udp
US 8.8.8.8:53 84.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 129.251.39.70.in-addr.arpa udp
US 8.8.8.8:53 199.145.203.159.in-addr.arpa udp
US 8.8.8.8:53 123.45.21.104.in-addr.arpa udp
US 8.8.8.8:53 13.34.222.41.in-addr.arpa udp
US 8.8.8.8:53 wandererstrip.com udp
US 8.8.8.8:53 wandertrip-kr.com udp
US 8.8.8.8:53 aidat.emresecurity.com udp
US 172.67.176.47:443 imunify-alert.com tcp
US 149.28.10.105:443 wandertrip-kr.com tcp
N/A 127.0.0.1:52373 tcp
US 160.153.0.146:443 aidat.emresecurity.com tcp
US 8.8.8.8:53 wayowearstore.com udp
US 8.8.8.8:53 webdigitallab.com udp
US 8.8.8.8:53 wanersenblade.com udp
US 8.8.8.8:53 wealthwiseusa.com udp
US 8.8.8.8:53 webstorieslab.com udp
US 8.8.8.8:53 website-so1vn.com udp
US 8.8.8.8:53 weilanzhijian.com udp
US 8.8.8.8:53 www.eskrimfamily.com udp
N/A 127.0.0.1:52378 tcp
N/A 127.0.0.1:52384 tcp
N/A 127.0.0.1:52390 tcp
N/A 127.0.0.1:52394 tcp
N/A 127.0.0.1:52405 tcp
N/A 127.0.0.1:52408 tcp
N/A 127.0.0.1:52415 tcp
N/A 127.0.0.1:52418 tcp
N/A 127.0.0.1:52420 tcp
N/A 127.0.0.1:52423 tcp
N/A 127.0.0.1:52425 tcp
N/A 127.0.0.1:52428 tcp
N/A 127.0.0.1:52433 tcp
N/A 127.0.0.1:52438 tcp
N/A 127.0.0.1:52441 tcp
N/A 127.0.0.1:52447 tcp
N/A 127.0.0.1:52450 tcp
N/A 127.0.0.1:52455 tcp
N/A 127.0.0.1:52460 tcp
N/A 127.0.0.1:52464 tcp
N/A 127.0.0.1:52467 tcp
US 8.8.8.8:53 170.188.167.108.in-addr.arpa udp
US 8.8.8.8:53 146.0.153.160.in-addr.arpa udp
GB 198.244.228.164:443 webdigitallab.com tcp
US 8.8.8.8:53 wesswoodstore.com udp
US 8.8.8.8:53 westernnewsmm.com udp
US 8.8.8.8:53 www.wheelhousecgi.com udp
US 8.8.8.8:53 whitelightusa.com udp
US 86.38.202.105:443 webstorieslab.com tcp
CN 123.56.116.175:443 weilanzhijian.com tcp
US 3.33.130.190:443 welkeaandelen.com tcp
SG 156.67.222.18:443 wanersenblade.com tcp
BD 115.187.18.91:443 wayowearstore.com tcp
US 8.8.8.8:53 wilsonworksnv.com udp
US 8.8.8.8:53 wishfulthinks.com udp
VN 103.173.227.99:443 website-so1vn.com tcp
ID 103.179.86.130:443 www.eskrimfamily.com tcp
US 8.8.8.8:53 wikilottothai.com udp
US 172.67.151.81:443 www.enjoycollect.com tcp
US 141.193.213.11:443 www.wheelhousecgi.com tcp
US 8.8.8.8:53 wptoolsonline.com udp
US 160.153.0.80:443 wesswoodstore.com tcp
US 8.8.8.8:53 writtenbytory.com udp
US 97.74.184.226:443 whitelightusa.com tcp
US 8.8.8.8:53 xtendmaxmedia.com udp
US 162.241.225.33:443 westernnewsmm.com tcp
US 46.28.40.21:443 wishfulthinks.com tcp
US 165.140.70.86:443 wilsonworksnv.com tcp
US 8.8.8.8:53 yassinechakik.com udp
US 8.8.8.8:53 164.228.244.198.in-addr.arpa udp
US 8.8.8.8:53 190.130.33.3.in-addr.arpa udp
US 8.8.8.8:53 91.18.187.115.in-addr.arpa udp
US 8.8.8.8:53 81.151.67.172.in-addr.arpa udp
US 8.8.8.8:53 11.213.193.141.in-addr.arpa udp
US 8.8.8.8:53 80.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 99.227.173.103.in-addr.arpa udp
US 8.8.8.8:53 yellowfarmdog.com udp
US 8.8.8.8:53 youbetter-now.com udp
US 8.8.8.8:53 yesgiwear.com udp
US 8.8.8.8:53 yourlifedepot.com udp
US 8.8.8.8:53 yuanzhitianqi.com udp
US 104.21.7.136:443 wptoolsonline.com tcp
US 50.87.138.230:443 writtenbytory.com tcp
DE 23.88.66.234:443 yassinechakik.com tcp
SG 172.96.191.158:443 wikilottothai.com tcp
US 68.66.221.225:443 xtendmaxmedia.com tcp
DK 46.30.213.150:443 yesgiwear.com tcp
US 162.241.226.190:443 yourlifedepot.com tcp
US 45.76.75.34:443 yellowfarmdog.com tcp
LT 84.32.84.32:443 youbetter-now.com tcp
US 8.8.8.8:53 zaha-alliance.com udp
US 8.8.8.8:53 zenzoneagency.com udp
US 8.8.8.8:53 suanhahanoi365.com udp
US 8.8.8.8:53 subashrupantar.com udp
US 8.8.8.8:53 sunshinetucson.com udp
US 8.8.8.8:53 bf00ba2140.nxcli.io udp
GB 185.61.152.64:443 zaha-alliance.com tcp
US 8.8.8.8:53 sustentaonline.com udp
US 8.8.8.8:53 33.225.241.162.in-addr.arpa udp
US 8.8.8.8:53 136.7.21.104.in-addr.arpa udp
US 8.8.8.8:53 21.40.28.46.in-addr.arpa udp
US 8.8.8.8:53 234.66.88.23.in-addr.arpa udp
US 8.8.8.8:53 230.138.87.50.in-addr.arpa udp
US 8.8.8.8:53 225.221.66.68.in-addr.arpa udp
US 8.8.8.8:53 150.213.30.46.in-addr.arpa udp
US 8.8.8.8:53 swissgreenagro.com udp
US 8.8.8.8:53 www.zhyekaestilos.com udp
FR 89.117.169.227:443 zenzoneagency.com tcp
CN 101.42.135.56:443 yuanzhitianqi.com tcp
US 8.8.8.8:53 swpsuniversity.com udp
US 8.8.8.8:53 sys-ingenieria.com udp
US 8.8.8.8:53 www.supremerankseo.com udp
US 8.8.8.8:53 syukurbahagiaa.com udp
US 8.8.8.8:53 tacoislandbali.com udp
US 8.8.8.8:53 www.takointernship.com udp
US 8.8.8.8:53 www.talentbysidoli.com udp
ID 103.247.8.35:443 zahraindoasia.com tcp
US 8.8.8.8:53 tarolog-ksenia.com udp
N/A 127.0.0.1:52470 tcp
N/A 127.0.0.1:52474 tcp
N/A 127.0.0.1:52476 tcp
N/A 127.0.0.1:52478 tcp
N/A 127.0.0.1:52480 tcp
IN 89.117.157.246:443 swissgreenagro.com tcp
DE 88.198.82.124:443 subashrupantar.com tcp
US 208.109.64.181:443 sunshinetucson.com tcp
US 172.67.138.12:443 www.zhyekaestilos.com tcp
VN 163.44.194.62:443 suanhahanoi365.com tcp
US 8.8.8.8:53 taxationrefund.com udp
US 8.8.8.8:53 teamcarservice.com udp
US 8.8.8.8:53 teamkingindian.com udp
TR 95.173.161.190:443 swpsuniversity.com tcp
US 50.6.138.46:443 sustentaonline.com tcp
US 216.69.172.57:443 www.supremerankseo.com tcp
US 8.8.8.8:53 190.226.241.162.in-addr.arpa udp
US 8.8.8.8:53 34.75.76.45.in-addr.arpa udp
US 8.8.8.8:53 227.169.117.89.in-addr.arpa udp
US 8.8.8.8:53 124.82.198.88.in-addr.arpa udp
US 8.8.8.8:53 12.138.67.172.in-addr.arpa udp
SG 184.168.99.253:80 tacoislandbali.com tcp
GB 45.77.91.70:443 www.talentbysidoli.com tcp
AU 140.238.205.3:443 taxationrefund.com tcp
US 8.8.8.8:53 techgadgetsray.com udp
US 8.8.8.8:53 techgadgetspin.com udp
MY 103.122.164.9:443 syukurbahagiaa.com tcp
IT 185.201.65.177:443 teamcarservice.com tcp
US 8.8.8.8:53 techgadgetsusa.com udp
US 8.8.8.8:53 www.yellowfarmdog.com udp
US 8.8.8.8:53 techredgadgets.com udp
US 8.8.8.8:53 www.wikilottothai.com udp
US 8.8.8.8:53 teinvitoacomer.com udp
MY 103.6.196.78:443 www.takointernship.com tcp
US 162.214.80.27:443 teamkingindian.com tcp
US 8.8.8.8:53 terapiholistic.com udp
US 8.8.8.8:53 terdaleclasses.com udp
US 13.248.169.48:443 teinvitoacomer.com tcp
US 172.67.220.236:443 techredgadgets.com tcp
US 172.67.186.87:443 techgadgetspin.com tcp
US 45.76.75.34:443 www.yellowfarmdog.com tcp
SG 172.96.191.158:443 www.wikilottothai.com tcp
US 86.38.202.131:443 techgadgetsusa.com tcp
US 104.21.30.205:443 techgadgetsray.com tcp
US 8.8.8.8:53 terminaldefect.com udp
US 172.67.221.95:443 terapiholistic.com tcp
US 8.8.8.8:53 246.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 190.161.173.95.in-addr.arpa udp
US 8.8.8.8:53 35.8.247.103.in-addr.arpa udp
US 8.8.8.8:53 46.138.6.50.in-addr.arpa udp
US 8.8.8.8:53 62.194.44.163.in-addr.arpa udp
US 8.8.8.8:53 177.65.201.185.in-addr.arpa udp
US 8.8.8.8:53 27.80.214.162.in-addr.arpa udp
US 8.8.8.8:53 3.205.238.140.in-addr.arpa udp
US 8.8.8.8:53 9.164.122.103.in-addr.arpa udp
US 8.8.8.8:53 78.196.6.103.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 87.186.67.172.in-addr.arpa udp
GB 185.77.97.99:443 terdaleclasses.com tcp
US 8.8.8.8:53 theartofplatin.com udp
US 8.8.8.8:53 thebeautyhoney.com udp
PL 89.184.68.107:443 tarolog-ksenia.com tcp
US 8.8.8.8:53 rocketracersgame.com udp
US 8.8.8.8:53 rjcymarketinginc.com udp
US 8.8.8.8:53 sabineritzberger.com udp
US 8.8.8.8:53 saison-africaine.com udp
US 63.250.43.8:80 terminaldefect.com tcp
US 66.235.200.146:443 thebeautyhoney.com tcp
US 8.8.8.8:53 salesphereonline.com udp
US 54.85.199.254:443 theartofplatin.com tcp
FR 146.59.209.152:80 saison-africaine.com tcp
US 104.21.73.241:443 rocketracersgame.com tcp
US 104.21.56.177:443 sabineritzberger.com tcp
US 8.8.8.8:53 salgadointeriors.com udp
US 8.8.8.8:53 salgueroreformas.com udp
US 63.250.43.13:443 rjcymarketinginc.com tcp
US 8.8.8.8:53 sarcastichistory.com udp
DE 217.160.0.136:443 salgueroreformas.com tcp
US 8.8.8.8:53 sauravfoundation.com udp
US 8.8.8.8:53 www.terminaldefect.com udp
US 8.8.8.8:53 saveinvest-money.com udp
US 8.8.8.8:53 sawdevelopmentfl.com udp
US 8.8.8.8:53 205.30.21.104.in-addr.arpa udp
US 8.8.8.8:53 95.221.67.172.in-addr.arpa udp
US 8.8.8.8:53 131.202.38.86.in-addr.arpa udp
US 8.8.8.8:53 99.97.77.185.in-addr.arpa udp
US 8.8.8.8:53 107.68.184.89.in-addr.arpa udp
US 8.8.8.8:53 8.43.250.63.in-addr.arpa udp
US 8.8.8.8:53 241.73.21.104.in-addr.arpa udp
US 8.8.8.8:53 177.56.21.104.in-addr.arpa udp
US 8.8.8.8:53 152.209.59.146.in-addr.arpa udp
US 8.8.8.8:53 254.199.85.54.in-addr.arpa udp
US 8.8.8.8:53 13.43.250.63.in-addr.arpa udp
US 8.8.8.8:53 www.seedlingsproject.com udp
US 149.100.151.202:443 salgadointeriors.com tcp
US 8.8.8.8:53 serenitywanderer.com udp
US 8.8.8.8:53 seeworthyescapes.com udp
US 8.8.8.8:53 www.shirakami-ganka1.com udp
US 8.8.8.8:53 shrirambodyworks.com udp
US 8.8.8.8:53 siamesesmile2008.com udp
FR 35.181.89.222:443 serenitywanderer.com tcp
US 154.56.47.58:443 sawdevelopmentfl.com tcp
US 208.113.188.110:443 sarcastichistory.com tcp
US 141.193.213.10:443 seeworthyescapes.com tcp
US 172.67.160.163:443 siamesesmile2008.com tcp
US 8.8.8.8:53 siamwaterjetting.com udp
US 8.8.8.8:53 silvidiolingerie.com udp
US 8.8.8.8:53 simmcoproperties.com udp
IN 89.117.157.173:443 sauravfoundation.com tcp
JP 183.90.183.26:443 www.shirakami-ganka1.com tcp
US 172.67.217.137:443 saveinvest-money.com tcp
AU 203.57.51.163:443 www.seedlingsproject.com tcp
US 63.250.43.7:80 www.terminaldefect.com tcp
US 8.8.8.8:53 skinup-eboutique.com udp
US 8.8.8.8:53 136.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 202.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 smarthomelessons.com udp
US 8.8.8.8:53 smilewhitecenter.com udp
US 8.8.8.8:53 sneakpeachagency.com udp
US 8.8.8.8:53 sodaipatiservice.com udp
US 8.8.8.8:53 soloquierodormir.com udp
US 8.8.8.8:53 soheilmiresmaili.com udp
BR 154.49.247.61:443 silvidiolingerie.com tcp
US 154.56.37.121:443 skinup-eboutique.com tcp
GB 5.180.60.11:443 sneakpeachagency.com tcp
ID 153.92.9.83:443 siamwaterjetting.com tcp
US 68.183.26.2:443 smarthomelessons.com tcp
US 104.21.70.104:443 smilewhitecenter.com tcp
US 8.8.8.8:53 www.sonographerlexie.com udp
US 170.130.38.8:443 simmcoproperties.com tcp
US 8.8.8.8:53 sophisticatedbar.com udp
LT 84.32.84.32:443 soloquierodormir.com tcp
IR 217.144.105.174:80 soheilmiresmaili.com tcp
US 8.8.8.8:53 sparx-immobilier.com udp
SG 15.235.181.184:443 sodaipatiservice.com tcp
N/A 127.0.0.1:52527 tcp
N/A 127.0.0.1:52529 tcp
N/A 127.0.0.1:52531 tcp
N/A 127.0.0.1:52538 tcp
N/A 127.0.0.1:52540 tcp
N/A 127.0.0.1:52542 tcp
N/A 127.0.0.1:52544 tcp
N/A 127.0.0.1:52557 tcp
N/A 127.0.0.1:52561 tcp
N/A 127.0.0.1:52563 tcp
N/A 127.0.0.1:52565 tcp
N/A 127.0.0.1:52567 tcp
N/A 127.0.0.1:52573 tcp
N/A 127.0.0.1:52587 tcp
N/A 127.0.0.1:52589 tcp
N/A 127.0.0.1:52592 tcp
N/A 127.0.0.1:52595 tcp
N/A 127.0.0.1:52603 tcp
N/A 127.0.0.1:52612 tcp
N/A 127.0.0.1:52614 tcp
N/A 127.0.0.1:52621 tcp
US 8.8.8.8:53 spectrumofsmiles.com udp
FR 54.36.91.62:443 sparx-immobilier.com tcp
US 208.97.149.194:443 www.sonographerlexie.com tcp
US 8.8.8.8:53 58.47.56.154.in-addr.arpa udp
US 8.8.8.8:53 163.160.67.172.in-addr.arpa udp
US 8.8.8.8:53 110.188.113.208.in-addr.arpa udp
US 8.8.8.8:53 137.217.67.172.in-addr.arpa udp
US 8.8.8.8:53 173.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 7.43.250.63.in-addr.arpa udp
US 8.8.8.8:53 26.183.90.183.in-addr.arpa udp
US 8.8.8.8:53 121.37.56.154.in-addr.arpa udp
US 8.8.8.8:53 61.247.49.154.in-addr.arpa udp
US 8.8.8.8:53 11.60.180.5.in-addr.arpa udp
US 8.8.8.8:53 163.51.57.203.in-addr.arpa udp
US 8.8.8.8:53 104.70.21.104.in-addr.arpa udp
US 8.8.8.8:53 2.26.183.68.in-addr.arpa udp
US 8.8.8.8:53 spronkcatamarans.com udp
US 8.8.8.8:53 squattsportswear.com udp
US 8.8.8.8:53 srpowerengineers.com udp
US 8.8.8.8:53 stpaulsschoolank.com udp
US 8.8.8.8:53 strawberrypocket.com udp
US 63.250.43.12:80 sophisticatedbar.com tcp
US 89.117.9.37:443 spectrumofsmiles.com tcp
US 8.8.8.8:53 streetdanceparis.com udp
DE 167.235.16.228:443 squattsportswear.com tcp
IN 119.18.54.84:443 srpowerengineers.com tcp
N/A 127.0.0.1:52630 tcp
FR 185.221.182.11:443 streetdanceparis.com tcp
N/A 127.0.0.1:52634 tcp
US 66.235.200.112:443 strawberrypocket.com tcp
US 8.8.8.8:53 www.sundentalseaside.com udp
US 8.8.8.8:53 sustainabletails.com udp
US 8.8.8.8:53 survivalfoodnews.com udp
US 8.8.8.8:53 teamexfoundation.com udp
US 8.8.8.8:53 thachcaobinhtran.com udp
US 86.38.202.133:443 stpaulsschoolank.com tcp
US 67.205.60.173:443 spronkcatamarans.com tcp
US 8.8.8.8:53 174.105.144.217.in-addr.arpa udp
US 8.8.8.8:53 8.38.130.170.in-addr.arpa udp
US 8.8.8.8:53 83.9.92.153.in-addr.arpa udp
US 8.8.8.8:53 184.181.235.15.in-addr.arpa udp
US 8.8.8.8:53 194.149.97.208.in-addr.arpa udp
US 8.8.8.8:53 228.16.235.167.in-addr.arpa udp
US 8.8.8.8:53 12.43.250.63.in-addr.arpa udp
US 8.8.8.8:53 84.54.18.119.in-addr.arpa udp
US 8.8.8.8:53 11.182.221.185.in-addr.arpa udp
US 8.8.8.8:53 112.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 the-pro-cleaners.com udp
US 8.8.8.8:53 www.sabineritzberger.com udp
US 8.8.8.8:53 thebreathingball.com udp
US 8.8.8.8:53 theaddressevents.com udp
US 8.8.8.8:53 theglobaltoyshop.com udp
US 8.8.8.8:53 legacy-virtual.com udp
US 63.250.43.12:443 sophisticatedbar.com tcp
US 172.67.191.19:443 survivalfoodnews.com tcp
US 172.67.187.92:443 www.sabineritzberger.com tcp
NL 89.116.153.90:443 theglobaltoyshop.com tcp
US 217.21.76.246:443 the-pro-cleaners.com tcp
IN 68.178.145.137:80 theaddressevents.com tcp
US 138.68.13.159:443 thebreathingball.com tcp
IN 46.28.46.29:443 teamexfoundation.com tcp
US 8.8.8.8:53 themarketechs360.com udp
US 8.8.8.8:53 theodafoundation.com udp
US 8.8.8.8:53 theonetradingllc.com udp
VN 103.75.185.14:443 thachcaobinhtran.com tcp
US 8.8.8.8:53 thepurplekompass.com udp
JP 183.90.183.49:443 www.sundentalseaside.com tcp
US 66.235.200.147:443 legacy-virtual.com tcp
US 66.235.200.251:443 sustainabletails.com tcp
US 8.8.8.8:53 thetechappliance.com udp
US 8.8.8.8:53 www.sarcastichistory.com udp
N/A 127.0.0.1:52647 tcp
N/A 127.0.0.1:52649 tcp
N/A 127.0.0.1:52651 tcp
N/A 127.0.0.1:52653 tcp
N/A 127.0.0.1:52657 tcp
N/A 127.0.0.1:52659 tcp
N/A 127.0.0.1:52662 tcp
N/A 127.0.0.1:52664 tcp
N/A 127.0.0.1:52666 tcp
N/A 127.0.0.1:52668 tcp
N/A 127.0.0.1:52670 tcp
N/A 127.0.0.1:52678 tcp
N/A 127.0.0.1:52680 tcp
N/A 127.0.0.1:52682 tcp
N/A 127.0.0.1:52683 tcp
N/A 127.0.0.1:52686 tcp
N/A 127.0.0.1:52687 tcp
N/A 127.0.0.1:52696 tcp
US 208.113.188.110:443 www.sarcastichistory.com tcp
US 8.8.8.8:53 173.60.205.67.in-addr.arpa udp
US 8.8.8.8:53 133.202.38.86.in-addr.arpa udp
US 8.8.8.8:53 19.191.67.172.in-addr.arpa udp
US 8.8.8.8:53 92.187.67.172.in-addr.arpa udp
US 8.8.8.8:53 90.153.116.89.in-addr.arpa udp
US 8.8.8.8:53 globaltoysshop.com udp
US 162.0.229.120:443 thetechappliance.com tcp
FR 89.116.147.128:443 theonetradingllc.com tcp
US 162.159.137.9:443 theodafoundation.com tcp
US 86.38.202.206:443 thepurplekompass.com tcp
US 8.8.8.8:53 thetechnicaldada.com udp
N/A 127.0.0.1:52702 tcp
US 8.8.8.8:53 thevikramfitness.com udp
US 8.8.8.8:53 thrillingtidings.com udp
US 8.8.8.8:53 timurkocagozoglu.com udp
US 154.49.142.59:443 themarketechs360.com tcp
US 8.8.8.8:53 todayfreshrecipe.com udp
US 8.8.8.8:53 todayslowestrate.com udp
US 8.8.8.8:53 tomorrowland-tml.com udp
US 8.8.8.8:53 tonicopoderosobr.com udp
N/A 127.0.0.1:52704 tcp
NL 89.116.153.90:443 globaltoysshop.com tcp
US 8.8.8.8:53 topfreelancetips.com udp
US 8.8.8.8:53 totalcleaningllc.com udp
US 198.54.116.44:443 thetechnicaldada.com tcp
FR 217.182.41.81:80 tomorrowland-tml.com tcp
US 104.21.86.198:80 tonicopoderosobr.com tcp
US 104.21.24.225:443 todayfreshrecipe.com tcp
US 45.39.104.207:80 todayslowestrate.com tcp
N/A 127.0.0.1:52721 tcp
TR 77.245.159.37:443 timurkocagozoglu.com tcp
US 45.76.225.196:80 thrillingtidings.com tcp
IN 89.117.157.164:443 thevikramfitness.com tcp
US 8.8.8.8:53 147.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 251.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 246.76.21.217.in-addr.arpa udp
US 8.8.8.8:53 29.46.28.46.in-addr.arpa udp
US 8.8.8.8:53 159.13.68.138.in-addr.arpa udp
US 8.8.8.8:53 49.183.90.183.in-addr.arpa udp
US 8.8.8.8:53 14.185.75.103.in-addr.arpa udp
US 8.8.8.8:53 9.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 128.147.116.89.in-addr.arpa udp
US 8.8.8.8:53 206.202.38.86.in-addr.arpa udp
US 8.8.8.8:53 120.229.0.162.in-addr.arpa udp
US 8.8.8.8:53 59.142.49.154.in-addr.arpa udp
US 68.65.122.35:80 totalcleaningllc.com tcp
US 8.8.8.8:53 trikunpromotions.com udp
US 8.8.8.8:53 truekingventures.com udp
US 8.8.8.8:53 triosolutionshub.com udp
N/A 127.0.0.1:52725 tcp
US 8.8.8.8:53 universalchanges.com udp
US 8.8.8.8:53 ucakbahisoyunu12.com udp
US 8.8.8.8:53 upgovtjobsportal.com udp
IN 103.152.79.182:443 trendyfreelancer.com tcp
IN 89.117.157.110:443 topfreelancetips.com tcp
N/A 127.0.0.1:52727 tcp
US 8.8.8.8:53 uweydaproperties.com udp
US 8.8.8.8:53 vijethacontainer.com udp
US 66.235.200.147:443 legacy-virtual.com tcp
US 8.8.8.8:53 upturnmaticstech.com udp
N/A 127.0.0.1:52734 tcp
FR 92.205.15.114:80 truekingventures.com tcp
US 162.0.232.41:443 triosolutionshub.com tcp
FR 217.182.41.81:443 tomorrowland-tml.com tcp
DE 157.90.213.242:443 trikunpromotions.com tcp
US 8.8.8.8:53 petroleumemporium.com udp
US 8.8.8.8:53 polosdonlinesells.com udp
N/A 127.0.0.1:52736 tcp
US 107.161.23.171:443 universalchanges.com tcp
US 104.21.82.123:443 ucakbahisoyunu12.com tcp
US 8.8.8.8:53 poshanddazrawhair.com udp
US 8.8.8.8:53 44.116.54.198.in-addr.arpa udp
US 8.8.8.8:53 198.86.21.104.in-addr.arpa udp
US 8.8.8.8:53 81.41.182.217.in-addr.arpa udp
US 8.8.8.8:53 207.104.39.45.in-addr.arpa udp
US 8.8.8.8:53 164.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 35.122.65.68.in-addr.arpa udp
US 8.8.8.8:53 182.79.152.103.in-addr.arpa udp
US 172.67.209.92:443 upgovtjobsportal.com tcp
US 8.8.8.8:53 prottashacomputer.com udp
US 172.67.196.120:443 upturnmaticstech.com tcp
US 154.56.36.98:443 uweydaproperties.com tcp
US 8.8.8.8:53 realmedialistings.com udp
US 8.8.8.8:53 reliabletowingllc.com udp
IN 217.21.91.45:443 vijethacontainer.com tcp
US 8.8.8.8:53 revenue-rebellion.com udp
N/A 127.0.0.1:52740 tcp
US 50.87.184.211:443 polosdonlinesells.com tcp
US 8.8.8.8:53 shawnwilliamscott.com udp
US 172.67.176.47:443 imunify-alert.com tcp
US 198.54.114.183:443 prottashacomputer.com tcp
US 50.6.138.130:443 raquelsaudebeleza.com tcp
US 162.241.225.216:80 petroleumemporium.com tcp
N/A 127.0.0.1:52743 tcp
US 162.241.224.119:443 revenue-rebellion.com tcp
US 8.8.8.8:53 wisehealhealthcare.com udp
US 8.8.8.8:53 outsourcingsupportbd.com udp
US 172.67.176.47:443 imunify-alert.com tcp
US 50.116.94.181:443 realmedialistings.com tcp
US 192.185.16.56:443 reliabletowingllc.com tcp
N/A 127.0.0.1:52751 tcp
N/A 127.0.0.1:52755 tcp
N/A 127.0.0.1:52758 tcp
N/A 127.0.0.1:52760 tcp
N/A 127.0.0.1:52762 tcp
N/A 127.0.0.1:52764 tcp
N/A 127.0.0.1:52770 tcp
US 8.8.8.8:53 110.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 242.213.90.157.in-addr.arpa udp
US 8.8.8.8:53 171.23.161.107.in-addr.arpa udp
US 8.8.8.8:53 123.82.21.104.in-addr.arpa udp
US 8.8.8.8:53 92.209.67.172.in-addr.arpa udp
US 8.8.8.8:53 120.196.67.172.in-addr.arpa udp
US 8.8.8.8:53 98.36.56.154.in-addr.arpa udp
US 8.8.8.8:53 45.91.21.217.in-addr.arpa udp
US 162.241.224.194:443 shawnwilliamscott.com tcp
US 8.8.8.8:53 professeurleilaelgnaoui.com udp
US 8.8.8.8:53 premiumelectrovisionltd.com udp
N/A 127.0.0.1:52777 tcp
US 8.8.8.8:53 nathinestimablefinance.com udp
US 8.8.8.8:53 runtzcannabisdispensary.com udp
US 162.241.85.107:443 wisehealhealthcare.com tcp
US 66.29.141.139:443 professeurleilaelgnaoui.com tcp
US 66.29.132.226:443 nathinestimablefinance.com tcp
US 131.153.165.35:443 outsourcingsupportbd.com tcp
US 66.29.132.222:443 runtzcannabisdispensary.com tcp
DE 162.55.131.89:443 premiumelectrovisionltd.com tcp
US 132.148.77.219:443 www.power-bank-manufacturer.com tcp
US 8.8.8.8:53 wildlife-science-studio.com udp
US 8.8.8.8:53 shippingexpressdelivery.com udp
US 8.8.8.8:53 springbeautiesaesthetics.com udp
US 8.8.8.8:53 protocollocabelorapunzel.com udp
US 8.8.8.8:53 sydneyrichardphotography.com udp
US 8.8.8.8:53 yumeyayakinikurestaurant.com udp
US 8.8.8.8:53 affordablemedicareselect.com udp
US 8.8.8.8:53 www.daihatsujabodetabekpromo.com udp
US 8.8.8.8:53 charlottemarijuanadoctor.com udp
US 8.8.8.8:53 dekhixuyseei1413gmailcom.com udp
US 8.8.8.8:53 vanityflairdressagencycy.com udp
US 8.8.8.8:53 211.184.87.50.in-addr.arpa udp
US 8.8.8.8:53 130.138.6.50.in-addr.arpa udp
US 8.8.8.8:53 183.114.54.198.in-addr.arpa udp
US 8.8.8.8:53 216.225.241.162.in-addr.arpa udp
US 8.8.8.8:53 56.16.185.192.in-addr.arpa udp
US 8.8.8.8:53 119.224.241.162.in-addr.arpa udp
US 8.8.8.8:53 181.94.116.50.in-addr.arpa udp
US 8.8.8.8:53 194.224.241.162.in-addr.arpa udp
US 8.8.8.8:53 107.85.241.162.in-addr.arpa udp
US 8.8.8.8:53 familyeyeclinictownelake.com udp
US 8.8.8.8:53 ishwardinews24.net udp
US 8.8.8.8:53 sbaik7.online udp
US 8.8.8.8:53 lxkeys.online udp
US 198.54.115.121:443 shippingexpressdelivery.com tcp
DE 188.40.107.86:443 ishwardinews24.net tcp
US 66.81.203.198:80 springbeautiesaesthetics.com tcp
DE 5.9.68.102:443 vanityflairdressagencycy.com tcp
US 89.116.192.89:443 bloozz.online tcp
US 3.33.130.190:80 affordablemedicareselect.com tcp
US 8.8.8.8:53 recaptcha.cloud udp
US 192.254.188.84:80 dekhixuyseei1413gmailcom.com tcp
NL 191.96.63.119:443 sbaik7.online tcp
ID 103.131.51.16:443 www.daihatsujabodetabekpromo.com tcp
US 162.144.13.173:443 charlottemarijuanadoctor.com tcp
US 165.140.70.70:443 familyeyeclinictownelake.com tcp
US 108.167.151.98:443 protocollocabelorapunzel.com tcp
US 141.193.213.10:443 sydneyrichardphotography.com tcp
JP 160.251.152.23:443 wildlife-science-studio.com tcp
DE 217.160.0.166:80 lxkeys.online tcp
ID 203.175.8.79:443 yumeyayakinikurestaurant.com tcp
N/A 127.0.0.1:52794 tcp
N/A 127.0.0.1:52799 tcp
N/A 127.0.0.1:52801 tcp
N/A 127.0.0.1:52803 tcp
N/A 127.0.0.1:52805 tcp
N/A 127.0.0.1:52807 tcp
N/A 127.0.0.1:52818 tcp
N/A 127.0.0.1:52838 tcp
N/A 127.0.0.1:52840 tcp
US 8.8.8.8:53 pramey.online udp
US 8.8.8.8:53 139.141.29.66.in-addr.arpa udp
US 8.8.8.8:53 89.131.55.162.in-addr.arpa udp
US 8.8.8.8:53 35.165.153.131.in-addr.arpa udp
US 8.8.8.8:53 226.132.29.66.in-addr.arpa udp
US 8.8.8.8:53 222.132.29.66.in-addr.arpa udp
US 8.8.8.8:53 86.107.40.188.in-addr.arpa udp
US 8.8.8.8:53 121.115.54.198.in-addr.arpa udp
US 8.8.8.8:53 198.203.81.66.in-addr.arpa udp
US 8.8.8.8:53 mcares.online udp
DE 78.47.205.166:443 recaptcha.cloud tcp
US 8.8.8.8:53 dusess.com udp
IN 89.117.157.232:443 mcares.online tcp
US 8.8.8.8:53 wacays.online udp
IN 13.232.155.227:443 pramey.online tcp
US 154.49.142.231:443 nocaps.online tcp
US 8.8.8.8:53 fmjobz.online udp
US 8.8.8.8:53 fuxion.online udp
US 8.8.8.8:53 my4ktv.online udp
N/A 127.0.0.1:52846 tcp
SG 217.21.73.207:443 skjobz.online tcp
US 3.33.130.190:443 affordablemedicareselect.com tcp
DE 78.47.205.166:443 recaptcha.cloud tcp
ES 185.162.55.118:443 wacays.online tcp
N/A 127.0.0.1:52853 tcp
DE 217.160.0.166:443 lxkeys.online tcp
US 8.8.8.8:53 jkjobz.online udp
US 8.8.8.8:53 mkjobz.online udp
US 8.8.8.8:53 promkes.online udp
US 8.8.8.8:53 www.alzcare.org udp
US 8.8.8.8:53 redraid.online udp
US 8.8.8.8:53 zeeinfo.online udp
US 8.8.8.8:53 119.63.96.191.in-addr.arpa udp
US 8.8.8.8:53 166.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 98.151.167.108.in-addr.arpa udp
US 8.8.8.8:53 70.70.140.165.in-addr.arpa udp
US 8.8.8.8:53 84.188.254.192.in-addr.arpa udp
US 8.8.8.8:53 89.192.116.89.in-addr.arpa udp
US 8.8.8.8:53 166.205.47.78.in-addr.arpa udp
US 8.8.8.8:53 173.13.144.162.in-addr.arpa udp
US 8.8.8.8:53 16.51.131.103.in-addr.arpa udp
US 8.8.8.8:53 79.8.175.203.in-addr.arpa udp
US 8.8.8.8:53 23.152.251.160.in-addr.arpa udp
US 8.8.8.8:53 232.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 231.142.49.154.in-addr.arpa udp
US 172.67.199.180:443 dusess.com tcp
US 8.8.8.8:53 mbalit7.online udp
US 8.8.8.8:53 fbviral.online udp
GB 145.14.152.229:443 my4ktv.online tcp
PL 195.78.66.96:80 fuxion.online tcp
US 8.8.8.8:53 gamerpg.online udp
N/A 127.0.0.1:52855 tcp
US 8.8.8.8:53 ilaudos.online udp
N/A 127.0.0.1:52857 tcp
US 35.238.244.227:443 www.alzcare.org tcp
US 172.67.192.220:443 fbviral.online tcp
US 8.8.8.8:53 lcmusic.online udp
US 8.8.8.8:53 inacios.online udp
US 8.8.8.8:53 paywalls.online udp
US 8.8.8.8:53 rafikapp.online udp
NL 185.166.188.18:443 mbalit7.online tcp
SG 156.67.213.167:443 promkes.online tcp
EE 193.228.128.131:443 jkjobz.online tcp
US 8.8.8.8:53 poscloud.online udp
KZ 185.121.82.103:443 zeeinfo.online tcp
FR 178.16.128.10:443 redraid.online tcp
US 8.8.8.8:53 colclean.online udp
BR 170.81.42.63:443 ilaudos.online tcp
US 8.8.8.8:53 dautubcr.online udp
US 8.8.8.8:53 viralito.online udp
US 8.8.8.8:53 207.73.21.217.in-addr.arpa udp
US 8.8.8.8:53 180.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 229.152.14.145.in-addr.arpa udp
US 8.8.8.8:53 96.66.78.195.in-addr.arpa udp
US 8.8.8.8:53 118.55.162.185.in-addr.arpa udp
US 8.8.8.8:53 store111.online udp
US 8.8.8.8:53 printmex.online udp
US 8.8.8.8:53 lenouveau.online udp
US 62.72.50.125:443 inacios.online tcp
US 8.8.8.8:53 lyphaypro.online udp
US 154.49.241.154:443 poscloud.online tcp
US 185.212.70.135:443 rafikapp.online tcp
US 8.8.8.8:53 beer-shop.online udp
BR 154.49.247.81:443 colclean.online tcp
DE 217.160.0.198:443 lcmusic.online tcp
US 198.252.98.97:443 dautubcr.online tcp
IN 89.117.157.75:443 store111.online tcp
US 82.180.160.152:80 paywalls.online tcp
US 195.35.38.117:443 printmex.online tcp
US 8.8.8.8:53 bezotoken.online udp
US 8.8.8.8:53 smagulova.online udp
US 8.8.8.8:53 osfriends.online udp
US 216.246.112.168:443 viralito.online tcp
US 8.8.8.8:53 bophinpro.online udp
PL 195.78.66.96:80 lenouveau.online tcp
US 8.8.8.8:53 wingvip88.online udp
US 8.8.8.8:53 227.244.238.35.in-addr.arpa udp
US 8.8.8.8:53 220.192.67.172.in-addr.arpa udp
US 8.8.8.8:53 18.188.166.185.in-addr.arpa udp
US 8.8.8.8:53 131.128.228.193.in-addr.arpa udp
US 8.8.8.8:53 10.128.16.178.in-addr.arpa udp
US 8.8.8.8:53 103.82.121.185.in-addr.arpa udp
US 8.8.8.8:53 167.213.67.156.in-addr.arpa udp
US 8.8.8.8:53 63.42.81.170.in-addr.arpa udp
US 8.8.8.8:53 198.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 salemnews.online udp
US 172.67.162.14:443 beer-shop.online tcp
N/A 127.0.0.1:52870 tcp
PL 46.242.233.85:443 osfriends.online tcp
US 82.180.163.133:443 bophinpro.online tcp
US 104.21.73.47:443 wingvip88.online tcp
US 82.180.163.133:443 bophinpro.online tcp
US 8.8.8.8:53 earnhindi.online udp
RU 82.146.54.190:80 smagulova.online tcp
US 8.8.8.8:53 skooknews.online udp
US 8.8.8.8:53 plansavvy.online udp
US 8.8.8.8:53 phonegyan.online udp
US 8.8.8.8:53 hijabmart.online udp
US 8.8.8.8:53 inaneboys.online udp
US 8.8.8.8:53 24newslive.online udp
US 8.8.8.8:53 7smoonnoon.online udp
ID 153.92.13.230:443 desasusup.online tcp
GB 154.49.138.9:443 tecnicali.online tcp
US 8.8.8.8:53 abu-kharsh.online udp
US 8.8.8.8:53 ampmcasino.online udp
US 8.8.8.8:53 techslearn.online udp
US 8.8.8.8:53 appoint-me.online udp
IN 217.21.91.50:443 earnhindi.online tcp
US 8.8.8.8:53 125.50.72.62.in-addr.arpa udp
US 8.8.8.8:53 154.241.49.154.in-addr.arpa udp
US 8.8.8.8:53 135.70.212.185.in-addr.arpa udp
US 8.8.8.8:53 97.98.252.198.in-addr.arpa udp
US 8.8.8.8:53 75.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 152.160.180.82.in-addr.arpa udp
US 8.8.8.8:53 81.247.49.154.in-addr.arpa udp
US 8.8.8.8:53 168.112.246.216.in-addr.arpa udp
US 8.8.8.8:53 117.38.35.195.in-addr.arpa udp
US 8.8.8.8:53 14.162.67.172.in-addr.arpa udp
US 8.8.8.8:53 85.233.242.46.in-addr.arpa udp
US 8.8.8.8:53 47.73.21.104.in-addr.arpa udp
US 8.8.8.8:53 133.163.180.82.in-addr.arpa udp
US 8.8.8.8:53 appremiado.online udp
N/A 127.0.0.1:52892 tcp
N/A 127.0.0.1:52894 tcp
N/A 127.0.0.1:52897 tcp
N/A 127.0.0.1:52900 tcp
N/A 127.0.0.1:52907 tcp
IN 89.117.157.80:443 inaneboys.online tcp
US 154.49.142.55:443 hijabmart.online tcp
US 8.8.8.8:53 awgpodisha.online udp
US 8.8.8.8:53 neurovitte.online udp
US 8.8.8.8:53 blockquery.online udp
US 8.8.8.8:53 bugatti168.online udp
LT 84.32.84.32:443 appoint-me.online tcp
US 172.67.210.102:443 skooknews.online tcp
US 191.101.79.115:443 abu-kharsh.online tcp
US 146.190.140.148:443 plansavvy.online tcp
DE 144.76.3.17:443 24newslive.online tcp
US 104.21.27.142:443 ampmcasino.online tcp
US 89.117.139.218:443 techslearn.online tcp
IN 154.41.233.19:443 phonegyan.online tcp
US 8.8.8.8:53 sparkysaim.online udp
US 8.8.8.8:53 clubriches.online udp
RU 82.146.54.190:443 smagulova.online tcp
DE 38.54.13.175:443 blockquery.online tcp
US 8.8.8.8:53 colouraxom.online udp
US 8.8.8.8:53 devandplay.online udp
US 8.8.8.8:53 9.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 50.91.21.217.in-addr.arpa udp
US 8.8.8.8:53 230.13.92.153.in-addr.arpa udp
US 8.8.8.8:53 80.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 55.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 102.210.67.172.in-addr.arpa udp
US 8.8.8.8:53 offertobuy.online udp
US 8.8.8.8:53 dogtoknows.online udp
US 8.8.8.8:53 ngocmayman.online udp
IN 178.16.136.134:443 awgpodisha.online tcp
BR 149.62.37.106:443 neurovitte.online tcp
US 82.180.160.152:443 paywalls.online tcp
US 8.8.8.8:53 filesharee.online udp
US 172.67.212.191:443 bugatti168.online tcp
IN 217.21.85.208:443 sparkysaim.online tcp
US 172.67.140.194:443 clubriches.online tcp
BR 149.100.155.238:443 offertobuy.online tcp
BR 154.49.247.148:443 devandplay.online tcp
US 82.180.163.133:443 ngocmayman.online tcp
LT 84.32.84.32:443 dogtoknows.online tcp
US 8.8.8.8:53 fruitsabzi.online udp
FI 95.217.145.143:443 filesharee.online tcp
US 8.8.8.8:53 hilwastore.online udp
GB 154.49.138.98:443 fruitsabzi.online tcp
SG 217.21.72.123:80 hilwastore.online tcp
US 8.8.8.8:53 shipcarsus.com udp
US 8.8.8.8:53 ecoenviron.com udp
US 8.8.8.8:53 pluszleven.online udp
US 8.8.8.8:53 apstockmann.com udp
US 8.8.8.8:53 fsc-africa.com udp
US 8.8.8.8:53 shoppersby.com udp
US 8.8.8.8:53 142.27.21.104.in-addr.arpa udp
US 8.8.8.8:53 17.3.76.144.in-addr.arpa udp
US 8.8.8.8:53 115.79.101.191.in-addr.arpa udp
US 8.8.8.8:53 218.139.117.89.in-addr.arpa udp
US 8.8.8.8:53 19.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 191.212.67.172.in-addr.arpa udp
US 8.8.8.8:53 134.136.16.178.in-addr.arpa udp
US 8.8.8.8:53 194.140.67.172.in-addr.arpa udp
US 8.8.8.8:53 106.37.62.149.in-addr.arpa udp
US 8.8.8.8:53 208.85.21.217.in-addr.arpa udp
US 8.8.8.8:53 143.145.217.95.in-addr.arpa udp
US 8.8.8.8:53 238.155.100.149.in-addr.arpa udp
US 8.8.8.8:53 148.247.49.154.in-addr.arpa udp
US 162.0.215.24:443 ecoenviron.com tcp
US 8.8.8.8:53 bharatgodam.com udp
N/A 127.0.0.1:52912 tcp
N/A 127.0.0.1:52915 tcp
N/A 127.0.0.1:52917 tcp
N/A 127.0.0.1:52919 tcp
NL 141.138.169.243:443 pluszleven.online tcp
US 66.29.132.222:443 apstockmann.com tcp
US 149.100.151.66:443 shipcarsus.com tcp
IN 68.178.145.118:80 bharatgodam.com tcp
US 8.8.8.8:53 bheemmarket.com udp
US 8.8.8.8:53 bikeshopltd.com udp
US 198.54.120.21:80 fsc-africa.com tcp
US 8.8.8.8:53 bkgcleaning.com udp
US 8.8.8.8:53 craftherbbs.com udp
US 8.8.8.8:53 thesuitking.com udp
US 8.8.8.8:53 thesolarnxt.com udp
US 8.8.8.8:53 timbrstudio.com udp
US 8.8.8.8:53 tinchapshfc.com udp
US 8.8.8.8:53 tomerzelona.com udp
US 8.8.8.8:53 tokosenayan.com udp
US 8.8.8.8:53 tommyhaller.com udp
US 8.8.8.8:53 top1gamevui.com udp
US 198.54.116.83:443 bikeshopltd.com tcp
US 198.54.116.135:443 bheemmarket.com tcp
US 8.8.8.8:53 topclinicfa.com udp
US 66.29.132.176:443 bkgcleaning.com tcp
US 8.8.8.8:53 98.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 243.169.138.141.in-addr.arpa udp
US 8.8.8.8:53 24.215.0.162.in-addr.arpa udp
US 8.8.8.8:53 123.72.21.217.in-addr.arpa udp
US 8.8.8.8:53 66.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 21.120.54.198.in-addr.arpa udp
US 82.180.138.184:443 thesynergix.com tcp
GB 154.49.138.247:443 thesolarnxt.com tcp
IN 68.178.145.225:443 craftherbbs.com tcp
FR 89.117.169.225:443 tomerzelona.com tcp
N/A 127.0.0.1:52929 tcp
DE 46.4.17.159:443 topclinicfa.com tcp
SG 156.67.222.7:443 tokosenayan.com tcp
US 8.8.8.8:53 toprealeasy.com udp
US 8.8.8.8:53 tornellihme.com udp
GB 154.49.138.156:443 tommyhaller.com tcp
US 162.0.229.249:443 timbrstudio.com tcp
VN 103.221.222.22:443 top1gamevui.com tcp
VN 14.225.210.162:443 tinchapshfc.com tcp
US 8.8.8.8:53 travelgrape.com udp
US 8.8.8.8:53 trending24h.com udp
US 149.100.151.235:443 tornellihme.com tcp
US 8.8.8.8:53 trendinglah.com udp
US 8.8.8.8:53 trendyrover.com udp
US 8.8.8.8:53 troskicorps.com udp
US 185.150.191.220:443 toprealeasy.com tcp
US 8.8.8.8:53 trust-peter.com udp
US 104.21.16.253:443 travelgrape.com tcp
US 8.8.8.8:53 tryicecream.com udp
IN 154.41.233.101:443 trendyrover.com tcp
FR 35.181.89.222:443 trending24h.com tcp
BE 213.158.94.166:443 troskicorps.com tcp
US 8.8.8.8:53 83.116.54.198.in-addr.arpa udp
US 104.21.71.117:443 trendinglah.com tcp
US 8.8.8.8:53 176.132.29.66.in-addr.arpa udp
IN 154.41.233.127:443 tryicecream.com tcp
US 8.8.8.8:53 247.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 225.169.117.89.in-addr.arpa udp
US 8.8.8.8:53 156.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 184.138.180.82.in-addr.arpa udp
US 8.8.8.8:53 249.229.0.162.in-addr.arpa udp
US 8.8.8.8:53 159.17.4.46.in-addr.arpa udp
US 8.8.8.8:53 22.222.221.103.in-addr.arpa udp
US 8.8.8.8:53 7.222.67.156.in-addr.arpa udp
US 8.8.8.8:53 253.16.21.104.in-addr.arpa udp
US 8.8.8.8:53 220.191.150.185.in-addr.arpa udp
US 8.8.8.8:53 135.116.54.198.in-addr.arpa udp
N/A 127.0.0.1:52936 tcp
N/A 127.0.0.1:52938 tcp
N/A 127.0.0.1:52940 tcp
N/A 127.0.0.1:52942 tcp
N/A 127.0.0.1:52944 tcp
N/A 127.0.0.1:52946 tcp
N/A 127.0.0.1:52948 tcp
N/A 127.0.0.1:52950 tcp
N/A 127.0.0.1:52952 tcp
N/A 127.0.0.1:52954 tcp
N/A 127.0.0.1:52961 tcp
N/A 127.0.0.1:52967 tcp
N/A 127.0.0.1:52970 tcp
N/A 127.0.0.1:52972 tcp
US 8.8.8.8:53 www.tsietrading.com udp
US 8.8.8.8:53 www.pluszleven.nl udp
JP 172.105.235.119:443 trust-peter.com tcp
US 8.8.8.8:53 tubephoneca.com udp
US 8.8.8.8:53 tuguiasucre.com udp
US 8.8.8.8:53 tvcablecast.com udp
US 8.8.8.8:53 tylebongda8.com udp
US 8.8.8.8:53 findhealthinecuador.com udp
US 8.8.8.8:53 ufabet7x-th.com udp
NL 141.138.169.243:443 www.pluszleven.nl tcp
US 8.8.8.8:53 upper-scale.com udp
US 8.8.8.8:53 usaretailco.com udp
US 8.8.8.8:53 unagi-tuhan.com udp
US 70.39.147.127:443 findhealthinecuador.com tcp
N/A 127.0.0.1:52974 tcp
PL 154.194.52.229:443 tvcablecast.com tcp
US 104.21.22.13:443 ufabet7x-th.com tcp
CN 103.172.191.1:443 tubephoneca.com tcp
US 8.8.8.8:53 usaspeeding.com udp
US 8.8.8.8:53 ustaxincome.com udp
US 173.236.140.244:443 www.tsietrading.com tcp
US 135.148.72.141:443 tuguiasucre.com tcp
US 8.8.8.8:53 vakilazmoon.com udp
N/A 127.0.0.1:52983 tcp
US 50.63.142.235:443 upper-scale.com tcp
US 8.8.8.8:53 235.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 162.210.225.14.in-addr.arpa udp
US 8.8.8.8:53 117.71.21.104.in-addr.arpa udp
US 8.8.8.8:53 166.94.158.213.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 101.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 127.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 127.147.39.70.in-addr.arpa udp
US 8.8.8.8:53 119.235.105.172.in-addr.arpa udp
JP 160.251.151.166:443 unagi-tuhan.com tcp
GB 206.189.119.167:443 usaspeeding.com tcp
HK 156.234.72.14:80 tylebongda8.com tcp
US 8.8.8.8:53 www.valpadanatv.com udp
US 8.8.8.8:53 valwoolrugs.com udp
US 66.228.55.6:443 ustaxincome.com tcp
US 8.8.8.8:53 vandadchoob.com udp
US 8.8.8.8:53 vaycasino10.com udp
IT 89.46.108.38:443 www.valpadanatv.com tcp
IR 178.239.158.23:80 vandadchoob.com tcp
US 8.8.8.8:53 ventyusshop.com udp
US 8.8.8.8:53 via-venture.com udp
US 8.8.8.8:53 viajamerida.com udp
US 104.21.21.236:443 vaycasino10.com tcp
US 8.8.8.8:53 vickilargen.com udp
US 8.8.8.8:53 victorsedit.com udp
US 8.8.8.8:53 vivirdelaia.com udp
US 8.8.8.8:53 videoagepro.com udp
US 8.8.8.8:53 vioneclinic.com udp
US 8.8.8.8:53 www.vortexhosts.com udp
US 8.8.8.8:53 vwintrading.com udp
BG 185.45.67.70:443 valwoolrugs.com tcp
US 8.8.8.8:53 229.52.194.154.in-addr.arpa udp
US 8.8.8.8:53 13.22.21.104.in-addr.arpa udp
US 8.8.8.8:53 244.140.236.173.in-addr.arpa udp
US 8.8.8.8:53 141.72.148.135.in-addr.arpa udp
US 8.8.8.8:53 167.119.189.206.in-addr.arpa udp
US 8.8.8.8:53 6.55.228.66.in-addr.arpa udp
US 8.8.8.8:53 166.151.251.160.in-addr.arpa udp
US 8.8.8.8:53 14.72.234.156.in-addr.arpa udp
US 8.8.8.8:53 wagnerbreit.com udp
US 8.8.8.8:53 walthallcec.com udp
N/A 127.0.0.1:52988 tcp
US 8.8.8.8:53 wanythepooh.com udp
US 8.8.8.8:53 webreachhub.com udp
US 154.49.142.180:443 viajamerida.com tcp
FR 185.135.132.102:443 wabgroup-ci.com tcp
US 8.8.8.8:53 wellbeingnl.ca udp
N/A 127.0.0.1:52994 tcp
US 8.8.8.8:53 wegovykopen.com udp
US 8.8.8.8:53 wellingtonn.com udp
US 205.196.208.97:443 vr-hangouts.com tcp
US 172.67.217.242:443 vickilargen.com tcp
US 8.8.8.8:53 wellshotads.com udp
SG 185.232.14.16:443 vwintrading.com tcp
TH 210.246.201.242:443 vioneclinic.com tcp
US 149.100.151.65:443 victorsedit.com tcp
US 104.21.2.241:443 ventyusshop.com tcp
US 160.153.0.137:443 via-venture.com tcp
US 172.67.203.160:443 www.vortexhosts.com tcp
FR 51.255.26.63:443 vivirdelaia.com tcp
US 160.153.0.180:443 weeditphoto.com tcp
US 8.8.8.8:53 38.108.46.89.in-addr.arpa udp
US 8.8.8.8:53 236.21.21.104.in-addr.arpa udp
US 8.8.8.8:53 23.158.239.178.in-addr.arpa udp
US 8.8.8.8:53 70.67.45.185.in-addr.arpa udp
US 8.8.8.8:53 102.132.135.185.in-addr.arpa udp
US 8.8.8.8:53 180.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 wendyhertel.com udp
US 74.208.236.186:443 videoagepro.com tcp
US 8.8.8.8:53 www.wfacservice.com udp
US 151.101.194.159:443 wellbeingnl.ca tcp
FR 154.49.245.152:443 wanythepooh.com tcp
FR 154.49.245.191:443 webreachhub.com tcp
BR 149.100.155.214:443 wagnerbreit.com tcp
US 8.8.8.8:53 wintinnitus.com udp
US 8.8.8.8:53 www.wiserentapp.com udp
LU 198.251.84.7:443 wegovykopen.com tcp
US 198.46.94.166:443 walthallcec.com tcp
US 8.8.8.8:53 weplay168th.com udp
US 8.8.8.8:53 wooatvparts.com udp
US 76.223.67.189:443 wellingtonn.com tcp
US 8.8.8.8:53 woodstockcr.com udp
SG 109.106.254.82:443 wellshotads.com tcp
US 8.8.8.8:53 workswithwp.com udp
US 8.8.8.8:53 worldchainx.com udp
LT 45.84.206.45:443 wintinnitus.com tcp
US 8.8.8.8:53 worldtoursm.com udp
US 8.8.8.8:53 wysiwygfrag.com udp
US 8.8.8.8:53 x-plorewear.com udp
US 8.8.8.8:53 242.217.67.172.in-addr.arpa udp
US 8.8.8.8:53 241.2.21.104.in-addr.arpa udp
US 8.8.8.8:53 137.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 160.203.67.172.in-addr.arpa udp
US 8.8.8.8:53 97.208.196.205.in-addr.arpa udp
US 8.8.8.8:53 65.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 63.26.255.51.in-addr.arpa udp
US 8.8.8.8:53 180.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 16.14.232.185.in-addr.arpa udp
US 8.8.8.8:53 159.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 152.245.49.154.in-addr.arpa udp
US 8.8.8.8:53 7.84.251.198.in-addr.arpa udp
US 8.8.8.8:53 186.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 214.155.100.149.in-addr.arpa udp
US 8.8.8.8:53 xuumpinamar.com udp
TR 77.245.159.12:443 www.wiserentapp.com tcp
PL 51.77.63.100:443 www.wfacservice.com tcp
US 104.21.35.189:443 weplay168th.com tcp
US 162.0.215.34:443 wendyhertel.com tcp
US 172.67.171.143:443 wooatvparts.com tcp
US 8.8.8.8:53 yamanligida.com udp
US 8.8.8.8:53 yhoctamthuc.com udp
US 8.8.8.8:53 yunnleeblog.com udp
US 8.8.8.8:53 www.zaabr-daaga.com udp
US 8.8.8.8:53 zaininanyan.com udp
US 8.8.8.8:53 zaymvisuals.com udp
US 8.8.8.8:53 zdc789joker.com udp
US 8.8.8.8:53 zedgarstore.com udp
US 8.8.8.8:53 www.zeegeegames.com udp
US 8.8.8.8:53 zhangmingxu.com udp
US 8.8.8.8:53 zhuoyazhang.com udp
US 8.8.8.8:53 166.94.46.198.in-addr.arpa udp
US 8.8.8.8:53 189.67.223.76.in-addr.arpa udp
US 8.8.8.8:53 zonakristen.com udp
US 8.8.8.8:53 zidanefixed.com udp
US 8.8.8.8:53 grasconnect.com udp
US 8.8.8.8:53 zulefagroup.com udp
US 8.8.8.8:53 graze-thyme.com udp
CA 142.44.241.188:443 woodstockcr.com tcp
BR 154.49.247.161:443 xuumpinamar.com tcp
US 172.67.152.36:443 workswithwp.com tcp
NL 136.144.205.189:443 x-plorewear.com tcp
US 67.227.167.13:443 wysiwygfrag.com tcp
GB 154.49.138.15:443 worldchainx.com tcp
TR 77.245.159.21:443 yamanligida.com tcp
US 8.8.8.8:53 green-bakes.com udp
US 8.8.8.8:53 greenbergtt.com udp
FR 91.234.195.212:443 www.zaabr-daaga.com tcp
US 8.8.8.8:53 greenpurnia.com udp
SG 146.190.97.174:443 yunnleeblog.com tcp
SG 51.79.190.175:443 worldtoursm.com tcp
US 104.21.21.112:443 zdc789joker.com tcp
GB 154.49.138.22:443 grasconnect.com tcp
US 8.8.8.8:53 www.greenspecth.com udp
US 8.8.8.8:53 cv-wits.com udp
DE 89.163.145.59:80 zulefagroup.com tcp
NL 2.56.90.126:443 zidanefixed.com tcp
FR 89.116.147.22:443 zedgarstore.com tcp
US 165.140.70.145:443 graze-thyme.com tcp
SG 165.22.106.39:443 zaininanyan.com tcp
US 8.8.8.8:53 www.vr-hangouts.com udp
US 8.8.8.8:53 82.254.106.109.in-addr.arpa udp
US 8.8.8.8:53 45.206.84.45.in-addr.arpa udp
US 8.8.8.8:53 189.35.21.104.in-addr.arpa udp
US 8.8.8.8:53 143.171.67.172.in-addr.arpa udp
US 8.8.8.8:53 100.63.77.51.in-addr.arpa udp
US 8.8.8.8:53 12.159.245.77.in-addr.arpa udp
JP 49.212.196.177:80 www.zeegeegames.com tcp
US 8.8.8.8:53 34.215.0.162.in-addr.arpa udp
US 8.8.8.8:53 188.241.44.142.in-addr.arpa udp
US 8.8.8.8:53 161.247.49.154.in-addr.arpa udp
US 8.8.8.8:53 ehr-sme.com udp
HK 103.135.35.134:443 zhangmingxu.com tcp
US 8.8.8.8:53 elyadak.com udp
US 104.249.63.34:443 zaymvisuals.com tcp
GB 109.70.148.41:443 green-bakes.com tcp
US 8.8.8.8:53 www.erprose.com udp
FR 154.49.245.125:443 zhuoyazhang.com tcp
SG 194.163.35.150:443 yhoctamthuc.com tcp
US 8.8.8.8:53 fabxeng.com udp
IN 103.117.180.2:443 greenpurnia.com tcp
US 8.8.8.8:53 fitupai.com udp
US 8.8.8.8:53 www.gaon-qr.com udp
US 198.46.94.166:443 walthallcec.com tcp
US 3.33.130.190:443 ehr-sme.com tcp
US 205.196.208.97:443 www.vr-hangouts.com tcp
IR 185.94.96.101:443 elyadak.com tcp
SG 156.67.212.225:443 cv-wits.com tcp
US 8.8.8.8:53 gathoda.com udp
US 8.8.8.8:53 36.152.67.172.in-addr.arpa udp
US 8.8.8.8:53 15.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 13.167.227.67.in-addr.arpa udp
US 8.8.8.8:53 21.159.245.77.in-addr.arpa udp
US 8.8.8.8:53 212.195.234.91.in-addr.arpa udp
US 8.8.8.8:53 189.205.144.136.in-addr.arpa udp
US 8.8.8.8:53 22.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 126.90.56.2.in-addr.arpa udp
US 8.8.8.8:53 112.21.21.104.in-addr.arpa udp
US 8.8.8.8:53 22.147.116.89.in-addr.arpa udp
US 8.8.8.8:53 59.145.163.89.in-addr.arpa udp
US 8.8.8.8:53 174.97.190.146.in-addr.arpa udp
US 8.8.8.8:53 34.63.249.104.in-addr.arpa udp
US 8.8.8.8:53 175.190.79.51.in-addr.arpa udp
US 8.8.8.8:53 145.70.140.165.in-addr.arpa udp
US 8.8.8.8:53 39.106.22.165.in-addr.arpa udp
US 8.8.8.8:53 41.148.70.109.in-addr.arpa udp
US 8.8.8.8:53 134.35.135.103.in-addr.arpa udp
US 8.8.8.8:53 177.196.212.49.in-addr.arpa udp
US 8.8.8.8:53 gmz168x.com udp
US 8.8.8.8:53 hadhami.com udp
US 8.8.8.8:53 heimayk.com udp
TH 103.86.51.166:443 www.greenspecth.com tcp
NL 136.144.205.189:443 x-plorewear.com tcp
NL 2.56.90.194:443 fabxeng.com tcp
US 8.8.8.8:53 heviglo.com udp
US 8.8.8.8:53 www.hfbgqrz.com udp
DE 89.163.145.59:443 zulefagroup.com tcp
US 8.8.8.8:53 isachot.com udp
KR 115.68.168.176:443 www.gaon-qr.com tcp
US 104.21.11.176:443 fitupai.com tcp
US 8.8.8.8:53 isynews.com udp
US 8.8.8.8:53 iusbuys.com udp
US 8.8.8.8:53 iusites.com udp
IN 89.117.157.197:443 gathoda.com tcp
NL 185.224.137.26:443 hadhami.com tcp
US 8.8.8.8:53 janooni.com udp
US 8.8.8.8:53 125.245.49.154.in-addr.arpa udp
US 8.8.8.8:53 2.180.117.103.in-addr.arpa udp
US 8.8.8.8:53 150.35.163.194.in-addr.arpa udp
US 8.8.8.8:53 194.90.56.2.in-addr.arpa udp
US 8.8.8.8:53 225.212.67.156.in-addr.arpa udp
US 8.8.8.8:53 doubleJpro.com udp
US 8.8.8.8:53 javhd99.com udp
CN 139.224.208.16:80 heimayk.com tcp
US 104.21.35.200:443 www.hfbgqrz.com tcp
FR 51.91.236.193:443 heviglo.com tcp
US 8.8.8.8:53 jen-den.com udp
US 8.8.8.8:53 jewerys.com udp
US 8.8.8.8:53 jobnohm.com udp
PT 31.129.22.69:443 isachot.com tcp
IN 103.191.209.63:443 hirefex.com tcp
US 8.8.8.8:53 jqjapan.com udp
US 74.208.236.112:80 doubleJpro.com tcp
US 8.8.8.8:53 jricaut.com udp
US 172.67.204.142:443 javhd99.com tcp
IR 5.144.131.247:443 janooni.com tcp
US 172.67.208.149:443 iusbuys.com tcp
US 75.102.22.183:443 isynews.com tcp
US 8.8.8.8:53 k9wintv.com udp
US 8.8.8.8:53 166.51.86.103.in-addr.arpa udp
US 8.8.8.8:53 176.11.21.104.in-addr.arpa udp
US 8.8.8.8:53 26.137.224.185.in-addr.arpa udp
US 8.8.8.8:53 200.35.21.104.in-addr.arpa udp
US 8.8.8.8:53 kajurry.com udp
US 104.21.43.225:443 jewerys.com tcp
US 104.21.34.23:443 upturnmaticstech.com tcp
DE 78.47.205.166:443 recaptcha.cloud tcp
DE 78.47.205.166:443 recaptcha.cloud tcp
US 8.8.8.8:53 kcdfood.com udp
US 8.8.8.8:53 katzsv4.com udp
US 8.8.8.8:53 kdadorn.com udp
SG 159.223.78.100:443 jobnohm.com tcp
US 104.21.22.105:443 k9wintv.com tcp
N/A 127.0.0.1:53006 tcp
US 8.8.8.8:53 keksweb.com udp
US 8.8.8.8:53 kennant.com udp
US 8.8.8.8:53 kiligcc.com udp
US 8.8.8.8:53 www.kins247.com udp
US 8.8.8.8:53 kiztalk.com udp
US 8.8.8.8:53 knblogs.com udp
KR 175.214.50.180:443 jrstudy.com tcp
IN 103.110.127.102:443 jen-den.com tcp
US 162.241.216.140:443 jqjapan.com tcp
US 8.8.8.8:53 142.204.67.172.in-addr.arpa udp
US 8.8.8.8:53 149.208.67.172.in-addr.arpa udp
US 8.8.8.8:53 63.209.191.103.in-addr.arpa udp
US 8.8.8.8:53 112.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 247.131.144.5.in-addr.arpa udp
US 8.8.8.8:53 225.43.21.104.in-addr.arpa udp
US 8.8.8.8:53 23.34.21.104.in-addr.arpa udp
US 8.8.8.8:53 knfinan.com udp
US 172.67.176.47:443 imunify-alert.com tcp
US 8.8.8.8:53 koilube.com udp
US 8.8.8.8:53 koreaog.com udp
US 8.8.8.8:53 www.kpbtyal.com udp
N/A 127.0.0.1:53016 tcp
US 8.8.8.8:53 www.kqqswuj.com udp
IN 154.41.233.164:443 kajurry.com tcp
US 8.8.8.8:53 kranjit.com udp
US 8.8.8.8:53 kuciart.com udp
US 8.8.8.8:53 kxoso66.com udp
US 8.8.8.8:53 leemoes.com udp
US 8.8.8.8:53 labarjo.com udp
US 8.8.8.8:53 elyadak.ir udp
US 8.8.8.8:53 www.lemolto.com udp
US 8.8.8.8:53 lelkul1.com udp
US 8.8.8.8:53 lesiasm.com udp
N/A 127.0.0.1:53018 tcp
US 8.8.8.8:53 lma-mki.com udp
US 31.170.166.160:443 knblogs.com tcp
US 8.8.8.8:53 logdmcc.com udp
US 35.244.245.121:443 kiligcc.com tcp
US 50.62.220.22:443 www.kins247.com tcp
US 104.21.25.116:443 kdadorn.com tcp
US 104.21.71.75:443 kiztalk.com tcp
US 172.67.180.15:443 knfinan.com tcp
HR 185.58.73.235:443 keksweb.com tcp
US 8.8.8.8:53 105.22.21.104.in-addr.arpa udp
US 8.8.8.8:53 140.216.241.162.in-addr.arpa udp
US 8.8.8.8:53 logossa.com udp
US 104.21.56.30:443 www.kpbtyal.com tcp
US 104.21.35.93:443 kennant.com tcp
N/A 127.0.0.1:53020 tcp
TH 119.59.100.53:443 kcdfood.com tcp
SG 156.67.222.37:443 koreaog.com tcp
MY 103.6.244.18:443 kranjit.com tcp
SI 212.44.112.114:443 kuciart.com tcp
N/A 127.0.0.1:53022 tcp
NL 45.93.125.4:443 lelkul1.com tcp
FR 51.91.236.193:443 labarjo.com tcp
US 172.67.164.164:443 lesiasm.com tcp
US 8.8.8.8:53 loki389.com udp
US 172.67.165.183:443 kxoso66.com tcp
US 8.8.8.8:53 lumixal.com udp
SG 154.26.128.195:443 leemoes.com tcp
FR 109.234.165.181:443 www.lemolto.com tcp
US 154.56.47.119:443 logossa.com tcp
ID 119.235.250.52:443 lma-mki.com tcp
US 162.241.218.19:443 logdmcc.com tcp
IR 185.94.96.101:443 elyadak.ir tcp
US 8.8.8.8:53 lsdbaau.com udp
DE 78.47.205.166:443 recaptcha.cloud tcp
US 8.8.8.8:53 lvsg788.com udp
US 8.8.8.8:53 lynphan.com udp
US 8.8.8.8:53 m-hbaby.com udp
FR 141.95.233.131:443 lumixal.com tcp
US 8.8.8.8:53 www.kiztalk.com udp
US 8.8.8.8:53 121.245.244.35.in-addr.arpa udp
US 8.8.8.8:53 75.71.21.104.in-addr.arpa udp
US 8.8.8.8:53 116.25.21.104.in-addr.arpa udp
US 8.8.8.8:53 15.180.67.172.in-addr.arpa udp
US 8.8.8.8:53 93.35.21.104.in-addr.arpa udp
US 8.8.8.8:53 160.166.170.31.in-addr.arpa udp
US 8.8.8.8:53 235.73.58.185.in-addr.arpa udp
US 8.8.8.8:53 53.100.59.119.in-addr.arpa udp
US 8.8.8.8:53 macisms.com udp
US 8.8.8.8:53 maftllc.com udp
US 8.8.8.8:53 majlajt.com udp
US 8.8.8.8:53 marhite.com udp
US 8.8.8.8:53 masunca.com udp
US 8.8.8.8:53 mbvital.com udp
US 8.8.8.8:53 mcdmath.com udp
US 172.67.181.92:80 lvsg788.com tcp
US 162.241.217.66:80 lsdbaau.com tcp
US 8.8.8.8:53 www.mdblets.com udp
US 104.21.44.212:443 macisms.com tcp
TH 27.254.96.244:80 loki389.com tcp
US 172.67.200.106:443 mda-hub.com tcp
US 104.21.71.75:443 www.kiztalk.com tcp
NL 68.66.248.11:443 majlajt.com tcp
US 162.241.225.15:443 mcdmath.com tcp
US 8.8.8.8:53 www.me-shot.com udp
GB 185.77.97.222:443 marhite.com tcp
US 160.153.0.131:443 masunca.com tcp
DE 167.235.182.213:443 maftllc.com tcp
US 82.180.172.127:443 lynphan.com tcp
US 8.8.8.8:53 18.244.6.103.in-addr.arpa udp
US 8.8.8.8:53 164.164.67.172.in-addr.arpa udp
US 8.8.8.8:53 4.125.93.45.in-addr.arpa udp
US 8.8.8.8:53 183.165.67.172.in-addr.arpa udp
US 8.8.8.8:53 181.165.234.109.in-addr.arpa udp
US 8.8.8.8:53 119.47.56.154.in-addr.arpa udp
US 8.8.8.8:53 19.218.241.162.in-addr.arpa udp
US 8.8.8.8:53 195.128.26.154.in-addr.arpa udp
US 8.8.8.8:53 131.233.95.141.in-addr.arpa udp
US 172.67.177.118:443 m-hbaby.com tcp
US 8.8.8.8:53 mediebc.com udp
US 8.8.8.8:53 memoset.com udp
US 8.8.8.8:53 merkhut.com udp
US 8.8.8.8:53 meroyar.com udp
US 8.8.8.8:53 merstra.com udp
US 104.21.4.197:443 me88moi.com tcp
US 8.8.8.8:53 mhdwood.com udp
FR 109.234.165.183:443 www.mdblets.com tcp
US 8.8.8.8:53 mimolme.com udp
FR 51.91.236.193:443 memoset.com tcp
GB 68.183.37.41:443 www.me-shot.com tcp
US 8.8.8.8:53 minikah.com udp
US 8.8.8.8:53 mizalhs.com udp
US 172.67.181.92:443 lvsg788.com tcp
US 8.8.8.8:53 mncpost.com udp
US 8.8.8.8:53 mopscon.com udp
US 8.8.8.8:53 www.mrgowns.com udp
US 8.8.8.8:53 motornc.com udp
US 8.8.8.8:53 212.44.21.104.in-addr.arpa udp
US 8.8.8.8:53 92.181.67.172.in-addr.arpa udp
US 8.8.8.8:53 106.200.67.172.in-addr.arpa udp
US 8.8.8.8:53 131.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 222.97.77.185.in-addr.arpa udp
US 8.8.8.8:53 11.248.66.68.in-addr.arpa udp
US 8.8.8.8:53 66.217.241.162.in-addr.arpa udp
US 8.8.8.8:53 213.182.235.167.in-addr.arpa udp
US 8.8.8.8:53 118.177.67.172.in-addr.arpa udp
US 8.8.8.8:53 15.225.241.162.in-addr.arpa udp
US 8.8.8.8:53 127.172.180.82.in-addr.arpa udp
US 8.8.8.8:53 197.4.21.104.in-addr.arpa udp
US 8.8.8.8:53 41.37.183.68.in-addr.arpa udp
US 8.8.8.8:53 183.165.234.109.in-addr.arpa udp
US 8.8.8.8:53 crazitoo.com udp
US 8.8.8.8:53 www.leemoes.com udp
US 8.8.8.8:53 www.creaaron.com udp
US 8.8.8.8:53 crisbelo.com udp
US 8.8.8.8:53 cubezllc.com udp
US 8.8.8.8:53 d9betmoi.com udp
US 8.8.8.8:53 danakron.com udp
IN 217.21.91.184:443 merstra.com tcp
US 216.172.172.79:443 merkhut.com tcp
US 173.236.236.248:443 meroyar.com tcp
FR 92.205.8.128:443 mhdwood.com tcp
JP 52.69.237.81:443 mimolme.com tcp
US 104.21.18.120:80 minikah.com tcp
DE 148.251.114.233:443 mizalhs.com tcp
US 8.8.8.8:53 dansolam.com udp
N/A 127.0.0.1:53028 tcp
US 8.8.8.8:53 dansscho.com udp
US 8.8.8.8:53 dcgtruck.com udp
US 8.8.8.8:53 dehuerta.com udp
LT 45.84.206.42:443 crisbelo.com tcp
US 104.21.4.215:443 d9betmoi.com tcp
US 141.193.213.10:443 mopscon.com tcp
US 8.8.8.8:53 delmaspa.com udp
US 8.8.8.8:53 www.loki389.com udp
US 104.21.39.183:443 danakron.com tcp
GB 185.77.97.14:443 motornc.com tcp
US 8.8.8.8:53 120.18.21.104.in-addr.arpa udp
US 8.8.8.8:53 233.114.251.148.in-addr.arpa udp
US 8.8.8.8:53 79.172.172.216.in-addr.arpa udp
US 8.8.8.8:53 248.236.236.173.in-addr.arpa udp
US 8.8.8.8:53 184.91.21.217.in-addr.arpa udp
US 172.67.166.207:443 dansolam.com tcp
FR 83.229.19.72:443 mncpost.com tcp
US 8.8.8.8:53 depannup.com udp
US 8.8.8.8:53 demahoue.com udp
N/A 127.0.0.1:53040 tcp
US 8.8.8.8:53 jamarmasonryrestoration.com udp
SG 154.26.128.195:443 www.leemoes.com tcp
FR 176.31.1.233:443 www.creaaron.com tcp
US 172.67.158.108:443 crazitoo.com tcp
GB 91.238.162.87:443 www.mrgowns.com tcp
N/A 127.0.0.1:53044 tcp
US 217.196.55.174:443 darkmktg.com tcp
BR 154.49.247.173:443 dehuerta.com tcp
US 8.8.8.8:53 www.chitarredarredo.it udp
US 8.8.8.8:53 choosevrchicago.com udp
US 62.72.4.152:443 dcgtruck.com tcp
US 8.8.8.8:53 chupanhchandung.com udp
FR 51.91.236.193:80 demahoue.com tcp
CA 104.255.152.78:443 dansscho.com tcp
FR 35.181.89.222:443 trending24h.com tcp
US 8.8.8.8:53 circlemcfencing.com udp
US 8.8.8.8:53 citadelaccounts.com udp
US 209.182.199.238:443 jamarmasonryrestoration.com tcp
US 192.163.196.170:443 delmaspa.com tcp
N/A 127.0.0.1:53046 tcp
TH 27.254.96.244:80 www.loki389.com tcp
DE 217.160.0.193:80 depannup.com tcp
US 8.8.8.8:53 81.237.69.52.in-addr.arpa udp
US 8.8.8.8:53 215.4.21.104.in-addr.arpa udp
US 8.8.8.8:53 42.206.84.45.in-addr.arpa udp
US 8.8.8.8:53 183.39.21.104.in-addr.arpa udp
US 8.8.8.8:53 207.166.67.172.in-addr.arpa udp
US 8.8.8.8:53 72.19.229.83.in-addr.arpa udp
US 8.8.8.8:53 233.1.31.176.in-addr.arpa udp
US 8.8.8.8:53 108.158.67.172.in-addr.arpa udp
US 8.8.8.8:53 cocinasfigueres.com udp
US 8.8.8.8:53 87.162.238.91.in-addr.arpa udp
US 8.8.8.8:53 coldfinservices.com udp
US 8.8.8.8:53 www.comancheisdbond.com udp
US 8.8.8.8:53 construction-sr.com udp
N/A 127.0.0.1:53048 tcp
N/A 127.0.0.1:53051 tcp
N/A 127.0.0.1:53056 tcp
N/A 127.0.0.1:53059 tcp
N/A 127.0.0.1:53061 tcp
US 74.208.236.219:80 choosevrchicago.com tcp
US 8.8.8.8:53 construhogarsac.com udp
US 104.21.29.14:443 www.chitarredarredo.it tcp
US 8.8.8.8:53 larileylogistics.com udp
US 154.56.47.80:443 construction-sr.com tcp
US 141.193.213.10:443 www.comancheisdbond.com tcp
US 131.153.147.50:443 coldfinservices.com tcp
US 8.8.8.8:53 lastunitsonoffer.com udp
US 159.89.178.93:443 circlemcfencing.com tcp
US 173.236.236.248:443 meroyar.com tcp
SG 151.106.124.58:443 citadelaccounts.com tcp
ES 37.153.89.67:443 cocinasfigueres.com tcp
US 8.8.8.8:53 leadexconference.com udp
VN 103.188.167.191:443 chupanhchandung.com tcp
US 8.8.8.8:53 laundryhutjaipur.com udp
US 8.8.8.8:53 lifeinalgorithms.com udp
US 8.8.8.8:53 www.limosinasalcaraz.com udp
US 8.8.8.8:53 www.lifewavesolution.com udp
US 8.8.8.8:53 174.55.196.217.in-addr.arpa udp
US 8.8.8.8:53 78.152.255.104.in-addr.arpa udp
US 8.8.8.8:53 152.4.72.62.in-addr.arpa udp
US 8.8.8.8:53 238.199.182.209.in-addr.arpa udp
US 8.8.8.8:53 193.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 170.196.163.192.in-addr.arpa udp
US 8.8.8.8:53 14.29.21.104.in-addr.arpa udp
US 8.8.8.8:53 219.236.208.74.in-addr.arpa udp
US 154.56.47.247:443 larileylogistics.com tcp
US 198.23.62.250:443 construhogarsac.com tcp
US 8.8.8.8:53 www.demahoue.com udp
US 8.8.8.8:53 linacapitalgroup.com udp
US 162.241.3.14:443 lastunitsonoffer.com tcp
SG 151.106.124.237:443 leadexconference.com tcp
US 8.8.8.8:53 localoxygen.com udp
DE 157.90.36.209:443 laundryhutjaipur.com tcp
US 154.56.47.100:443 lifeinalgorithms.com tcp
US 50.31.174.169:443 www.limosinasalcaraz.com tcp
US 160.153.0.201:443 linacapitalgroup.com tcp
US 34.68.234.4:80 localoxygen.com tcp
FR 51.91.236.193:443 www.demahoue.com tcp
JP 202.181.97.25:443 www.lifewavesolution.com tcp
US 8.8.8.8:53 www.luckylobsterbham.com udp
US 8.8.8.8:53 lodestar-digital.com udp
US 8.8.8.8:53 memoset.fr udp
US 8.8.8.8:53 maharashtrakatta.com udp
US 8.8.8.8:53 mail002orangepro.com udp
US 8.8.8.8:53 mailmatecouriers.com udp
US 8.8.8.8:53 mangofoodvillage.com udp
US 8.8.8.8:53 manhaconsultancy.com udp
US 8.8.8.8:53 93.178.89.159.in-addr.arpa udp
US 8.8.8.8:53 50.147.153.131.in-addr.arpa udp
US 8.8.8.8:53 67.89.153.37.in-addr.arpa udp
US 8.8.8.8:53 80.47.56.154.in-addr.arpa udp
US 8.8.8.8:53 58.124.106.151.in-addr.arpa udp
US 8.8.8.8:53 191.167.188.103.in-addr.arpa udp
US 8.8.8.8:53 250.62.23.198.in-addr.arpa udp
US 8.8.8.8:53 247.47.56.154.in-addr.arpa udp
US 8.8.8.8:53 209.36.90.157.in-addr.arpa udp
US 8.8.8.8:53 201.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 169.174.31.50.in-addr.arpa udp
US 8.8.8.8:53 100.47.56.154.in-addr.arpa udp
US 8.8.8.8:53 237.124.106.151.in-addr.arpa udp
US 8.8.8.8:53 25.97.181.202.in-addr.arpa udp
US 8.8.8.8:53 manifestmagic365.com udp
N/A 127.0.0.1:53071 tcp
N/A 127.0.0.1:53089 tcp
N/A 127.0.0.1:53091 tcp
N/A 127.0.0.1:53094 tcp
N/A 127.0.0.1:53103 tcp
N/A 127.0.0.1:53113 tcp
N/A 127.0.0.1:53115 tcp
N/A 127.0.0.1:53119 tcp
N/A 127.0.0.1:53121 tcp
N/A 127.0.0.1:53130 tcp
N/A 127.0.0.1:53132 tcp
N/A 127.0.0.1:53148 tcp
N/A 127.0.0.1:53153 tcp
N/A 127.0.0.1:53155 tcp
US 172.67.216.204:443 manhaconsultancy.com tcp
US 34.68.234.4:443 localoxygen.com tcp
US 149.100.151.233:443 manifestmagic365.com tcp
US 8.8.8.8:53 manuelabartolini.com udp
US 217.196.55.30:443 maharashtrakatta.com tcp
IN 206.189.140.15:443 mangofoodvillage.com tcp
US 67.217.63.74:443 mailmatecouriers.com tcp
US 64.90.48.54:443 www.luckylobsterbham.com tcp
US 8.8.8.8:53 www.circlemcfencing.com udp
US 8.8.8.8:53 manurussellnutri.com udp
US 173.252.167.40:443 mailmarketingjob.com tcp
US 66.81.203.198:80 mail002orangepro.com tcp
US 8.8.8.8:53 mariachisenchile.com udp
US 8.8.8.8:53 maryalexgonzalez.com udp
US 8.8.8.8:53 marketingbyswati.com udp
NL 185.224.137.30:443 lodestar-digital.com tcp
FR 51.91.236.193:443 memoset.fr tcp
US 8.8.8.8:53 maseruconsulting.com udp
US 8.8.8.8:53 maticictim-audio.com udp
US 8.8.8.8:53 mcdbreakfastmenu.com udp
US 208.113.188.112:443 www.manobikshailkupa.com tcp
US 8.8.8.8:53 medspanorthidaho.com udp
US 8.8.8.8:53 melollevoenlinea.com udp
US 8.8.8.8:53 merakiskytravels.com udp
US 172.67.173.240:443 manuelabartolini.com tcp
US 50.6.138.154:443 mariachisenchile.com tcp
US 74.208.236.219:443 choosevrchicago.com tcp
US 159.89.178.93:443 www.circlemcfencing.com tcp
US 162.241.63.10:443 manurussellnutri.com tcp
US 66.235.200.147:443 maseruconsulting.com tcp
IN 154.41.233.150:443 marketingbyswati.com tcp
US 62.72.50.57:443 maryalexgonzalez.com tcp
US 8.8.8.8:53 www.danakron.com udp
US 8.8.8.8:53 meridianoffshore.com udp
US 8.8.8.8:53 mickeyshapedblog.com udp
US 8.8.8.8:53 mimbarminangnews.com udp
US 8.8.8.8:53 minddesigndirect.com udp
US 8.8.8.8:53 mindhealingpower.com udp
US 89.117.139.168:443 mcdbreakfastmenu.com tcp
US 8.8.8.8:53 miradorpark.com.tr udp
US 66.81.203.198:443 maticictim-audio.com tcp
US 141.193.213.10:80 medspanorthidaho.com tcp
US 8.8.8.8:53 mizangeridonusum.com udp
GB 141.136.33.18:443 merakiskytravels.com tcp
BR 154.49.247.203:443 melollevoenlinea.com tcp
US 8.8.8.8:53 204.216.67.172.in-addr.arpa udp
US 8.8.8.8:53 30.137.224.185.in-addr.arpa udp
US 8.8.8.8:53 74.63.217.67.in-addr.arpa udp
US 8.8.8.8:53 233.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 30.55.196.217.in-addr.arpa udp
US 8.8.8.8:53 15.140.189.206.in-addr.arpa udp
US 8.8.8.8:53 54.48.90.64.in-addr.arpa udp
US 8.8.8.8:53 40.167.252.173.in-addr.arpa udp
US 8.8.8.8:53 112.188.113.208.in-addr.arpa udp
US 8.8.8.8:53 240.173.67.172.in-addr.arpa udp
US 8.8.8.8:53 154.138.6.50.in-addr.arpa udp
US 104.21.39.183:443 www.danakron.com tcp
US 8.8.8.8:53 10.63.241.162.in-addr.arpa udp
US 8.8.8.8:53 mlobowatercolors.com udp
TR 94.73.146.81:443 miradorpark.com.tr tcp
US 154.56.47.151:443 mindhealingpower.com tcp
US 160.153.0.79:443 mickeyshapedblog.com tcp
US 66.29.146.58:443 meridianoffshore.com tcp
N/A 127.0.0.1:53168 tcp
US 8.8.8.8:53 modernfitmastery.com udp
US 3.221.225.26:443 minddesigndirect.com tcp
US 8.8.8.8:53 momisalwaysright.com udp
US 154.56.47.78:443 mirandacontreras.com tcp
N/A 127.0.0.1:53177 tcp
TR 31.192.214.172:443 mizangeridonusum.com tcp
ID 103.16.198.94:443 mimbarminangnews.com tcp
US 8.8.8.8:53 moneyandservltda.com udp
US 104.21.6.100:443 mlobowatercolors.com tcp
US 8.8.8.8:53 mondial-house-sn.com udp
US 8.8.8.8:53 mostacitamoraita.com udp
US 8.8.8.8:53 www.motorhometrekkers.com udp
US 8.8.8.8:53 mqdigitalfashion.com udp
US 8.8.8.8:53 myitalianfashion.com udp
US 8.8.8.8:53 mylearningchoice.com udp
US 8.8.8.8:53 mypensionplanned.com udp
US 8.8.8.8:53 mystiqueambition.com udp
GB 185.77.97.138:443 modernfitmastery.com tcp
N/A 127.0.0.1:53179 tcp
FR 35.181.89.222:443 momisalwaysright.com tcp
DE 195.201.58.155:443 mondial-house-sn.com tcp
DE 217.160.0.108:443 www.motorhometrekkers.com tcp
SG 156.67.222.18:443 mqdigitalfashion.com tcp
US 66.235.200.145:443 mylearningchoice.com tcp
US 172.67.156.94:443 myitalianfashion.com tcp
US 8.8.8.8:53 nardorestaurante.com udp
US 8.8.8.8:53 150.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 57.50.72.62.in-addr.arpa udp
US 8.8.8.8:53 168.139.117.89.in-addr.arpa udp
US 8.8.8.8:53 18.33.136.141.in-addr.arpa udp
US 8.8.8.8:53 81.146.73.94.in-addr.arpa udp
US 8.8.8.8:53 79.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 151.47.56.154.in-addr.arpa udp
US 8.8.8.8:53 58.146.29.66.in-addr.arpa udp
US 8.8.8.8:53 26.225.221.3.in-addr.arpa udp
US 8.8.8.8:53 100.6.21.104.in-addr.arpa udp
US 8.8.8.8:53 172.214.192.31.in-addr.arpa udp
US 8.8.8.8:53 78.47.56.154.in-addr.arpa udp
NL 75.102.58.24:443 mostacitamoraita.com tcp
DE 81.169.145.84:80 mystiqueambition.com tcp
US 8.8.8.8:53 naturalbem-estar.com udp
US 8.8.8.8:53 naveenramkrishna.com udp
US 8.8.8.8:53 newhomerebatenow.com udp
US 8.8.8.8:53 ncroofinspection.com udp
US 8.8.8.8:53 nexusdgmarketing.com udp
US 8.8.8.8:53 newlyamplebazaar.com udp
BG 185.82.216.111:443 server15.localstats.org tcp
N/A 127.0.0.1:53182 tcp
US 173.231.214.233:443 nardorestaurante.com tcp
N/A 127.0.0.1:53186 tcp
US 8.8.8.8:53 officialsitemart.com udp
US 8.8.8.8:53 ogmiosconsulting.com udp
US 8.8.8.8:53 odontocaredental.com udp
US 8.8.8.8:53 onecompanystudio.com udp
US 8.8.8.8:53 oneillhomebuyers.com udp
US 8.8.8.8:53 onestopfoodjoint.com udp
US 8.8.8.8:53 onlinefoodsstore.com udp
US 162.241.203.220:443 naturalbem-estar.com tcp
US 104.21.11.78:443 newlyamplebazaar.com tcp
US 82.180.172.216:443 newhomerebatenow.com tcp
US 154.56.47.99:443 nexusdgmarketing.com tcp
DE 167.235.182.50:443 naveenramkrishna.com tcp
US 172.67.212.200:443 ncroofinspection.com tcp
N/A 127.0.0.1:53188 tcp
N/A 127.0.0.1:53195 tcp
N/A 127.0.0.1:53199 tcp
N/A 127.0.0.1:53203 tcp
N/A 127.0.0.1:53207 tcp
N/A 127.0.0.1:53219 tcp
US 8.8.8.8:53 138.97.77.185.in-addr.arpa udp
US 8.8.8.8:53 155.58.201.195.in-addr.arpa udp
US 8.8.8.8:53 108.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 145.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 94.156.67.172.in-addr.arpa udp
US 8.8.8.8:53 24.58.102.75.in-addr.arpa udp
US 8.8.8.8:53 motorhometrekkers.com udp
US 8.8.8.8:53 onlinegamesfield.com udp
US 8.8.8.8:53 onlinemarketiing.com udp
US 8.8.8.8:53 www.onlinetechrescue.com udp
US 8.8.8.8:53 www.onlylightdigital.com udp
US 8.8.8.8:53 openhorizonspace.com udp
US 8.8.8.8:53 operationdadduty.com udp
US 8.8.8.8:53 www.manuelabartolini.com udp
US 62.72.25.85:443 onlinefoodsstore.com tcp
US 50.87.147.159:443 oneillhomebuyers.com tcp
US 8.8.8.8:53 orendapsikologji.com udp
US 8.8.8.8:53 www.marketingbyswati.com udp
US 172.96.141.80:443 nongorfoundation.com tcp
US 8.8.8.8:53 originalesonline.com udp
US 8.8.8.8:53 ecomstorenetwork.com udp
US 8.8.8.8:53 outsightlearning.com udp
US 8.8.8.8:53 www.pamelasuejackson.com udp
DE 217.160.0.226:443 ogmiosconsulting.com tcp
US 66.29.141.192:443 onecompanystudio.com tcp
IN 62.72.14.156:443 odontocaredental.com tcp
US 162.144.3.63:80 onestopfoodjoint.com tcp
US 8.8.8.8:53 papillonhomepets.com udp
DE 217.160.0.108:443 motorhometrekkers.com tcp
BR 154.56.48.97:443 officialsitemart.com tcp
IT 185.221.175.25:443 www.onlylightdigital.com tcp
US 8.8.8.8:53 parentingnesthub.com udp
US 104.21.30.214:443 www.manuelabartolini.com tcp
US 66.235.200.146:443 operationdadduty.com tcp
US 8.8.8.8:53 233.214.231.173.in-addr.arpa udp
US 8.8.8.8:53 78.11.21.104.in-addr.arpa udp
US 8.8.8.8:53 50.182.235.167.in-addr.arpa udp
US 8.8.8.8:53 200.212.67.172.in-addr.arpa udp
US 8.8.8.8:53 220.203.241.162.in-addr.arpa udp
US 8.8.8.8:53 99.47.56.154.in-addr.arpa udp
US 8.8.8.8:53 216.172.180.82.in-addr.arpa udp
SG 194.163.42.34:443 onlinemarketiing.com tcp
US 173.236.65.130:443 www.onlinetechrescue.com tcp
US 216.246.46.70:443 onlinegamesfield.com tcp
US 154.56.47.78:443 openhorizonspace.com tcp
US 172.67.172.86:443 ecomstorenetwork.com tcp
IN 154.41.233.150:443 www.marketingbyswati.com tcp
US 160.153.0.122:443 orendapsikologji.com tcp
US 8.8.8.8:53 parqueunapelotas.com udp
US 149.100.151.219:443 papillonhomepets.com tcp
US 107.180.47.65:443 outsightlearning.com tcp
BR 154.56.50.13:443 originalesonline.com tcp
US 162.241.203.15:443 parentingnesthub.com tcp
US 8.8.8.8:53 patrick-solution.com udp
US 8.8.8.8:53 pastesrealminero.com udp
US 8.8.8.8:53 pazinteriortotal.com udp
US 8.8.8.8:53 pbsconsultingllc.com udp
US 65.181.111.151:443 www.pamelasuejackson.com tcp
US 8.8.8.8:53 pechitotvdigital.com udp
US 8.8.8.8:53 www.personalgrowthk9.com udp
US 8.8.8.8:53 picasso-wellness.com udp
US 8.8.8.8:53 pinelakecleaning.com udp
US 8.8.8.8:53 pelagicequipment.com udp
US 162.214.162.193:443 parqueunapelotas.com tcp
US 8.8.8.8:53 85.25.72.62.in-addr.arpa udp
US 8.8.8.8:53 159.147.87.50.in-addr.arpa udp
US 8.8.8.8:53 226.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 25.175.221.185.in-addr.arpa udp
US 8.8.8.8:53 80.141.96.172.in-addr.arpa udp
US 8.8.8.8:53 214.30.21.104.in-addr.arpa udp
US 8.8.8.8:53 63.3.144.162.in-addr.arpa udp
US 8.8.8.8:53 156.14.72.62.in-addr.arpa udp
US 8.8.8.8:53 192.141.29.66.in-addr.arpa udp
US 8.8.8.8:53 97.48.56.154.in-addr.arpa udp
US 8.8.8.8:53 130.65.236.173.in-addr.arpa udp
US 8.8.8.8:53 86.172.67.172.in-addr.arpa udp
US 8.8.8.8:53 122.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 34.42.163.194.in-addr.arpa udp
US 8.8.8.8:53 219.151.100.149.in-addr.arpa udp
GB 185.77.97.89:443 pazinteriortotal.com tcp
US 154.7.253.149:443 pbsconsultingllc.com tcp
N/A 127.0.0.1:53226 tcp
US 160.153.0.135:443 pelagicequipment.com tcp
US 159.203.76.80:443 picasso-wellness.com tcp
US 8.8.8.8:53 pintoresengandia.com udp
US 104.21.95.26:443 pinelakecleaning.com tcp
FR 193.70.117.88:443 pastesrealminero.com tcp
US 190.8.176.166:443 www.personalgrowthk9.com tcp
US 8.8.8.8:53 pitambaratravels.com udp
JP 139.162.67.176:443 patrick-solution.com tcp
US 172.67.140.182:443 pintoresengandia.com tcp
N/A 127.0.0.1:53231 tcp
N/A 127.0.0.1:53233 tcp
N/A 127.0.0.1:53235 tcp
N/A 127.0.0.1:53238 tcp
N/A 127.0.0.1:53243 tcp
N/A 127.0.0.1:53251 tcp
N/A 127.0.0.1:53253 tcp
N/A 127.0.0.1:53261 tcp
N/A 127.0.0.1:53269 tcp
N/A 127.0.0.1:53271 tcp
N/A 127.0.0.1:53273 tcp
N/A 127.0.0.1:53275 tcp
N/A 127.0.0.1:53286 tcp
N/A 127.0.0.1:53290 tcp
N/A 127.0.0.1:53292 tcp
N/A 127.0.0.1:53298 tcp
N/A 127.0.0.1:53300 tcp
N/A 127.0.0.1:53302 tcp
N/A 127.0.0.1:53304 tcp
US 8.8.8.8:53 www.parqueunapelotas.com udp
SG 82.180.152.129:443 pitambaratravels.com tcp
US 8.8.8.8:53 15.203.241.162.in-addr.arpa udp
US 8.8.8.8:53 151.111.181.65.in-addr.arpa udp
US 8.8.8.8:53 193.162.214.162.in-addr.arpa udp
US 8.8.8.8:53 89.97.77.185.in-addr.arpa udp
US 8.8.8.8:53 149.253.7.154.in-addr.arpa udp
US 8.8.8.8:53 135.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 26.95.21.104.in-addr.arpa udp
US 8.8.8.8:53 88.117.70.193.in-addr.arpa udp
US 8.8.8.8:53 182.140.67.172.in-addr.arpa udp
US 8.8.8.8:53 80.76.203.159.in-addr.arpa udp
US 8.8.8.8:53 166.176.8.190.in-addr.arpa udp
US 8.8.8.8:53 176.67.162.139.in-addr.arpa udp
US 162.214.162.193:443 www.parqueunapelotas.com tcp
US 8.8.8.8:53 129.152.180.82.in-addr.arpa udp
N/A 127.0.0.1:53311 tcp
N/A 127.0.0.1:53322 tcp
N/A 127.0.0.1:53332 tcp
N/A 127.0.0.1:53334 tcp
N/A 127.0.0.1:53341 tcp
N/A 127.0.0.1:53348 tcp
N/A 127.0.0.1:53356 tcp
N/A 127.0.0.1:53365 tcp
N/A 127.0.0.1:53387 tcp
N/A 127.0.0.1:53394 tcp
N/A 127.0.0.1:53396 tcp
N/A 127.0.0.1:53398 tcp
N/A 127.0.0.1:53400 tcp
N/A 127.0.0.1:53414 tcp
N/A 127.0.0.1:53416 tcp
N/A 127.0.0.1:53418 tcp
N/A 127.0.0.1:53420 tcp
N/A 127.0.0.1:53422 tcp
N/A 127.0.0.1:53424 tcp
N/A 127.0.0.1:53426 tcp
N/A 127.0.0.1:53428 tcp
N/A 127.0.0.1:53431 tcp
N/A 127.0.0.1:53442 tcp
N/A 127.0.0.1:53444 tcp
N/A 127.0.0.1:53446 tcp
N/A 127.0.0.1:53448 tcp
N/A 127.0.0.1:53450 tcp
N/A 127.0.0.1:53457 tcp
N/A 127.0.0.1:53459 tcp
N/A 127.0.0.1:53463 tcp
N/A 127.0.0.1:53480 tcp
N/A 127.0.0.1:53482 tcp
N/A 127.0.0.1:53485 tcp
N/A 127.0.0.1:53497 tcp
N/A 127.0.0.1:53502 tcp
N/A 127.0.0.1:53504 tcp
N/A 127.0.0.1:53506 tcp
N/A 127.0.0.1:53508 tcp
N/A 127.0.0.1:53510 tcp
N/A 127.0.0.1:53527 tcp
N/A 127.0.0.1:53531 tcp
N/A 127.0.0.1:53537 tcp
N/A 127.0.0.1:53546 tcp
N/A 127.0.0.1:53550 tcp
N/A 127.0.0.1:53552 tcp
N/A 127.0.0.1:53554 tcp
N/A 127.0.0.1:53557 tcp
N/A 127.0.0.1:53563 tcp
N/A 127.0.0.1:53565 tcp
N/A 127.0.0.1:53567 tcp
N/A 127.0.0.1:53574 tcp
N/A 127.0.0.1:53577 tcp
N/A 127.0.0.1:53580 tcp
N/A 127.0.0.1:53587 tcp
N/A 127.0.0.1:53589 tcp
N/A 127.0.0.1:53591 tcp
N/A 127.0.0.1:53597 tcp
N/A 127.0.0.1:53602 tcp
N/A 127.0.0.1:53605 tcp
N/A 127.0.0.1:53612 tcp
N/A 127.0.0.1:53631 tcp
N/A 127.0.0.1:53633 tcp
N/A 127.0.0.1:53642 tcp
N/A 127.0.0.1:53644 tcp
N/A 127.0.0.1:53646 tcp
N/A 127.0.0.1:53649 tcp
N/A 127.0.0.1:53652 tcp
N/A 127.0.0.1:53666 tcp
N/A 127.0.0.1:53669 tcp
N/A 127.0.0.1:53680 tcp
N/A 127.0.0.1:53694 tcp
N/A 127.0.0.1:53696 tcp
N/A 127.0.0.1:53703 tcp
N/A 127.0.0.1:53705 tcp
N/A 127.0.0.1:53709 tcp
N/A 127.0.0.1:53712 tcp
N/A 127.0.0.1:53722 tcp
N/A 127.0.0.1:53724 tcp
N/A 127.0.0.1:53726 tcp
N/A 127.0.0.1:53743 tcp
N/A 127.0.0.1:53746 tcp
N/A 127.0.0.1:53748 tcp
N/A 127.0.0.1:53750 tcp
N/A 127.0.0.1:53752 tcp
N/A 127.0.0.1:53754 tcp
N/A 127.0.0.1:53757 tcp
N/A 127.0.0.1:53759 tcp
N/A 127.0.0.1:53761 tcp
N/A 127.0.0.1:53766 tcp
N/A 127.0.0.1:53769 tcp
N/A 127.0.0.1:53782 tcp
N/A 127.0.0.1:53784 tcp
N/A 127.0.0.1:53786 tcp
N/A 127.0.0.1:53789 tcp
N/A 127.0.0.1:53794 tcp
N/A 127.0.0.1:53799 tcp
N/A 127.0.0.1:53801 tcp
N/A 127.0.0.1:53806 tcp
N/A 127.0.0.1:53819 tcp
N/A 127.0.0.1:53822 tcp
N/A 127.0.0.1:53835 tcp
N/A 127.0.0.1:53841 tcp
N/A 127.0.0.1:53847 tcp
N/A 127.0.0.1:53861 tcp
N/A 127.0.0.1:53864 tcp
N/A 127.0.0.1:53866 tcp
N/A 127.0.0.1:53869 tcp
N/A 127.0.0.1:53871 tcp
N/A 127.0.0.1:53875 tcp
N/A 127.0.0.1:53884 tcp
N/A 127.0.0.1:53894 tcp
N/A 127.0.0.1:53896 tcp
N/A 127.0.0.1:53898 tcp
N/A 127.0.0.1:53900 tcp
N/A 127.0.0.1:53902 tcp
N/A 127.0.0.1:53910 tcp
N/A 127.0.0.1:53913 tcp
N/A 127.0.0.1:53915 tcp
N/A 127.0.0.1:53917 tcp
N/A 127.0.0.1:53919 tcp
N/A 127.0.0.1:53921 tcp
N/A 127.0.0.1:53927 tcp
N/A 127.0.0.1:53941 tcp
N/A 127.0.0.1:53943 tcp
N/A 127.0.0.1:53945 tcp
N/A 127.0.0.1:53950 tcp
N/A 127.0.0.1:53957 tcp
N/A 127.0.0.1:53960 tcp
N/A 127.0.0.1:53980 tcp
N/A 127.0.0.1:53982 tcp
N/A 127.0.0.1:53984 tcp
N/A 127.0.0.1:53986 tcp
N/A 127.0.0.1:53988 tcp
N/A 127.0.0.1:53993 tcp
N/A 127.0.0.1:53996 tcp
N/A 127.0.0.1:53998 tcp
N/A 127.0.0.1:54000 tcp
N/A 127.0.0.1:54011 tcp
N/A 127.0.0.1:54020 tcp
N/A 127.0.0.1:54022 tcp
N/A 127.0.0.1:54037 tcp
N/A 127.0.0.1:54039 tcp
N/A 127.0.0.1:54041 tcp
N/A 127.0.0.1:54043 tcp
N/A 127.0.0.1:54045 tcp
N/A 127.0.0.1:54047 tcp
N/A 127.0.0.1:54049 tcp
N/A 127.0.0.1:54058 tcp
N/A 127.0.0.1:54072 tcp
N/A 127.0.0.1:54076 tcp
N/A 127.0.0.1:54078 tcp
N/A 127.0.0.1:54082 tcp
N/A 127.0.0.1:54084 tcp
N/A 127.0.0.1:54090 tcp
N/A 127.0.0.1:54092 tcp
N/A 127.0.0.1:54095 tcp
N/A 127.0.0.1:54105 tcp
N/A 127.0.0.1:54107 tcp
N/A 127.0.0.1:54109 tcp
N/A 127.0.0.1:54119 tcp
N/A 127.0.0.1:54133 tcp
N/A 127.0.0.1:54136 tcp
N/A 127.0.0.1:54139 tcp
N/A 127.0.0.1:54143 tcp
N/A 127.0.0.1:54165 tcp
N/A 127.0.0.1:54167 tcp
N/A 127.0.0.1:54169 tcp
N/A 127.0.0.1:54171 tcp
N/A 127.0.0.1:54173 tcp
N/A 127.0.0.1:54184 tcp
N/A 127.0.0.1:54186 tcp
N/A 127.0.0.1:54188 tcp
N/A 127.0.0.1:54190 tcp
N/A 127.0.0.1:54192 tcp
N/A 127.0.0.1:54194 tcp
N/A 127.0.0.1:54196 tcp
N/A 127.0.0.1:54199 tcp
N/A 127.0.0.1:54201 tcp
N/A 127.0.0.1:54203 tcp
N/A 127.0.0.1:54205 tcp
N/A 127.0.0.1:54217 tcp
N/A 127.0.0.1:54221 tcp
N/A 127.0.0.1:54223 tcp
N/A 127.0.0.1:54225 tcp
N/A 127.0.0.1:54230 tcp
N/A 127.0.0.1:54244 tcp
N/A 127.0.0.1:54253 tcp
N/A 127.0.0.1:54263 tcp
N/A 127.0.0.1:54267 tcp
N/A 127.0.0.1:54283 tcp
N/A 127.0.0.1:54290 tcp
N/A 127.0.0.1:54295 tcp
N/A 127.0.0.1:54298 tcp
N/A 127.0.0.1:54300 tcp
N/A 127.0.0.1:54302 tcp
N/A 127.0.0.1:54305 tcp
N/A 127.0.0.1:54309 tcp
N/A 127.0.0.1:54312 tcp
N/A 127.0.0.1:54324 tcp
N/A 127.0.0.1:54326 tcp
N/A 127.0.0.1:54328 tcp
N/A 127.0.0.1:54330 tcp
N/A 127.0.0.1:54332 tcp
N/A 127.0.0.1:54334 tcp
N/A 127.0.0.1:54340 tcp
N/A 127.0.0.1:54342 tcp
N/A 127.0.0.1:54348 tcp
N/A 127.0.0.1:54366 tcp
N/A 127.0.0.1:54370 tcp
N/A 127.0.0.1:54372 tcp
N/A 127.0.0.1:54374 tcp
N/A 127.0.0.1:54376 tcp
N/A 127.0.0.1:54378 tcp
N/A 127.0.0.1:54380 tcp
N/A 127.0.0.1:54382 tcp
N/A 127.0.0.1:54384 tcp
N/A 127.0.0.1:54392 tcp
N/A 127.0.0.1:54400 tcp
N/A 127.0.0.1:54405 tcp
N/A 127.0.0.1:54415 tcp
N/A 127.0.0.1:54422 tcp
N/A 127.0.0.1:54429 tcp
N/A 127.0.0.1:54432 tcp
N/A 127.0.0.1:54435 tcp
N/A 127.0.0.1:54439 tcp
N/A 127.0.0.1:54454 tcp
N/A 127.0.0.1:54458 tcp
N/A 127.0.0.1:54468 tcp
N/A 127.0.0.1:54470 tcp
N/A 127.0.0.1:54481 tcp
N/A 127.0.0.1:54487 tcp
N/A 127.0.0.1:54490 tcp
N/A 127.0.0.1:54492 tcp
N/A 127.0.0.1:54494 tcp
N/A 127.0.0.1:54496 tcp
N/A 127.0.0.1:54498 tcp
N/A 127.0.0.1:54500 tcp
N/A 127.0.0.1:54504 tcp
N/A 127.0.0.1:54506 tcp
N/A 127.0.0.1:54508 tcp
N/A 127.0.0.1:54510 tcp
N/A 127.0.0.1:54516 tcp
N/A 127.0.0.1:54531 tcp
N/A 127.0.0.1:54534 tcp
N/A 127.0.0.1:54536 tcp
N/A 127.0.0.1:54538 tcp
N/A 127.0.0.1:54540 tcp
N/A 127.0.0.1:54545 tcp
N/A 127.0.0.1:54553 tcp
N/A 127.0.0.1:54558 tcp
N/A 127.0.0.1:54568 tcp
N/A 127.0.0.1:54573 tcp
N/A 127.0.0.1:54577 tcp
N/A 127.0.0.1:54579 tcp
N/A 127.0.0.1:54586 tcp
N/A 127.0.0.1:54590 tcp
N/A 127.0.0.1:54619 tcp
N/A 127.0.0.1:54624 tcp
N/A 127.0.0.1:54629 tcp
N/A 127.0.0.1:54631 tcp
N/A 127.0.0.1:54633 tcp
N/A 127.0.0.1:54635 tcp
N/A 127.0.0.1:54637 tcp
N/A 127.0.0.1:54639 tcp
N/A 127.0.0.1:54646 tcp
N/A 127.0.0.1:54660 tcp
N/A 127.0.0.1:54662 tcp
N/A 127.0.0.1:54669 tcp
N/A 127.0.0.1:54673 tcp
N/A 127.0.0.1:54677 tcp
N/A 127.0.0.1:54680 tcp
N/A 127.0.0.1:54682 tcp
N/A 127.0.0.1:54684 tcp
N/A 127.0.0.1:54686 tcp
N/A 127.0.0.1:54688 tcp
N/A 127.0.0.1:54690 tcp
N/A 127.0.0.1:54692 tcp
N/A 127.0.0.1:54694 tcp
N/A 127.0.0.1:54704 tcp
N/A 127.0.0.1:54715 tcp
N/A 127.0.0.1:54717 tcp
N/A 127.0.0.1:54732 tcp
N/A 127.0.0.1:54741 tcp
N/A 127.0.0.1:54745 tcp
N/A 127.0.0.1:54750 tcp
N/A 127.0.0.1:54752 tcp
N/A 127.0.0.1:54756 tcp
N/A 127.0.0.1:54766 tcp
N/A 127.0.0.1:54780 tcp
N/A 127.0.0.1:54782 tcp
N/A 127.0.0.1:54785 tcp
N/A 127.0.0.1:54787 tcp
N/A 127.0.0.1:54789 tcp
N/A 127.0.0.1:54791 tcp
N/A 127.0.0.1:54793 tcp
N/A 127.0.0.1:54796 tcp
N/A 127.0.0.1:54798 tcp
N/A 127.0.0.1:54800 tcp
N/A 127.0.0.1:54802 tcp
N/A 127.0.0.1:54819 tcp
N/A 127.0.0.1:54821 tcp
N/A 127.0.0.1:54823 tcp
N/A 127.0.0.1:54840 tcp
N/A 127.0.0.1:54843 tcp
N/A 127.0.0.1:54845 tcp
N/A 127.0.0.1:54853 tcp
N/A 127.0.0.1:54862 tcp
N/A 127.0.0.1:54864 tcp
N/A 127.0.0.1:54866 tcp
N/A 127.0.0.1:54868 tcp
N/A 127.0.0.1:54870 tcp
N/A 127.0.0.1:54872 tcp
N/A 127.0.0.1:54874 tcp
N/A 127.0.0.1:54876 tcp
N/A 127.0.0.1:54878 tcp
N/A 127.0.0.1:54880 tcp
N/A 127.0.0.1:54882 tcp
N/A 127.0.0.1:54884 tcp
N/A 127.0.0.1:54888 tcp
N/A 127.0.0.1:54899 tcp
N/A 127.0.0.1:54905 tcp
N/A 127.0.0.1:54909 tcp
N/A 127.0.0.1:54914 tcp
N/A 127.0.0.1:54919 tcp
N/A 127.0.0.1:54922 tcp
N/A 127.0.0.1:54924 tcp
N/A 127.0.0.1:54928 tcp
N/A 127.0.0.1:54943 tcp
N/A 127.0.0.1:54946 tcp
N/A 127.0.0.1:54950 tcp
N/A 127.0.0.1:54954 tcp
N/A 127.0.0.1:54956 tcp
N/A 127.0.0.1:54970 tcp
N/A 127.0.0.1:54980 tcp
N/A 127.0.0.1:54991 tcp
N/A 127.0.0.1:54994 tcp
N/A 127.0.0.1:54997 tcp
N/A 127.0.0.1:55000 tcp
N/A 127.0.0.1:55002 tcp
N/A 127.0.0.1:55004 tcp
N/A 127.0.0.1:55009 tcp
N/A 127.0.0.1:55011 tcp
N/A 127.0.0.1:55013 tcp
N/A 127.0.0.1:55015 tcp
N/A 127.0.0.1:55020 tcp
N/A 127.0.0.1:55024 tcp
N/A 127.0.0.1:55028 tcp
N/A 127.0.0.1:55031 tcp
N/A 127.0.0.1:55038 tcp
N/A 127.0.0.1:55040 tcp
N/A 127.0.0.1:55047 tcp
N/A 127.0.0.1:55050 tcp
N/A 127.0.0.1:55052 tcp
N/A 127.0.0.1:55054 tcp
N/A 127.0.0.1:55056 tcp
N/A 127.0.0.1:55058 tcp
N/A 127.0.0.1:55060 tcp
N/A 127.0.0.1:55079 tcp
N/A 127.0.0.1:55083 tcp
N/A 127.0.0.1:55094 tcp
N/A 127.0.0.1:55098 tcp
N/A 127.0.0.1:55100 tcp
N/A 127.0.0.1:55103 tcp
N/A 127.0.0.1:55106 tcp
N/A 127.0.0.1:55110 tcp
N/A 127.0.0.1:55124 tcp
N/A 127.0.0.1:55130 tcp
N/A 127.0.0.1:55139 tcp
N/A 127.0.0.1:55143 tcp
N/A 127.0.0.1:55159 tcp
N/A 127.0.0.1:55162 tcp
N/A 127.0.0.1:55166 tcp
N/A 127.0.0.1:55170 tcp
N/A 127.0.0.1:55174 tcp
N/A 127.0.0.1:55187 tcp
N/A 127.0.0.1:55189 tcp
N/A 127.0.0.1:55192 tcp
N/A 127.0.0.1:55198 tcp
N/A 127.0.0.1:55206 tcp
N/A 127.0.0.1:55216 tcp
N/A 127.0.0.1:55218 tcp
N/A 127.0.0.1:55222 tcp
N/A 127.0.0.1:55224 tcp
N/A 127.0.0.1:55226 tcp
N/A 127.0.0.1:55234 tcp
N/A 127.0.0.1:55244 tcp
N/A 127.0.0.1:55246 tcp
N/A 127.0.0.1:55248 tcp
N/A 127.0.0.1:55254 tcp
N/A 127.0.0.1:55261 tcp
N/A 127.0.0.1:55264 tcp
N/A 127.0.0.1:55266 tcp
N/A 127.0.0.1:55269 tcp
N/A 127.0.0.1:55272 tcp
N/A 127.0.0.1:55274 tcp
N/A 127.0.0.1:55300 tcp
N/A 127.0.0.1:55302 tcp
N/A 127.0.0.1:55304 tcp
N/A 127.0.0.1:55308 tcp
N/A 127.0.0.1:55310 tcp
N/A 127.0.0.1:55312 tcp
N/A 127.0.0.1:55314 tcp
N/A 127.0.0.1:55316 tcp
N/A 127.0.0.1:55318 tcp
N/A 127.0.0.1:55320 tcp
N/A 127.0.0.1:55333 tcp
N/A 127.0.0.1:55338 tcp
N/A 127.0.0.1:55342 tcp
N/A 127.0.0.1:55345 tcp
N/A 127.0.0.1:55347 tcp
N/A 127.0.0.1:55350 tcp
N/A 127.0.0.1:55357 tcp
N/A 127.0.0.1:55363 tcp
N/A 127.0.0.1:55365 tcp
N/A 127.0.0.1:55368 tcp
N/A 127.0.0.1:55372 tcp
N/A 127.0.0.1:55375 tcp
N/A 127.0.0.1:55377 tcp
N/A 127.0.0.1:55379 tcp
N/A 127.0.0.1:55387 tcp
N/A 127.0.0.1:55390 tcp
N/A 127.0.0.1:55399 tcp
N/A 127.0.0.1:55419 tcp
N/A 127.0.0.1:55428 tcp
N/A 127.0.0.1:55432 tcp
N/A 127.0.0.1:55436 tcp
N/A 127.0.0.1:55438 tcp
N/A 127.0.0.1:55440 tcp
N/A 127.0.0.1:55452 tcp
N/A 127.0.0.1:55454 tcp
N/A 127.0.0.1:55458 tcp
N/A 127.0.0.1:55461 tcp
N/A 127.0.0.1:55465 tcp
N/A 127.0.0.1:55468 tcp
N/A 127.0.0.1:55474 tcp
N/A 127.0.0.1:55481 tcp
N/A 127.0.0.1:55488 tcp
N/A 127.0.0.1:55496 tcp
N/A 127.0.0.1:55506 tcp
N/A 127.0.0.1:55510 tcp
N/A 127.0.0.1:55512 tcp
N/A 127.0.0.1:55515 tcp
N/A 127.0.0.1:55521 tcp
N/A 127.0.0.1:55536 tcp
N/A 127.0.0.1:55548 tcp
N/A 127.0.0.1:55550 tcp
N/A 127.0.0.1:55558 tcp
N/A 127.0.0.1:55560 tcp
N/A 127.0.0.1:55562 tcp
N/A 127.0.0.1:55566 tcp
N/A 127.0.0.1:55568 tcp
N/A 127.0.0.1:55580 tcp
N/A 127.0.0.1:55584 tcp
N/A 127.0.0.1:55586 tcp
N/A 127.0.0.1:55588 tcp
N/A 127.0.0.1:55590 tcp
N/A 127.0.0.1:55592 tcp
N/A 127.0.0.1:55594 tcp
N/A 127.0.0.1:55596 tcp
N/A 127.0.0.1:55598 tcp
N/A 127.0.0.1:55600 tcp
N/A 127.0.0.1:55602 tcp
N/A 127.0.0.1:55604 tcp
N/A 127.0.0.1:55614 tcp
N/A 127.0.0.1:55621 tcp
N/A 127.0.0.1:55623 tcp
N/A 127.0.0.1:55628 tcp
N/A 127.0.0.1:55636 tcp
N/A 127.0.0.1:55648 tcp
N/A 127.0.0.1:55650 tcp
N/A 127.0.0.1:55652 tcp
N/A 127.0.0.1:55654 tcp
N/A 127.0.0.1:55656 tcp
N/A 127.0.0.1:55669 tcp
N/A 127.0.0.1:55675 tcp
N/A 127.0.0.1:55688 tcp
N/A 127.0.0.1:55693 tcp
N/A 127.0.0.1:55695 tcp
N/A 127.0.0.1:55697 tcp
N/A 127.0.0.1:55705 tcp
N/A 127.0.0.1:55709 tcp
N/A 127.0.0.1:55714 tcp
N/A 127.0.0.1:55718 tcp
N/A 127.0.0.1:55734 tcp
N/A 127.0.0.1:55739 tcp
N/A 127.0.0.1:55743 tcp
N/A 127.0.0.1:55745 tcp
N/A 127.0.0.1:55749 tcp
N/A 127.0.0.1:55759 tcp
N/A 127.0.0.1:55763 tcp
N/A 127.0.0.1:55772 tcp
N/A 127.0.0.1:55780 tcp
N/A 127.0.0.1:55783 tcp
N/A 127.0.0.1:55785 tcp
N/A 127.0.0.1:55812 tcp
N/A 127.0.0.1:55814 tcp
N/A 127.0.0.1:55816 tcp
N/A 127.0.0.1:55818 tcp
N/A 127.0.0.1:55820 tcp
N/A 127.0.0.1:55822 tcp
N/A 127.0.0.1:55824 tcp
N/A 127.0.0.1:55826 tcp
N/A 127.0.0.1:55828 tcp
N/A 127.0.0.1:55833 tcp
N/A 127.0.0.1:55836 tcp
N/A 127.0.0.1:55843 tcp
N/A 127.0.0.1:55848 tcp
N/A 127.0.0.1:55851 tcp
N/A 127.0.0.1:55853 tcp
N/A 127.0.0.1:55855 tcp
N/A 127.0.0.1:55857 tcp
N/A 127.0.0.1:55859 tcp
N/A 127.0.0.1:55861 tcp
N/A 127.0.0.1:55864 tcp
N/A 127.0.0.1:55867 tcp
N/A 127.0.0.1:55880 tcp
N/A 127.0.0.1:55887 tcp
N/A 127.0.0.1:55900 tcp
N/A 127.0.0.1:55904 tcp
N/A 127.0.0.1:55912 tcp
N/A 127.0.0.1:55917 tcp
N/A 127.0.0.1:55921 tcp
N/A 127.0.0.1:55923 tcp
N/A 127.0.0.1:55926 tcp
N/A 127.0.0.1:55928 tcp
N/A 127.0.0.1:55930 tcp
N/A 127.0.0.1:55943 tcp
N/A 127.0.0.1:55947 tcp
N/A 127.0.0.1:55960 tcp
N/A 127.0.0.1:55964 tcp
N/A 127.0.0.1:55971 tcp
N/A 127.0.0.1:55975 tcp
N/A 127.0.0.1:55984 tcp
N/A 127.0.0.1:55988 tcp
N/A 127.0.0.1:55991 tcp
N/A 127.0.0.1:55993 tcp
N/A 127.0.0.1:55995 tcp
N/A 127.0.0.1:55999 tcp
N/A 127.0.0.1:56001 tcp
N/A 127.0.0.1:56010 tcp
N/A 127.0.0.1:56022 tcp
N/A 127.0.0.1:56028 tcp
N/A 127.0.0.1:56033 tcp
N/A 127.0.0.1:56036 tcp
N/A 127.0.0.1:56042 tcp
N/A 127.0.0.1:56044 tcp
N/A 127.0.0.1:56047 tcp
N/A 127.0.0.1:56062 tcp
N/A 127.0.0.1:56064 tcp
N/A 127.0.0.1:56066 tcp
N/A 127.0.0.1:56068 tcp
N/A 127.0.0.1:56070 tcp
N/A 127.0.0.1:56072 tcp
N/A 127.0.0.1:56075 tcp
N/A 127.0.0.1:56077 tcp
N/A 127.0.0.1:56081 tcp
N/A 127.0.0.1:56083 tcp
N/A 127.0.0.1:56088 tcp
N/A 127.0.0.1:56093 tcp
N/A 127.0.0.1:56098 tcp
N/A 127.0.0.1:56104 tcp
N/A 127.0.0.1:56107 tcp
N/A 127.0.0.1:56110 tcp
N/A 127.0.0.1:56121 tcp
N/A 127.0.0.1:56125 tcp
N/A 127.0.0.1:56128 tcp
N/A 127.0.0.1:56130 tcp
N/A 127.0.0.1:56132 tcp
N/A 127.0.0.1:56134 tcp
N/A 127.0.0.1:56136 tcp
N/A 127.0.0.1:56140 tcp
N/A 127.0.0.1:56173 tcp
N/A 127.0.0.1:56186 tcp
N/A 127.0.0.1:56188 tcp
N/A 127.0.0.1:56190 tcp
N/A 127.0.0.1:56195 tcp
N/A 127.0.0.1:56201 tcp
N/A 127.0.0.1:56204 tcp
N/A 127.0.0.1:56206 tcp
N/A 127.0.0.1:56208 tcp
N/A 127.0.0.1:56210 tcp
N/A 127.0.0.1:56228 tcp
N/A 127.0.0.1:56237 tcp
N/A 127.0.0.1:56252 tcp
US 8.8.8.8:53 www.mqdigitalfashion.com udp
SG 156.67.222.18:443 www.mqdigitalfashion.com tcp
N/A 127.0.0.1:56310 tcp
N/A 127.0.0.1:60801 tcp
N/A 127.0.0.1:60801 tcp
N/A 127.0.0.1:60801 tcp
US 8.8.8.8:53 cateringler.com udp
US 8.8.8.8:53 cateringler.com udp
US 8.8.8.8:53 insaid.co udp
US 8.8.8.8:53 insaid.co udp
US 8.8.8.8:53 enlisted.net udp
US 8.8.8.8:53 enlisted.net udp
US 8.8.8.8:53 imobiliariacruzalta.com.br udp
US 15.197.142.173:22 insaid.co tcp
US 8.8.8.8:53 imobiliariacruzalta.com.br udp
US 8.8.8.8:53 chamados.ipem.sp.gov.br udp
N/A 127.0.0.1:56353 tcp
N/A 127.0.0.1:56359 tcp
N/A 127.0.0.1:56361 tcp
N/A 127.0.0.1:56369 tcp
N/A 127.0.0.1:56371 tcp
N/A 127.0.0.1:56375 tcp
N/A 127.0.0.1:56381 tcp
N/A 127.0.0.1:56386 tcp
US 15.197.142.173:21 insaid.co tcp
US 15.197.142.173:443 insaid.co tcp
US 8.8.8.8:53 chamados.ipem.sp.gov.br udp
US 8.8.8.8:53 d28crcn30lx9cn.cloudfront.net udp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
US 104.22.43.210:22 enlisted.net tcp
US 31.170.166.243:21 imobiliariacruzalta.com.br tcp
US 104.22.43.210:21 enlisted.net tcp
US 8.8.8.8:53 d28crcn30lx9cn.cloudfront.net udp
US 8.8.8.8:53 ww3.servipag.com udp
US 31.170.166.243:22 imobiliariacruzalta.com.br tcp
US 104.22.43.210:443 enlisted.net tcp
US 8.8.8.8:53 ww3.servipag.com udp
N/A 127.0.0.1:56391 tcp
US 8.8.8.8:53 web.facebook.com udp
N/A 127.0.0.1:56396 tcp
N/A 127.0.0.1:56398 tcp
NL 142.250.153.26:465 alt1.aspmx.l.google.com tcp
US 31.170.166.243:443 imobiliariacruzalta.com.br tcp
US 8.8.8.8:53 web.facebook.com udp
US 8.8.8.8:53 animezone.pl udp
NL 142.250.153.26:143 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 mx1.hostinger.com.br udp
US 15.197.142.173:80 insaid.co tcp
BE 13.225.239.72:22 d28crcn30lx9cn.cloudfront.net tcp
BE 13.225.239.72:21 d28crcn30lx9cn.cloudfront.net tcp
US 8.8.8.8:53 243.166.170.31.in-addr.arpa udp
US 8.8.8.8:53 210.43.22.104.in-addr.arpa udp
US 8.8.8.8:53 animezone.pl udp
US 3.33.152.147:22 insaid.co tcp
N/A 127.0.0.1:56403 tcp
N/A 127.0.0.1:56405 tcp
N/A 127.0.0.1:56408 tcp
N/A 127.0.0.1:56413 tcp
HU 213.163.39.217:143 hu-is-mx-01.gaijin.team tcp
US 8.8.8.8:53 members.bet365.com udp
US 8.8.8.8:53 cateringler.com udp
NL 142.250.153.26:995 alt1.aspmx.l.google.com tcp
BE 13.225.239.72:443 d28crcn30lx9cn.cloudfront.net tcp
US 104.18.14.248:22 ww3.servipag.com tcp
US 104.18.14.248:21 ww3.servipag.com tcp
GB 163.70.147.22:22 web.facebook.com tcp
US 3.33.152.147:21 insaid.co tcp
US 3.33.152.147:443 insaid.co tcp
US 8.8.8.8:53 members.bet365.com udp
US 8.8.8.8:53 empirecraft.hu udp
US 172.65.182.103:143 mx1.hostinger.com.br tcp
US 104.22.42.210:22 enlisted.net tcp
GB 163.70.147.22:21 web.facebook.com tcp
US 172.67.217.23:22 animezone.pl tcp
US 104.22.42.210:21 enlisted.net tcp
US 172.67.217.23:21 animezone.pl tcp
US 104.22.43.210:80 enlisted.net tcp
HU 213.163.39.217:465 hu-is-mx-01.gaijin.team tcp
US 172.65.182.103:465 mx1.hostinger.com.br tcp
US 31.170.166.243:80 imobiliariacruzalta.com.br tcp
N/A 127.0.0.1:56422 tcp
N/A 127.0.0.1:56425 tcp
N/A 127.0.0.1:56429 tcp
GB 163.70.147.22:443 web.facebook.com tcp
BE 13.225.239.72:143 d28crcn30lx9cn.cloudfront.net tcp
US 104.18.14.248:443 ww3.servipag.com tcp
N/A 127.0.0.1:56433 tcp
US 104.22.43.210:80 enlisted.net tcp
GB 5.226.179.10:22 members.bet365.com tcp
US 172.67.14.1:22 enlisted.net tcp
BE 13.225.239.28:22 d28crcn30lx9cn.cloudfront.net tcp
BE 13.225.239.28:21 d28crcn30lx9cn.cloudfront.net tcp
US 31.170.166.243:22 imobiliariacruzalta.com.br tcp
US 172.67.14.1:21 enlisted.net tcp
US 104.18.15.248:22 ww3.servipag.com tcp
HU 213.163.39.217:995 hu-is-mx-01.gaijin.team tcp
US 104.18.15.248:21 ww3.servipag.com tcp
N/A 127.0.0.1:56435 tcp
N/A 127.0.0.1:56438 tcp
N/A 127.0.0.1:56445 tcp
N/A 127.0.0.1:56452 tcp
N/A 127.0.0.1:56455 tcp
N/A 127.0.0.1:56458 tcp
N/A 127.0.0.1:56465 tcp
N/A 127.0.0.1:56467 tcp
N/A 127.0.0.1:56470 tcp
N/A 127.0.0.1:56475 tcp
N/A 127.0.0.1:56485 tcp
US 172.65.182.103:995 mx1.hostinger.com.br tcp
BE 13.225.239.45:22 d28crcn30lx9cn.cloudfront.net tcp
US 104.21.16.242:22 animezone.pl tcp
US 104.21.16.242:21 animezone.pl tcp
BE 13.225.239.45:21 d28crcn30lx9cn.cloudfront.net tcp
BE 13.225.239.124:22 d28crcn30lx9cn.cloudfront.net tcp
US 15.197.142.173:80 insaid.co tcp
BE 13.225.239.28:143 d28crcn30lx9cn.cloudfront.net tcp
BE 13.225.239.124:21 d28crcn30lx9cn.cloudfront.net tcp
N/A 127.0.0.1:56497 tcp
N/A 127.0.0.1:56499 tcp
N/A 127.0.0.1:56504 tcp
N/A 127.0.0.1:56510 tcp
N/A 127.0.0.1:56513 tcp
N/A 127.0.0.1:56515 tcp
N/A 127.0.0.1:56517 tcp
N/A 127.0.0.1:56524 tcp
N/A 127.0.0.1:56531 tcp
N/A 127.0.0.1:56533 tcp
N/A 127.0.0.1:56537 tcp
N/A 127.0.0.1:56540 tcp
N/A 127.0.0.1:56544 tcp
N/A 127.0.0.1:56548 tcp
US 104.18.14.248:143 ww3.servipag.com tcp
BE 13.225.239.72:465 d28crcn30lx9cn.cloudfront.net tcp
US 8.8.8.8:53 173.142.197.15.in-addr.arpa udp
BE 13.225.239.72:80 d28crcn30lx9cn.cloudfront.net tcp
US 172.67.217.23:443 animezone.pl tcp
BE 13.225.239.45:143 d28crcn30lx9cn.cloudfront.net tcp
US 8.8.8.8:53 empirecraft.hu udp
GB 5.226.179.10:21 members.bet365.com tcp
US 104.18.15.248:143 ww3.servipag.com tcp
N/A 127.0.0.1:56552 tcp
N/A 127.0.0.1:56555 tcp
N/A 127.0.0.1:56557 tcp
N/A 127.0.0.1:56566 tcp
N/A 127.0.0.1:56569 tcp
N/A 127.0.0.1:56570 tcp
N/A 127.0.0.1:56573 tcp
N/A 127.0.0.1:56581 tcp
N/A 127.0.0.1:56586 tcp
N/A 127.0.0.1:56591 tcp
N/A 127.0.0.1:56594 tcp
N/A 127.0.0.1:56596 tcp
N/A 127.0.0.1:56602 tcp
N/A 127.0.0.1:56605 tcp
BE 13.225.239.28:465 d28crcn30lx9cn.cloudfront.net tcp
US 8.8.8.8:53 members.seotoolguru.com udp
BE 13.225.239.124:143 d28crcn30lx9cn.cloudfront.net tcp
US 31.170.166.243:80 imobiliariacruzalta.com.br tcp
US 104.21.76.133:22 empirecraft.hu tcp
BE 13.225.239.45:465 d28crcn30lx9cn.cloudfront.net tcp
BE 13.225.239.72:995 d28crcn30lx9cn.cloudfront.net tcp
US 172.67.195.187:22 empirecraft.hu tcp
US 104.18.14.248:465 ww3.servipag.com tcp
BE 13.225.239.28:995 d28crcn30lx9cn.cloudfront.net tcp
US 104.18.15.248:465 ww3.servipag.com tcp
BE 13.225.239.72:80 d28crcn30lx9cn.cloudfront.net tcp
US 104.18.14.248:80 ww3.servipag.com tcp
N/A 127.0.0.1:56608 tcp
N/A 127.0.0.1:56613 tcp
N/A 127.0.0.1:56618 tcp
N/A 127.0.0.1:56624 tcp
N/A 127.0.0.1:56627 tcp
N/A 127.0.0.1:56631 tcp
N/A 127.0.0.1:56639 tcp
N/A 127.0.0.1:56642 tcp
N/A 127.0.0.1:56645 tcp
N/A 127.0.0.1:56650 tcp
N/A 127.0.0.1:56652 tcp
BE 13.225.239.45:995 d28crcn30lx9cn.cloudfront.net tcp
US 8.8.8.8:53 members.seotoolguru.com udp
US 8.8.8.8:53 sodel2.jkuat.ac.ke udp
US 8.8.8.8:53 mail3.mydevil.net udp
US 8.8.8.8:53 cateringler.com udp
US 8.8.8.8:53 chamados.ipem.sp.gov.br udp
N/A 127.0.0.1:56655 tcp
N/A 127.0.0.1:56657 tcp
US 8.8.8.8:53 sodel2.jkuat.ac.ke udp
N/A 127.0.0.1:56683 tcp
N/A 127.0.0.1:56686 tcp
N/A 127.0.0.1:56689 tcp
N/A 127.0.0.1:56693 tcp
N/A 127.0.0.1:56700 tcp
N/A 127.0.0.1:56706 tcp
N/A 127.0.0.1:56709 tcp
US 8.8.8.8:53 103.182.65.172.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 172.67.217.23:80 animezone.pl tcp
N/A 127.0.0.1:56711 tcp
N/A 127.0.0.1:56717 tcp
N/A 127.0.0.1:56720 tcp
N/A 127.0.0.1:56727 tcp
N/A 127.0.0.1:56730 tcp
N/A 127.0.0.1:56733 tcp
N/A 127.0.0.1:56735 tcp
N/A 127.0.0.1:56743 tcp
N/A 127.0.0.1:56755 tcp
N/A 127.0.0.1:56761 tcp
N/A 127.0.0.1:56763 tcp
N/A 127.0.0.1:56766 tcp
N/A 127.0.0.1:56773 tcp
N/A 127.0.0.1:56776 tcp
N/A 127.0.0.1:56782 tcp
N/A 127.0.0.1:56784 tcp
N/A 127.0.0.1:56788 tcp
N/A 127.0.0.1:56790 tcp
N/A 127.0.0.1:56794 tcp
N/A 127.0.0.1:56805 tcp
N/A 127.0.0.1:56810 tcp
N/A 127.0.0.1:56802 tcp
US 104.22.43.210:443 enlisted.net tcp
US 8.8.8.8:53 cateringler.com udp
US 8.8.8.8:53 chamados.ipem.sp.gov.br udp
GB 163.70.147.22:80 web.facebook.com tcp
N/A 127.0.0.1:56817 tcp
N/A 127.0.0.1:56820 tcp
N/A 127.0.0.1:56822 tcp
N/A 127.0.0.1:56825 tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 webmail.its.ac.id udp
US 8.8.8.8:53 248.14.18.104.in-addr.arpa udp
N/A 127.0.0.1:56830 tcp
N/A 127.0.0.1:56834 tcp
US 8.8.8.8:53 22.147.70.163.in-addr.arpa udp
N/A 127.0.0.1:56843 tcp
US 8.8.8.8:53 mxavas.forpsi.com udp
US 31.170.166.243:443 imobiliariacruzalta.com.br tcp
N/A 127.0.0.1:56846 tcp
N/A 127.0.0.1:56848 tcp
N/A 127.0.0.1:56850 tcp
N/A 127.0.0.1:56852 tcp
N/A 127.0.0.1:56855 tcp
N/A 127.0.0.1:56863 tcp
N/A 127.0.0.1:56866 tcp
N/A 127.0.0.1:56870 tcp
N/A 127.0.0.1:56877 tcp
US 31.170.166.243:80 imobiliariacruzalta.com.br tcp
US 8.8.8.8:53 avon.com.ar udp
N/A 127.0.0.1:56880 tcp
N/A 127.0.0.1:56883 tcp
GB 5.226.179.10:80 members.bet365.com tcp
US 8.8.8.8:53 avon.com.ar udp
US 104.21.76.133:80 empirecraft.hu tcp
US 8.8.8.8:53 webmail.its.ac.id udp
N/A 127.0.0.1:56894 tcp
N/A 127.0.0.1:56893 tcp
N/A 127.0.0.1:56898 tcp
N/A 127.0.0.1:56905 tcp
N/A 127.0.0.1:56908 tcp
N/A 127.0.0.1:56910 tcp
N/A 127.0.0.1:56912 tcp
N/A 127.0.0.1:56922 tcp
N/A 127.0.0.1:56929 tcp
US 8.8.8.8:53 join.secondlife.com udp
US 8.8.8.8:53 english.lmap.ir udp
N/A 127.0.0.1:56936 tcp
N/A 127.0.0.1:56940 tcp
N/A 127.0.0.1:56942 tcp
N/A 127.0.0.1:56945 tcp
N/A 127.0.0.1:56953 tcp
N/A 127.0.0.1:56955 tcp
N/A 127.0.0.1:56961 tcp
N/A 127.0.0.1:56965 tcp
N/A 127.0.0.1:56967 tcp
N/A 127.0.0.1:56972 tcp
US 8.8.8.8:53 cateringler.com udp
US 8.8.8.8:53 english.lmap.ir udp
US 8.8.8.8:53 takipcimx.unaux.com udp
US 8.8.8.8:53 chamados.ipem.sp.gov.br udp
N/A 127.0.0.1:56979 tcp
N/A 127.0.0.1:56982 tcp
N/A 127.0.0.1:56985 tcp
N/A 127.0.0.1:56987 tcp
N/A 127.0.0.1:56995 tcp
N/A 127.0.0.1:56999 tcp
N/A 127.0.0.1:57003 tcp
N/A 127.0.0.1:57007 tcp
N/A 127.0.0.1:57011 tcp
N/A 127.0.0.1:57016 tcp
N/A 127.0.0.1:57022 tcp
N/A 127.0.0.1:57028 tcp
N/A 127.0.0.1:57031 tcp
N/A 127.0.0.1:57033 tcp
N/A 127.0.0.1:57035 tcp
N/A 127.0.0.1:57037 tcp
N/A 127.0.0.1:57039 tcp
US 8.8.8.8:53 takipcimx.unaux.com udp
N/A 127.0.0.1:57045 tcp
N/A 127.0.0.1:57057 tcp
N/A 127.0.0.1:57059 tcp
N/A 127.0.0.1:57062 tcp
N/A 127.0.0.1:57068 tcp
N/A 127.0.0.1:57074 tcp
N/A 127.0.0.1:57077 tcp
N/A 127.0.0.1:57080 tcp
N/A 127.0.0.1:57083 tcp
US 8.8.8.8:53 subscribe.free.fr udp
US 15.197.142.173:80 insaid.co tcp
N/A 127.0.0.1:57088 tcp
N/A 127.0.0.1:57091 tcp
N/A 127.0.0.1:57096 tcp
N/A 127.0.0.1:57099 tcp
N/A 127.0.0.1:57101 tcp
N/A 127.0.0.1:57105 tcp
US 8.8.8.8:53 pass-insurance.lloyd.com.tn udp
US 8.8.8.8:53 pass-insurance.lloyd.com.tn udp
US 8.8.8.8:53 accounts.google.com udp
N/A 127.0.0.1:57109 tcp
N/A 127.0.0.1:57120 tcp
N/A 127.0.0.1:57122 tcp
N/A 127.0.0.1:57125 tcp
N/A 127.0.0.1:57127 tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.servipag.com udp
N/A 127.0.0.1:57129 tcp
N/A 127.0.0.1:57131 tcp
N/A 127.0.0.1:57144 tcp
N/A 127.0.0.1:57147 tcp
N/A 127.0.0.1:57149 tcp
N/A 127.0.0.1:57153 tcp
US 8.8.8.8:53 pcpartpicker.com udp
US 8.8.8.8:53 z8games.com udp
N/A 127.0.0.1:57160 tcp
N/A 127.0.0.1:57164 tcp
N/A 127.0.0.1:57168 tcp
N/A 127.0.0.1:57172 tcp
N/A 127.0.0.1:57175 tcp
US 8.8.8.8:53 z8games.com udp
US 8.8.8.8:53 account.fifa.com udp
US 8.8.8.8:53 23.217.67.172.in-addr.arpa udp
US 8.8.8.8:53 account.fifa.com udp
N/A 127.0.0.1:57182 tcp
N/A 127.0.0.1:57187 tcp
N/A 127.0.0.1:57191 tcp
US 8.8.8.8:53 ameli.moncompte.mobi udp
US 8.8.8.8:53 katy.schoolobjects.com udp
US 8.8.8.8:53 e-plataformaanterior.sunat.gob.pe udp
US 8.8.8.8:53 e-plataformaanterior.sunat.gob.pe udp
US 8.8.8.8:53 account.mojang.com udp
US 8.8.8.8:53 chamados.ipem.sp.gov.br udp
N/A 127.0.0.1:57202 tcp
N/A 127.0.0.1:57204 tcp
N/A 127.0.0.1:57206 tcp
US 8.8.8.8:53 app.scalehot.com udp
US 8.8.8.8:53 account.mojang.com udp
US 8.8.8.8:53 members.seotoolguru.com udp
US 8.8.8.8:53 app.scalehot.com udp
US 8.8.8.8:53 psaonline.utiitsl.com udp

Files

memory/3532-1-0x00000000026B0000-0x00000000027B0000-memory.dmp

memory/3532-2-0x0000000002620000-0x000000000262B000-memory.dmp

memory/3532-3-0x0000000000400000-0x00000000022D2000-memory.dmp

memory/3308-5-0x00000000009D0000-0x00000000009E6000-memory.dmp

memory/3532-7-0x0000000000400000-0x00000000022D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1D37.exe

MD5 398ab69b1cdc624298fbc00526ea8aca
SHA1 b2c76463ae08bb3a08accfcbf609ec4c2a9c0821
SHA256 ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be
SHA512 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739

memory/1744-17-0x0000000003860000-0x0000000003A1D000-memory.dmp

memory/4864-18-0x0000000000400000-0x0000000000848000-memory.dmp

memory/4864-22-0x0000000000400000-0x0000000000848000-memory.dmp

memory/4864-23-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1744-19-0x0000000003A20000-0x0000000003BD7000-memory.dmp

memory/4864-24-0x0000000000400000-0x0000000000848000-memory.dmp

memory/4864-26-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\291F.dll

MD5 9b1697d40dfd386fdd7e9327844f301a
SHA1 e75defb119e2c7b7d3f75ab70a100ec504af5ebf
SHA256 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d
SHA512 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69

memory/4864-28-0x0000000000400000-0x0000000000848000-memory.dmp

\Users\Admin\AppData\Local\Temp\291F.dll

MD5 61b17fa5f09a2e15041b12e43de58c55
SHA1 b72473c13ed24dba14f496de8fec65bb9fbbd6b6
SHA256 d6825bc48acb15682d63b0e3504184e573197ee4212f000011cf28a226e565e0
SHA512 09d1bcdaf48c6d46c85ee5d7ad92c18b54f3ea2a30b039db3d134922a5ece0b850528c2b396eb75addcc1fab8185c7e20b47db76f1728681e63db251abadd65b

\Users\Admin\AppData\Local\Temp\291F.dll

MD5 ebafb00849387b7a2b6c7d45732a4b07
SHA1 5711ff056da95a5d81a42d4fd8e81f12623cd4df
SHA256 e8e1fe2137acc102ec930d39a5224037a30b235029007d3b89ba31117c7de237
SHA512 630a61821441975e0a0d1e3ccbbf078e1d2a96a92d70f54434db61eceabf594b33a3ee436050c6458ffefdf276f85be84fc0750e54c835fd5a6ead77964a387a

memory/4940-35-0x00000000009E0000-0x00000000009E6000-memory.dmp

memory/4864-32-0x0000000010000000-0x0000000010202000-memory.dmp

memory/4864-31-0x0000000000E40000-0x0000000000E46000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\39BA.exe

MD5 920b7ad323afa8b9edbd3e3af262865d
SHA1 326c61fcb499c08d1f6b4da1bcc194e0ed9e5489
SHA256 efc95d62117ecf6dcf54af272f5b86e167514f77b923c1b1c9a725fbe80ddc88
SHA512 c3e7fcfb720ab1470c4c586747a288827584f488d8388fa2276651d2504814385804a2fcdc1aabfd989d258bbaf8b7c628d2466c4ad423665feb0cc6f054f69a

memory/1464-41-0x0000000001A50000-0x0000000001A51000-memory.dmp

memory/1464-43-0x0000000000C20000-0x0000000001511000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3F2A.exe

MD5 a1b5ee1b9649ab629a7ac257e2392f8d
SHA1 dc1b14b6d57589440fb3021c9e06a3e3191968dc
SHA256 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65
SHA512 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b

memory/1624-50-0x0000000001BB0000-0x0000000001CB0000-memory.dmp

memory/1624-52-0x0000000003700000-0x000000000376B000-memory.dmp

memory/1624-51-0x0000000000400000-0x0000000001A77000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4CF6.exe

MD5 361629d8f4fdcb4f6d55cfcd15c38649
SHA1 06ca8af3c9e2a5616a9ab3001990591a92e90efe
SHA256 0109cd771b177124f2deaeab803b09fabeb01aac7e71e68c4a30f92736571f9e
SHA512 de85afc8eb9f2c338c6b03865e91e712ec6e0cda426bf4a74b74040ed3b815326bbc9102ec0a47a2811c734d64247e273fdaaef7bc380cba12334d52c04b0f1c

C:\Users\Admin\AppData\Local\Temp\4CF6.exe

MD5 acfa7eba7ac6a171c87cb4be768108e2
SHA1 2564de015a08f5b4546b7c61a73445ff32e36d10
SHA256 9780217a8c953f9a5427d7f31ef8f9994dcd52a6df8ecd919bc9e63b0c815f08
SHA512 2b0725a222fbb8e538dd1656dc4a96ff9b2908737ebfc891d57439fc7412d78c3a628044c35bb279052ab8cfcb9323180344df3e116daa80fa6e56121ceeef78

memory/4864-57-0x0000000000400000-0x0000000000848000-memory.dmp

memory/516-59-0x0000000000490000-0x000000000091C000-memory.dmp

memory/516-60-0x00000000728D0000-0x0000000072FBE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

MD5 0564a9bf638169a89ccb3820a6b9a58e
SHA1 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb
SHA256 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058
SHA512 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6

memory/4176-69-0x0000000001AC0000-0x0000000001BC0000-memory.dmp

memory/4176-70-0x00000000036C0000-0x0000000003727000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 46f02883577ec05c278186b4fb44ba14
SHA1 3c531d2845d2a0e958c3f5bcc487eb0fb98b2e73
SHA256 39daf7bd5756b6337b1e3bd1e64384ef574401206b7917fe09a1157f15645e0b
SHA512 83cdbe66c8df76bc0a41976eabfbc3854cdffc57f8e4920b759936038d5c4d08a7d01344f4ee6e0e7b226550d4d2b24164dea50d5bce4f8ae6b177cda67dcf42

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 3c20f2e7db8b75326455d3522cfc906b
SHA1 b5c5fb3952d1c7232ae8f7893cae99c83c81780a
SHA256 00965991e367cf0a7d39b102ebdb18a7b7bc59adf9480a1fa3ea9b678c450db9
SHA512 d8055775463096afaf4f7569e6a631c0de7c9c44ee0fcd8e4d84d62fc429655abd29eb1617da205359363cafcd1e609da6894ba34a653b413220b693fd1a4d1d

memory/4176-77-0x0000000000400000-0x0000000001A4B000-memory.dmp

memory/516-78-0x00000000728D0000-0x0000000072FBE000-memory.dmp

memory/3248-80-0x0000000003A10000-0x0000000003E0D000-memory.dmp

memory/3248-81-0x0000000003F10000-0x00000000047FB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\6189.exe

MD5 38617539f3925b6017474f088cc3769a
SHA1 c689b57ab62eac790a204c8231b02bfe0bc243a6
SHA256 defe2d4c932a7ef607e8ef1a643fb57b9c69cbc53b52bf802f9471aae5caef49
SHA512 15d87c6231a8f2115ae3f0f021949d175d3f36735637c7b508a229af5b2a93f70f32e19d9b8e3d1e0fa41bd21ee46ab5d9c6ef630c826afe2210a789e5da53e7

C:\Users\Admin\AppData\Local\Temp\6189.exe

MD5 c3fbf18bf539700026803828831877e7
SHA1 56fb18564dd953193e356c06286f5b0c5fd912f7
SHA256 fd945081a0d38ccda9f17e87d2e663b550eaff708c5fee1cef8aa9c644be880c
SHA512 d497741369b10da6c695809242d34d12ad8ce3178123fe9bdc283e9d47cde9722e36de483d7bb1843a59b69e4b51ade079e082a8d9b2ca016ab710cece1906a3

C:\Users\Admin\AppData\Local\Temp\u380.0.exe

MD5 9138b3911de9fd72e602a79fb607ab98
SHA1 50c2245a5c17d1dbadec43e026ddb21603834e36
SHA256 c02d1221a17d8502c86709708e98056afad9dbf01e6351b509fdb46a706a094c
SHA512 3af4f1f1f07a92a60acbb0921e4ffb5516942f61d71132c695afb96fb447175d0be66ae7a2e508d5439fcf857b99de85f41f872894810594448d6f97caedc7b0

memory/4940-88-0x0000000004B60000-0x0000000004C88000-memory.dmp

memory/4864-86-0x0000000002E10000-0x0000000002F38000-memory.dmp

memory/3248-89-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/4864-93-0x0000000002F40000-0x000000000304D000-memory.dmp

memory/4940-95-0x0000000004C90000-0x0000000004D9D000-memory.dmp

memory/4864-98-0x0000000002F40000-0x000000000304D000-memory.dmp

memory/4940-101-0x0000000004C90000-0x0000000004D9D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\u380.1.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/4176-106-0x0000000000400000-0x0000000001A4B000-memory.dmp

memory/1624-105-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/5112-107-0x0000000000400000-0x0000000000930000-memory.dmp

memory/4864-109-0x0000000010000000-0x0000000010202000-memory.dmp

memory/1464-115-0x0000000000C20000-0x0000000001511000-memory.dmp

memory/4864-110-0x0000000002F40000-0x000000000304D000-memory.dmp

memory/5112-112-0x0000000000CD0000-0x0000000000CD1000-memory.dmp

memory/4940-111-0x0000000004C90000-0x0000000004D9D000-memory.dmp

C:\Users\Admin\AppData\Roaming\Temp\Task.bat

MD5 11bb3db51f701d4e42d3287f71a6a43e
SHA1 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86
SHA256 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331
SHA512 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2

memory/3248-123-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/816-124-0x0000000000400000-0x00000000022D3000-memory.dmp

memory/816-127-0x0000000002350000-0x000000000235B000-memory.dmp

memory/816-126-0x00000000023B0000-0x00000000024B0000-memory.dmp

memory/4864-128-0x0000000000400000-0x0000000000848000-memory.dmp

memory/3308-130-0x0000000002A20000-0x0000000002A36000-memory.dmp

memory/4316-132-0x00000000024D0000-0x00000000025D0000-memory.dmp

memory/4316-135-0x0000000002480000-0x00000000024A7000-memory.dmp

memory/5112-131-0x0000000000400000-0x0000000000930000-memory.dmp

memory/816-134-0x0000000000400000-0x00000000022D3000-memory.dmp

memory/4316-137-0x0000000061E00000-0x0000000061EF3000-memory.dmp

memory/4316-141-0x0000000000400000-0x00000000022DA000-memory.dmp

memory/1624-143-0x0000000001BB0000-0x0000000001CB0000-memory.dmp

memory/4392-178-0x0000000004BB0000-0x0000000004BE6000-memory.dmp

memory/4392-179-0x00000000072A0000-0x00000000078C8000-memory.dmp

memory/4392-185-0x00000000715A0000-0x0000000071C8E000-memory.dmp

memory/4392-186-0x00000000047F0000-0x0000000004800000-memory.dmp

memory/4392-187-0x00000000047F0000-0x0000000004800000-memory.dmp

memory/4392-191-0x0000000007930000-0x0000000007952000-memory.dmp

memory/4392-192-0x0000000007C70000-0x0000000007CD6000-memory.dmp

memory/4392-193-0x0000000007D10000-0x0000000007D76000-memory.dmp

memory/4392-195-0x0000000007D80000-0x00000000080D0000-memory.dmp

memory/3248-196-0x0000000003A10000-0x0000000003E0D000-memory.dmp

\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/4392-212-0x0000000006ED0000-0x0000000006EEC000-memory.dmp

memory/4392-214-0x0000000008230000-0x000000000827B000-memory.dmp

memory/1464-216-0x0000000000C20000-0x0000000001511000-memory.dmp

C:\Users\Admin\AppData\Roaming\ajccjhd

MD5 91f8f6d9542afc52dd9f37e6eddf873d
SHA1 7688f5873d434e7d889764460962dedb312ca453
SHA256 10ad8a578b2891a9e9dd2f97b7680f35b82c25777799e1a2bb7b03a538efbe16
SHA512 a09b77178e2ae8a3836d640c9b1028c60857d971c3ed65ef736c6cd5360ef9b5ab2e039ef1929ce4fb9feb95975b740363b79b81916129a501c5f496d525759d

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4g5cmi04.nlr.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

C:\ProgramData\Are.docx

MD5 a33e5b189842c5867f46566bdbf7a095
SHA1 e1c06359f6a76da90d19e8fd95e79c832edb3196
SHA256 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454
SHA512 f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

memory/4392-248-0x00000000091D0000-0x000000000920C000-memory.dmp

memory/3248-255-0x0000000003F10000-0x00000000047FB000-memory.dmp

memory/4392-282-0x0000000009290000-0x0000000009306000-memory.dmp

memory/4316-285-0x0000000000400000-0x00000000022DA000-memory.dmp

memory/4392-295-0x000000000A110000-0x000000000A143000-memory.dmp

memory/4392-296-0x000000006E130000-0x000000006E17B000-memory.dmp

memory/4392-297-0x000000006E490000-0x000000006E7E0000-memory.dmp

memory/3248-298-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/4392-299-0x0000000008200000-0x000000000821E000-memory.dmp

memory/4392-305-0x000000000A150000-0x000000000A1F5000-memory.dmp

memory/5112-306-0x0000000000CD0000-0x0000000000CD1000-memory.dmp

memory/4560-307-0x0000000002670000-0x0000000002770000-memory.dmp

memory/4560-308-0x0000000000400000-0x00000000022D2000-memory.dmp

memory/4392-309-0x000000000A350000-0x000000000A3E4000-memory.dmp

memory/4560-386-0x0000000000400000-0x00000000022D2000-memory.dmp

memory/4392-512-0x000000000A220000-0x000000000A23A000-memory.dmp

memory/4392-517-0x000000000A210000-0x000000000A218000-memory.dmp

memory/4392-537-0x00000000715A0000-0x0000000071C8E000-memory.dmp

memory/4392-539-0x00000000715A0000-0x0000000071C8E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 14a51bd9bcd50a7de4e4c7f3be243294
SHA1 058b9962697644087087dd2c81f158a676ed044a
SHA256 66c2f28ee6d0c3bf54525c0ebb55c4c10f7065e5abf2555a3193c89405ad8e91
SHA512 2c0556c494c4574aa52104a12f7ed5d73ff754f5b4d9b6613f95ca2a94592f6552103f7aad790f814076fbe619abc207501c507e900fd823454f406ad1b76f44

memory/3248-543-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/3372-545-0x0000000003C60000-0x0000000004066000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 46b1068f4a605358281eafb05bf4f7ce
SHA1 acdaf418f82cb4fdaa43c5e41c3c1381b14faa23
SHA256 df3c7e15390ddbf8b5a191788af6a5e3adaa25915deeecc34b664cc7b2f061ba
SHA512 3a1df0477ab7bfd322a2e382aa85c385017c7bf5435847344dd6a811f32d6a503da326453b89b81613ffa34257a7f765c71a2202bba89252f22e0b66d4bbbadb

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 d3dce443c0776c711a94c9cdc959d3cf
SHA1 3f4be766843daa8b66f74af0fbccef09a3356db0
SHA256 9425a5ced97ed177f7e87c4a3eec027ea7a03dd93ecd05a570a76f4d4ea659cc
SHA512 3f45534add7ac0eb6dc6130f4a376bc9bd353f696d2702b18b72c5095b8c33a15defd490775fad3bdd6c59d27c8a7910995199540e366f7ad5e7125603e79a6f

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 db01a2c1c7e70b2b038edf8ad5ad9826
SHA1 540217c647a73bad8d8a79e3a0f3998b5abd199b
SHA256 413da361d77055dae7007f82b58b366c8783aa72e0b8fbe41519b940c253b38d
SHA512 c76ff57fcee5cdf9fdf3116d4e1dc0cf106867bf19ab474b763e242acf5dca9a7509cb837c35e130c3e056636b4e8a4e135512a978bcd3dd641e20f5bf76c3d6

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 c00f20ada2db7b973d7d5904fe9f0684
SHA1 318fe1ba726eac1a0c6ab2b0e887eee339bb22bd
SHA256 a1aced01d4c3f87b914896f0202c549da78d42f9557168d314830308180dee2f
SHA512 7ca4d1655c56a05c54c98d990250c764fb78995438afa6d99a7f9cda8f895210c8521d77499643eaf143f9349ca2affb04cf98d135642d6e27f0bc3b10de6c46

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 dec1b5b9dbf04b70a0bc69552c0f332b
SHA1 93467e418eb613a224dadff6bb6d7a547a626211
SHA256 66d5c4d590524718f52e24c24409b16a579edf9654d532039a79f63c8feefdc8
SHA512 6252b77b27080ac033553424c7cb1bda05502a7571f5cf90c5d0bd686cb5a81164e6fd4b13d8ec0430a10548f07f20ad5fb3cad207d5178bd6584658ee36200d

C:\Windows\rss\csrss.exe

MD5 0c7b8daa9b09bcdf947a020bf28c2f19
SHA1 738f89f4da5256d14fe11394cf79e42060a7e98b
SHA256 ff0c709f06a8850794f2501c7dc9ce4ffc75f1ab3039218952cd87a067d3d3ff
SHA512 b069ef6d30a5afafc4b4e2632cb4f9da65e58dcedb66706921d85a6be97a024c1e786ec51299ba52668a65fe948d499609aa2b4978fb20738dd0b643d84cbcf6

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 b0a31bb8a1a65db4ec2e082688492516
SHA1 6ab39dbafea5e32650e8515978bc72ec16652d19
SHA256 8c13b7796995331b2ccb22871245fae1aa6b57d92ae0ef76ff80d2630ce3bcfd
SHA512 bf52a31320f3a6b3d249d8d44bf85eba64ee4993af8777b3480a49c12c98079d51b527634cc800a89ae42d05e382f57642bd935c37b7ba5f0ef2a828cf569033

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 b05d4b6da68160a46cebe5356d5d4a00
SHA1 ac370a0f73b646f53596e6ad5111bb3aa2e41afc
SHA256 5f1491aec878733807ddf1c7eec1858b3941e338a0fdb91256c670c18b56a76c
SHA512 370cf7ceadc1fc7dc2034b0a14ce6a80c9a4a46dc65c2b0fa1cfe56834a85b61bea427a5faeab7aa16e11cc2291df2432660fa70963470277cc92b5ed230ba2c

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 56a7072c47a19d3a5277080c19372097
SHA1 ffe3708642fa0039fcd6d7c23dacc11ded713021
SHA256 1fcd441f7e11d4df4fc7245a2273ba5cbee7180e6a2cd7d9613a93eb5eac12bc
SHA512 aa4ceeac9e135aa7fbdbc8b7e6804ce2ec38f5dd87ca7c256b4ac3009108e8e9a9405918c0acf7171fda50d46d3c901ae22419cec49990a5aa15ac0f404cebda

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

MD5 d98e33b66343e7c96158444127a117f6
SHA1 bb716c5509a2bf345c6c1152f6e3e1452d39d50d
SHA256 5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1
SHA512 705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

C:\Windows\windefender.exe

MD5 3cee364c54a316d5e1640b0875636b19
SHA1 ac2ce8ed4fee293ce66517dd5d9e54d99336e07f
SHA256 fed9f01b17df8d0a1d7442ffb96e95f9f88e7c25cb38fc8872722928cdcffd01
SHA512 b1bebf4644790af4651afd3b2d770c3e46370b4526f7220c3c4ab85224da0574f681daa94041737305d483b2ae73092b43f2881fbd4d6e1dfa124b688d9f1969

C:\Windows\windefender.exe

MD5 eac3c94e166a4ac3e7d3dbf26d505ebb
SHA1 c231e723ad6077f9b6bd12c5e7bd3fd208f7fa45
SHA256 662eb9030b85d481e53772eb13a1b747a62bc68a862e0e4ba90f4e6acb3fe124
SHA512 b5b0f2d3205ebf43593ae73318cc078b5eafed92be6c8d113cf0e7dbef9f84da759301393b9528ac7f11b2f82dd8a190ad5c2b9066c84afbc1c9fb775fcff1a0

C:\Windows\windefender.exe

MD5 960af5b5ae4f82427666734c280f00e4
SHA1 a7e216ee29113acaec28eb4043fe3cf8b40c46b7
SHA256 52311eaf67b77bad0abac58797dd0749cb544cea3001d9cd37804c314149bd85
SHA512 e6f94ea6a74343bccb9e5bad99d9d500f18565806dc146bd04fa9839bafbec431d8c27da650bd4bbed2fd58ba4260cec02dbc032b7d6a989e25ae6c98697465d