Analysis Overview
SHA256
1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6
Threat Level: Known bad
The file 1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6 was found to be: Known bad.
Malicious Activity Summary
DcRat
Windows security bypass
SmokeLoader
Glupteba
Pitou
Lumma Stealer
Glupteba payload
Modifies Windows Firewall
Downloads MZ/PE file
UPX packed file
Loads dropped DLL
Windows security modification
Reads data files stored by FTP clients
Executes dropped EXE
Reads user/profile data of web browsers
Deletes itself
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Adds Run key to start application
Accesses cryptocurrency files/wallets, possible credential harvesting
Writes to the Master Boot Record (MBR)
Drops file in System32 directory
Suspicious use of SetThreadContext
Launches sc.exe
Checks for VirtualBox DLLs, possible anti-VM trick
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Program crash
Suspicious use of AdjustPrivilegeToken
Creates scheduled task(s)
Modifies data under HKEY_USERS
Modifies system certificate store
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
Checks processor information in registry
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-29 04:49
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-29 04:49
Reported
2024-02-29 04:54
Platform
win7-20240221-en
Max time kernel
287s
Max time network
303s
Command Line
Signatures
DcRat
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\9695.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Pitou
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Windows security bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9695.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9695.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AF45.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B6C4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\CCC5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E517.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\dwjvhht | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u26k.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u26k.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| N/A | N/A | C:\Windows\rss\csrss.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe | N/A |
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Windows security modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\9695.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\B6C4.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2964 set thread context of 2548 | N/A | C:\Users\Admin\AppData\Local\Temp\9695.exe | C:\Users\Admin\AppData\Local\Temp\9695.exe |
Checks for VirtualBox DLLs, possible anti-VM trick
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rss\csrss.exe | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| File created | C:\Windows\Logs\CBS\CbsPersist_20240229045022.cab | C:\Windows\system32\makecab.exe | N/A |
| File opened for modification | C:\Windows\rss | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\AF45.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\E517.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\E517.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\E517.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\u26k.0.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\u26k.0.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-692 = "Tasmania Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\dhcpqec.dll,-103 = "1.0" | C:\Windows\system32\netsh.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-452 = "Caucasus Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-242 = "Samoa Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-831 = "SA Eastern Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\eapqec.dll,-100 = "EAP Quarantine Enforcement Client" | C:\Windows\system32\netsh.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-982 = "Kamchatka Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-772 = "Montevideo Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-191 = "Mountain Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-1042 = "Ulaanbaatar Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-231 = "Hawaiian Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-161 = "Central Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-572 = "China Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-682 = "E. Australia Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-262 = "GMT Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\tsgqec.dll,-103 = "Microsoft Corporation" | C:\Windows\system32\netsh.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-21 = "Cape Verde Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-252 = "Dateline Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-432 = "Iran Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-892 = "Morocco Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-671 = "AUS Eastern Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-152 = "Central America Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-151 = "Central America Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\napipsec.dll,-2 = "Provides IPsec based enforcement for Network Access Protection" | C:\Windows\system32\netsh.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-141 = "Canada Central Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-122 = "SA Pacific Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-341 = "Egypt Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-352 = "FLE Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-981 = "Kamchatka Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-532 = "Sri Lanka Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-512 = "Central Asia Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-172 = "Central Standard Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-721 = "Central Pacific Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-361 = "GTB Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-542 = "Myanmar Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-561 = "SE Asia Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-222 = "Alaskan Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-142 = "Canada Central Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-171 = "Central Daylight Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-112 = "Eastern Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-731 = "Fiji Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-842 = "Argentina Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-281 = "Central Europe Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-42 = "E. South America Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-132 = "US Eastern Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-462 = "Afghanistan Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-832 = "SA Eastern Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-332 = "E. Europe Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-331 = "E. Europe Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-362 = "GTB Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-214 = "Pacific Daylight Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-251 = "Dateline Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-791 = "SA Western Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-391 = "Arab Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-872 = "Pakistan Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-891 = "Morocco Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-364 = "Middle East Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-421 = "Russian Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-932 = "Coordinated Universal Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-912 = "Mauritius Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-1021 = "Bangladesh Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-292 = "Central European Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-931 = "Coordinated Universal Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-448 = "Azerbaijan Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4 | C:\Windows\rss\csrss.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a42000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6 | C:\Windows\rss\csrss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 0f00000001000000200000004b4eb4b074298b828b5c003095a10b4523fb951c0c88348b09c53e5baba408a3030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a42000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 1400000001000000140000004e2254201895e6e36ee60ffafab912ed06178f39030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a40f00000001000000200000004b4eb4b074298b828b5c003095a10b4523fb951c0c88348b09c53e5baba408a32000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 040000000100000010000000e4a68ac854ac5242460afd72481b2a440f00000001000000200000004b4eb4b074298b828b5c003095a10b4523fb951c0c88348b09c53e5baba408a3030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a41400000001000000140000004e2254201895e6e36ee60ffafab912ed06178f392000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 19000000010000001000000014c3bd3549ee225aece13734ad8ca0b81400000001000000140000004e2254201895e6e36ee60ffafab912ed06178f39030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a40f00000001000000200000004b4eb4b074298b828b5c003095a10b4523fb951c0c88348b09c53e5baba408a3040000000100000010000000e4a68ac854ac5242460afd72481b2a442000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E517.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\rss\csrss.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u26k.1.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6.exe
"C:\Users\Admin\AppData\Local\Temp\1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6.exe"
C:\Users\Admin\AppData\Local\Temp\9695.exe
C:\Users\Admin\AppData\Local\Temp\9695.exe
C:\Users\Admin\AppData\Local\Temp\9695.exe
C:\Users\Admin\AppData\Local\Temp\9695.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9CBD.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\9CBD.dll
C:\Users\Admin\AppData\Local\Temp\AF45.exe
C:\Users\Admin\AppData\Local\Temp\AF45.exe
C:\Users\Admin\AppData\Local\Temp\B6C4.exe
C:\Users\Admin\AppData\Local\Temp\B6C4.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 124
C:\Users\Admin\AppData\Local\Temp\CCC5.exe
C:\Users\Admin\AppData\Local\Temp\CCC5.exe
C:\Windows\system32\taskeng.exe
taskeng.exe {C2D144E8-2DFA-47C6-954F-CC58E41C23A3} S-1-5-21-778096762-2241304387-192235952-1000:AYFLYVMK\Admin:Interactive:[1]
C:\Users\Admin\AppData\Local\Temp\E517.exe
C:\Users\Admin\AppData\Local\Temp\E517.exe
C:\Users\Admin\AppData\Roaming\dwjvhht
C:\Users\Admin\AppData\Roaming\dwjvhht
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\u26k.0.exe
"C:\Users\Admin\AppData\Local\Temp\u26k.0.exe"
C:\Users\Admin\AppData\Local\Temp\u26k.1.exe
"C:\Users\Admin\AppData\Local\Temp\u26k.1.exe"
C:\Windows\system32\makecab.exe
"C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20240229045022.log C:\Windows\Logs\CBS\CbsPersist_20240229045022.cab
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\system32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\system32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe
"C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe"
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| AR | 186.182.55.44:80 | trmpc.com | tcp |
| US | 8.8.8.8:53 | joly.bestsup.su | udp |
| US | 172.67.171.112:80 | joly.bestsup.su | tcp |
| NO | 185.90.61.218:443 | tcp | |
| RU | 109.71.204.203:9001 | tcp | |
| NL | 185.142.239.49:4444 | tcp | |
| RU | 213.158.31.231:22711 | tcp | |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| HK | 103.253.41.98:9001 | tcp | |
| US | 154.35.175.225:443 | tcp | |
| US | 162.247.74.201:443 | tcp | |
| US | 15.204.141.14:443 | tcp | |
| NL | 62.112.9.92:443 | tcp | |
| N/A | 127.0.0.1:49296 | tcp | |
| NL | 62.112.9.92:443 | tcp | |
| US | 15.204.141.14:443 | tcp | |
| US | 8.8.8.8:53 | kamsmad.com | udp |
| MX | 187.204.97.211:80 | kamsmad.com | tcp |
| N/A | 127.0.0.1:29863 | tcp | |
| MX | 187.204.97.211:80 | kamsmad.com | tcp |
| MX | 187.204.97.211:80 | kamsmad.com | tcp |
| N/A | 127.0.0.1:29863 | tcp | |
| MX | 187.204.97.211:80 | kamsmad.com | tcp |
| N/A | 127.0.0.1:29863 | tcp | |
| MX | 187.204.97.211:80 | kamsmad.com | tcp |
| MX | 187.204.97.211:80 | kamsmad.com | tcp |
| N/A | 127.0.0.1:29863 | tcp | |
| MX | 187.204.97.211:80 | kamsmad.com | tcp |
| MX | 187.204.97.211:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | icecasino.com | udp |
| US | 8.8.8.8:53 | casinopremiere.it | udp |
| US | 8.8.8.8:53 | login.blockchain.com | udp |
| US | 8.8.8.8:53 | icecasino.com | udp |
| US | 8.8.8.8:53 | icecasino.com | udp |
| US | 8.8.8.8:53 | casinopremiere.it | udp |
| US | 8.8.8.8:53 | timesheet.mastersystem.co.id | udp |
| US | 8.8.8.8:53 | login.blockchain.com | udp |
| US | 8.8.8.8:53 | timesheet.mastersystem.co.id | udp |
| US | 8.8.8.8:53 | refer.click4kash.com | udp |
| MX | 187.204.97.211:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | en.gay-lounge.net | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | netreg.isu.edu.tw | udp |
| US | 8.8.8.8:53 | pornhubpremium.com | udp |
| US | 8.8.8.8:53 | en.gay-lounge.net | udp |
| US | 8.8.8.8:53 | refer.click4kash.com | udp |
| US | 8.8.8.8:53 | refer.click4kash.com | udp |
| US | 8.8.8.8:53 | curso.mairovergara.com | udp |
| US | 8.8.8.8:53 | giris.turkiye.gov.tr | udp |
| US | 8.8.8.8:53 | netreg.isu.edu.tw | udp |
| US | 8.8.8.8:53 | inflight.pacwisp.net | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | pornhubpremium.com | udp |
| US | 8.8.8.8:53 | pornhubpremium.com | udp |
| US | 8.8.8.8:53 | netreg.isu.edu.tw | udp |
| US | 8.8.8.8:53 | curso.mairovergara.com | udp |
| US | 8.8.8.8:53 | netreg.isu.edu.tw | udp |
| US | 8.8.8.8:53 | giris.turkiye.gov.tr | udp |
| US | 8.8.8.8:53 | inflight.pacwisp.net | udp |
| US | 8.8.8.8:53 | consensys.zendesk.com | udp |
| US | 8.8.8.8:53 | us04web.zoom.us | udp |
| US | 8.8.8.8:53 | englishclass101.com | udp |
| US | 8.8.8.8:53 | consensys.zendesk.com | udp |
| US | 8.8.8.8:53 | consensys.zendesk.com | udp |
| US | 8.8.8.8:53 | us04web.zoom.us | udp |
| US | 8.8.8.8:53 | studentcare.co.th | udp |
| US | 8.8.8.8:53 | mail-pod-27.int.zendesk.com | udp |
| US | 8.8.8.8:53 | mxa-002a0701.gslb.pphosted.com | udp |
| US | 8.8.8.8:53 | englishclass101.com | udp |
| US | 8.8.8.8:53 | englishclass101.com | udp |
| US | 8.8.8.8:53 | studentcare.co.th | udp |
| US | 8.8.8.8:53 | mxa-002a0701.gslb.pphosted.com | udp |
| US | 8.8.8.8:53 | studentcare.co.th | udp |
| US | 8.8.8.8:53 | auth.uber.com | udp |
| US | 8.8.8.8:53 | nouonline.net | udp |
| US | 8.8.8.8:53 | auth.uber.com | udp |
| US | 8.8.8.8:53 | 3rdauth.pucpr.br | udp |
| US | 8.8.8.8:53 | mx.languagepod101.com | udp |
| US | 8.8.8.8:53 | nouonline.net | udp |
| US | 8.8.8.8:53 | sia.estacio.br | udp |
| US | 8.8.8.8:53 | connect.csc.gov.in | udp |
| US | 8.8.8.8:53 | authenticate.riotgames.com | udp |
| US | 8.8.8.8:53 | 3rdauth.pucpr.br | udp |
| US | 8.8.8.8:53 | mx1.mailchannels.net | udp |
| US | 8.8.8.8:53 | sia.estacio.br | udp |
| US | 8.8.8.8:53 | mail.studentcare.co.th | udp |
| US | 8.8.8.8:53 | connect.csc.gov.in | udp |
| US | 8.8.8.8:53 | mx.sendgrid.net | udp |
| US | 8.8.8.8:53 | sia.estacio.br | udp |
| US | 8.8.8.8:53 | authenticate.riotgames.com | udp |
| US | 8.8.8.8:53 | connect.csc.gov.in | udp |
| US | 8.8.8.8:53 | lenudi.com | udp |
| US | 8.8.8.8:53 | lenudi.com | udp |
| US | 8.8.8.8:53 | online.kasikornbankgroup.com | udp |
| US | 8.8.8.8:53 | snipsly.com | udp |
| US | 8.8.8.8:53 | accounts.claveunica.gob.cl | udp |
| US | 8.8.8.8:53 | gb-latino.pe | udp |
| US | 8.8.8.8:53 | aissfa.ccss.sa.cr | udp |
| US | 8.8.8.8:53 | inetdec.nra.bg | udp |
| US | 8.8.8.8:53 | online.kasikornbankgroup.com | udp |
| US | 8.8.8.8:53 | access.ex.indianoil.in | udp |
| US | 8.8.8.8:53 | snipsly.com | udp |
| US | 8.8.8.8:53 | accounts.claveunica.gob.cl | udp |
| US | 8.8.8.8:53 | gb-latino.pe | udp |
| US | 8.8.8.8:53 | aissfa.ccss.sa.cr | udp |
| US | 8.8.8.8:53 | inetdec.nra.bg | udp |
| US | 8.8.8.8:53 | access.ex.indianoil.in | udp |
| US | 8.8.8.8:53 | inetdec.nra.bg | udp |
| US | 8.8.8.8:53 | likehost.host | udp |
| US | 8.8.8.8:53 | needrom.com | udp |
| US | 8.8.8.8:53 | likehost.host | udp |
| US | 8.8.8.8:53 | needrom.com | udp |
| US | 8.8.8.8:53 | likehost.host | udp |
| US | 8.8.8.8:53 | colegiomilitarizado.territorio.la | udp |
| US | 8.8.8.8:53 | needrom.com | udp |
| US | 8.8.8.8:53 | colegiomilitarizado.territorio.la | udp |
| US | 8.8.8.8:53 | alliancex.org | udp |
| US | 8.8.8.8:53 | app.life360.com | udp |
| US | 8.8.8.8:53 | connect.ubisoft.com | udp |
| US | 8.8.8.8:53 | connect.ubisoft.com | udp |
| US | 8.8.8.8:53 | ec1.educationcity.com | udp |
| US | 8.8.8.8:53 | likehost.host | udp |
| US | 8.8.8.8:53 | alliancex.org | udp |
| US | 8.8.8.8:53 | app.life360.com | udp |
| US | 8.8.8.8:53 | br.betano.com | udp |
| US | 8.8.8.8:53 | clegc-gckey.gc.ca | udp |
| US | 8.8.8.8:53 | moodle.kiet.edu | udp |
| US | 8.8.8.8:53 | id.atlassian.com | udp |
| US | 8.8.8.8:53 | ec1.educationcity.com | udp |
| US | 8.8.8.8:53 | br.betano.com | udp |
| US | 8.8.8.8:53 | mobile.twitter.com | udp |
| US | 8.8.8.8:53 | uvirtual.udem.edu.co | udp |
| US | 8.8.8.8:53 | clegc-gckey.gc.ca | udp |
| US | 8.8.8.8:53 | mail.needrom.com | udp |
| US | 8.8.8.8:53 | mail.needrom.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | clegc-gckey.gc.ca | udp |
| US | 8.8.8.8:53 | mail.needrom.com | udp |
| US | 8.8.8.8:53 | tr.000webhost.com | udp |
| US | 8.8.8.8:53 | moodle.kiet.edu | udp |
| US | 8.8.8.8:53 | moodle.kiet.edu | udp |
| US | 8.8.8.8:53 | id.atlassian.com | udp |
| US | 8.8.8.8:53 | thaiair.com | udp |
| US | 8.8.8.8:53 | signin.techsmith.com | udp |
| US | 8.8.8.8:53 | venge.io | udp |
| US | 8.8.8.8:53 | www1.royalbank.com | udp |
| US | 8.8.8.8:53 | mobile.twitter.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | analogion.com | udp |
| US | 8.8.8.8:53 | sexting.de | udp |
| US | 8.8.8.8:53 | up.woozooo.com | udp |
| US | 8.8.8.8:53 | sso.acesso.gov.br | udp |
| US | 8.8.8.8:53 | uvirtual.udem.edu.co | udp |
| US | 8.8.8.8:53 | uvirtual.udem.edu.co | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | tr.000webhost.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | signin.techsmith.com | udp |
| US | 8.8.8.8:53 | thaiair.com | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | thaiair.com | udp |
| US | 8.8.8.8:53 | atlassian.mx.e.sparkpost.com | udp |
| US | 8.8.8.8:53 | venge.io | udp |
| US | 8.8.8.8:53 | venge.io | udp |
| US | 8.8.8.8:53 | www1.royalbank.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | analogion.com | udp |
| US | 8.8.8.8:53 | analogion.com | udp |
| US | 8.8.8.8:53 | sexting.de | udp |
| US | 8.8.8.8:53 | sexting.de | udp |
| US | 8.8.8.8:53 | up.woozooo.com | udp |
| US | 8.8.8.8:53 | up.woozooo.com | udp |
| US | 8.8.8.8:53 | network.nutaku.net | udp |
| US | 8.8.8.8:53 | sso.acesso.gov.br | udp |
| US | 8.8.8.8:53 | sso.acesso.gov.br | udp |
| US | 8.8.8.8:53 | 6moon.fr | udp |
| US | 8.8.8.8:53 | 6moon.fr | udp |
| US | 8.8.8.8:53 | aaplesarkar.mahaonline.gov.in | udp |
| US | 8.8.8.8:53 | aaplesarkar.mahaonline.gov.in | udp |
| US | 8.8.8.8:53 | us-smtp-inbound-1.mimecast.com | udp |
| US | 8.8.8.8:53 | analogion-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | bbs.steamtools.net | udp |
| US | 8.8.8.8:53 | bdvenlinea.banvenez.com | udp |
| US | 8.8.8.8:53 | stci-mutuelleservices.com | udp |
| US | 8.8.8.8:53 | mysapk.bkn.go.id | udp |
| US | 8.8.8.8:53 | mtkfile.com | udp |
| US | 8.8.8.8:53 | bbs.steamtools.net | udp |
| US | 8.8.8.8:53 | stci-mutuelleservices.com | udp |
| US | 8.8.8.8:53 | mx3.mail.ovh.net | udp |
| US | 8.8.8.8:53 | connect.macif.fr | udp |
| US | 8.8.8.8:53 | bdvenlinea.banvenez.com | udp |
| US | 8.8.8.8:53 | ravenustreasures.hibid.com | udp |
| US | 8.8.8.8:53 | nleaks.nl | udp |
| US | 8.8.8.8:53 | ijzershop-acac.be | udp |
| US | 8.8.8.8:53 | mysapk.bkn.go.id | udp |
| US | 8.8.8.8:53 | qqjudislot.com | udp |
| US | 8.8.8.8:53 | mtkfile.com | udp |
| US | 8.8.8.8:53 | foolic.com | udp |
| US | 8.8.8.8:53 | docsity.com | udp |
| US | 8.8.8.8:53 | login.szn.cz | udp |
| US | 8.8.8.8:53 | test.matematicauniversitaria.com | udp |
| US | 8.8.8.8:53 | online.rshb.ru | udp |
| US | 8.8.8.8:53 | ravenustreasures.hibid.com | udp |
| US | 8.8.8.8:53 | connect.macif.fr | udp |
| US | 8.8.8.8:53 | nleaks.nl | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | ijzershop-acac.be | udp |
| US | 8.8.8.8:53 | my.mheducation.com | udp |
| US | 8.8.8.8:53 | globalpartners.com.my | udp |
| US | 8.8.8.8:53 | sdnpondokbambu14pagi.net | udp |
| US | 8.8.8.8:53 | foolic.com | udp |
| US | 8.8.8.8:53 | smtp.bkn.go.id | udp |
| US | 8.8.8.8:53 | qqjudislot.com | udp |
| US | 8.8.8.8:53 | qqjudislot.com | udp |
| US | 8.8.8.8:53 | qqjudislot.com | udp |
| US | 8.8.8.8:53 | docsity.com | udp |
| US | 8.8.8.8:53 | login.szn.cz | udp |
| US | 8.8.8.8:53 | login.szn.cz | udp |
| US | 8.8.8.8:53 | test.matematicauniversitaria.com | udp |
| US | 8.8.8.8:53 | test.matematicauniversitaria.com | udp |
| US | 8.8.8.8:53 | login.ubc.org.br | udp |
| US | 8.8.8.8:53 | online.rshb.ru | udp |
| US | 8.8.8.8:53 | training.sportsdata.ag | udp |
| US | 8.8.8.8:53 | online.rshb.ru | udp |
| US | 8.8.8.8:53 | c45340.sgvps.net | udp |
| US | 8.8.8.8:53 | globalpartners.com.my | udp |
| US | 8.8.8.8:53 | cpdn.org | udp |
| US | 8.8.8.8:53 | securem42.sgcpanel.com | udp |
| US | 8.8.8.8:53 | tellonym.me | udp |
| US | 8.8.8.8:53 | my.mheducation.com | udp |
| US | 8.8.8.8:53 | sdnpondokbambu14pagi.net | udp |
| US | 8.8.8.8:53 | milkyway-568.com | udp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | login.ubc.org.br | udp |
| US | 8.8.8.8:53 | globalpartners.com.my | udp |
| US | 8.8.8.8:53 | mail.ijzershop-acac.be | udp |
| US | 8.8.8.8:53 | training.sportsdata.ag | udp |
| US | 8.8.8.8:53 | globalpartners.com.my | udp |
| US | 8.8.8.8:53 | c45340.sgvps.net | udp |
| US | 8.8.8.8:53 | _dc-mx.65a69c22a5d6.foolic.com | udp |
| US | 8.8.8.8:53 | _dc-mx.65a69c22a5d6.foolic.com | udp |
| US | 8.8.8.8:53 | cpdn.org | udp |
| US | 8.8.8.8:53 | securem42.sgcpanel.com | udp |
| US | 8.8.8.8:53 | securem42.sgcpanel.com | udp |
| US | 8.8.8.8:53 | tellonym.me | udp |
| US | 8.8.8.8:53 | tellonym.me | udp |
| US | 8.8.8.8:53 | securem42.sgcpanel.com | udp |
| US | 8.8.8.8:53 | tawjihi.ma | udp |
| US | 8.8.8.8:53 | milkyway-568.com | udp |
| US | 8.8.8.8:53 | tawjihi.ma | udp |
| US | 8.8.8.8:53 | apps.pertamina.com | udp |
| US | 8.8.8.8:53 | mail.globalpartners.com.my | udp |
| US | 8.8.8.8:53 | apps.pertamina.com | udp |
| US | 8.8.8.8:53 | amazon.ae | udp |
| US | 8.8.8.8:53 | amazon.ae | udp |
| US | 8.8.8.8:53 | precatorio.alagoinhas.ba.gov.br | udp |
| US | 8.8.8.8:53 | precatorio.alagoinhas.ba.gov.br | udp |
| US | 8.8.8.8:53 | park-mx.above.com | udp |
| US | 8.8.8.8:53 | mail.c45340.sgvps.net | udp |
| US | 8.8.8.8:53 | cpdn-application.cpdn.org | udp |
| US | 8.8.8.8:53 | precatorio.alagoinhas.ba.gov.br | udp |
| US | 8.8.8.8:53 | examinationservices.nic.in | udp |
| US | 8.8.8.8:53 | ligarbaflowers.com | udp |
| US | 8.8.8.8:53 | ftp.lenudi.com | udp |
| US | 8.8.8.8:53 | examinationservices.nic.in | udp |
| N/A | 127.0.0.1:29863 | tcp | |
| US | 8.8.8.8:53 | ligarbaflowers.com | udp |
| US | 8.8.8.8:53 | tawjihi-ma.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | registration.adfa.edu.au | udp |
| US | 8.8.8.8:53 | auth.riotgames.com | udp |
| US | 8.8.8.8:53 | online.cbexams.com | udp |
| US | 8.8.8.8:53 | vinaphone.com.vn | udp |
| US | 8.8.8.8:53 | edistrict.delhigovt.nic.in | udp |
| US | 8.8.8.8:53 | visahome.prismamediosdepago.com | udp |
| US | 8.8.8.8:53 | ftp.likehost.host | udp |
| US | 8.8.8.8:53 | registration.adfa.edu.au | udp |
| US | 8.8.8.8:53 | registration.adfa.edu.au | udp |
| US | 8.8.8.8:53 | mail.lenudi.com | udp |
| US | 8.8.8.8:53 | vinaphone.com.vn | udp |
| US | 8.8.8.8:53 | auth.riotgames.com | udp |
| US | 8.8.8.8:53 | online.cbexams.com | udp |
| US | 8.8.8.8:53 | amazon-smtp.amazon.com | udp |
| US | 8.8.8.8:53 | edistrict.delhigovt.nic.in | udp |
| US | 8.8.8.8:53 | heroesofnewerth.com | udp |
| US | 8.8.8.8:53 | edistrict.delhigovt.nic.in | udp |
| US | 8.8.8.8:53 | edistrict.delhigovt.nic.in | udp |
| US | 8.8.8.8:53 | heroesofnewerth.com | udp |
| US | 8.8.8.8:53 | visahome.prismamediosdepago.com | udp |
| US | 8.8.8.8:53 | visahome.prismamediosdepago.com | udp |
| US | 8.8.8.8:53 | archinauti.poliba.it | udp |
| US | 8.8.8.8:53 | archinauti.poliba.it | udp |
| US | 8.8.8.8:53 | auth.itza.world | udp |
| US | 8.8.8.8:53 | auth.itza.world | udp |
| US | 8.8.8.8:53 | dashboard.twitch.tv | udp |
| US | 8.8.8.8:53 | earn.surf | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| N/A | 127.0.0.1:49540 | tcp | |
| N/A | 127.0.0.1:49545 | tcp | |
| N/A | 127.0.0.1:49549 | tcp | |
| N/A | 127.0.0.1:49553 | tcp | |
| N/A | 127.0.0.1:49558 | tcp | |
| N/A | 127.0.0.1:49563 | tcp | |
| N/A | 127.0.0.1:49566 | tcp | |
| N/A | 127.0.0.1:49571 | tcp | |
| N/A | 127.0.0.1:49573 | tcp | |
| N/A | 127.0.0.1:49580 | tcp | |
| N/A | 127.0.0.1:49584 | tcp | |
| N/A | 127.0.0.1:49589 | tcp | |
| N/A | 127.0.0.1:49595 | tcp | |
| N/A | 127.0.0.1:49599 | tcp | |
| N/A | 127.0.0.1:49601 | tcp | |
| N/A | 127.0.0.1:49603 | tcp | |
| N/A | 127.0.0.1:49625 | tcp | |
| N/A | 127.0.0.1:49630 | tcp | |
| N/A | 127.0.0.1:49632 | tcp | |
| N/A | 127.0.0.1:49636 | tcp | |
| N/A | 127.0.0.1:49639 | tcp | |
| N/A | 127.0.0.1:49641 | tcp | |
| N/A | 127.0.0.1:49643 | tcp | |
| N/A | 127.0.0.1:49645 | tcp | |
| N/A | 127.0.0.1:49652 | tcp | |
| N/A | 127.0.0.1:49660 | tcp | |
| N/A | 127.0.0.1:49662 | tcp | |
| N/A | 127.0.0.1:49667 | tcp | |
| N/A | 127.0.0.1:49673 | tcp | |
| N/A | 127.0.0.1:49676 | tcp | |
| N/A | 127.0.0.1:49679 | tcp | |
| N/A | 127.0.0.1:49684 | tcp | |
| N/A | 127.0.0.1:49687 | tcp | |
| N/A | 127.0.0.1:49692 | tcp | |
| N/A | 127.0.0.1:49698 | tcp | |
| N/A | 127.0.0.1:49700 | tcp | |
| N/A | 127.0.0.1:49703 | tcp | |
| N/A | 127.0.0.1:49706 | tcp | |
| N/A | 127.0.0.1:49708 | tcp | |
| N/A | 127.0.0.1:49712 | tcp | |
| N/A | 127.0.0.1:49715 | tcp | |
| N/A | 127.0.0.1:49723 | tcp | |
| N/A | 127.0.0.1:49725 | tcp | |
| N/A | 127.0.0.1:49727 | tcp | |
| N/A | 127.0.0.1:49732 | tcp | |
| N/A | 127.0.0.1:49734 | tcp | |
| N/A | 127.0.0.1:49740 | tcp | |
| N/A | 127.0.0.1:49742 | tcp | |
| N/A | 127.0.0.1:49747 | tcp | |
| N/A | 127.0.0.1:49750 | tcp | |
| N/A | 127.0.0.1:49757 | tcp | |
| N/A | 127.0.0.1:49764 | tcp | |
| N/A | 127.0.0.1:49766 | tcp | |
| N/A | 127.0.0.1:49769 | tcp | |
| N/A | 127.0.0.1:49774 | tcp | |
| N/A | 127.0.0.1:49778 | tcp | |
| N/A | 127.0.0.1:49780 | tcp | |
| N/A | 127.0.0.1:49786 | tcp | |
| N/A | 127.0.0.1:49790 | tcp | |
| N/A | 127.0.0.1:49793 | tcp | |
| N/A | 127.0.0.1:49798 | tcp | |
| N/A | 127.0.0.1:49802 | tcp | |
| N/A | 127.0.0.1:49805 | tcp | |
| N/A | 127.0.0.1:49809 | tcp | |
| N/A | 127.0.0.1:49812 | tcp | |
| N/A | 127.0.0.1:49817 | tcp | |
| N/A | 127.0.0.1:49820 | tcp | |
| N/A | 127.0.0.1:49827 | tcp | |
| N/A | 127.0.0.1:49836 | tcp | |
| N/A | 127.0.0.1:49838 | tcp | |
| N/A | 127.0.0.1:49841 | tcp | |
| N/A | 127.0.0.1:49843 | tcp | |
| N/A | 127.0.0.1:49848 | tcp | |
| N/A | 127.0.0.1:49851 | tcp | |
| N/A | 127.0.0.1:49854 | tcp | |
| N/A | 127.0.0.1:49856 | tcp | |
| N/A | 127.0.0.1:49861 | tcp | |
| N/A | 127.0.0.1:49866 | tcp | |
| N/A | 127.0.0.1:49870 | tcp | |
| N/A | 127.0.0.1:49875 | tcp | |
| N/A | 127.0.0.1:49880 | tcp | |
| N/A | 127.0.0.1:49885 | tcp | |
| N/A | 127.0.0.1:49887 | tcp | |
| N/A | 127.0.0.1:49894 | tcp | |
| N/A | 127.0.0.1:49897 | tcp | |
| N/A | 127.0.0.1:49900 | tcp | |
| N/A | 127.0.0.1:49902 | tcp | |
| N/A | 127.0.0.1:49906 | tcp | |
| N/A | 127.0.0.1:49908 | tcp | |
| N/A | 127.0.0.1:49910 | tcp | |
| N/A | 127.0.0.1:49914 | tcp | |
| N/A | 127.0.0.1:49917 | tcp | |
| N/A | 127.0.0.1:49920 | tcp | |
| N/A | 127.0.0.1:49923 | tcp | |
| N/A | 127.0.0.1:49925 | tcp | |
| N/A | 127.0.0.1:49931 | tcp | |
| N/A | 127.0.0.1:49935 | tcp | |
| N/A | 127.0.0.1:49940 | tcp | |
| N/A | 127.0.0.1:49945 | tcp | |
| N/A | 127.0.0.1:49949 | tcp | |
| N/A | 127.0.0.1:49951 | tcp | |
| N/A | 127.0.0.1:49957 | tcp | |
| N/A | 127.0.0.1:49961 | tcp | |
| N/A | 127.0.0.1:49964 | tcp | |
| N/A | 127.0.0.1:49966 | tcp | |
| N/A | 127.0.0.1:49970 | tcp | |
| N/A | 127.0.0.1:49978 | tcp | |
| N/A | 127.0.0.1:49983 | tcp | |
| N/A | 127.0.0.1:49989 | tcp | |
| N/A | 127.0.0.1:49993 | tcp | |
| N/A | 127.0.0.1:49996 | tcp | |
| US | 8.8.8.8:53 | 5ad6797e-c234-4701-b701-03e69df7be62.uuid.localstats.org | udp |
| US | 8.8.8.8:53 | msdl.microsoft.com | udp |
| US | 204.79.197.219:443 | msdl.microsoft.com | tcp |
| N/A | 127.0.0.1:49999 | tcp | |
| N/A | 127.0.0.1:50001 | tcp | |
| N/A | 127.0.0.1:50003 | tcp | |
| N/A | 127.0.0.1:50007 | tcp | |
| N/A | 127.0.0.1:50009 | tcp | |
| N/A | 127.0.0.1:50018 | tcp | |
| N/A | 127.0.0.1:29863 | tcp | |
| N/A | 127.0.0.1:50022 | tcp | |
| N/A | 127.0.0.1:50024 | tcp | |
| N/A | 127.0.0.1:50031 | tcp | |
| N/A | 127.0.0.1:50035 | tcp | |
| N/A | 127.0.0.1:50038 | tcp | |
| N/A | 127.0.0.1:50042 | tcp | |
| N/A | 127.0.0.1:50049 | tcp | |
| N/A | 127.0.0.1:50058 | tcp | |
| N/A | 127.0.0.1:50060 | tcp | |
| N/A | 127.0.0.1:50065 | tcp | |
| N/A | 127.0.0.1:50068 | tcp | |
| N/A | 127.0.0.1:50071 | tcp | |
| N/A | 127.0.0.1:50074 | tcp | |
| N/A | 127.0.0.1:50078 | tcp | |
| N/A | 127.0.0.1:50082 | tcp | |
| N/A | 127.0.0.1:50084 | tcp | |
| N/A | 127.0.0.1:50087 | tcp | |
| N/A | 127.0.0.1:50089 | tcp | |
| N/A | 127.0.0.1:50095 | tcp | |
| N/A | 127.0.0.1:50098 | tcp | |
| N/A | 127.0.0.1:50101 | tcp | |
| N/A | 127.0.0.1:50108 | tcp | |
| N/A | 127.0.0.1:50118 | tcp | |
| N/A | 127.0.0.1:50121 | tcp | |
| N/A | 127.0.0.1:50126 | tcp | |
| N/A | 127.0.0.1:50128 | tcp | |
| N/A | 127.0.0.1:50131 | tcp | |
| N/A | 127.0.0.1:50136 | tcp | |
| N/A | 127.0.0.1:50142 | tcp | |
| N/A | 127.0.0.1:50144 | tcp | |
| N/A | 127.0.0.1:50147 | tcp | |
| N/A | 127.0.0.1:50149 | tcp | |
| N/A | 127.0.0.1:50153 | tcp | |
| N/A | 127.0.0.1:50158 | tcp | |
| N/A | 127.0.0.1:50160 | tcp | |
| N/A | 127.0.0.1:50163 | tcp | |
| N/A | 127.0.0.1:50168 | tcp | |
| N/A | 127.0.0.1:50171 | tcp | |
| N/A | 127.0.0.1:50178 | tcp | |
| N/A | 127.0.0.1:50180 | tcp | |
| N/A | 127.0.0.1:50185 | tcp | |
| N/A | 127.0.0.1:50190 | tcp | |
| N/A | 127.0.0.1:50192 | tcp | |
| N/A | 127.0.0.1:50199 | tcp | |
| N/A | 127.0.0.1:50201 | tcp | |
| N/A | 127.0.0.1:50204 | tcp | |
| N/A | 127.0.0.1:50207 | tcp | |
| N/A | 127.0.0.1:50211 | tcp | |
| N/A | 127.0.0.1:50218 | tcp | |
| N/A | 127.0.0.1:50220 | tcp | |
| N/A | 127.0.0.1:50223 | tcp | |
| N/A | 127.0.0.1:50227 | tcp | |
| N/A | 127.0.0.1:50230 | tcp | |
| N/A | 127.0.0.1:50232 | tcp | |
| N/A | 127.0.0.1:50240 | tcp | |
| N/A | 127.0.0.1:50244 | tcp | |
| N/A | 127.0.0.1:50246 | tcp | |
| N/A | 127.0.0.1:50248 | tcp | |
| N/A | 127.0.0.1:50256 | tcp | |
| N/A | 127.0.0.1:50259 | tcp | |
| N/A | 127.0.0.1:50263 | tcp | |
| N/A | 127.0.0.1:50267 | tcp | |
| N/A | 127.0.0.1:50276 | tcp | |
| N/A | 127.0.0.1:50278 | tcp | |
| N/A | 127.0.0.1:50284 | tcp | |
| N/A | 127.0.0.1:50290 | tcp | |
| N/A | 127.0.0.1:50292 | tcp | |
| N/A | 127.0.0.1:50297 | tcp | |
| N/A | 127.0.0.1:50302 | tcp | |
| N/A | 127.0.0.1:50310 | tcp | |
| N/A | 127.0.0.1:50316 | tcp | |
| N/A | 127.0.0.1:50317 | tcp | |
| N/A | 127.0.0.1:50321 | tcp | |
| N/A | 127.0.0.1:50324 | tcp | |
| N/A | 127.0.0.1:50326 | tcp | |
| N/A | 127.0.0.1:50331 | tcp | |
| N/A | 127.0.0.1:50340 | tcp | |
| N/A | 127.0.0.1:50342 | tcp | |
| N/A | 127.0.0.1:50346 | tcp | |
| N/A | 127.0.0.1:50350 | tcp | |
| US | 8.8.8.8:53 | vsblobprodscussu5shard30.blob.core.windows.net | udp |
| US | 20.150.79.68:443 | vsblobprodscussu5shard30.blob.core.windows.net | tcp |
| N/A | 127.0.0.1:50353 | tcp | |
| N/A | 127.0.0.1:50357 | tcp | |
| N/A | 127.0.0.1:50360 | tcp | |
| N/A | 127.0.0.1:50362 | tcp | |
| N/A | 127.0.0.1:50365 | tcp | |
| N/A | 127.0.0.1:50368 | tcp | |
| N/A | 127.0.0.1:50370 | tcp | |
| N/A | 127.0.0.1:50374 | tcp | |
| N/A | 127.0.0.1:50378 | tcp | |
| N/A | 127.0.0.1:50380 | tcp | |
| N/A | 127.0.0.1:50382 | tcp | |
| N/A | 127.0.0.1:50385 | tcp | |
| N/A | 127.0.0.1:50394 | tcp | |
| N/A | 127.0.0.1:50398 | tcp | |
| N/A | 127.0.0.1:50405 | tcp | |
| N/A | 127.0.0.1:50407 | tcp | |
| N/A | 127.0.0.1:50409 | tcp | |
| N/A | 127.0.0.1:50412 | tcp | |
| N/A | 127.0.0.1:50417 | tcp | |
| N/A | 127.0.0.1:50422 | tcp | |
| N/A | 127.0.0.1:50435 | tcp | |
| N/A | 127.0.0.1:50437 | tcp | |
| N/A | 127.0.0.1:50449 | tcp | |
| N/A | 127.0.0.1:50454 | tcp | |
| N/A | 127.0.0.1:50457 | tcp | |
| N/A | 127.0.0.1:50460 | tcp | |
| N/A | 127.0.0.1:50467 | tcp | |
| N/A | 127.0.0.1:50470 | tcp | |
| N/A | 127.0.0.1:50472 | tcp | |
| N/A | 127.0.0.1:50475 | tcp | |
| N/A | 127.0.0.1:50477 | tcp | |
| N/A | 127.0.0.1:50479 | tcp | |
| N/A | 127.0.0.1:50484 | tcp | |
| N/A | 127.0.0.1:50486 | tcp | |
| N/A | 127.0.0.1:50488 | tcp | |
| N/A | 127.0.0.1:50491 | tcp | |
| N/A | 127.0.0.1:50493 | tcp | |
| N/A | 127.0.0.1:50504 | tcp | |
| N/A | 127.0.0.1:50510 | tcp | |
| N/A | 127.0.0.1:50514 | tcp | |
| N/A | 127.0.0.1:50516 | tcp | |
| N/A | 127.0.0.1:50519 | tcp | |
| N/A | 127.0.0.1:50521 | tcp | |
| N/A | 127.0.0.1:50523 | tcp | |
| N/A | 127.0.0.1:50530 | tcp | |
| N/A | 127.0.0.1:50532 | tcp | |
| N/A | 127.0.0.1:50536 | tcp | |
| N/A | 127.0.0.1:50543 | tcp | |
| N/A | 127.0.0.1:50546 | tcp | |
| N/A | 127.0.0.1:50549 | tcp | |
| N/A | 127.0.0.1:50554 | tcp | |
| N/A | 127.0.0.1:50557 | tcp | |
| N/A | 127.0.0.1:50562 | tcp | |
| N/A | 127.0.0.1:50568 | tcp | |
| N/A | 127.0.0.1:50574 | tcp | |
| N/A | 127.0.0.1:50577 | tcp | |
| N/A | 127.0.0.1:50581 | tcp | |
| N/A | 127.0.0.1:50584 | tcp | |
| N/A | 127.0.0.1:50588 | tcp | |
| N/A | 127.0.0.1:50590 | tcp | |
| N/A | 127.0.0.1:50595 | tcp | |
| N/A | 127.0.0.1:50597 | tcp | |
| N/A | 127.0.0.1:50601 | tcp | |
| N/A | 127.0.0.1:50606 | tcp | |
| N/A | 127.0.0.1:50608 | tcp | |
| N/A | 127.0.0.1:50616 | tcp | |
| N/A | 127.0.0.1:50618 | tcp | |
| N/A | 127.0.0.1:50622 | tcp | |
| N/A | 127.0.0.1:50625 | tcp | |
| N/A | 127.0.0.1:50631 | tcp | |
| N/A | 127.0.0.1:50635 | tcp | |
| N/A | 127.0.0.1:50638 | tcp | |
| N/A | 127.0.0.1:50645 | tcp | |
| N/A | 127.0.0.1:50649 | tcp | |
| N/A | 127.0.0.1:50651 | tcp | |
| N/A | 127.0.0.1:50654 | tcp | |
| N/A | 127.0.0.1:50660 | tcp | |
| N/A | 127.0.0.1:50665 | tcp | |
| N/A | 127.0.0.1:50667 | tcp | |
| N/A | 127.0.0.1:50670 | tcp | |
| N/A | 127.0.0.1:50676 | tcp | |
| N/A | 127.0.0.1:50681 | tcp | |
| N/A | 127.0.0.1:50683 | tcp | |
| N/A | 127.0.0.1:50687 | tcp | |
| N/A | 127.0.0.1:50689 | tcp | |
| N/A | 127.0.0.1:50696 | tcp | |
| N/A | 127.0.0.1:50699 | tcp | |
| N/A | 127.0.0.1:50702 | tcp | |
| N/A | 127.0.0.1:50706 | tcp | |
| N/A | 127.0.0.1:29863 | tcp | |
| N/A | 127.0.0.1:50713 | tcp | |
| N/A | 127.0.0.1:50722 | tcp | |
| N/A | 127.0.0.1:50725 | tcp | |
| N/A | 127.0.0.1:50727 | tcp | |
| N/A | 127.0.0.1:50733 | tcp | |
| N/A | 127.0.0.1:50738 | tcp | |
| N/A | 127.0.0.1:50742 | tcp | |
| N/A | 127.0.0.1:50747 | tcp | |
| N/A | 127.0.0.1:50750 | tcp | |
| N/A | 127.0.0.1:50754 | tcp | |
| N/A | 127.0.0.1:50758 | tcp | |
| N/A | 127.0.0.1:50762 | tcp | |
| N/A | 127.0.0.1:50768 | tcp | |
| N/A | 127.0.0.1:50772 | tcp | |
| N/A | 127.0.0.1:50774 | tcp | |
| N/A | 127.0.0.1:50776 | tcp | |
| N/A | 127.0.0.1:50782 | tcp | |
| N/A | 127.0.0.1:50785 | tcp | |
| N/A | 127.0.0.1:50797 | tcp | |
| N/A | 127.0.0.1:50801 | tcp | |
| N/A | 127.0.0.1:50803 | tcp | |
| N/A | 127.0.0.1:50805 | tcp | |
| N/A | 127.0.0.1:50808 | tcp | |
| N/A | 127.0.0.1:50810 | tcp | |
| N/A | 127.0.0.1:50816 | tcp | |
| N/A | 127.0.0.1:50818 | tcp | |
| N/A | 127.0.0.1:50822 | tcp | |
| N/A | 127.0.0.1:50824 | tcp | |
| N/A | 127.0.0.1:50826 | tcp | |
| N/A | 127.0.0.1:50830 | tcp | |
| N/A | 127.0.0.1:50839 | tcp | |
| N/A | 127.0.0.1:50841 | tcp | |
| N/A | 127.0.0.1:50847 | tcp | |
| N/A | 127.0.0.1:50851 | tcp | |
| N/A | 127.0.0.1:50854 | tcp | |
| N/A | 127.0.0.1:50860 | tcp | |
| N/A | 127.0.0.1:50864 | tcp | |
| N/A | 127.0.0.1:50866 | tcp | |
| N/A | 127.0.0.1:50868 | tcp | |
| N/A | 127.0.0.1:50875 | tcp | |
| N/A | 127.0.0.1:50881 | tcp | |
| N/A | 127.0.0.1:50884 | tcp | |
| N/A | 127.0.0.1:50889 | tcp | |
| N/A | 127.0.0.1:50895 | tcp | |
| N/A | 127.0.0.1:50900 | tcp | |
| N/A | 127.0.0.1:50902 | tcp | |
| N/A | 127.0.0.1:50908 | tcp | |
| N/A | 127.0.0.1:50912 | tcp | |
| N/A | 127.0.0.1:50917 | tcp | |
| N/A | 127.0.0.1:50919 | tcp | |
| N/A | 127.0.0.1:50925 | tcp | |
| N/A | 127.0.0.1:50928 | tcp | |
| N/A | 127.0.0.1:50935 | tcp | |
| N/A | 127.0.0.1:50937 | tcp | |
| N/A | 127.0.0.1:50943 | tcp | |
| N/A | 127.0.0.1:50946 | tcp | |
| N/A | 127.0.0.1:50950 | tcp | |
| N/A | 127.0.0.1:50955 | tcp | |
| N/A | 127.0.0.1:50959 | tcp | |
| N/A | 127.0.0.1:50961 | tcp | |
| N/A | 127.0.0.1:50964 | tcp | |
| N/A | 127.0.0.1:50970 | tcp | |
| N/A | 127.0.0.1:50975 | tcp | |
| N/A | 127.0.0.1:50977 | tcp | |
| N/A | 127.0.0.1:50982 | tcp | |
| N/A | 127.0.0.1:50985 | tcp | |
| N/A | 127.0.0.1:50988 | tcp | |
| N/A | 127.0.0.1:50995 | tcp | |
| N/A | 127.0.0.1:51004 | tcp | |
| N/A | 127.0.0.1:51006 | tcp | |
| N/A | 127.0.0.1:51008 | tcp | |
| N/A | 127.0.0.1:51019 | tcp | |
| N/A | 127.0.0.1:51024 | tcp | |
| N/A | 127.0.0.1:51028 | tcp | |
| N/A | 127.0.0.1:51032 | tcp | |
| N/A | 127.0.0.1:51041 | tcp | |
| N/A | 127.0.0.1:51044 | tcp | |
| N/A | 127.0.0.1:51046 | tcp | |
| N/A | 127.0.0.1:51052 | tcp | |
| N/A | 127.0.0.1:51056 | tcp | |
| N/A | 127.0.0.1:51058 | tcp | |
| N/A | 127.0.0.1:51061 | tcp | |
| N/A | 127.0.0.1:51066 | tcp | |
| N/A | 127.0.0.1:51069 | tcp | |
| N/A | 127.0.0.1:51071 | tcp | |
| N/A | 127.0.0.1:51076 | tcp | |
| N/A | 127.0.0.1:51078 | tcp | |
| N/A | 127.0.0.1:51080 | tcp | |
| N/A | 127.0.0.1:51083 | tcp | |
| N/A | 127.0.0.1:51085 | tcp | |
| N/A | 127.0.0.1:51087 | tcp | |
| N/A | 127.0.0.1:51095 | tcp | |
| N/A | 127.0.0.1:51099 | tcp | |
| N/A | 127.0.0.1:51102 | tcp | |
| N/A | 127.0.0.1:51104 | tcp | |
| N/A | 127.0.0.1:51107 | tcp | |
| N/A | 127.0.0.1:51110 | tcp | |
| N/A | 127.0.0.1:51113 | tcp | |
| N/A | 127.0.0.1:51115 | tcp | |
| N/A | 127.0.0.1:51117 | tcp | |
| N/A | 127.0.0.1:51121 | tcp | |
| N/A | 127.0.0.1:51123 | tcp | |
| N/A | 127.0.0.1:51128 | tcp | |
| N/A | 127.0.0.1:51131 | tcp | |
| N/A | 127.0.0.1:51134 | tcp | |
| N/A | 127.0.0.1:51136 | tcp | |
| N/A | 127.0.0.1:51138 | tcp | |
| N/A | 127.0.0.1:51143 | tcp | |
| N/A | 127.0.0.1:51145 | tcp | |
| N/A | 127.0.0.1:51148 | tcp | |
| N/A | 127.0.0.1:51152 | tcp | |
| N/A | 127.0.0.1:51154 | tcp | |
| N/A | 127.0.0.1:51158 | tcp | |
| N/A | 127.0.0.1:51162 | tcp | |
| N/A | 127.0.0.1:51176 | tcp | |
| N/A | 127.0.0.1:51180 | tcp | |
| N/A | 127.0.0.1:51183 | tcp | |
| N/A | 127.0.0.1:51186 | tcp | |
| N/A | 127.0.0.1:51188 | tcp | |
| N/A | 127.0.0.1:51193 | tcp | |
| N/A | 127.0.0.1:51200 | tcp | |
| N/A | 127.0.0.1:51202 | tcp | |
| N/A | 127.0.0.1:51205 | tcp | |
| N/A | 127.0.0.1:51207 | tcp | |
| N/A | 127.0.0.1:51212 | tcp | |
| N/A | 127.0.0.1:51216 | tcp | |
| N/A | 127.0.0.1:51220 | tcp | |
| N/A | 127.0.0.1:51223 | tcp | |
| N/A | 127.0.0.1:51225 | tcp | |
| N/A | 127.0.0.1:51227 | tcp | |
| N/A | 127.0.0.1:51230 | tcp | |
| N/A | 127.0.0.1:51233 | tcp | |
| N/A | 127.0.0.1:51238 | tcp | |
| N/A | 127.0.0.1:51241 | tcp | |
| N/A | 127.0.0.1:51248 | tcp | |
| N/A | 127.0.0.1:51253 | tcp | |
| N/A | 127.0.0.1:51256 | tcp | |
| N/A | 127.0.0.1:51261 | tcp | |
| N/A | 127.0.0.1:51265 | tcp | |
| N/A | 127.0.0.1:51267 | tcp | |
| N/A | 127.0.0.1:51269 | tcp | |
| N/A | 127.0.0.1:51272 | tcp | |
| N/A | 127.0.0.1:51274 | tcp | |
| N/A | 127.0.0.1:51276 | tcp | |
| N/A | 127.0.0.1:51279 | tcp | |
| N/A | 127.0.0.1:51281 | tcp | |
| N/A | 127.0.0.1:51283 | tcp | |
| N/A | 127.0.0.1:51285 | tcp | |
| N/A | 127.0.0.1:51287 | tcp | |
| N/A | 127.0.0.1:51289 | tcp | |
| N/A | 127.0.0.1:51294 | tcp | |
| N/A | 127.0.0.1:51296 | tcp | |
| N/A | 127.0.0.1:51300 | tcp | |
| N/A | 127.0.0.1:51319 | tcp | |
| N/A | 127.0.0.1:51324 | tcp | |
| N/A | 127.0.0.1:51328 | tcp | |
| N/A | 127.0.0.1:51331 | tcp | |
| N/A | 127.0.0.1:51342 | tcp | |
| N/A | 127.0.0.1:51348 | tcp | |
| N/A | 127.0.0.1:51353 | tcp | |
| N/A | 127.0.0.1:51358 | tcp | |
| N/A | 127.0.0.1:51361 | tcp | |
| N/A | 127.0.0.1:51368 | tcp | |
| N/A | 127.0.0.1:51370 | tcp | |
| N/A | 127.0.0.1:51372 | tcp | |
| N/A | 127.0.0.1:51377 | tcp | |
| N/A | 127.0.0.1:51382 | tcp | |
| N/A | 127.0.0.1:51384 | tcp | |
| N/A | 127.0.0.1:51392 | tcp | |
| N/A | 127.0.0.1:51397 | tcp | |
| N/A | 127.0.0.1:29863 | tcp | |
| N/A | 127.0.0.1:51405 | tcp | |
| N/A | 127.0.0.1:51408 | tcp | |
| N/A | 127.0.0.1:51410 | tcp | |
| N/A | 127.0.0.1:51419 | tcp | |
| N/A | 127.0.0.1:51422 | tcp | |
| N/A | 127.0.0.1:51425 | tcp | |
| N/A | 127.0.0.1:51432 | tcp | |
| N/A | 127.0.0.1:51434 | tcp | |
| N/A | 127.0.0.1:51439 | tcp | |
| N/A | 127.0.0.1:51442 | tcp | |
| N/A | 127.0.0.1:51445 | tcp | |
| N/A | 127.0.0.1:51448 | tcp | |
| N/A | 127.0.0.1:51452 | tcp | |
| N/A | 127.0.0.1:51456 | tcp | |
| N/A | 127.0.0.1:51459 | tcp | |
| N/A | 127.0.0.1:51463 | tcp | |
| N/A | 127.0.0.1:51466 | tcp | |
| N/A | 127.0.0.1:51469 | tcp | |
| N/A | 127.0.0.1:51473 | tcp | |
| N/A | 127.0.0.1:51479 | tcp | |
| N/A | 127.0.0.1:51481 | tcp | |
| N/A | 127.0.0.1:51485 | tcp | |
| N/A | 127.0.0.1:51490 | tcp | |
| N/A | 127.0.0.1:51492 | tcp | |
| N/A | 127.0.0.1:51499 | tcp | |
| N/A | 127.0.0.1:51502 | tcp | |
| N/A | 127.0.0.1:51509 | tcp | |
| N/A | 127.0.0.1:51514 | tcp | |
| N/A | 127.0.0.1:51518 | tcp | |
| N/A | 127.0.0.1:51520 | tcp | |
| N/A | 127.0.0.1:51524 | tcp | |
| N/A | 127.0.0.1:51526 | tcp | |
| N/A | 127.0.0.1:51528 | tcp | |
| N/A | 127.0.0.1:51537 | tcp | |
| N/A | 127.0.0.1:51544 | tcp | |
| N/A | 127.0.0.1:51548 | tcp | |
| N/A | 127.0.0.1:51550 | tcp | |
| N/A | 127.0.0.1:51554 | tcp | |
| N/A | 127.0.0.1:51556 | tcp | |
| N/A | 127.0.0.1:51561 | tcp | |
| N/A | 127.0.0.1:51565 | tcp | |
| N/A | 127.0.0.1:51570 | tcp | |
| N/A | 127.0.0.1:51576 | tcp | |
| N/A | 127.0.0.1:51580 | tcp | |
| N/A | 127.0.0.1:51583 | tcp | |
| N/A | 127.0.0.1:51585 | tcp | |
| N/A | 127.0.0.1:51589 | tcp | |
| N/A | 127.0.0.1:51592 | tcp | |
| N/A | 127.0.0.1:51598 | tcp | |
| N/A | 127.0.0.1:51600 | tcp | |
| N/A | 127.0.0.1:51607 | tcp | |
| N/A | 127.0.0.1:51609 | tcp | |
| N/A | 127.0.0.1:51612 | tcp | |
| N/A | 127.0.0.1:51619 | tcp | |
| N/A | 127.0.0.1:51626 | tcp | |
| N/A | 127.0.0.1:51632 | tcp | |
| N/A | 127.0.0.1:51634 | tcp | |
| N/A | 127.0.0.1:51641 | tcp | |
| N/A | 127.0.0.1:51648 | tcp | |
| N/A | 127.0.0.1:51654 | tcp | |
| N/A | 127.0.0.1:51657 | tcp | |
| N/A | 127.0.0.1:51660 | tcp | |
| N/A | 127.0.0.1:51663 | tcp | |
| N/A | 127.0.0.1:51666 | tcp | |
| N/A | 127.0.0.1:51669 | tcp | |
| N/A | 127.0.0.1:51671 | tcp | |
| N/A | 127.0.0.1:51674 | tcp | |
| N/A | 127.0.0.1:51678 | tcp | |
| N/A | 127.0.0.1:51683 | tcp | |
| N/A | 127.0.0.1:51687 | tcp | |
| N/A | 127.0.0.1:51692 | tcp | |
| N/A | 127.0.0.1:51696 | tcp | |
| N/A | 127.0.0.1:51698 | tcp | |
| N/A | 127.0.0.1:51705 | tcp | |
| N/A | 127.0.0.1:51707 | tcp | |
| N/A | 127.0.0.1:51711 | tcp | |
| N/A | 127.0.0.1:51714 | tcp | |
| N/A | 127.0.0.1:51716 | tcp | |
| N/A | 127.0.0.1:51720 | tcp | |
| N/A | 127.0.0.1:51723 | tcp | |
| N/A | 127.0.0.1:51729 | tcp | |
| N/A | 127.0.0.1:51734 | tcp | |
| N/A | 127.0.0.1:51741 | tcp | |
| N/A | 127.0.0.1:51743 | tcp | |
| N/A | 127.0.0.1:51745 | tcp | |
| N/A | 127.0.0.1:51748 | tcp | |
| N/A | 127.0.0.1:51751 | tcp | |
| N/A | 127.0.0.1:51753 | tcp | |
| N/A | 127.0.0.1:51758 | tcp | |
| N/A | 127.0.0.1:51762 | tcp | |
| N/A | 127.0.0.1:51765 | tcp | |
| N/A | 127.0.0.1:51771 | tcp | |
| N/A | 127.0.0.1:51773 | tcp | |
| N/A | 127.0.0.1:51778 | tcp | |
| N/A | 127.0.0.1:51788 | tcp | |
| N/A | 127.0.0.1:51791 | tcp | |
| N/A | 127.0.0.1:51794 | tcp | |
| N/A | 127.0.0.1:51796 | tcp | |
| N/A | 127.0.0.1:51798 | tcp | |
| N/A | 127.0.0.1:51801 | tcp | |
| N/A | 127.0.0.1:51807 | tcp | |
| N/A | 127.0.0.1:51810 | tcp | |
| N/A | 127.0.0.1:51812 | tcp | |
| N/A | 127.0.0.1:51815 | tcp | |
| N/A | 127.0.0.1:51823 | tcp | |
| N/A | 127.0.0.1:51829 | tcp | |
| N/A | 127.0.0.1:51836 | tcp | |
| N/A | 127.0.0.1:51839 | tcp | |
| N/A | 127.0.0.1:51842 | tcp | |
| N/A | 127.0.0.1:51844 | tcp | |
| N/A | 127.0.0.1:51849 | tcp | |
| N/A | 127.0.0.1:51853 | tcp | |
| N/A | 127.0.0.1:51855 | tcp | |
| N/A | 127.0.0.1:51859 | tcp | |
| N/A | 127.0.0.1:51861 | tcp | |
| N/A | 127.0.0.1:51864 | tcp | |
| N/A | 127.0.0.1:51866 | tcp | |
| N/A | 127.0.0.1:51869 | tcp | |
| N/A | 127.0.0.1:51871 | tcp | |
| N/A | 127.0.0.1:51876 | tcp | |
| N/A | 127.0.0.1:51879 | tcp | |
| N/A | 127.0.0.1:51885 | tcp | |
| N/A | 127.0.0.1:51888 | tcp | |
| N/A | 127.0.0.1:51890 | tcp | |
| N/A | 127.0.0.1:51898 | tcp | |
| N/A | 127.0.0.1:51901 | tcp | |
| N/A | 127.0.0.1:51903 | tcp | |
| N/A | 127.0.0.1:51905 | tcp | |
| N/A | 127.0.0.1:51907 | tcp | |
| N/A | 127.0.0.1:51909 | tcp | |
| N/A | 127.0.0.1:51911 | tcp | |
| N/A | 127.0.0.1:51914 | tcp | |
| N/A | 127.0.0.1:51917 | tcp | |
| N/A | 127.0.0.1:51925 | tcp | |
| N/A | 127.0.0.1:51928 | tcp | |
| N/A | 127.0.0.1:51935 | tcp | |
| N/A | 127.0.0.1:51941 | tcp | |
| N/A | 127.0.0.1:51944 | tcp | |
| N/A | 127.0.0.1:51946 | tcp | |
| N/A | 127.0.0.1:51950 | tcp | |
| N/A | 127.0.0.1:51956 | tcp | |
| N/A | 127.0.0.1:51958 | tcp | |
| N/A | 127.0.0.1:51964 | tcp | |
| N/A | 127.0.0.1:51969 | tcp | |
| N/A | 127.0.0.1:51976 | tcp | |
| N/A | 127.0.0.1:51987 | tcp | |
| N/A | 127.0.0.1:51991 | tcp | |
| N/A | 127.0.0.1:52002 | tcp | |
| N/A | 127.0.0.1:52004 | tcp | |
| N/A | 127.0.0.1:52009 | tcp | |
| N/A | 127.0.0.1:52012 | tcp | |
| N/A | 127.0.0.1:52015 | tcp | |
| N/A | 127.0.0.1:52017 | tcp | |
| N/A | 127.0.0.1:52021 | tcp | |
| N/A | 127.0.0.1:52025 | tcp | |
| N/A | 127.0.0.1:52027 | tcp | |
| N/A | 127.0.0.1:52033 | tcp | |
| N/A | 127.0.0.1:52038 | tcp | |
| N/A | 127.0.0.1:52043 | tcp | |
| N/A | 127.0.0.1:52050 | tcp | |
| N/A | 127.0.0.1:52054 | tcp | |
| N/A | 127.0.0.1:52057 | tcp | |
| N/A | 127.0.0.1:29863 | tcp | |
| N/A | 127.0.0.1:52067 | tcp | |
| N/A | 127.0.0.1:52069 | tcp | |
| N/A | 127.0.0.1:52075 | tcp | |
| N/A | 127.0.0.1:52077 | tcp | |
| N/A | 127.0.0.1:52081 | tcp | |
| N/A | 127.0.0.1:52083 | tcp | |
| N/A | 127.0.0.1:52086 | tcp | |
| N/A | 127.0.0.1:52097 | tcp | |
| N/A | 127.0.0.1:52103 | tcp | |
| N/A | 127.0.0.1:52110 | tcp | |
| N/A | 127.0.0.1:52112 | tcp | |
| N/A | 127.0.0.1:52119 | tcp | |
| N/A | 127.0.0.1:52121 | tcp | |
| N/A | 127.0.0.1:52123 | tcp | |
| N/A | 127.0.0.1:52125 | tcp | |
| N/A | 127.0.0.1:52129 | tcp | |
| N/A | 127.0.0.1:52131 | tcp | |
| N/A | 127.0.0.1:52136 | tcp | |
| N/A | 127.0.0.1:52140 | tcp | |
| N/A | 127.0.0.1:52142 | tcp | |
| N/A | 127.0.0.1:52146 | tcp | |
| N/A | 127.0.0.1:52150 | tcp | |
| N/A | 127.0.0.1:52152 | tcp | |
| N/A | 127.0.0.1:52157 | tcp | |
| N/A | 127.0.0.1:52160 | tcp | |
| N/A | 127.0.0.1:52162 | tcp | |
| N/A | 127.0.0.1:52165 | tcp | |
| N/A | 127.0.0.1:52168 | tcp | |
| N/A | 127.0.0.1:52170 | tcp | |
| N/A | 127.0.0.1:52180 | tcp | |
| N/A | 127.0.0.1:52182 | tcp | |
| N/A | 127.0.0.1:52184 | tcp | |
| N/A | 127.0.0.1:52186 | tcp | |
| N/A | 127.0.0.1:52188 | tcp | |
| N/A | 127.0.0.1:52191 | tcp | |
| N/A | 127.0.0.1:52193 | tcp | |
| N/A | 127.0.0.1:52197 | tcp | |
| N/A | 127.0.0.1:52201 | tcp | |
| N/A | 127.0.0.1:52208 | tcp | |
| N/A | 127.0.0.1:52214 | tcp | |
| N/A | 127.0.0.1:52217 | tcp | |
| N/A | 127.0.0.1:52220 | tcp | |
| N/A | 127.0.0.1:52224 | tcp | |
| N/A | 127.0.0.1:52228 | tcp | |
| N/A | 127.0.0.1:52242 | tcp | |
| N/A | 127.0.0.1:52246 | tcp | |
| N/A | 127.0.0.1:52250 | tcp | |
| N/A | 127.0.0.1:52264 | tcp | |
| N/A | 127.0.0.1:52268 | tcp | |
| N/A | 127.0.0.1:52271 | tcp | |
| N/A | 127.0.0.1:52273 | tcp | |
| N/A | 127.0.0.1:52276 | tcp | |
| N/A | 127.0.0.1:52278 | tcp | |
| N/A | 127.0.0.1:52282 | tcp | |
| N/A | 127.0.0.1:52288 | tcp | |
| N/A | 127.0.0.1:52291 | tcp | |
| N/A | 127.0.0.1:52293 | tcp | |
| N/A | 127.0.0.1:52299 | tcp | |
| N/A | 127.0.0.1:52301 | tcp | |
| N/A | 127.0.0.1:52304 | tcp | |
| N/A | 127.0.0.1:52308 | tcp | |
| N/A | 127.0.0.1:52310 | tcp | |
| N/A | 127.0.0.1:52312 | tcp | |
| N/A | 127.0.0.1:52314 | tcp | |
| N/A | 127.0.0.1:52316 | tcp | |
| N/A | 127.0.0.1:52318 | tcp | |
| N/A | 127.0.0.1:52320 | tcp | |
| N/A | 127.0.0.1:52323 | tcp | |
| N/A | 127.0.0.1:52326 | tcp | |
| N/A | 127.0.0.1:52329 | tcp | |
| N/A | 127.0.0.1:52331 | tcp | |
| N/A | 127.0.0.1:52333 | tcp | |
| N/A | 127.0.0.1:52336 | tcp | |
| N/A | 127.0.0.1:52340 | tcp | |
| N/A | 127.0.0.1:52346 | tcp | |
| N/A | 127.0.0.1:52348 | tcp | |
| N/A | 127.0.0.1:52350 | tcp | |
| N/A | 127.0.0.1:52352 | tcp | |
| N/A | 127.0.0.1:52354 | tcp | |
| N/A | 127.0.0.1:52357 | tcp | |
| N/A | 127.0.0.1:52359 | tcp | |
| N/A | 127.0.0.1:52361 | tcp | |
| N/A | 127.0.0.1:52363 | tcp | |
| N/A | 127.0.0.1:52366 | tcp | |
| N/A | 127.0.0.1:52368 | tcp | |
| N/A | 127.0.0.1:52375 | tcp | |
| N/A | 127.0.0.1:52383 | tcp | |
| N/A | 127.0.0.1:52386 | tcp | |
| N/A | 127.0.0.1:52392 | tcp | |
| N/A | 127.0.0.1:52394 | tcp | |
| N/A | 127.0.0.1:52396 | tcp | |
| N/A | 127.0.0.1:52398 | tcp | |
| N/A | 127.0.0.1:52408 | tcp | |
| N/A | 127.0.0.1:52411 | tcp | |
| N/A | 127.0.0.1:52414 | tcp | |
| N/A | 127.0.0.1:52416 | tcp | |
| N/A | 127.0.0.1:52419 | tcp | |
| N/A | 127.0.0.1:52425 | tcp | |
| N/A | 127.0.0.1:52430 | tcp | |
| N/A | 127.0.0.1:52437 | tcp | |
| N/A | 127.0.0.1:52440 | tcp | |
| N/A | 127.0.0.1:52444 | tcp | |
| N/A | 127.0.0.1:52447 | tcp | |
| N/A | 127.0.0.1:52451 | tcp | |
| N/A | 127.0.0.1:52460 | tcp | |
| N/A | 127.0.0.1:52475 | tcp | |
| N/A | 127.0.0.1:52479 | tcp | |
| N/A | 127.0.0.1:52482 | tcp | |
| N/A | 127.0.0.1:52487 | tcp | |
| N/A | 127.0.0.1:52492 | tcp | |
| N/A | 127.0.0.1:52494 | tcp | |
| N/A | 127.0.0.1:52497 | tcp | |
| N/A | 127.0.0.1:52500 | tcp | |
| N/A | 127.0.0.1:52502 | tcp | |
| N/A | 127.0.0.1:52505 | tcp | |
| N/A | 127.0.0.1:52510 | tcp | |
| N/A | 127.0.0.1:52519 | tcp | |
| N/A | 127.0.0.1:52526 | tcp | |
| N/A | 127.0.0.1:52529 | tcp | |
| N/A | 127.0.0.1:52532 | tcp | |
| N/A | 127.0.0.1:52534 | tcp | |
| N/A | 127.0.0.1:52536 | tcp | |
| N/A | 127.0.0.1:52538 | tcp | |
| N/A | 127.0.0.1:52544 | tcp | |
| N/A | 127.0.0.1:52549 | tcp | |
| N/A | 127.0.0.1:52556 | tcp | |
| N/A | 127.0.0.1:52558 | tcp | |
| N/A | 127.0.0.1:52561 | tcp | |
| N/A | 127.0.0.1:52565 | tcp | |
| N/A | 127.0.0.1:52567 | tcp | |
| N/A | 127.0.0.1:52569 | tcp | |
| N/A | 127.0.0.1:52571 | tcp | |
| N/A | 127.0.0.1:52573 | tcp | |
| N/A | 127.0.0.1:52576 | tcp | |
| N/A | 127.0.0.1:52579 | tcp | |
| N/A | 127.0.0.1:52592 | tcp | |
| N/A | 127.0.0.1:52596 | tcp | |
| N/A | 127.0.0.1:52601 | tcp | |
| N/A | 127.0.0.1:52605 | tcp | |
| N/A | 127.0.0.1:52607 | tcp | |
| N/A | 127.0.0.1:52609 | tcp | |
| N/A | 127.0.0.1:52612 | tcp | |
| N/A | 127.0.0.1:52615 | tcp | |
| N/A | 127.0.0.1:52627 | tcp | |
| N/A | 127.0.0.1:52629 | tcp | |
| N/A | 127.0.0.1:52633 | tcp | |
| N/A | 127.0.0.1:52637 | tcp | |
| N/A | 127.0.0.1:52641 | tcp | |
| N/A | 127.0.0.1:52643 | tcp | |
| N/A | 127.0.0.1:52646 | tcp | |
| N/A | 127.0.0.1:52649 | tcp | |
| N/A | 127.0.0.1:52651 | tcp | |
| N/A | 127.0.0.1:52658 | tcp | |
| N/A | 127.0.0.1:52660 | tcp | |
| N/A | 127.0.0.1:52662 | tcp | |
| N/A | 127.0.0.1:52672 | tcp | |
| N/A | 127.0.0.1:52676 | tcp | |
| N/A | 127.0.0.1:52682 | tcp | |
| N/A | 127.0.0.1:52689 | tcp | |
| N/A | 127.0.0.1:52696 | tcp | |
| N/A | 127.0.0.1:52698 | tcp | |
| N/A | 127.0.0.1:52700 | tcp | |
| N/A | 127.0.0.1:52723 | tcp | |
| N/A | 127.0.0.1:52727 | tcp | |
| N/A | 127.0.0.1:52732 | tcp | |
| N/A | 127.0.0.1:52737 | tcp | |
| N/A | 127.0.0.1:52739 | tcp | |
| N/A | 127.0.0.1:52745 | tcp | |
| N/A | 127.0.0.1:52750 | tcp | |
| N/A | 127.0.0.1:52752 | tcp | |
| N/A | 127.0.0.1:52754 | tcp | |
| N/A | 127.0.0.1:52759 | tcp | |
| N/A | 127.0.0.1:52761 | tcp | |
| N/A | 127.0.0.1:52763 | tcp | |
| N/A | 127.0.0.1:29863 | tcp | |
| N/A | 127.0.0.1:52769 | tcp | |
| N/A | 127.0.0.1:52773 | tcp | |
| N/A | 127.0.0.1:52777 | tcp | |
| N/A | 127.0.0.1:52780 | tcp | |
| N/A | 127.0.0.1:52783 | tcp | |
| N/A | 127.0.0.1:52786 | tcp | |
| N/A | 127.0.0.1:52788 | tcp | |
| N/A | 127.0.0.1:52791 | tcp | |
| N/A | 127.0.0.1:52793 | tcp | |
| N/A | 127.0.0.1:52804 | tcp | |
| N/A | 127.0.0.1:52809 | tcp | |
| N/A | 127.0.0.1:52811 | tcp | |
| N/A | 127.0.0.1:52813 | tcp | |
| N/A | 127.0.0.1:52818 | tcp | |
| N/A | 127.0.0.1:52823 | tcp | |
| N/A | 127.0.0.1:52825 | tcp | |
| N/A | 127.0.0.1:52827 | tcp | |
| N/A | 127.0.0.1:52829 | tcp | |
| N/A | 127.0.0.1:52831 | tcp | |
| N/A | 127.0.0.1:52835 | tcp | |
| N/A | 127.0.0.1:52837 | tcp | |
| N/A | 127.0.0.1:52839 | tcp | |
| N/A | 127.0.0.1:52842 | tcp | |
| N/A | 127.0.0.1:52844 | tcp | |
| N/A | 127.0.0.1:52848 | tcp | |
| N/A | 127.0.0.1:52853 | tcp | |
| N/A | 127.0.0.1:52855 | tcp | |
| N/A | 127.0.0.1:52867 | tcp | |
| N/A | 127.0.0.1:52871 | tcp | |
| N/A | 127.0.0.1:52877 | tcp | |
| N/A | 127.0.0.1:52886 | tcp | |
| N/A | 127.0.0.1:52888 | tcp | |
| N/A | 127.0.0.1:52890 | tcp | |
| N/A | 127.0.0.1:52892 | tcp | |
| N/A | 127.0.0.1:52896 | tcp | |
| N/A | 127.0.0.1:52901 | tcp | |
| N/A | 127.0.0.1:52903 | tcp | |
| N/A | 127.0.0.1:52906 | tcp | |
| N/A | 127.0.0.1:52914 | tcp | |
| N/A | 127.0.0.1:52917 | tcp | |
| N/A | 127.0.0.1:52920 | tcp | |
| N/A | 127.0.0.1:52922 | tcp | |
| N/A | 127.0.0.1:52924 | tcp | |
| N/A | 127.0.0.1:52926 | tcp | |
| N/A | 127.0.0.1:52928 | tcp | |
| N/A | 127.0.0.1:52933 | tcp | |
| N/A | 127.0.0.1:52936 | tcp | |
| N/A | 127.0.0.1:52938 | tcp | |
| N/A | 127.0.0.1:52940 | tcp | |
| N/A | 127.0.0.1:52944 | tcp | |
| N/A | 127.0.0.1:52947 | tcp | |
| N/A | 127.0.0.1:52950 | tcp | |
| N/A | 127.0.0.1:52952 | tcp | |
| N/A | 127.0.0.1:52954 | tcp | |
| N/A | 127.0.0.1:52956 | tcp | |
| N/A | 127.0.0.1:52958 | tcp | |
| N/A | 127.0.0.1:52968 | tcp | |
| N/A | 127.0.0.1:52974 | tcp | |
| N/A | 127.0.0.1:52977 | tcp | |
| N/A | 127.0.0.1:52981 | tcp | |
| N/A | 127.0.0.1:52985 | tcp | |
| N/A | 127.0.0.1:52988 | tcp | |
| N/A | 127.0.0.1:52990 | tcp | |
| N/A | 127.0.0.1:52993 | tcp | |
| N/A | 127.0.0.1:52996 | tcp | |
| N/A | 127.0.0.1:52999 | tcp | |
| N/A | 127.0.0.1:53001 | tcp | |
| N/A | 127.0.0.1:53003 | tcp | |
| N/A | 127.0.0.1:53006 | tcp | |
| N/A | 127.0.0.1:53008 | tcp | |
| N/A | 127.0.0.1:53011 | tcp | |
| N/A | 127.0.0.1:53013 | tcp | |
| N/A | 127.0.0.1:53015 | tcp | |
| N/A | 127.0.0.1:53017 | tcp | |
| N/A | 127.0.0.1:53022 | tcp | |
| N/A | 127.0.0.1:53025 | tcp | |
| N/A | 127.0.0.1:53028 | tcp | |
| N/A | 127.0.0.1:53030 | tcp | |
| N/A | 127.0.0.1:53034 | tcp | |
| N/A | 127.0.0.1:53037 | tcp | |
| N/A | 127.0.0.1:53039 | tcp | |
| N/A | 127.0.0.1:53042 | tcp | |
| N/A | 127.0.0.1:53046 | tcp | |
| N/A | 127.0.0.1:53054 | tcp | |
| N/A | 127.0.0.1:53057 | tcp | |
| N/A | 127.0.0.1:53061 | tcp | |
| N/A | 127.0.0.1:53063 | tcp | |
| N/A | 127.0.0.1:53077 | tcp | |
| N/A | 127.0.0.1:53080 | tcp | |
| N/A | 127.0.0.1:53089 | tcp | |
| N/A | 127.0.0.1:53104 | tcp | |
| N/A | 127.0.0.1:53111 | tcp | |
| N/A | 127.0.0.1:53115 | tcp | |
| N/A | 127.0.0.1:53117 | tcp | |
| N/A | 127.0.0.1:53120 | tcp | |
| N/A | 127.0.0.1:53123 | tcp | |
| N/A | 127.0.0.1:53131 | tcp | |
| N/A | 127.0.0.1:53133 | tcp | |
| N/A | 127.0.0.1:53137 | tcp | |
| N/A | 127.0.0.1:53139 | tcp | |
| N/A | 127.0.0.1:53143 | tcp | |
| N/A | 127.0.0.1:53148 | tcp | |
| N/A | 127.0.0.1:53150 | tcp | |
| N/A | 127.0.0.1:53157 | tcp | |
| N/A | 127.0.0.1:53162 | tcp | |
| N/A | 127.0.0.1:53170 | tcp | |
| N/A | 127.0.0.1:53173 | tcp | |
| N/A | 127.0.0.1:53184 | tcp | |
| N/A | 127.0.0.1:53189 | tcp | |
| N/A | 127.0.0.1:53192 | tcp | |
| N/A | 127.0.0.1:53194 | tcp | |
| N/A | 127.0.0.1:53196 | tcp | |
| N/A | 127.0.0.1:53201 | tcp | |
| N/A | 127.0.0.1:53207 | tcp | |
| N/A | 127.0.0.1:53214 | tcp | |
| N/A | 127.0.0.1:53217 | tcp | |
| N/A | 127.0.0.1:53220 | tcp | |
| N/A | 127.0.0.1:53222 | tcp | |
| N/A | 127.0.0.1:53224 | tcp | |
| N/A | 127.0.0.1:53230 | tcp | |
| N/A | 127.0.0.1:53234 | tcp | |
| N/A | 127.0.0.1:53238 | tcp | |
| N/A | 127.0.0.1:53240 | tcp | |
| N/A | 127.0.0.1:53243 | tcp | |
| N/A | 127.0.0.1:53246 | tcp | |
| N/A | 127.0.0.1:53250 | tcp | |
| N/A | 127.0.0.1:53256 | tcp | |
| N/A | 127.0.0.1:53260 | tcp | |
| N/A | 127.0.0.1:53264 | tcp | |
| N/A | 127.0.0.1:53268 | tcp | |
| N/A | 127.0.0.1:53270 | tcp | |
| N/A | 127.0.0.1:53274 | tcp | |
| N/A | 127.0.0.1:53280 | tcp | |
| N/A | 127.0.0.1:53284 | tcp | |
| N/A | 127.0.0.1:53289 | tcp | |
| N/A | 127.0.0.1:53293 | tcp | |
| N/A | 127.0.0.1:53295 | tcp |
Files
memory/2212-1-0x0000000001BF0000-0x0000000001CF0000-memory.dmp
memory/2212-2-0x0000000000220000-0x000000000022B000-memory.dmp
memory/2212-3-0x0000000000400000-0x0000000001A2A000-memory.dmp
memory/1212-4-0x0000000002B10000-0x0000000002B26000-memory.dmp
memory/2212-5-0x0000000000400000-0x0000000001A2A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\9695.exe
| MD5 | b36162057140c2b4b0f863fc05179286 |
| SHA1 | a8391f0aa1c57af300bf6f7aab321587bb18bf09 |
| SHA256 | 5193bc8abdf519b4a1a5d4e743d761388596a31382fa9918ca623d889b6232e9 |
| SHA512 | ea208f87a7b23f39ab9425840c9ac6def918cb5b13bf00218da43d69d2ec5a8053c80cb72b8c7a60ae2a0780fcb36eed3ce470f9443da03ff9ad0a63642dd955 |
C:\Users\Admin\AppData\Local\Temp\9695.exe
| MD5 | 606a2dce5ccaae3cd3d3bb9e8c4d2664 |
| SHA1 | b946b4e42133a5a0366901f6c55488ca0d1302b8 |
| SHA256 | 846850c72655001d9c05f4cab64f85165b51219a3cf7a19fccdb0ebaab91c4e0 |
| SHA512 | 180c76f869ad8612a31a5e86c1e42567b9b925ac2a785a177daa61765d51825ec27d92f0b942dd7e54cc5797a09b3c6742423c9992d288eaab672a86b182a54b |
memory/2964-17-0x00000000034B0000-0x0000000003668000-memory.dmp
memory/2964-18-0x00000000034B0000-0x0000000003668000-memory.dmp
\Users\Admin\AppData\Local\Temp\9695.exe
| MD5 | 398ab69b1cdc624298fbc00526ea8aca |
| SHA1 | b2c76463ae08bb3a08accfcbf609ec4c2a9c0821 |
| SHA256 | ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be |
| SHA512 | 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739 |
memory/2964-22-0x0000000003670000-0x0000000003827000-memory.dmp
memory/2548-21-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2548-24-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2548-27-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2548-30-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2548-28-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2548-31-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\9CBD.dll
| MD5 | cf05928cd240febca7779c195602f469 |
| SHA1 | 6e1dc94b3a4a5a44961cdb27d24c572246445e94 |
| SHA256 | 46ea2db3555bfc56e8a2e6cf04904043e2487d2b9d5ce478da7692775d68148e |
| SHA512 | 3373f0fd74f2fc34ad1dbf83029639e9d13a84efc104b068333c4fa5df784657f9223db4d543b56991457eaa89a357aeb13b1fadfa530bf82a91f0ab994bfedd |
memory/2548-33-0x0000000000400000-0x0000000000848000-memory.dmp
\Users\Admin\AppData\Local\Temp\9CBD.dll
| MD5 | d86dd2542335e36ac5f8f74ccc15ffe5 |
| SHA1 | 11c40c85aae9f83c2458cd254816024ad3ecc427 |
| SHA256 | 90cc88946dc7b8590b6716dcc8bcd8d4230ec557bd283482f02caae4ea55336a |
| SHA512 | 8f334f78922dcec8e6f38384c2db5a4a1632212813648ff98da9efa215f7a0fda96ba194307208785a65f3a19206b06f6f2ea721252e7ff4fab922ee7dcdaa64 |
\Users\Admin\AppData\Local\Temp\9CBD.dll
| MD5 | 0106b250022fcc8082bf1e4e23be9c26 |
| SHA1 | 45904ab425bbe14796f9f165ccc2e09c64d49cdc |
| SHA256 | 118b3b1b4cde2b0d3e8a3d31137481373fb264018b2847a84859c147311117e0 |
| SHA512 | dfd2da3016e7b73732157f99c4128c5630e3a9d704211e482b58fd8360aa38b8588370f717ec413ed6a81d33fb7cc7e197c84b799a6427062a62f09bb0f00441 |
memory/2452-37-0x0000000000200000-0x0000000000206000-memory.dmp
memory/2452-36-0x0000000010000000-0x0000000010202000-memory.dmp
memory/2548-39-0x00000000002B0000-0x00000000002B6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AF45.exe
| MD5 | f40c4039bc971e6a0641c409b9080e9d |
| SHA1 | 1289fcf7b9129c101346c5f953ecaa46326a7aab |
| SHA256 | 338913963fcdd2bdd27808330b68d572b6c16aa4902d996fe7e0929f6143c9fa |
| SHA512 | c2843fb37066db57e5a54cdb0c0da9a3b1d5a4862bc44377ef53fe889f59f239f65fda4820d8f399d80270b8020ca023d3f1cf2e32e4ce0c0f0406977821b668 |
C:\Users\Admin\AppData\Local\Temp\AF45.exe
| MD5 | 23af6eda50d9ed9cd7af23d5c5d2edce |
| SHA1 | 15a2df4a4d013da65dfc9c36cd0df41f37b6ae08 |
| SHA256 | 4b1271cb49598c8e50d1b9074a2e4a83076c4f6920e935c755d03e2893a733b1 |
| SHA512 | d27148874fc906ec7959cd5c6ab01288fd7d9bb570b7b97b7ea0b8db47d375e319a1d506b2f3ffea9337d662efaa6c0e0be208130fc4ac6fe426c9c466154650 |
memory/3060-47-0x0000000000080000-0x0000000000081000-memory.dmp
memory/3060-50-0x0000000000080000-0x0000000000081000-memory.dmp
memory/3060-49-0x00000000009F0000-0x00000000012E1000-memory.dmp
memory/3060-52-0x0000000000080000-0x0000000000081000-memory.dmp
memory/3060-53-0x0000000077010000-0x0000000077011000-memory.dmp
memory/3060-57-0x0000000000090000-0x0000000000091000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\B6C4.exe
| MD5 | a1b5ee1b9649ab629a7ac257e2392f8d |
| SHA1 | dc1b14b6d57589440fb3021c9e06a3e3191968dc |
| SHA256 | 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65 |
| SHA512 | 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b |
memory/2780-64-0x0000000001BE0000-0x0000000001CE0000-memory.dmp
memory/2780-65-0x0000000000270000-0x00000000002DB000-memory.dmp
memory/2780-67-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/2780-66-0x0000000000400000-0x0000000001A77000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CCC5.exe
| MD5 | 3544bde4d0d42d3c2321eb34c0d1cd82 |
| SHA1 | 4efb46e3d03fb428c6ef48b5e3f72358f99edb2a |
| SHA256 | 99e93e9f609c0a2916d4361a9a55f59d0dfdb37e1832706ff0644b43094d5da4 |
| SHA512 | 791dccb19ecd727db329fb3f6e4a2685bdc08cfbe4aab6c52b2f719d7dfe0b6f95268ebf42a4c3ff54a95ff73431dea6128ce361ec7281a551beb924a2551a0b |
C:\Users\Admin\AppData\Local\Temp\CCC5.exe
| MD5 | 2c7078b90caee9d791dd338c2441ca32 |
| SHA1 | 56901d99127fd701353ab7c68e66c94c49eb507c |
| SHA256 | 8ad20c4b4c312feb468a58d1748c0d7abba3dd2d0fb8e6bfbee837c47a0e8c5a |
| SHA512 | 000d81908bc2df1f09fcbf0ac50c72079064923f23fbea2ee0868590eaf693dff4246bb0090083aaec6f031b11353147393b710f72cd1e3630c2ecd071401ef6 |
memory/2548-73-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2452-75-0x00000000021B0000-0x00000000022D8000-memory.dmp
memory/2452-76-0x0000000010000000-0x0000000010202000-memory.dmp
memory/2452-77-0x00000000022E0000-0x00000000023ED000-memory.dmp
memory/2452-80-0x00000000022E0000-0x00000000023ED000-memory.dmp
memory/2452-81-0x00000000022E0000-0x00000000023ED000-memory.dmp
\Users\Admin\AppData\Local\Temp\AF45.exe
| MD5 | 5d6bde031fef9c672abb60c5819dae79 |
| SHA1 | 1469918720951d6b142b513fdb8dd181793a06dc |
| SHA256 | 05fa70ed29ec53a8eb812cc97b02c5d1bab3b8ab829f7cbbd8417eea8c103114 |
| SHA512 | 2288f6365863c4a6938ad90807c3d34a325cbcdbe3219ae845c3ba6d176b95ea9ce2cc6b2395ce48edb2482281a9956c438fee55ec04f0e474f42ea0b3e4714b |
\Users\Admin\AppData\Local\Temp\AF45.exe
| MD5 | 6691c6e07c6f74edc383ffa6240146e5 |
| SHA1 | d97305fb580cf7314e21d1b969f83d34611c7949 |
| SHA256 | 81f3979e60a44b5014b1a1d01cc6fe2ed0b13a3bd644c2192f56c8305a2434e7 |
| SHA512 | d9354ffcb623b4a1b488d7b60bf7c58713ab110a241c683b673f14dc14e8ca2de3e801cf6fe2d5031e0ce2489774b1bf043aac57141ae7d9152c262eaadbb313 |
memory/528-84-0x0000000000D80000-0x000000000120C000-memory.dmp
\Users\Admin\AppData\Local\Temp\AF45.exe
| MD5 | e5b297d5cf1d8eace87c03e321c2dd2b |
| SHA1 | d3ce832f51b518abcec79eb6836cb79d2cfbf757 |
| SHA256 | 83bdce9362e81ad03661333a91a2c6d979326116747fbc216c8f3bdcdfb7a272 |
| SHA512 | a4690ce116db8989fea90638dfd0e9cdbd5e5c4807ee1cc4eda6cb1022beb16f6fbab1e732ab678cb46fd4f9360306e8e4f1a4e0da18057c0f5f449ac5ac9f64 |
C:\Users\Admin\AppData\Local\Temp\E517.exe
| MD5 | 38617539f3925b6017474f088cc3769a |
| SHA1 | c689b57ab62eac790a204c8231b02bfe0bc243a6 |
| SHA256 | defe2d4c932a7ef607e8ef1a643fb57b9c69cbc53b52bf802f9471aae5caef49 |
| SHA512 | 15d87c6231a8f2115ae3f0f021949d175d3f36735637c7b508a229af5b2a93f70f32e19d9b8e3d1e0fa41bd21ee46ab5d9c6ef630c826afe2210a789e5da53e7 |
C:\Users\Admin\AppData\Roaming\dwjvhht
| MD5 | 4e13689f591b1f5a2b52beb9a3f687e6 |
| SHA1 | 8ed7ecec05fe1a3bc1d6e52608ee8acc53c8fec3 |
| SHA256 | 1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6 |
| SHA512 | c4a8db72354a86f68be18cf03b0d1adb17a7cf7fd156681ad56fd453eeeb0c3b008855f907eec8c5a193a35ff3d655972ae5f968f784c863bdee99804f91a8c6 |
memory/528-93-0x0000000073870000-0x0000000073F5E000-memory.dmp
memory/2780-96-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/2548-97-0x0000000002CE0000-0x0000000002E08000-memory.dmp
memory/2548-98-0x0000000002E10000-0x0000000002F1D000-memory.dmp
memory/2548-101-0x0000000002E10000-0x0000000002F1D000-memory.dmp
memory/2548-102-0x0000000002E10000-0x0000000002F1D000-memory.dmp
memory/2444-110-0x0000000000230000-0x0000000000330000-memory.dmp
memory/2444-112-0x00000000003A0000-0x00000000003AB000-memory.dmp
memory/1728-111-0x0000000000400000-0x0000000001A2A000-memory.dmp
memory/1728-113-0x0000000000332000-0x0000000000348000-memory.dmp
memory/2444-115-0x0000000000400000-0x00000000022D3000-memory.dmp
\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
| MD5 | 0564a9bf638169a89ccb3820a6b9a58e |
| SHA1 | 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb |
| SHA256 | 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058 |
| SHA512 | 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6 |
memory/1212-116-0x0000000002B60000-0x0000000002B76000-memory.dmp
memory/2444-122-0x0000000000400000-0x00000000022D3000-memory.dmp
memory/2548-129-0x0000000000400000-0x0000000000848000-memory.dmp
\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 98d2928dc8738a1529c6696e134f5c6d |
| SHA1 | 955892b370d2f1e13e21df4ee0d8ab63ab5a3504 |
| SHA256 | 095fb8519510313b38dc6079ed7512fd614698612c1e391f4b7df03437ab0482 |
| SHA512 | dd9cc5a6a087a4d7415641777774b5fa3b7753655417257ee545164a48cd684c39e449099cd44fb1728d17ec9069d437f4712161a6a4d08f1a41784c78c25a4c |
memory/856-139-0x0000000003670000-0x0000000003A68000-memory.dmp
memory/2828-140-0x0000000000290000-0x0000000000390000-memory.dmp
memory/2828-141-0x0000000001A50000-0x0000000001AB7000-memory.dmp
memory/3060-130-0x00000000009F0000-0x00000000012E1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | d435a1d6c92b350c824ace24f94d5b58 |
| SHA1 | 2de65c5665e7cfbc18e90a58e778d34948a54eca |
| SHA256 | 94add31e627e99dfba3c4abd0159c0a6fba7736eb925e0829b185e1d148261be |
| SHA512 | c3689a2a363277d5f57d6cd52de3e03a9add38a863d03f99ffce5769256d09c19bf5d0c10be7f5659b1bf0e95a7a5185dc37958d8e47a3fe04a57a067c037746 |
\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 025b202e237065499033dec440eff434 |
| SHA1 | 84aeec19d5637c54e76f27d48a8501364b4b1f4b |
| SHA256 | b5ab3d47a8d027110a5bd5aceae480d20a9ded497d40bc91a1c5ab92cd0d381a |
| SHA512 | be4ad59ca3634c17b2f0aef1aa03f93f3b83d3b7a9bf5f505dbf2c2cd0755d00144e5c2f34c3a16c171f2a75c4cbc9b2e8a2f5aac0901faf1d5ec390ff341c8e |
memory/2828-142-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/856-143-0x0000000003670000-0x0000000003A68000-memory.dmp
memory/856-144-0x0000000003A70000-0x000000000435B000-memory.dmp
memory/856-145-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/528-146-0x0000000073870000-0x0000000073F5E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 44ff2ed7f28622afe0e5ba7c1cd702a7 |
| SHA1 | 5aec4a3f1f3a57a7cd8a366c736e2e932f529ed8 |
| SHA256 | 7d16cc26a07cc79b96c5ee6512102dae8ae526c4ae529380c412b0d45bc8351a |
| SHA512 | c0b766f1f8a4977fdc47adbcd10dbfabc0996a9421cab4d98ded773ddcefbb101d3137beb9e2ff4ea2b5d66849875e754bcbe0486396ce6a43b15262ccf82266 |
\Users\Admin\AppData\Local\Temp\u26k.0.exe
| MD5 | 5c47e4602163dd29a39294b7192f0658 |
| SHA1 | 268d1bf1f4c8c8b696298f802b95af8bd3891c10 |
| SHA256 | 5c0b29d51d9b148c8c19ce0efca365ccb1bbe720f634a15897684abbd1dc5d76 |
| SHA512 | 7baa0359781ba21c378a0fbd37dfcde2d1b0c5a9ce3afcf8db0617f91a49dd552416c90963731798669002eda0a15f2296120cb9307c8cafef18dfdb4a52ad91 |
memory/2780-166-0x0000000000270000-0x00000000002DB000-memory.dmp
memory/2780-165-0x0000000001BE0000-0x0000000001CE0000-memory.dmp
\Users\Admin\AppData\Local\Temp\u26k.1.exe
| MD5 | d402d420fce991517d2ea40202852224 |
| SHA1 | 9b31490f2d98d12d3820c2de9e59865ff69d90c8 |
| SHA256 | 87e4d59ba2ab9708b0c95e151193765c9804c902c372aee439732ff59dd52f9c |
| SHA512 | 4d86cbe168c6aa312d3ec6c08c89ca50ccb5dac44bbfbbc508a950e63ab4e99a773e6bf50313f92699a98812dd66a36ee574bd1042b19f14323db7b99465c2b7 |
\Users\Admin\AppData\Local\Temp\u26k.1.exe
| MD5 | f6b8e4d1efbcc0e4e6e3fa1d193ee34e |
| SHA1 | 16f0132e8da1f1af91c399e52a10ca95b4dfe5e7 |
| SHA256 | 4d59a99022baae98e10a2d55d7f1927fd43c983fd1a823f5595719b4dd481534 |
| SHA512 | cf1237ab6e187a76aeb715fc5074bf689c50231cbad468884ffee6f3afb33c14c48911ca149b5f8c2fd4755a10036788090980d70f43d979b76eec59264d72fd |
C:\Users\Admin\AppData\Local\Temp\u26k.1.exe
| MD5 | 936fda8839ee3f7ae56317317a9afa84 |
| SHA1 | 25180dd588939216c1071c2e026220cf071f2ffe |
| SHA256 | ada2713330da8079a53c2c1b80f283cb841eda09c4001fa53c5394e1123a1517 |
| SHA512 | f8ee1a13fc96b431fba68c34c95091daf37e2e39e80dacb5a577cb6ac7df3bf6dd45cd0ebf7089fc6690d189ec99b55daaba82712ad0aca70823a237e6457041 |
\Users\Admin\AppData\Local\Temp\u26k.1.exe
| MD5 | c5e7334ac8b8e435fa5b16fe87a8a2a5 |
| SHA1 | 4ad9b72f59400fcbb160433e274336a74639c644 |
| SHA256 | 9d57dc99061507df3c7bd4081a650cd0dbac6c10c8954f6b17ae97380d939432 |
| SHA512 | f4480e52d0aabdec94d2587acea030921085e2b3d7f2174aac65cf7cfe093a9ce17651303969372235558ff2469b4ba1f8edf736a02a9e75d2086785f8f90fb0 |
C:\Users\Admin\AppData\Local\Temp\u26k.1.exe
| MD5 | 9eabffa31037c1d993264512221992bb |
| SHA1 | 360708927f0f15603a1e488124408b8a2e45517a |
| SHA256 | 394d4e739953298b5089922fd56e3c889eb731f0e9d3182aa2a38875ab413ed1 |
| SHA512 | 1e9ae73c4fffe091edf6e0880c027081a71e6bacba959c04d0daf849b448828831b888e8effbcf02ddc2183b95c0f8c7a73ae608951f9dfbfc936c0444242b9d |
memory/2828-180-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/2828-183-0x00000000047C0000-0x0000000004CF0000-memory.dmp
memory/2828-182-0x00000000047C0000-0x0000000004CF0000-memory.dmp
memory/2828-184-0x00000000047C0000-0x0000000004CF0000-memory.dmp
memory/1512-186-0x0000000000400000-0x0000000000930000-memory.dmp
memory/1512-188-0x0000000000230000-0x0000000000231000-memory.dmp
memory/1620-189-0x00000000002A0000-0x00000000002C7000-memory.dmp
memory/1620-191-0x0000000002350000-0x0000000002450000-memory.dmp
memory/1620-190-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/2548-192-0x0000000000400000-0x0000000000848000-memory.dmp
memory/856-193-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/1620-194-0x0000000000400000-0x00000000022DA000-memory.dmp
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
memory/1512-202-0x0000000000400000-0x0000000000930000-memory.dmp
memory/1620-204-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/856-219-0x0000000000400000-0x0000000001E0F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 6d329ff620b9edfdf5e175e9ea3d0ef3 |
| SHA1 | 01c89e92f659991b79cd63c7e69542dc0f6b50db |
| SHA256 | 351e5921b965157f58847fafc01538e1764defbddd5938328e793f30efe43ffa |
| SHA512 | f768fdb1515f760f4ae13ae9f21392f3f182da48466293ce72b933dec20768036d5689cc024c5141b50d6033cc1daaf3bab16f47c1c42b9d0091d4caec96251e |
memory/2932-235-0x0000000003670000-0x0000000003A68000-memory.dmp
memory/2932-236-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/856-237-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/2828-251-0x00000000047C0000-0x0000000004CF0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | 46b1068f4a605358281eafb05bf4f7ce |
| SHA1 | acdaf418f82cb4fdaa43c5e41c3c1381b14faa23 |
| SHA256 | df3c7e15390ddbf8b5a191788af6a5e3adaa25915deeecc34b664cc7b2f061ba |
| SHA512 | 3a1df0477ab7bfd322a2e382aa85c385017c7bf5435847344dd6a811f32d6a503da326453b89b81613ffa34257a7f765c71a2202bba89252f22e0b66d4bbbadb |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | 8d118003fdece5708f4074b4dc15d245 |
| SHA1 | 967d3fe03c416ca7407a723b302767c580c8a047 |
| SHA256 | 872f16f6f0b518b7edd21e072aeeff2ca6a1e01ac81c135b1025c56e996e1442 |
| SHA512 | 77795574f4998588410d61e85a9be28fda8a98f009b2cbeedc911a8c387ba15a864d880e5208df31a70478fe77460974611c3772ac980e0ab72f0cbfa05bf277 |
\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
\Windows\rss\csrss.exe
| MD5 | 0c7b8daa9b09bcdf947a020bf28c2f19 |
| SHA1 | 738f89f4da5256d14fe11394cf79e42060a7e98b |
| SHA256 | ff0c709f06a8850794f2501c7dc9ce4ffc75f1ab3039218952cd87a067d3d3ff |
| SHA512 | b069ef6d30a5afafc4b4e2632cb4f9da65e58dcedb66706921d85a6be97a024c1e786ec51299ba52668a65fe948d499609aa2b4978fb20738dd0b643d84cbcf6 |
\Windows\rss\csrss.exe
| MD5 | 4cc5b5b832d01a1eda63eb278acdc55d |
| SHA1 | 188c3bc194eec65a7a1f733a32bd2272c1102381 |
| SHA256 | 4e5c1a10ec25596a6f5fce5db2bab9c2a9064be14b4eef280428acfc9fd81234 |
| SHA512 | ad19dfa3c37f8a36eea7538e441eaeadb117289433ced20f68dd40261a45958536c82392dc985ad09271525501fa85fa6e0032d3b4e9f40a6a228a6d51d07f6c |
memory/2932-339-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/1620-1007-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/1512-3703-0x0000000000230000-0x0000000000231000-memory.dmp
memory/2548-3707-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2084-3710-0x00000000035B0000-0x00000000039A8000-memory.dmp
C:\Windows\rss\csrss.exe
| MD5 | 2783d4295e4ef33c1daf634826e06947 |
| SHA1 | 92b33296edd316a9282a964937de51d48441079b |
| SHA256 | 00e87aadda4933ee678659f425f65e2a6662c463bc396574b92f012f62813cd8 |
| SHA512 | 7428ac628e5cb84092b7ff95303b17bd3f9be34c17beca2caa062dd78323ae5d62c4b57c15448ddc8ed49864e53342cd6b4eaa5fa147d05f4a4943c1df9a7c75 |
C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe
| MD5 | 13aaafe14eb60d6a718230e82c671d57 |
| SHA1 | e039dd924d12f264521b8e689426fb7ca95a0a7b |
| SHA256 | f44a7deb678ae7bbaaadf88e4c620d7cdf7e6831a1656c456545b1c06feb4ef3 |
| SHA512 | ade02218c0fd1ef9290c3113cf993dd89e87d4fb66fa1b34afdc73c84876123cd742d2a36d8daa95e2a573d2aa7e880f3c8ba0c5c91916ed15e7c4f6ff847de3 |
\Users\Admin\AppData\Local\Temp\dbghelp.dll
| MD5 | f0616fa8bc54ece07e3107057f74e4db |
| SHA1 | b33995c4f9a004b7d806c4bb36040ee844781fca |
| SHA256 | 6e58fcf4d763022b1f79a3c448eb2ebd8ad1c15df3acf58416893f1cbc699026 |
| SHA512 | 15242e3f5652d7f1d0e31cebadfe2f238ca3222f0e927eb7feb644ab2b3d33132cf2316ee5089324f20f72f1650ad5bb8dd82b96518386ce5b319fb5ceb8313c |
\Users\Admin\AppData\Local\Temp\symsrv.dll
| MD5 | 5c399d34d8dc01741269ff1f1aca7554 |
| SHA1 | e0ceed500d3cef5558f3f55d33ba9c3a709e8f55 |
| SHA256 | e11e0f7804bfc485b19103a940be3d382f31c1378caca0c63076e27797d7553f |
| SHA512 | 8ff9d38b22d73c595cc417427b59f5ca8e1fb7b47a2fa6aef25322bf6e614d6b71339a752d779bd736b4c1057239100ac8cc62629fd5d6556785a69bcdc3d73d |
C:\Users\Admin\AppData\Local\Temp\ntkrnlmp.exe
| MD5 | 71f6ec4bf5b766f63788a7b37dc472ed |
| SHA1 | 889f7096dbcd8202e088340a67c0b7eeb6a88023 |
| SHA256 | 256a11da83914adadf7d53fd7abafe68d2ab97d4bf3972a23ab8cc5748f00b5f |
| SHA512 | cb2c62e9258805ff7280fd8ba2d49f0bf77e82dc64386c10b73f5af5afd722d36e4b4e823df43a2a917fdfd29e536b41b0a92b84dac190d2917910aeb0055ff1 |
\Users\Admin\AppData\Local\Temp\ntkrnlmp.exe
| MD5 | 3df7ad8817821630133903613edc8048 |
| SHA1 | 9bb4cc6a97633d7e066ad79e996ee0e0ec6fd345 |
| SHA256 | d16ae0c7029c93baf4231ad9e85c6e840dc774422f00f6246c1ab6420f27e6e6 |
| SHA512 | 515f24af6eddfe7aca30c42737d8f607d413fadc8d8eb03e44798d66247dcaee86cac77d60421bedfe02ec5ceea85ece2b126ee4ddfd5ffa594dd4c224cc4f48 |
\Users\Admin\AppData\Local\Temp\ntkrnlmp.exe
| MD5 | 8a872d08a57aff8f56e38ed98cb61492 |
| SHA1 | 9dcfcb815de8f33b880ad742da6d48e4438f7fd1 |
| SHA256 | 62040e1f986db481f2e00147e67868a1b60b029fd03f55927123add367e2300c |
| SHA512 | dca946da2fb4c69d01703cd3df840617de8f77739c1046bef983b42e692608c50b5ee149ed4b70411db56c0523aaf5e75c3e53e7371801f4f5656699bbf9c6a3 |
\Users\Admin\AppData\Local\Temp\ntkrnlmp.exe
| MD5 | 8e69974bc475b50e18f4311437e237ec |
| SHA1 | 8cd5d2cb3fc82366a440e2d4e70ae0d35f633211 |
| SHA256 | 0a4aee4f78c9d82af65d10b5196affaa4482c8a7a29815ac546a462ab37de9e9 |
| SHA512 | 286ab6aea17a6833ba4c1e35893d51c36668e4268cee5306d3b813e99e9159ef341e4333dc5bc96bdcda1c9d5894aeb33b45e5f04c4d203991e01f93f965a55f |
\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
| MD5 | d98e33b66343e7c96158444127a117f6 |
| SHA1 | bb716c5509a2bf345c6c1152f6e3e1452d39d50d |
| SHA256 | 5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1 |
| SHA512 | 705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5 |
C:\Users\Admin\AppData\Local\Temp\Cab28A8.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 753df6889fd7410a2e9fe333da83a429 |
| SHA1 | 3c425f16e8267186061dd48ac1c77c122962456e |
| SHA256 | b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78 |
| SHA512 | 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444 |
C:\Users\Admin\AppData\Local\Temp\Tar2B9C.tmp
| MD5 | dd73cead4b93366cf3465c8cd32e2796 |
| SHA1 | 74546226dfe9ceb8184651e920d1dbfb432b314e |
| SHA256 | a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22 |
| SHA512 | ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63 |
C:\Users\Admin\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\AAF33CF37E194E98957768CF9C02DE8E2\download.error
| MD5 | 4fe39d42f238cfd20e4a8b4db5f0f55c |
| SHA1 | 567716ea6b76e6231e334ffa3b8cd3ddfb13f972 |
| SHA256 | 489550748b7cfa99b47edf600319c06e9ae35f219c7d05a254c842b58240f638 |
| SHA512 | d44a562cd26a315f818d931808f104be7e61619f3825f81fb747d65f14deb14cdcd341b9d5f10f69a84a8b093bed59b74b3910f613387958cd93dab5a7a475bf |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-29 04:49
Reported
2024-02-29 04:54
Platform
win10-20240221-en
Max time kernel
185s
Max time network
304s
Command Line
Signatures
DcRat
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\487E.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
Pitou
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\487E.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\487E.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6975.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\705C.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\831A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\95C8.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3sg.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\udawfbu | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3sg.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\487E.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3sg.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3sg.0.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\487E.exe | N/A |
Checks installed software on the system
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\705C.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2124 set thread context of 5104 | N/A | C:\Users\Admin\AppData\Local\Temp\487E.exe | C:\Users\Admin\AppData\Local\Temp\487E.exe |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Roaming\udawfbu |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\487E.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\95C8.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\95C8.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\95C8.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\u3sg.0.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\u3sg.0.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2161 = "Altai Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2531 = "Chatham Islands Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-435 = "Georgian Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-502 = "Nepal Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-122 = "SA Pacific Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2842 = "Saratov Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1661 = "Bahia Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-661 = "Cen. Australia Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-721 = "Central Pacific Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-682 = "E. Australia Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-381 = "South Africa Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-531 = "Sri Lanka Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2492 = "Aus Central W. Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2371 = "Easter Island Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-541 = "Myanmar Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-72 = "Newfoundland Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2141 = "Transbaikal Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-12 = "Azores Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-281 = "Central Europe Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-981 = "Kamchatka Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-872 = "Pakistan Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-592 = "Malay Peninsula Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-932 = "Coordinated Universal Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2001 = "Cabo Verde Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-151 = "Central America Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1821 = "Russia TZ 1 Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-221 = "Alaskan Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-391 = "Arab Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-104 = "Central Brazilian Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1822 = "Russia TZ 1 Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1931 = "Russia TZ 11 Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-931 = "Coordinated Universal Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2392 = "Aleutian Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-491 = "India Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-402 = "Arabic Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-152 = "Central America Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-112 = "Eastern Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-132 = "US Eastern Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2532 = "Chatham Islands Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-364 = "Middle East Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-501 = "Nepal Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-91 = "Pacific SA Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2451 = "Saint Pierre Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-652 = "AUS Central Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2372 = "Easter Island Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-272 = "Greenwich Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-362 = "GTB Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2632 = "Norfolk Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-211 = "Pacific Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1932 = "Russia TZ 11 Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1472 = "Magadan Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-892 = "Morocco Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-832 = "SA Eastern Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2572 = "Turks and Caicos Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-442 = "Arabian Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2182 = "Astrakhan Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2181 = "Astrakhan Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\95C8.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3sg.1.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6.exe
"C:\Users\Admin\AppData\Local\Temp\1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6.exe"
C:\Users\Admin\AppData\Local\Temp\487E.exe
C:\Users\Admin\AppData\Local\Temp\487E.exe
C:\Users\Admin\AppData\Local\Temp\487E.exe
C:\Users\Admin\AppData\Local\Temp\487E.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4EA9.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\4EA9.dll
C:\Users\Admin\AppData\Local\Temp\6975.exe
C:\Users\Admin\AppData\Local\Temp\6975.exe
C:\Users\Admin\AppData\Local\Temp\705C.exe
C:\Users\Admin\AppData\Local\Temp\705C.exe
C:\Users\Admin\AppData\Local\Temp\831A.exe
C:\Users\Admin\AppData\Local\Temp\831A.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Roaming\udawfbu
C:\Users\Admin\AppData\Roaming\udawfbu
C:\Users\Admin\AppData\Local\Temp\95C8.exe
C:\Users\Admin\AppData\Local\Temp\95C8.exe
C:\Users\Admin\AppData\Local\Temp\u3sg.0.exe
"C:\Users\Admin\AppData\Local\Temp\u3sg.0.exe"
C:\Users\Admin\AppData\Local\Temp\u3sg.1.exe
"C:\Users\Admin\AppData\Local\Temp\u3sg.1.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 480
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 37080
C:\Windows\System32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\windefender.exe
"C:\Windows\windefender.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\SysWOW64\sc.exe
sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\windefender.exe
C:\Windows\windefender.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| US | 8.8.8.8:53 | 120.85.215.91.in-addr.arpa | udp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | resergvearyinitiani.shop | udp |
| US | 172.67.217.100:443 | resergvearyinitiani.shop | tcp |
| US | 8.8.8.8:53 | 19.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.217.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| KR | 211.181.24.132:80 | trmpc.com | tcp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| US | 8.8.8.8:53 | 132.24.181.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.128.172.185.in-addr.arpa | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 8.8.8.8:53 | 127.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | joly.bestsup.su | udp |
| US | 172.67.171.112:80 | joly.bestsup.su | tcp |
| US | 8.8.8.8:53 | 112.171.67.172.in-addr.arpa | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| US | 8.8.8.8:53 | 109.128.172.185.in-addr.arpa | udp |
| PL | 145.239.84.172:80 | tcp | |
| DE | 194.55.13.50:9001 | tcp | |
| US | 8.8.8.8:53 | 172.84.239.145.in-addr.arpa | udp |
| CA | 24.150.204.225:9003 | tcp | |
| US | 8.8.8.8:53 | 50.13.55.194.in-addr.arpa | udp |
| DE | 94.16.122.61:9001 | tcp | |
| FR | 94.23.76.52:443 | tcp | |
| US | 8.8.8.8:53 | 52.76.23.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.122.16.94.in-addr.arpa | udp |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| US | 8.8.8.8:53 | 145.128.172.185.in-addr.arpa | udp |
| FR | 94.23.76.52:443 | tcp | |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| DE | 94.16.122.61:9001 | tcp | |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 8.8.8.8:53 | 118.80.21.104.in-addr.arpa | udp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | 126.195.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.202.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 172.67.147.18:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 18.147.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | selfcare.pioneer.co.in | udp |
| US | 8.8.8.8:53 | boardgamegeek.com | udp |
| US | 8.8.8.8:53 | selfcare.pioneer.co.in | udp |
| US | 8.8.8.8:53 | boardgamegeek.com | udp |
| US | 8.8.8.8:53 | gameclub.ph | udp |
| US | 8.8.8.8:53 | gameclub.ph | udp |
| US | 130.211.47.221:22 | boardgamegeek.com | tcp |
| US | 8.8.8.8:53 | hometd.online | udp |
| US | 8.8.8.8:53 | vi-vn.facebook.com | udp |
| US | 8.8.8.8:53 | hometd.online | udp |
| US | 130.211.47.221:21 | boardgamegeek.com | tcp |
| US | 8.8.8.8:53 | vi-vn.facebook.com | udp |
| HK | 18.167.131.211:22 | gameclub.ph | tcp |
| US | 8.8.8.8:53 | pwr.macys.net | udp |
| US | 130.211.47.221:443 | boardgamegeek.com | tcp |
| IN | 182.18.178.167:21 | selfcare.pioneer.co.in | tcp |
| IN | 182.18.178.167:443 | selfcare.pioneer.co.in | tcp |
| US | 8.8.8.8:53 | mxa.mailgun.org | udp |
| HK | 18.167.131.211:21 | gameclub.ph | tcp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | pwr.macys.net | udp |
| US | 8.8.8.8:53 | divisionmidway.org | udp |
| IN | 182.18.178.167:22 | selfcare.pioneer.co.in | tcp |
| HK | 18.167.131.211:443 | gameclub.ph | tcp |
| US | 8.8.8.8:53 | divisionmidway.org | udp |
| US | 8.8.8.8:53 | t.me | udp |
| GB | 163.70.147.22:22 | vi-vn.facebook.com | tcp |
| GB | 163.70.147.22:21 | vi-vn.facebook.com | tcp |
| US | 8.8.8.8:53 | 221.47.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.178.18.182.in-addr.arpa | udp |
| US | 65.169.6.137:22 | pwr.macys.net | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| US | 8.8.8.8:53 | accounts.ecitizen.go.ke | udp |
| US | 34.160.63.108:143 | mxa.mailgun.org | tcp |
| US | 8.8.8.8:53 | broadband.pioneer.co.in | udp |
| US | 34.160.63.108:465 | mxa.mailgun.org | tcp |
| US | 130.211.47.221:80 | boardgamegeek.com | tcp |
| GB | 163.70.147.22:443 | vi-vn.facebook.com | tcp |
| BE | 66.102.1.26:143 | aspmx.l.google.com | tcp |
| US | 65.169.6.137:21 | pwr.macys.net | tcp |
| BE | 66.102.1.26:465 | aspmx.l.google.com | tcp |
| HK | 18.167.131.211:80 | gameclub.ph | tcp |
| US | 8.8.8.8:53 | accounts.ecitizen.go.ke | udp |
| US | 8.8.8.8:53 | estorilsolcasinos.pt | udp |
| US | 107.180.3.238:22 | divisionmidway.org | tcp |
| US | 130.211.47.221:80 | boardgamegeek.com | tcp |
| US | 8.8.8.8:53 | hometd.online | udp |
| US | 34.160.63.108:995 | mxa.mailgun.org | tcp |
| IN | 182.18.178.167:143 | broadband.pioneer.co.in | tcp |
| US | 65.169.6.137:443 | pwr.macys.net | tcp |
| BE | 66.102.1.26:995 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | 108.63.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.147.70.163.in-addr.arpa | udp |
| US | 107.180.3.238:21 | divisionmidway.org | tcp |
| US | 8.8.8.8:53 | estorilsolcasinos.pt | udp |
| US | 8.8.8.8:53 | auth.riotgames.com | udp |
| IN | 182.18.178.167:465 | broadband.pioneer.co.in | tcp |
| IN | 182.18.178.167:80 | broadband.pioneer.co.in | tcp |
| US | 65.169.6.137:143 | pwr.macys.net | tcp |
| GB | 163.70.147.22:80 | vi-vn.facebook.com | tcp |
| US | 107.180.3.238:443 | divisionmidway.org | tcp |
| US | 8.8.8.8:53 | m.facebook.com | udp |
| NL | 149.154.167.99:22 | t.me | tcp |
| NL | 149.154.167.99:21 | t.me | tcp |
| US | 8.8.8.8:53 | auth.riotgames.com | udp |
| IN | 182.18.178.167:21 | broadband.pioneer.co.in | tcp |
| US | 104.22.5.175:22 | accounts.ecitizen.go.ke | tcp |
| US | 8.8.8.8:53 | kcls.kanopy.com | udp |
| IN | 182.18.178.167:995 | broadband.pioneer.co.in | tcp |
| GB | 163.70.147.22:143 | vi-vn.facebook.com | tcp |
| GB | 163.70.147.22:465 | vi-vn.facebook.com | tcp |
| US | 8.8.8.8:53 | 211.131.167.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.6.169.65.in-addr.arpa | udp |
| IN | 182.18.178.167:22 | broadband.pioneer.co.in | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 104.22.5.175:21 | accounts.ecitizen.go.ke | tcp |
| IN | 182.18.178.167:443 | broadband.pioneer.co.in | tcp |
| US | 8.8.8.8:53 | kcls.kanopy.com | udp |
| US | 8.8.8.8:53 | tvs.adityabirlainsurancebrokers.com | udp |
| HK | 18.167.131.211:80 | gameclub.ph | tcp |
| US | 130.211.47.221:443 | boardgamegeek.com | tcp |
| GB | 163.70.147.22:995 | vi-vn.facebook.com | tcp |
| US | 65.169.6.137:465 | pwr.macys.net | tcp |
| US | 65.169.6.137:80 | pwr.macys.net | tcp |
| US | 104.18.40.61:22 | estorilsolcasinos.pt | tcp |
| BE | 66.102.1.26:143 | aspmx.l.google.com | tcp |
| US | 104.22.5.175:443 | accounts.ecitizen.go.ke | tcp |
| US | 8.8.8.8:53 | www.gameclub.ph | udp |
| US | 8.8.8.8:53 | tvs.adityabirlainsurancebrokers.com | udp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 130.211.47.221:443 | boardgamegeek.com | tcp |
| US | 65.169.6.137:995 | pwr.macys.net | tcp |
| US | 8.8.8.8:53 | hometd.online | udp |
| US | 8.8.8.8:53 | jiofi.local.html | udp |
| US | 107.180.3.238:80 | divisionmidway.org | tcp |
| US | 8.8.8.8:53 | smtp.novis.pt | udp |
| BE | 66.102.1.26:465 | aspmx.l.google.com | tcp |
| US | 104.16.120.50:22 | auth.riotgames.com | tcp |
| NL | 149.154.167.99:143 | t.me | tcp |
| US | 104.18.40.61:443 | estorilsolcasinos.pt | tcp |
| US | 104.16.120.50:21 | auth.riotgames.com | tcp |
| US | 104.22.4.175:22 | accounts.ecitizen.go.ke | tcp |
| US | 104.18.40.61:21 | estorilsolcasinos.pt | tcp |
| US | 104.22.5.175:143 | accounts.ecitizen.go.ke | tcp |
| US | 104.22.4.175:21 | accounts.ecitizen.go.ke | tcp |
| US | 8.8.8.8:53 | jiofi.local.html | udp |
| US | 8.8.8.8:53 | accounts.discogs.com | udp |
| BE | 66.102.1.26:995 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | 175.5.22.104.in-addr.arpa | udp |
| GB | 163.70.147.22:443 | vi-vn.facebook.com | tcp |
| IN | 182.18.178.167:143 | broadband.pioneer.co.in | tcp |
| US | 104.18.18.222:22 | kcls.kanopy.com | tcp |
| US | 104.18.18.222:21 | kcls.kanopy.com | tcp |
| US | 65.169.6.137:80 | pwr.macys.net | tcp |
| US | 104.16.119.50:22 | auth.riotgames.com | tcp |
| US | 172.64.147.195:22 | estorilsolcasinos.pt | tcp |
| US | 104.16.120.50:443 | auth.riotgames.com | tcp |
| US | 172.64.147.195:21 | estorilsolcasinos.pt | tcp |
| IN | 218.248.28.234:22 | tvs.adityabirlainsurancebrokers.com | tcp |
| SG | 43.159.107.5:443 | www.gameclub.ph | tcp |
| US | 104.22.5.175:465 | accounts.ecitizen.go.ke | tcp |
| US | 104.22.5.175:80 | accounts.ecitizen.go.ke | tcp |
| IN | 182.18.178.167:443 | broadband.pioneer.co.in | tcp |
| US | 104.22.5.175:80 | accounts.ecitizen.go.ke | tcp |
| IN | 182.18.178.167:465 | broadband.pioneer.co.in | tcp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | accounts.discogs.com | udp |
| NL | 149.154.167.99:80 | t.me | tcp |
| NL | 149.154.167.99:465 | t.me | tcp |
| US | 8.8.8.8:53 | 61.40.18.104.in-addr.arpa | udp |
| US | 130.211.47.221:22 | boardgamegeek.com | tcp |
| NL | 149.154.167.99:80 | t.me | tcp |
| SG | 43.159.107.5:443 | www.gameclub.ph | tcp |
| US | 104.18.19.222:22 | kcls.kanopy.com | tcp |
| US | 104.18.19.222:21 | kcls.kanopy.com | tcp |
| IN | 218.248.28.234:21 | tvs.adityabirlainsurancebrokers.com | tcp |
| US | 104.18.18.222:443 | kcls.kanopy.com | tcp |
| US | 8.8.8.8:53 | www.estorilsolcasinos.pt | udp |
| US | 104.16.119.50:21 | auth.riotgames.com | tcp |
| US | 104.22.4.175:143 | accounts.ecitizen.go.ke | tcp |
| IN | 59.144.5.158:22 | tvs.adityabirlainsurancebrokers.com | tcp |
| US | 104.22.5.175:995 | accounts.ecitizen.go.ke | tcp |
| IN | 182.18.178.167:80 | broadband.pioneer.co.in | tcp |
| US | 104.22.4.175:465 | accounts.ecitizen.go.ke | tcp |
| IN | 182.18.178.167:990 | broadband.pioneer.co.in | tcp |
| US | 104.16.120.50:143 | auth.riotgames.com | tcp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | launcherfenix.com.ar | udp |
| US | 8.8.8.8:53 | hometd.online | udp |
| NL | 149.154.167.99:995 | t.me | tcp |
| PT | 195.170.168.49:143 | smtp.novis.pt | tcp |
| IN | 182.18.178.167:995 | broadband.pioneer.co.in | tcp |
| US | 104.18.40.61:80 | www.estorilsolcasinos.pt | tcp |
| PT | 195.170.168.49:465 | smtp.novis.pt | tcp |
| IN | 182.18.178.167:222 | broadband.pioneer.co.in | tcp |
| US | 34.160.63.108:143 | mxa.mailgun.org | tcp |
| US | 130.211.47.221:21 | boardgamegeek.com | tcp |
| US | 8.8.8.8:53 | 50.120.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.107.159.43.in-addr.arpa | udp |
| HK | 18.167.131.211:22 | gameclub.ph | tcp |
| IN | 59.144.5.158:21 | tvs.adityabirlainsurancebrokers.com | tcp |
| US | 104.22.4.175:995 | accounts.ecitizen.go.ke | tcp |
| IN | 218.248.28.234:443 | tvs.adityabirlainsurancebrokers.com | tcp |
| BE | 66.102.1.26:143 | aspmx.l.google.com | tcp |
| HK | 18.167.131.211:21 | gameclub.ph | tcp |
| US | 130.211.47.221:80 | boardgamegeek.com | tcp |
| US | 104.16.119.50:143 | auth.riotgames.com | tcp |
| US | 104.16.120.50:465 | auth.riotgames.com | tcp |
| US | 104.18.36.202:22 | accounts.discogs.com | tcp |
| US | 104.16.120.50:80 | auth.riotgames.com | tcp |
| GB | 163.70.147.22:22 | vi-vn.facebook.com | tcp |
| GB | 163.70.147.22:80 | vi-vn.facebook.com | tcp |
| US | 107.180.3.238:22 | divisionmidway.org | tcp |
| PT | 195.170.168.49:995 | smtp.novis.pt | tcp |
| US | 8.8.8.8:53 | launcherfenix.com.ar | udp |
| US | 8.8.8.8:53 | mobile.b-sensation77.com | udp |
| US | 8.8.8.8:53 | jiofi.local.html | udp |
| GB | 163.70.147.22:21 | vi-vn.facebook.com | tcp |
| US | 34.160.63.108:995 | mxa.mailgun.org | tcp |
| US | 130.211.47.221:80 | boardgamegeek.com | tcp |
| US | 104.22.5.175:80 | accounts.ecitizen.go.ke | tcp |
| US | 8.8.8.8:53 | 222.18.18.104.in-addr.arpa | udp |
| US | 107.180.3.238:21 | divisionmidway.org | tcp |
| US | 104.18.36.202:21 | accounts.discogs.com | tcp |
| GB | 23.214.154.77:22 | help.steampowered.com | tcp |
| US | 34.160.63.108:465 | mxa.mailgun.org | tcp |
| US | 104.18.18.222:143 | kcls.kanopy.com | tcp |
| IN | 218.248.28.234:143 | tvs.adityabirlainsurancebrokers.com | tcp |
| BE | 66.102.1.26:465 | aspmx.l.google.com | tcp |
| US | 65.169.6.137:21 | pwr.macys.net | tcp |
| US | 104.16.120.50:995 | auth.riotgames.com | tcp |
| GB | 163.70.147.35:443 | m.facebook.com | tcp |
| US | 107.180.3.238:80 | divisionmidway.org | tcp |
| NL | 149.154.167.99:22 | t.me | tcp |
| US | 8.8.8.8:53 | portal.aaup.edu | udp |
| US | 8.8.8.8:53 | hometd.online | udp |
| NL | 149.154.167.99:21 | t.me | tcp |
| GB | 23.214.154.77:443 | help.steampowered.com | tcp |
| US | 104.22.5.175:22 | accounts.ecitizen.go.ke | tcp |
| US | 104.18.36.202:443 | accounts.discogs.com | tcp |
| US | 104.16.120.50:80 | auth.riotgames.com | tcp |
| GB | 163.70.147.22:143 | vi-vn.facebook.com | tcp |
| US | 104.18.18.222:465 | kcls.kanopy.com | tcp |
| IN | 218.248.28.234:80 | tvs.adityabirlainsurancebrokers.com | tcp |
| US | 104.22.5.175:80 | accounts.ecitizen.go.ke | tcp |
| US | 104.22.5.175:21 | accounts.ecitizen.go.ke | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| GB | 163.70.147.22:465 | vi-vn.facebook.com | tcp |
| US | 104.22.5.175:80 | accounts.ecitizen.go.ke | tcp |
| US | 65.169.6.137:143 | pwr.macys.net | tcp |
| US | 8.8.8.8:53 | seller.trunkroute.com | udp |
| US | 8.8.8.8:53 | jiofi.local.html | udp |
| US | 8.8.8.8:53 | 234.28.248.218.in-addr.arpa | udp |
| HK | 18.167.131.211:80 | gameclub.ph | tcp |
| US | 104.18.18.222:80 | kcls.kanopy.com | tcp |
| IN | 182.18.178.167:80 | broadband.pioneer.co.in | tcp |
| US | 104.18.40.61:443 | www.estorilsolcasinos.pt | tcp |
| US | 8.8.8.8:53 | mobile.b-sensation77.com | udp |
| US | 8.8.8.8:53 | seller.trunkroute.com | udp |
| US | 8.8.8.8:53 | fullizle.tk | udp |
| US | 104.18.40.61:443 | www.estorilsolcasinos.pt | tcp |
| US | 8.8.8.8:53 | _dc-mx.c1d018000cb5.launcherfenix.com.ar | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.154.214.23.in-addr.arpa | udp |
| US | 130.211.47.221:443 | boardgamegeek.com | tcp |
| US | 104.18.36.202:80 | accounts.discogs.com | tcp |
| US | 104.16.120.50:443 | auth.riotgames.com | tcp |
| US | 8.8.8.8:53 | fullizle.tk | udp |
| US | 8.8.8.8:53 | hometd.online | udp |
| US | 8.8.8.8:53 | auth.riotgames.com | udp |
| US | 8.8.8.8:53 | pwr.macys.net | udp |
| US | 8.8.8.8:53 | jiofi.local.html | udp |
| US | 8.8.8.8:53 | 202.36.18.104.in-addr.arpa | udp |
| GB | 104.84.80.91:21 | seller.trunkroute.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 23.214.154.77:80 | help.steampowered.com | tcp |
| US | 8.8.8.8:53 | sking.nat.cu | udp |
| US | 8.8.8.8:53 | mobile.b-sensation77.com | udp |
| US | 8.8.8.8:53 | ftp.hometd.online | udp |
| GB | 163.70.147.22:80 | vi-vn.facebook.com | tcp |
| US | 65.169.6.137:80 | pwr.macys.net | tcp |
| GB | 104.84.80.91:443 | seller.trunkroute.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | sking.nat.cu | udp |
| US | 107.180.3.238:80 | divisionmidway.org | tcp |
| US | 104.21.72.175:80 | launcherfenix.com.ar | tcp |
| NL | 149.154.167.99:80 | t.me | tcp |
| US | 104.22.5.175:80 | accounts.ecitizen.go.ke | tcp |
| US | 8.8.8.8:53 | jiofi.local.html | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | klient.efl.com.pl | udp |
| US | 8.8.8.8:53 | gsmgezgini.com | udp |
| US | 8.8.8.8:53 | sking.nat.cu | udp |
| US | 104.18.18.222:443 | kcls.kanopy.com | tcp |
| US | 104.18.40.61:80 | www.estorilsolcasinos.pt | tcp |
| IN | 59.144.5.158:80 | tvs.adityabirlainsurancebrokers.com | tcp |
| US | 8.8.8.8:53 | fullizle.tk | udp |
| US | 8.8.8.8:53 | mobile.b-sensation77.com | udp |
| US | 8.8.8.8:53 | ftp.selfcare.pioneer.co.in | udp |
| US | 8.8.8.8:53 | klient.efl.com.pl | udp |
| US | 8.8.8.8:53 | gsmgezgini.com | udp |
| US | 130.211.47.221:80 | boardgamegeek.com | tcp |
| US | 8.8.8.8:53 | tetr.io | udp |
| US | 8.8.8.8:53 | sking.nat.cu | udp |
| US | 172.67.72.57:80 | portal.aaup.edu | tcp |
| IN | 182.18.178.167:443 | broadband.pioneer.co.in | tcp |
| US | 104.18.36.202:443 | accounts.discogs.com | tcp |
| US | 104.16.120.50:80 | auth.riotgames.com | tcp |
| US | 8.8.8.8:53 | 91.80.84.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.72.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.me | udp |
| US | 8.8.8.8:53 | hometd.online | udp |
| US | 8.8.8.8:53 | jiofi.local.html | udp |
| US | 8.8.8.8:53 | tetr.io | udp |
| US | 8.8.8.8:53 | fullizle.tk | udp |
| GB | 104.84.80.91:80 | seller.trunkroute.com | tcp |
| GB | 163.70.147.22:443 | vi-vn.facebook.com | tcp |
| US | 8.8.8.8:53 | mobile.b-sensation77.com | udp |
| US | 8.8.8.8:53 | mail.hometd.online | udp |
| US | 8.8.8.8:53 | www.kanopy.com | udp |
| US | 8.8.8.8:53 | ftp.hometd.online | udp |
| US | 8.8.8.8:53 | alt3.gmr-smtp-in.l.google.com | udp |
| US | 8.8.8.8:53 | my.interserver.net | udp |
| US | 8.8.8.8:53 | users.nexusmods.com | udp |
| IN | 218.248.28.234:80 | tvs.adityabirlainsurancebrokers.com | tcp |
| SG | 43.159.107.5:443 | www.gameclub.ph | tcp |
| GB | 23.214.154.77:443 | help.steampowered.com | tcp |
| SG | 43.159.107.5:443 | www.gameclub.ph | tcp |
| US | 104.22.5.175:80 | accounts.ecitizen.go.ke | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | 57.72.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sking.nat.cu | udp |
| US | 8.8.8.8:53 | seller.trunkroute.com | udp |
| US | 8.8.8.8:53 | jiofi.local.html | udp |
| US | 8.8.8.8:53 | mail.selfcare.pioneer.co.in | udp |
| US | 8.8.8.8:53 | ftp.boardgamegeek.com | udp |
| US | 8.8.8.8:53 | my.interserver.net | udp |
| US | 8.8.8.8:53 | users.nexusmods.com | udp |
| US | 8.8.8.8:53 | elearn.nuh.com.sg | udp |
| US | 130.211.47.221:443 | boardgamegeek.com | tcp |
| US | 104.21.72.175:443 | launcherfenix.com.ar | tcp |
| US | 104.18.40.61:443 | www.estorilsolcasinos.pt | tcp |
| US | 104.18.40.61:443 | www.estorilsolcasinos.pt | tcp |
| US | 104.18.18.222:443 | www.kanopy.com | tcp |
| US | 8.8.8.8:53 | sking.nat.cu | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | fullizle.tk | udp |
| US | 8.8.8.8:53 | mobile.b-sensation77.com | udp |
| US | 8.8.8.8:53 | ftp.gameclub.ph | udp |
| US | 172.67.72.57:443 | portal.aaup.edu | tcp |
| US | 104.16.120.50:443 | auth.riotgames.com | tcp |
| US | 104.18.36.202:80 | accounts.discogs.com | tcp |
| BE | 74.125.206.84:80 | accounts.google.com | tcp |
| IN | 182.18.178.167:80 | broadband.pioneer.co.in | tcp |
| US | 8.8.8.8:53 | ftp.vi-vn.facebook.com | udp |
| US | 8.8.8.8:53 | pwr.macys.net | udp |
| US | 8.8.8.8:53 | m.facebook.com | udp |
| GB | 163.70.147.35:443 | m.facebook.com | tcp |
| US | 8.8.8.8:53 | elearn.nuh.com.sg | udp |
| US | 8.8.8.8:53 | the-train.de | udp |
| US | 8.8.8.8:53 | sking.nat.cu | udp |
| IN | 59.144.5.158:80 | tvs.adityabirlainsurancebrokers.com | tcp |
| US | 172.67.160.200:80 | gsmgezgini.com | tcp |
| US | 8.8.8.8:53 | ftp.selfcare.pioneer.co.in | udp |
| GB | 104.84.80.91:443 | seller.trunkroute.com | tcp |
| US | 8.8.8.8:53 | fullizle.tk | udp |
| US | 8.8.8.8:53 | sking.nat.cu | udp |
| US | 8.8.8.8:53 | hometd.online | udp |
| US | 8.8.8.8:53 | ftp.divisionmidway.org | udp |
| US | 8.8.8.8:53 | gameclub.ph | udp |
| US | 8.8.8.8:53 | mobile.b-sensation77.com | udp |
| US | 8.8.8.8:53 | ftp.pwr.macys.net | udp |
| HK | 18.167.131.211:80 | gameclub.ph | tcp |
| US | 8.8.8.8:53 | jiofi.local.html | udp |
| US | 8.8.8.8:53 | mxb.mailgun.org | udp |
| US | 8.8.8.8:53 | fullizle.tk | udp |
| US | 8.8.8.8:53 | telegram.org | udp |
| US | 104.22.5.175:80 | accounts.ecitizen.go.ke | tcp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| PL | 193.242.100.134:80 | klient.efl.com.pl | tcp |
| GB | 23.214.154.77:80 | help.steampowered.com | tcp |
| US | 8.8.8.8:53 | mail.osk.sh | udp |
| US | 8.8.8.8:53 | the-train.de | udp |
| US | 130.211.47.221:80 | boardgamegeek.com | tcp |
| US | 8.8.8.8:53 | ssh.hometd.online | udp |
| US | 8.8.8.8:53 | jiofi.local.html | udp |
| US | 8.8.8.8:53 | vi-vn.facebook.com | udp |
| US | 65.169.6.137:80 | pwr.macys.net | tcp |
| US | 8.8.8.8:53 | mobile.b-sensation77.com | udp |
| PL | 193.242.100.134:80 | klient.efl.com.pl | tcp |
| US | 8.8.8.8:53 | ftp.accounts.ecitizen.go.ke | udp |
| US | 8.8.8.8:53 | ftp.estorilsolcasinos.pt | udp |
| US | 65.169.6.137:80 | pwr.macys.net | tcp |
| US | 8.8.8.8:53 | jiofi.local.html | udp |
| US | 8.8.8.8:53 | mail.hometd.online | udp |
| US | 8.8.8.8:53 | pwr.macys.net | udp |
| US | 8.8.8.8:53 | ftp.hometd.online | udp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | fullizle.tk | udp |
| US | 8.8.8.8:53 | 22bet.com | udp |
| US | 8.8.8.8:53 | academy.ptc.ps | udp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mobile.b-sensation77.com | udp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | mail.vi-vn.facebook.com | udp |
| US | 8.8.8.8:53 | ftp.auth.riotgames.com | udp |
| US | 8.8.8.8:53 | jiofi.local.html | udp |
| US | 8.8.8.8:53 | ftp.kcls.kanopy.com | udp |
| US | 8.8.8.8:53 | seller.trunkroute.com | udp |
| US | 8.8.8.8:53 | ftp.jiofi.local.html | udp |
| US | 8.8.8.8:53 | sking.nat.cu | udp |
| US | 8.8.8.8:53 | mail.t.me | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | mxa.mailgun.org | udp |
| US | 8.8.8.8:53 | ftp.boardgamegeek.com | udp |
| US | 8.8.8.8:53 | interserver-smtp-in.j.is.cc | udp |
| US | 8.8.8.8:53 | academy.ptc.ps | udp |
| US | 8.8.8.8:53 | alternativahits.com.br | udp |
| US | 8.8.8.8:53 | mail.pwr.macys.net | udp |
| US | 8.8.8.8:53 | ftp.tvs.adityabirlainsurancebrokers.com | udp |
| US | 8.8.8.8:53 | mobile.b-sensation77.com | udp |
| US | 8.8.8.8:53 | fullizle.tk | udp |
| US | 8.8.8.8:53 | ftp.gameclub.ph | udp |
| US | 8.8.8.8:53 | mail.selfcare.pioneer.co.in | udp |
| US | 8.8.8.8:53 | sking.nat.cu | udp |
| US | 8.8.8.8:53 | alternativahits.com.br | udp |
| US | 8.8.8.8:53 | aplicaciones64.sence.cl | udp |
| US | 8.8.8.8:53 | aplicaciones64.sence.cl | udp |
| US | 8.8.8.8:53 | spp6me7kzzs-anewwayoffriday.com | udp |
| US | 8.8.8.8:53 | spp6me7kzzs-anewwayoffriday.com | udp |
| US | 8.8.8.8:53 | gis-studio.com | udp |
| US | 8.8.8.8:53 | ftp.vi-vn.facebook.com | udp |
| US | 8.8.8.8:53 | gis-studio.com | udp |
| US | 8.8.8.8:53 | disciplinasonline.poliseducacional.com.br | udp |
| US | 8.8.8.8:53 | portal.airtelbank.com | udp |
| US | 8.8.8.8:53 | disciplinasonline.poliseducacional.com.br | udp |
| US | 8.8.8.8:53 | portal.airtelbank.com | udp |
| US | 8.8.8.8:53 | esignservice.cdac.in | udp |
| US | 8.8.8.8:53 | esignservice.cdac.in | udp |
| US | 8.8.8.8:53 | ivaservizi.agenziaentrate.gov.it | udp |
| US | 8.8.8.8:53 | gps.shareservice.co | udp |
| US | 8.8.8.8:53 | gps.shareservice.co | udp |
| US | 8.8.8.8:53 | wifi.co.id | udp |
| US | 8.8.8.8:53 | ivaservizi.agenziaentrate.gov.it | udp |
| US | 8.8.8.8:53 | elearning.ambrostudio.it | udp |
| US | 8.8.8.8:53 | wifi.co.id | udp |
| US | 8.8.8.8:53 | elearning.ambrostudio.it | udp |
| US | 8.8.8.8:53 | wifi.co.id | udp |
| US | 8.8.8.8:53 | sso.garena.com | udp |
| US | 8.8.8.8:53 | seller.trunkroute.com | udp |
| US | 8.8.8.8:53 | sso.garena.com | udp |
| US | 8.8.8.8:53 | login.uptobox.com | udp |
| US | 8.8.8.8:53 | login.uptobox.com | udp |
| US | 8.8.8.8:53 | server05.narutoplayers.com.br | udp |
| US | 8.8.8.8:53 | server05.narutoplayers.com.br | udp |
| US | 8.8.8.8:53 | cerebro.sky.it | udp |
| US | 8.8.8.8:53 | cerebro.sky.it | udp |
| US | 8.8.8.8:53 | nexusmods.com | udp |
| US | 8.8.8.8:53 | zeus.dat4u.de | udp |
| US | 8.8.8.8:53 | login.satrack.com | udp |
| US | 8.8.8.8:53 | 200.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nexusmods.com | udp |
| US | 8.8.8.8:53 | login.satrack.com | udp |
| US | 8.8.8.8:53 | sitdt.gba.gob.ar | udp |
| US | 8.8.8.8:53 | sking.nat.cu | udp |
| US | 8.8.8.8:53 | sitdt.gba.gob.ar | udp |
| US | 8.8.8.8:53 | goshentouroperator.com | udp |
| US | 8.8.8.8:53 | auth.riotgames.com | udp |
| US | 8.8.8.8:53 | goshentouroperator.com | udp |
| US | 8.8.8.8:53 | crkenerji.com | udp |
| US | 8.8.8.8:53 | crkenerji.com | udp |
| US | 8.8.8.8:53 | mail.accounts.ecitizen.go.ke | udp |
| US | 8.8.8.8:53 | ftp.selfcare.pioneer.co.in | udp |
| US | 8.8.8.8:53 | wsec06.bancogalicia.com.ar | udp |
| US | 8.8.8.8:53 | fullizle.tk | udp |
| US | 8.8.8.8:53 | wsec06.bancogalicia.com.ar | udp |
| US | 8.8.8.8:53 | adm.satbetapp.com | udp |
| US | 8.8.8.8:53 | adm.satbetapp.com | udp |
| US | 8.8.8.8:53 | mi.econ.uba.ar | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | mi.econ.uba.ar | udp |
| US | 8.8.8.8:53 | spotyloans.com | udp |
| US | 8.8.8.8:53 | spotyloans.com | udp |
| US | 8.8.8.8:53 | qpp2xj.axshare.com | udp |
| US | 8.8.8.8:53 | betterdiscordlibrary.com | udp |
| US | 8.8.8.8:53 | ftp.help.steampowered.com | udp |
| US | 8.8.8.8:53 | betterdiscordlibrary.com | udp |
| US | 8.8.8.8:53 | saladigital.grupounibra.com | udp |
| US | 8.8.8.8:53 | sking.nat.cu | udp |
| US | 8.8.8.8:53 | my.te.eg | udp |
| US | 8.8.8.8:53 | mail.hometd.online | udp |
| US | 8.8.8.8:53 | my.te.eg | udp |
| US | 8.8.8.8:53 | ftp.accounts.discogs.com | udp |
| US | 8.8.8.8:53 | ka-ge.facebook.com | udp |
| US | 8.8.8.8:53 | ka-ge.facebook.com | udp |
| US | 8.8.8.8:53 | server6.apps.ae | udp |
| US | 8.8.8.8:53 | server6.apps.ae | udp |
| US | 8.8.8.8:53 | login.sp.gov.br | udp |
| US | 8.8.8.8:53 | login.sp.gov.br | udp |
| US | 8.8.8.8:53 | candidat.pole-emploi.fr | udp |
| US | 8.8.8.8:53 | candidat.pole-emploi.fr | udp |
| US | 8.8.8.8:53 | traditional.ipt.pw | udp |
| US | 8.8.8.8:53 | traditional.ipt.pw | udp |
| US | 8.8.8.8:53 | m.tarjetacencosud.com.ar | udp |
| US | 8.8.8.8:53 | m.tarjetacencosud.com.ar | udp |
| US | 8.8.8.8:53 | santillanaconnect.com | udp |
| US | 8.8.8.8:53 | santillanaconnect.com | udp |
| US | 8.8.8.8:53 | picoworkers.com | udp |
| US | 8.8.8.8:53 | picoworkers.com | udp |
| US | 8.8.8.8:53 | hometd.online | udp |
| US | 8.8.8.8:53 | mymonthlyjob.com | udp |
| US | 8.8.8.8:53 | mobile.b-sensation77.com | udp |
| US | 8.8.8.8:53 | mymonthlyjob.com | udp |
| US | 8.8.8.8:53 | bong.1b.hu | udp |
| US | 8.8.8.8:53 | ftp.pwr.macys.net | udp |
| US | 8.8.8.8:53 | bong.1b.hu | udp |
| US | 8.8.8.8:53 | www.gameclub.ph | udp |
| US | 8.8.8.8:53 | internetsubesi.qnbfinansbank.enpara.com | udp |
| US | 8.8.8.8:53 | akomps.com | udp |
| US | 8.8.8.8:53 | internetsubesi.qnbfinansbank.enpara.com | udp |
| US | 8.8.8.8:53 | akomps.com | udp |
| US | 8.8.8.8:53 | etherscan.io | udp |
| US | 8.8.8.8:53 | jiofi.local.html | udp |
| US | 8.8.8.8:53 | etherscan.io | udp |
| US | 8.8.8.8:53 | e-learning.kemenkumham.go.id | udp |
| US | 8.8.8.8:53 | e-learning.kemenkumham.go.id | udp |
| US | 8.8.8.8:53 | zoox18.com | udp |
| US | 8.8.8.8:53 | mxb.mailgun.org | udp |
| US | 8.8.8.8:53 | e-learning.kemenkumham.go.id | udp |
| US | 8.8.8.8:53 | zoox18.com | udp |
| US | 8.8.8.8:53 | service.ae | udp |
| US | 8.8.8.8:53 | service.ae | udp |
| US | 8.8.8.8:53 | exi-torrentyorgs.com.pl | udp |
| US | 8.8.8.8:53 | fullizle.tk | udp |
| US | 8.8.8.8:53 | service.ae | udp |
| US | 8.8.8.8:53 | exi-torrentyorgs.com.pl | udp |
| US | 8.8.8.8:53 | spankbang.com | udp |
| US | 8.8.8.8:53 | service.ae | udp |
| US | 8.8.8.8:53 | spankbang.com | udp |
| US | 8.8.8.8:53 | ssb.uasd.edu.do | udp |
| US | 8.8.8.8:53 | ssb.uasd.edu.do | udp |
| US | 8.8.8.8:53 | promenadeimob.com.br | udp |
| US | 8.8.8.8:53 | promenadeimob.com.br | udp |
| US | 8.8.8.8:53 | zakaz.atbmarket.com | udp |
| US | 8.8.8.8:53 | zakaz.atbmarket.com | udp |
| US | 8.8.8.8:53 | sports.betway.com | udp |
| US | 8.8.8.8:53 | sports.betway.com | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | chathourmobile.com | udp |
| US | 8.8.8.8:53 | chathourmobile.com | udp |
| US | 8.8.8.8:53 | tiumapark.com | udp |
| US | 8.8.8.8:53 | tiumapark.com | udp |
| US | 8.8.8.8:53 | aladdin.social | udp |
| US | 8.8.8.8:53 | aladdin.social | udp |
| US | 8.8.8.8:53 | codebus.net | udp |
| US | 8.8.8.8:53 | codebus.net | udp |
| US | 8.8.8.8:53 | control.textlocal.in | udp |
| US | 8.8.8.8:53 | control.textlocal.in | udp |
| US | 8.8.8.8:53 | signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | 911.re | udp |
| US | 8.8.8.8:53 | mail.auth.riotgames.com | udp |
| US | 8.8.8.8:53 | signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | 911.re | udp |
| US | 8.8.8.8:53 | www1.unicap.br | udp |
| US | 8.8.8.8:53 | 911.re | udp |
| US | 8.8.8.8:53 | www1.unicap.br | udp |
| US | 8.8.8.8:53 | 911.re | udp |
| US | 8.8.8.8:53 | mobile.twitter.com | udp |
| US | 8.8.8.8:53 | mobile.twitter.com | udp |
| US | 8.8.8.8:53 | imop.imo.org.tr | udp |
| US | 8.8.8.8:53 | imop.imo.org.tr | udp |
| US | 8.8.8.8:53 | code.ptit.edu.vn | udp |
| US | 8.8.8.8:53 | fullizle.tk | udp |
| US | 8.8.8.8:53 | ssh.hometd.online | udp |
| US | 8.8.8.8:53 | code.ptit.edu.vn | udp |
| US | 8.8.8.8:53 | safetyserve.com | udp |
| US | 8.8.8.8:53 | jiofi.local.html | udp |
| US | 8.8.8.8:53 | safetyserve.com | udp |
| US | 8.8.8.8:53 | onlineadmission.numl.edu.pk | udp |
| US | 8.8.8.8:53 | onlineadmission.numl.edu.pk | udp |
| US | 8.8.8.8:53 | sammobile.com | udp |
| US | 8.8.8.8:53 | vi-vn.facebook.com | udp |
| US | 8.8.8.8:53 | sammobile.com | udp |
| US | 8.8.8.8:53 | yesonline.yesbank.co.in | udp |
| US | 8.8.8.8:53 | yesonline.yesbank.co.in | udp |
| US | 8.8.8.8:53 | rbmethod.com | udp |
| US | 8.8.8.8:53 | rbmethod.com | udp |
| US | 8.8.8.8:53 | mobile.b-sensation77.com | udp |
| US | 8.8.8.8:53 | mail.kcls.kanopy.com | udp |
| US | 8.8.8.8:53 | testsit.mmminternational.info | udp |
| US | 8.8.8.8:53 | testsit.mmminternational.info | udp |
| US | 8.8.8.8:53 | playhabbo.org | udp |
| US | 8.8.8.8:53 | ftp.accounts.ecitizen.go.ke | udp |
| US | 8.8.8.8:53 | playhabbo.org | udp |
| US | 8.8.8.8:53 | studymbbsinbd.com | udp |
| US | 8.8.8.8:53 | studymbbsinbd.com | udp |
| US | 8.8.8.8:53 | p3plcpnl0953.prod.phx3.secureserver.net | udp |
| US | 8.8.8.8:53 | ftp.estorilsolcasinos.pt | udp |
| US | 8.8.8.8:53 | curriculo.extrabom.com.br | udp |
| US | 8.8.8.8:53 | p3plcpnl0953.prod.phx3.secureserver.net | udp |
| US | 8.8.8.8:53 | curriculo.extrabom.com.br | udp |
| US | 8.8.8.8:53 | ignouadmission.samarth.edu.in | udp |
| US | 8.8.8.8:53 | ignouadmission.samarth.edu.in | udp |
| US | 8.8.8.8:53 | devops.unicaja.es | udp |
| US | 8.8.8.8:53 | devops.unicaja.es | udp |
| US | 8.8.8.8:53 | royalpanda.com | udp |
| US | 8.8.8.8:53 | mail.tvs.adityabirlainsurancebrokers.com | udp |
| US | 8.8.8.8:53 | royalpanda.com | udp |
| US | 8.8.8.8:53 | cotasidade.caixa.gov.br | udp |
| US | 8.8.8.8:53 | cotasidade.caixa.gov.br | udp |
| US | 8.8.8.8:53 | privatebot.pw | udp |
| US | 8.8.8.8:53 | account.zula.ir | udp |
| US | 8.8.8.8:53 | privatebot.pw | udp |
| US | 8.8.8.8:53 | mail.hometd.online | udp |
| US | 8.8.8.8:53 | account.zula.ir | udp |
| US | 8.8.8.8:53 | 58.ayala-maroon.ga | udp |
| US | 8.8.8.8:53 | pwr.macys.net | udp |
| US | 8.8.8.8:53 | wowsulvus.es | udp |
| US | 8.8.8.8:53 | ftp.hometd.online | udp |
| US | 8.8.8.8:53 | wowsulvus.es | udp |
| US | 8.8.8.8:53 | admin.thebigchallenge.com | udp |
| US | 8.8.8.8:53 | admin.thebigchallenge.com | udp |
| US | 8.8.8.8:53 | cplusplus.com | udp |
| US | 8.8.8.8:53 | cplusplus.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | mail.selfcare.pioneer.co.in | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | csp.soft.nod.ro | udp |
| US | 8.8.8.8:53 | csp.soft.nod.ro | udp |
| US | 8.8.8.8:53 | login.wordpress.org | udp |
| US | 8.8.8.8:53 | login.wordpress.org | udp |
| US | 8.8.8.8:53 | rwdvffjfoy.click | udp |
| US | 8.8.8.8:53 | rwdvffjfoy.click | udp |
| US | 8.8.8.8:53 | retail.onlinesbi.com | udp |
| US | 8.8.8.8:53 | retail.onlinesbi.com | udp |
| US | 8.8.8.8:53 | suap.ifsp.edu.br | udp |
| US | 8.8.8.8:53 | suap.ifsp.edu.br | udp |
| US | 8.8.8.8:53 | mustangmoney.mx | udp |
| US | 8.8.8.8:53 | mustangmoney.mx | udp |
| US | 8.8.8.8:53 | follamigos.com | udp |
| US | 8.8.8.8:53 | follamigos.com | udp |
| US | 8.8.8.8:53 | cav.receita.fazenda.gov.br | udp |
| US | 8.8.8.8:53 | cav.receita.fazenda.gov.br | udp |
| US | 8.8.8.8:53 | webpay3g.transbank.cl | udp |
| US | 8.8.8.8:53 | fabletics.com | udp |
| US | 8.8.8.8:53 | webpay3g.transbank.cl | udp |
| US | 8.8.8.8:53 | fabletics.com | udp |
| US | 8.8.8.8:53 | account.oup.com | udp |
| US | 8.8.8.8:53 | account.oup.com | udp |
| US | 8.8.8.8:53 | mail.vi-vn.facebook.com | udp |
| US | 8.8.8.8:53 | ftp.mobile.b-sensation77.com | udp |
| US | 8.8.8.8:53 | ftp.auth.riotgames.com | udp |
| US | 8.8.8.8:53 | mail.jiofi.local.html | udp |
| US | 8.8.8.8:53 | seller.trunkroute.com | udp |
| US | 8.8.8.8:53 | ftp.jiofi.local.html | udp |
| US | 8.8.8.8:53 | sking.nat.cu | udp |
| US | 8.8.8.8:53 | ftp.boardgamegeek.com | udp |
| US | 8.8.8.8:53 | alternativahits.com.br | udp |
| US | 8.8.8.8:53 | t.me | udp |
| US | 8.8.8.8:53 | mail.pwr.macys.net | udp |
| US | 8.8.8.8:53 | ssh.gameclub.ph | udp |
| US | 8.8.8.8:53 | ftp.portal.aaup.edu | udp |
| US | 8.8.8.8:53 | mail.accounts.discogs.com | udp |
| US | 8.8.8.8:53 | ftp.tvs.adityabirlainsurancebrokers.com | udp |
| US | 8.8.8.8:53 | ssh.boardgamegeek.com | udp |
| US | 8.8.8.8:53 | ssh.vi-vn.facebook.com | udp |
| US | 8.8.8.8:53 | ssh.divisionmidway.org | udp |
| US | 8.8.8.8:53 | ftp.gameclub.ph | udp |
| US | 8.8.8.8:53 | aplicaciones64.sence.cl | udp |
| US | 8.8.8.8:53 | spp6me7kzzs-anewwayoffriday.com | udp |
| US | 8.8.8.8:53 | gisstudio-com0i.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ftp.vi-vn.facebook.com | udp |
| US | 8.8.8.8:53 | ssh.pwr.macys.net | udp |
| US | 8.8.8.8:53 | portal.airtelbank.com | udp |
| US | 8.8.8.8:53 | ssh.selfcare.pioneer.co.in | udp |
| US | 8.8.8.8:53 | wifi.co.id | udp |
| US | 8.8.8.8:53 | ftp.seller.trunkroute.com | udp |
| US | 8.8.8.8:53 | server05.narutoplayers.com.br | udp |
| US | 8.8.8.8:53 | goshentouroperator.com | udp |
| US | 8.8.8.8:53 | mx.yandex.net | udp |
| US | 8.8.8.8:53 | mail.accounts.ecitizen.go.ke | udp |
| US | 8.8.8.8:53 | ftp.selfcare.pioneer.co.in | udp |
| US | 8.8.8.8:53 | mail.help.steampowered.com | udp |
| US | 8.8.8.8:53 | ftp.help.steampowered.com | udp |
| US | 8.8.8.8:53 | ftp.accounts.discogs.com | udp |
| US | 8.8.8.8:53 | smtp.secureserver.net | udp |
| US | 8.8.8.8:53 | hometd.online | udp |
| US | 8.8.8.8:53 | mx156.hostedmxserver.com | udp |
| US | 8.8.8.8:53 | ftp.pwr.macys.net | udp |
| US | 8.8.8.8:53 | gameclub.ph | udp |
| US | 8.8.8.8:53 | akomps.com | udp |
| US | 8.8.8.8:53 | ssh.t.me | udp |
| US | 8.8.8.8:53 | mx.zoho.com | udp |
| US | 8.8.8.8:53 | e-learning.kemenkumham.go.id | udp |
| US | 8.8.8.8:53 | isaac.mx.cloudflare.net | udp |
| US | 8.8.8.8:53 | exi-torrentyorgs.com.pl | udp |
| US | 8.8.8.8:53 | ftp.fullizle.tk | udp |
| US | 8.8.8.8:53 | spankbang-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mx.jk.locaweb.com.br | udp |
| US | 8.8.8.8:53 | kamsmad.com | udp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | 104.246.116.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.29.182.210.in-addr.arpa | udp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | 29f9fff6-7b09-470e-9778-282ff8398662.uuid.localstats.org | udp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| N/A | 127.0.0.1:49931 | tcp | |
| US | 8.8.8.8:53 | stun.sipgate.net | udp |
| US | 8.8.8.8:53 | server1.localstats.org | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 3.33.249.248:3478 | stun.sipgate.net | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| BG | 185.82.216.111:443 | server1.localstats.org | tcp |
| US | 8.8.8.8:53 | 248.249.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | carsalessystem.com | udp |
| US | 172.67.221.71:443 | carsalessystem.com | tcp |
| US | 8.8.8.8:53 | 233.129.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.216.82.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.221.67.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:56661 | tcp | |
| N/A | 127.0.0.1:56661 | tcp | |
| BG | 185.82.216.111:443 | server1.localstats.org | tcp |
| N/A | 127.0.0.1:56661 | tcp | |
| N/A | 127.0.0.1:56661 | tcp | |
| N/A | 127.0.0.1:56661 | tcp | |
| N/A | 127.0.0.1:50443 | tcp | |
| N/A | 127.0.0.1:50447 | tcp | |
| N/A | 127.0.0.1:50452 | tcp | |
| N/A | 127.0.0.1:50461 | tcp | |
| N/A | 127.0.0.1:50463 | tcp | |
| N/A | 127.0.0.1:50465 | tcp | |
| N/A | 127.0.0.1:50469 | tcp | |
| N/A | 127.0.0.1:50475 | tcp | |
| N/A | 127.0.0.1:50482 | tcp | |
| N/A | 127.0.0.1:50487 | tcp | |
| N/A | 127.0.0.1:50489 | tcp | |
| N/A | 127.0.0.1:50497 | tcp | |
| N/A | 127.0.0.1:50501 | tcp | |
| N/A | 127.0.0.1:50507 | tcp | |
| N/A | 127.0.0.1:50511 | tcp | |
| N/A | 127.0.0.1:50514 | tcp | |
| N/A | 127.0.0.1:50525 | tcp | |
| N/A | 127.0.0.1:50526 | tcp | |
| N/A | 127.0.0.1:50531 | tcp | |
| N/A | 127.0.0.1:50536 | tcp | |
| N/A | 127.0.0.1:50540 | tcp | |
| N/A | 127.0.0.1:50543 | tcp | |
| N/A | 127.0.0.1:50546 | tcp | |
| N/A | 127.0.0.1:50548 | tcp | |
| N/A | 127.0.0.1:50558 | tcp | |
| N/A | 127.0.0.1:50562 | tcp | |
| N/A | 127.0.0.1:50565 | tcp | |
| N/A | 127.0.0.1:50572 | tcp | |
| N/A | 127.0.0.1:50577 | tcp | |
| N/A | 127.0.0.1:50581 | tcp | |
| N/A | 127.0.0.1:50584 | tcp | |
| N/A | 127.0.0.1:50589 | tcp | |
| N/A | 127.0.0.1:50592 | tcp | |
| N/A | 127.0.0.1:50598 | tcp | |
| N/A | 127.0.0.1:50602 | tcp | |
| N/A | 127.0.0.1:50606 | tcp | |
| N/A | 127.0.0.1:50610 | tcp | |
| N/A | 127.0.0.1:50618 | tcp | |
| N/A | 127.0.0.1:50622 | tcp | |
| N/A | 127.0.0.1:50624 | tcp | |
| N/A | 127.0.0.1:50632 | tcp | |
| N/A | 127.0.0.1:50634 | tcp | |
| N/A | 127.0.0.1:50639 | tcp | |
| N/A | 127.0.0.1:50643 | tcp | |
| N/A | 127.0.0.1:50645 | tcp | |
| N/A | 127.0.0.1:50654 | tcp | |
| N/A | 127.0.0.1:50659 | tcp | |
| N/A | 127.0.0.1:50662 | tcp | |
| N/A | 127.0.0.1:50670 | tcp | |
| N/A | 127.0.0.1:50673 | tcp | |
| N/A | 127.0.0.1:50675 | tcp | |
| N/A | 127.0.0.1:50678 | tcp | |
| N/A | 127.0.0.1:50690 | tcp | |
| N/A | 127.0.0.1:50694 | tcp | |
| N/A | 127.0.0.1:50699 | tcp | |
| N/A | 127.0.0.1:50701 | tcp | |
| N/A | 127.0.0.1:50707 | tcp | |
| N/A | 127.0.0.1:50711 | tcp | |
| N/A | 127.0.0.1:50715 | tcp | |
| N/A | 127.0.0.1:50718 | tcp | |
| N/A | 127.0.0.1:50721 | tcp | |
| N/A | 127.0.0.1:50728 | tcp | |
| N/A | 127.0.0.1:50733 | tcp | |
| N/A | 127.0.0.1:50736 | tcp | |
| N/A | 127.0.0.1:50745 | tcp | |
| N/A | 127.0.0.1:50762 | tcp | |
| N/A | 127.0.0.1:50765 | tcp | |
| N/A | 127.0.0.1:50769 | tcp | |
| N/A | 127.0.0.1:50775 | tcp | |
| N/A | 127.0.0.1:50778 | tcp | |
| N/A | 127.0.0.1:50781 | tcp | |
| N/A | 127.0.0.1:50783 | tcp | |
| N/A | 127.0.0.1:50788 | tcp | |
| N/A | 127.0.0.1:50794 | tcp | |
| N/A | 127.0.0.1:50798 | tcp | |
| N/A | 127.0.0.1:50814 | tcp | |
| N/A | 127.0.0.1:50816 | tcp | |
| N/A | 127.0.0.1:50826 | tcp | |
| N/A | 127.0.0.1:50832 | tcp | |
| N/A | 127.0.0.1:50834 | tcp | |
| N/A | 127.0.0.1:50837 | tcp | |
| N/A | 127.0.0.1:50839 | tcp | |
| N/A | 127.0.0.1:50842 | tcp | |
| N/A | 127.0.0.1:50849 | tcp | |
| N/A | 127.0.0.1:50852 | tcp | |
| N/A | 127.0.0.1:50855 | tcp | |
| N/A | 127.0.0.1:50860 | tcp | |
| N/A | 127.0.0.1:50862 | tcp | |
| N/A | 127.0.0.1:50871 | tcp | |
| N/A | 127.0.0.1:50875 | tcp | |
| N/A | 127.0.0.1:50878 | tcp | |
| N/A | 127.0.0.1:50881 | tcp | |
| N/A | 127.0.0.1:50885 | tcp | |
| N/A | 127.0.0.1:50897 | tcp | |
| N/A | 127.0.0.1:50901 | tcp | |
| N/A | 127.0.0.1:50906 | tcp | |
| N/A | 127.0.0.1:50908 | tcp | |
| N/A | 127.0.0.1:50910 | tcp | |
| N/A | 127.0.0.1:50913 | tcp | |
| N/A | 127.0.0.1:50921 | tcp | |
| N/A | 127.0.0.1:50925 | tcp | |
| N/A | 127.0.0.1:50929 | tcp | |
| N/A | 127.0.0.1:50932 | tcp | |
| N/A | 127.0.0.1:50936 | tcp | |
| N/A | 127.0.0.1:50947 | tcp | |
| N/A | 127.0.0.1:50952 | tcp | |
| N/A | 127.0.0.1:50954 | tcp | |
| N/A | 127.0.0.1:50956 | tcp | |
| N/A | 127.0.0.1:50959 | tcp | |
| N/A | 127.0.0.1:50967 | tcp | |
| N/A | 127.0.0.1:50972 | tcp | |
| N/A | 127.0.0.1:50976 | tcp | |
| N/A | 127.0.0.1:50978 | tcp | |
| N/A | 127.0.0.1:50981 | tcp | |
| N/A | 127.0.0.1:50986 | tcp | |
| N/A | 127.0.0.1:50988 | tcp | |
| N/A | 127.0.0.1:50992 | tcp | |
| N/A | 127.0.0.1:50995 | tcp | |
| N/A | 127.0.0.1:50999 | tcp | |
| N/A | 127.0.0.1:51009 | tcp | |
| N/A | 127.0.0.1:51011 | tcp | |
| N/A | 127.0.0.1:51016 | tcp | |
| N/A | 127.0.0.1:51018 | tcp | |
| N/A | 127.0.0.1:51021 | tcp | |
| N/A | 127.0.0.1:51027 | tcp | |
| N/A | 127.0.0.1:51031 | tcp | |
| N/A | 127.0.0.1:51035 | tcp | |
| N/A | 127.0.0.1:51046 | tcp | |
| N/A | 127.0.0.1:51051 | tcp | |
| N/A | 127.0.0.1:51053 | tcp | |
| N/A | 127.0.0.1:51060 | tcp | |
| N/A | 127.0.0.1:51064 | tcp | |
| N/A | 127.0.0.1:51066 | tcp | |
| N/A | 127.0.0.1:51071 | tcp | |
| N/A | 127.0.0.1:51074 | tcp | |
| N/A | 127.0.0.1:51077 | tcp | |
| N/A | 127.0.0.1:51081 | tcp | |
| N/A | 127.0.0.1:51085 | tcp | |
| N/A | 127.0.0.1:51087 | tcp | |
| N/A | 127.0.0.1:51091 | tcp | |
| N/A | 127.0.0.1:51095 | tcp | |
| N/A | 127.0.0.1:51097 | tcp | |
| N/A | 127.0.0.1:51120 | tcp | |
| N/A | 127.0.0.1:51122 | tcp | |
| N/A | 127.0.0.1:51130 | tcp | |
| N/A | 127.0.0.1:51135 | tcp | |
| N/A | 127.0.0.1:51138 | tcp | |
| N/A | 127.0.0.1:51148 | tcp | |
| N/A | 127.0.0.1:51153 | tcp | |
| N/A | 127.0.0.1:51156 | tcp | |
| N/A | 127.0.0.1:51158 | tcp | |
| N/A | 127.0.0.1:51162 | tcp | |
| N/A | 127.0.0.1:51165 | tcp | |
| N/A | 127.0.0.1:51167 | tcp | |
| N/A | 127.0.0.1:51171 | tcp | |
| N/A | 127.0.0.1:51175 | tcp | |
| N/A | 127.0.0.1:51178 | tcp | |
| N/A | 127.0.0.1:56661 | tcp | |
| N/A | 127.0.0.1:51187 | tcp | |
| N/A | 127.0.0.1:51189 | tcp | |
| N/A | 127.0.0.1:51192 | tcp | |
| N/A | 127.0.0.1:51195 | tcp | |
| N/A | 127.0.0.1:51198 | tcp | |
| N/A | 127.0.0.1:51209 | tcp | |
| N/A | 127.0.0.1:51215 | tcp | |
| N/A | 127.0.0.1:51218 | tcp | |
| N/A | 127.0.0.1:51226 | tcp | |
| N/A | 127.0.0.1:51231 | tcp | |
| N/A | 127.0.0.1:51239 | tcp | |
| N/A | 127.0.0.1:51243 | tcp | |
| N/A | 127.0.0.1:51249 | tcp | |
| N/A | 127.0.0.1:51253 | tcp | |
| N/A | 127.0.0.1:51258 | tcp | |
| N/A | 127.0.0.1:51260 | tcp | |
| N/A | 127.0.0.1:51266 | tcp | |
| N/A | 127.0.0.1:51271 | tcp | |
| N/A | 127.0.0.1:51273 | tcp | |
| N/A | 127.0.0.1:51276 | tcp | |
| N/A | 127.0.0.1:51279 | tcp | |
| N/A | 127.0.0.1:51282 | tcp | |
| N/A | 127.0.0.1:51286 | tcp | |
| N/A | 127.0.0.1:51289 | tcp | |
| N/A | 127.0.0.1:51291 | tcp | |
| N/A | 127.0.0.1:51294 | tcp | |
| N/A | 127.0.0.1:51301 | tcp | |
| N/A | 127.0.0.1:51304 | tcp | |
| N/A | 127.0.0.1:51306 | tcp | |
| N/A | 127.0.0.1:51308 | tcp | |
| N/A | 127.0.0.1:51310 | tcp | |
| N/A | 127.0.0.1:51312 | tcp | |
| N/A | 127.0.0.1:51321 | tcp | |
| N/A | 127.0.0.1:51326 | tcp | |
| N/A | 127.0.0.1:51344 | tcp | |
| N/A | 127.0.0.1:51348 | tcp | |
| N/A | 127.0.0.1:51359 | tcp | |
| N/A | 127.0.0.1:51364 | tcp | |
| N/A | 127.0.0.1:51367 | tcp | |
| N/A | 127.0.0.1:51369 | tcp | |
| N/A | 127.0.0.1:51371 | tcp | |
| N/A | 127.0.0.1:51374 | tcp | |
| N/A | 127.0.0.1:51379 | tcp | |
| N/A | 127.0.0.1:51392 | tcp | |
| N/A | 127.0.0.1:51395 | tcp | |
| N/A | 127.0.0.1:51397 | tcp | |
| N/A | 127.0.0.1:51402 | tcp | |
| N/A | 127.0.0.1:51409 | tcp | |
| N/A | 127.0.0.1:51413 | tcp | |
| N/A | 127.0.0.1:51416 | tcp | |
| N/A | 127.0.0.1:51422 | tcp | |
| N/A | 127.0.0.1:51425 | tcp | |
| N/A | 127.0.0.1:51432 | tcp | |
| N/A | 127.0.0.1:51437 | tcp | |
| N/A | 127.0.0.1:51439 | tcp | |
| N/A | 127.0.0.1:51446 | tcp | |
| N/A | 127.0.0.1:51463 | tcp | |
| N/A | 127.0.0.1:51467 | tcp | |
| N/A | 127.0.0.1:51469 | tcp | |
| N/A | 127.0.0.1:51472 | tcp | |
| N/A | 127.0.0.1:51474 | tcp | |
| N/A | 127.0.0.1:51480 | tcp | |
| N/A | 127.0.0.1:51483 | tcp | |
| N/A | 127.0.0.1:51485 | tcp | |
| N/A | 127.0.0.1:51490 | tcp | |
| N/A | 127.0.0.1:51493 | tcp | |
| N/A | 127.0.0.1:51495 | tcp | |
| N/A | 127.0.0.1:51497 | tcp | |
| N/A | 127.0.0.1:51500 | tcp | |
| N/A | 127.0.0.1:51507 | tcp | |
| N/A | 127.0.0.1:51509 | tcp | |
| N/A | 127.0.0.1:51515 | tcp | |
| N/A | 127.0.0.1:51518 | tcp | |
| N/A | 127.0.0.1:51523 | tcp | |
| N/A | 127.0.0.1:51526 | tcp | |
| N/A | 127.0.0.1:51529 | tcp | |
| N/A | 127.0.0.1:51531 | tcp | |
| N/A | 127.0.0.1:51534 | tcp | |
| N/A | 127.0.0.1:51536 | tcp | |
| N/A | 127.0.0.1:51538 | tcp | |
| N/A | 127.0.0.1:51542 | tcp | |
| N/A | 127.0.0.1:51544 | tcp | |
| N/A | 127.0.0.1:51545 | tcp | |
| N/A | 127.0.0.1:51548 | tcp | |
| N/A | 127.0.0.1:51557 | tcp | |
| N/A | 127.0.0.1:51572 | tcp | |
| N/A | 127.0.0.1:51574 | tcp | |
| N/A | 127.0.0.1:51585 | tcp | |
| N/A | 127.0.0.1:51594 | tcp | |
| N/A | 127.0.0.1:51599 | tcp | |
| N/A | 127.0.0.1:51603 | tcp | |
| N/A | 127.0.0.1:51605 | tcp | |
| N/A | 127.0.0.1:51608 | tcp | |
| N/A | 127.0.0.1:51610 | tcp | |
| N/A | 127.0.0.1:51621 | tcp | |
| N/A | 127.0.0.1:51623 | tcp | |
| N/A | 127.0.0.1:51626 | tcp | |
| N/A | 127.0.0.1:51635 | tcp | |
| N/A | 127.0.0.1:51646 | tcp | |
| N/A | 127.0.0.1:51650 | tcp | |
| N/A | 127.0.0.1:51652 | tcp | |
| N/A | 127.0.0.1:51655 | tcp | |
| N/A | 127.0.0.1:51658 | tcp | |
| N/A | 127.0.0.1:51663 | tcp | |
| N/A | 127.0.0.1:51665 | tcp | |
| N/A | 127.0.0.1:51667 | tcp | |
| N/A | 127.0.0.1:51669 | tcp | |
| N/A | 127.0.0.1:51671 | tcp | |
| N/A | 127.0.0.1:51674 | tcp | |
| N/A | 127.0.0.1:51677 | tcp | |
| N/A | 127.0.0.1:51679 | tcp | |
| N/A | 127.0.0.1:51681 | tcp | |
| N/A | 127.0.0.1:51683 | tcp | |
| N/A | 127.0.0.1:51686 | tcp | |
| N/A | 127.0.0.1:51688 | tcp | |
| N/A | 127.0.0.1:51690 | tcp | |
| N/A | 127.0.0.1:51692 | tcp | |
| N/A | 127.0.0.1:51695 | tcp | |
| N/A | 127.0.0.1:51697 | tcp | |
| N/A | 127.0.0.1:51699 | tcp | |
| N/A | 127.0.0.1:51701 | tcp | |
| N/A | 127.0.0.1:51716 | tcp | |
| N/A | 127.0.0.1:51719 | tcp | |
| N/A | 127.0.0.1:51721 | tcp | |
| N/A | 127.0.0.1:51723 | tcp | |
| N/A | 127.0.0.1:51741 | tcp | |
| N/A | 127.0.0.1:51745 | tcp | |
| N/A | 127.0.0.1:51754 | tcp | |
| N/A | 127.0.0.1:51758 | tcp | |
| N/A | 127.0.0.1:51761 | tcp | |
| N/A | 127.0.0.1:51770 | tcp | |
| N/A | 127.0.0.1:51772 | tcp | |
| N/A | 127.0.0.1:51776 | tcp | |
| N/A | 127.0.0.1:51780 | tcp | |
| N/A | 127.0.0.1:51789 | tcp | |
| N/A | 127.0.0.1:51792 | tcp | |
| N/A | 127.0.0.1:51801 | tcp | |
| N/A | 127.0.0.1:51804 | tcp | |
| N/A | 127.0.0.1:51811 | tcp | |
| N/A | 127.0.0.1:51813 | tcp | |
| N/A | 127.0.0.1:51815 | tcp | |
| N/A | 127.0.0.1:51818 | tcp | |
| N/A | 127.0.0.1:51821 | tcp | |
| N/A | 127.0.0.1:51824 | tcp | |
| N/A | 127.0.0.1:51826 | tcp | |
| N/A | 127.0.0.1:51829 | tcp | |
| N/A | 127.0.0.1:51834 | tcp | |
| N/A | 127.0.0.1:51836 | tcp | |
| N/A | 127.0.0.1:51838 | tcp | |
| N/A | 127.0.0.1:51840 | tcp | |
| N/A | 127.0.0.1:51844 | tcp | |
| N/A | 127.0.0.1:51846 | tcp | |
| N/A | 127.0.0.1:51848 | tcp | |
| N/A | 127.0.0.1:51850 | tcp | |
| N/A | 127.0.0.1:51852 | tcp | |
| N/A | 127.0.0.1:51854 | tcp | |
| N/A | 127.0.0.1:51856 | tcp | |
| N/A | 127.0.0.1:51858 | tcp | |
| N/A | 127.0.0.1:51860 | tcp | |
| N/A | 127.0.0.1:51873 | tcp | |
| N/A | 127.0.0.1:51883 | tcp | |
| N/A | 127.0.0.1:51888 | tcp | |
| N/A | 127.0.0.1:51893 | tcp | |
| N/A | 127.0.0.1:51901 | tcp | |
| N/A | 127.0.0.1:51910 | tcp | |
| N/A | 127.0.0.1:51912 | tcp | |
| N/A | 127.0.0.1:51915 | tcp | |
| N/A | 127.0.0.1:51920 | tcp | |
| N/A | 127.0.0.1:51928 | tcp | |
| N/A | 127.0.0.1:51935 | tcp | |
| N/A | 127.0.0.1:51938 | tcp | |
| N/A | 127.0.0.1:51947 | tcp | |
| N/A | 127.0.0.1:51950 | tcp | |
| N/A | 127.0.0.1:51959 | tcp | |
| N/A | 127.0.0.1:51962 | tcp | |
| N/A | 127.0.0.1:51965 | tcp | |
| N/A | 127.0.0.1:51967 | tcp | |
| N/A | 127.0.0.1:51969 | tcp | |
| N/A | 127.0.0.1:51971 | tcp | |
| N/A | 127.0.0.1:51973 | tcp | |
| N/A | 127.0.0.1:51975 | tcp | |
| N/A | 127.0.0.1:51977 | tcp | |
| N/A | 127.0.0.1:51979 | tcp | |
| N/A | 127.0.0.1:51981 | tcp | |
| N/A | 127.0.0.1:51986 | tcp | |
| N/A | 127.0.0.1:51988 | tcp | |
| N/A | 127.0.0.1:51990 | tcp | |
| N/A | 127.0.0.1:51992 | tcp | |
| N/A | 127.0.0.1:51994 | tcp | |
| N/A | 127.0.0.1:51996 | tcp | |
| N/A | 127.0.0.1:51998 | tcp | |
| N/A | 127.0.0.1:52027 | tcp | |
| N/A | 127.0.0.1:52029 | tcp | |
| N/A | 127.0.0.1:52031 | tcp | |
| N/A | 127.0.0.1:52033 | tcp | |
| N/A | 127.0.0.1:52036 | tcp | |
| N/A | 127.0.0.1:52039 | tcp | |
| N/A | 127.0.0.1:52047 | tcp | |
| N/A | 127.0.0.1:52049 | tcp | |
| N/A | 127.0.0.1:52057 | tcp | |
| N/A | 127.0.0.1:52063 | tcp | |
| N/A | 127.0.0.1:56661 | tcp | |
| N/A | 127.0.0.1:52073 | tcp | |
| N/A | 127.0.0.1:52089 | tcp | |
| N/A | 127.0.0.1:52092 | tcp | |
| N/A | 127.0.0.1:52094 | tcp | |
| N/A | 127.0.0.1:52103 | tcp | |
| N/A | 127.0.0.1:52105 | tcp | |
| N/A | 127.0.0.1:52107 | tcp | |
| N/A | 127.0.0.1:52109 | tcp | |
| N/A | 127.0.0.1:52111 | tcp | |
| N/A | 127.0.0.1:52113 | tcp | |
| N/A | 127.0.0.1:52115 | tcp | |
| N/A | 127.0.0.1:52118 | tcp | |
| N/A | 127.0.0.1:52120 | tcp | |
| N/A | 127.0.0.1:52122 | tcp | |
| N/A | 127.0.0.1:52124 | tcp | |
| N/A | 127.0.0.1:52126 | tcp | |
| N/A | 127.0.0.1:52129 | tcp | |
| N/A | 127.0.0.1:52131 | tcp | |
| N/A | 127.0.0.1:52133 | tcp | |
| N/A | 127.0.0.1:52135 | tcp | |
| N/A | 127.0.0.1:52137 | tcp | |
| N/A | 127.0.0.1:52139 | tcp | |
| N/A | 127.0.0.1:52141 | tcp | |
| N/A | 127.0.0.1:52143 | tcp | |
| N/A | 127.0.0.1:52145 | tcp | |
| N/A | 127.0.0.1:52147 | tcp | |
| N/A | 127.0.0.1:52149 | tcp | |
| N/A | 127.0.0.1:52184 | tcp | |
| N/A | 127.0.0.1:52188 | tcp | |
| N/A | 127.0.0.1:52190 | tcp | |
| N/A | 127.0.0.1:52193 | tcp | |
| N/A | 127.0.0.1:52195 | tcp | |
| N/A | 127.0.0.1:52197 | tcp | |
| N/A | 127.0.0.1:52201 | tcp | |
| N/A | 127.0.0.1:52205 | tcp | |
| N/A | 127.0.0.1:52211 | tcp | |
| N/A | 127.0.0.1:52213 | tcp | |
| N/A | 127.0.0.1:52216 | tcp | |
| N/A | 127.0.0.1:52217 | tcp | |
| N/A | 127.0.0.1:52221 | tcp | |
| N/A | 127.0.0.1:52225 | tcp | |
| N/A | 127.0.0.1:52232 | tcp | |
| N/A | 127.0.0.1:52242 | tcp | |
| N/A | 127.0.0.1:52246 | tcp | |
| N/A | 127.0.0.1:52258 | tcp | |
| N/A | 127.0.0.1:52264 | tcp | |
| N/A | 127.0.0.1:52265 | tcp | |
| N/A | 127.0.0.1:52268 | tcp | |
| N/A | 127.0.0.1:52270 | tcp | |
| N/A | 127.0.0.1:52273 | tcp | |
| N/A | 127.0.0.1:52275 | tcp | |
| N/A | 127.0.0.1:52277 | tcp | |
| N/A | 127.0.0.1:52279 | tcp | |
| N/A | 127.0.0.1:52281 | tcp | |
| N/A | 127.0.0.1:52283 | tcp | |
| N/A | 127.0.0.1:52285 | tcp | |
| N/A | 127.0.0.1:52288 | tcp | |
| N/A | 127.0.0.1:52290 | tcp | |
| N/A | 127.0.0.1:52292 | tcp | |
| N/A | 127.0.0.1:52294 | tcp | |
| N/A | 127.0.0.1:52296 | tcp | |
| N/A | 127.0.0.1:52299 | tcp | |
| N/A | 127.0.0.1:52298 | tcp | |
| N/A | 127.0.0.1:52302 | tcp | |
| N/A | 127.0.0.1:52304 | tcp | |
| N/A | 127.0.0.1:52306 | tcp | |
| N/A | 127.0.0.1:52309 | tcp | |
| N/A | 127.0.0.1:52311 | tcp | |
| N/A | 127.0.0.1:52313 | tcp | |
| N/A | 127.0.0.1:52316 | tcp | |
| N/A | 127.0.0.1:52320 | tcp | |
| N/A | 127.0.0.1:52322 | tcp | |
| N/A | 127.0.0.1:52324 | tcp | |
| N/A | 127.0.0.1:52326 | tcp | |
| N/A | 127.0.0.1:52365 | tcp | |
| N/A | 127.0.0.1:52368 | tcp | |
| N/A | 127.0.0.1:52373 | tcp | |
| N/A | 127.0.0.1:52379 | tcp | |
| N/A | 127.0.0.1:52383 | tcp | |
| N/A | 127.0.0.1:52393 | tcp | |
| N/A | 127.0.0.1:52409 | tcp | |
| N/A | 127.0.0.1:52412 | tcp | |
| N/A | 127.0.0.1:52423 | tcp | |
| N/A | 127.0.0.1:52433 | tcp | |
| N/A | 127.0.0.1:52435 | tcp | |
| N/A | 127.0.0.1:52437 | tcp | |
| N/A | 127.0.0.1:52439 | tcp | |
| N/A | 127.0.0.1:52440 | tcp | |
| N/A | 127.0.0.1:52443 | tcp | |
| N/A | 127.0.0.1:52445 | tcp | |
| N/A | 127.0.0.1:52447 | tcp | |
| N/A | 127.0.0.1:52449 | tcp | |
| N/A | 127.0.0.1:52451 | tcp | |
| N/A | 127.0.0.1:52453 | tcp | |
| N/A | 127.0.0.1:52456 | tcp | |
| N/A | 127.0.0.1:52458 | tcp | |
| N/A | 127.0.0.1:52460 | tcp | |
| N/A | 127.0.0.1:52462 | tcp | |
| N/A | 127.0.0.1:52465 | tcp | |
| N/A | 127.0.0.1:52467 | tcp | |
| N/A | 127.0.0.1:52469 | tcp | |
| N/A | 127.0.0.1:52471 | tcp | |
| N/A | 127.0.0.1:52475 | tcp | |
| N/A | 127.0.0.1:52477 | tcp | |
| N/A | 127.0.0.1:52473 | tcp | |
| N/A | 127.0.0.1:52480 | tcp | |
| N/A | 127.0.0.1:52482 | tcp | |
| N/A | 127.0.0.1:52484 | tcp | |
| N/A | 127.0.0.1:52486 | tcp | |
| N/A | 127.0.0.1:52488 | tcp | |
| N/A | 127.0.0.1:52491 | tcp | |
| N/A | 127.0.0.1:52494 | tcp | |
| N/A | 127.0.0.1:52527 | tcp | |
| N/A | 127.0.0.1:52535 | tcp | |
| N/A | 127.0.0.1:52539 | tcp | |
| N/A | 127.0.0.1:52541 | tcp | |
| N/A | 127.0.0.1:52545 | tcp | |
| N/A | 127.0.0.1:52547 | tcp | |
| N/A | 127.0.0.1:52557 | tcp | |
| N/A | 127.0.0.1:52573 | tcp | |
| N/A | 127.0.0.1:52589 | tcp | |
| N/A | 127.0.0.1:52596 | tcp | |
| N/A | 127.0.0.1:52600 | tcp | |
| N/A | 127.0.0.1:52602 | tcp | |
| N/A | 127.0.0.1:52604 | tcp | |
| N/A | 127.0.0.1:52607 | tcp | |
| N/A | 127.0.0.1:52609 | tcp | |
| N/A | 127.0.0.1:52612 | tcp | |
| N/A | 127.0.0.1:52614 | tcp | |
| N/A | 127.0.0.1:52616 | tcp | |
| N/A | 127.0.0.1:52618 | tcp | |
| N/A | 127.0.0.1:52620 | tcp | |
| N/A | 127.0.0.1:52622 | tcp | |
| N/A | 127.0.0.1:52624 | tcp | |
| N/A | 127.0.0.1:52626 | tcp | |
| N/A | 127.0.0.1:52629 | tcp | |
| N/A | 127.0.0.1:52631 | tcp | |
| N/A | 127.0.0.1:52633 | tcp | |
| N/A | 127.0.0.1:52635 | tcp | |
| N/A | 127.0.0.1:52637 | tcp | |
| N/A | 127.0.0.1:52639 | tcp | |
| N/A | 127.0.0.1:52642 | tcp | |
| N/A | 127.0.0.1:52644 | tcp | |
| N/A | 127.0.0.1:52646 | tcp | |
| N/A | 127.0.0.1:52648 | tcp | |
| N/A | 127.0.0.1:52650 | tcp | |
| N/A | 127.0.0.1:52652 | tcp | |
| N/A | 127.0.0.1:52655 | tcp | |
| N/A | 127.0.0.1:52657 | tcp | |
| N/A | 127.0.0.1:52661 | tcp | |
| N/A | 127.0.0.1:52681 | tcp | |
| N/A | 127.0.0.1:52693 | tcp | |
| N/A | 127.0.0.1:52695 | tcp | |
| N/A | 127.0.0.1:52698 | tcp | |
| N/A | 127.0.0.1:52702 | tcp | |
| N/A | 127.0.0.1:52706 | tcp | |
| N/A | 127.0.0.1:52709 | tcp | |
| N/A | 127.0.0.1:52713 | tcp | |
| N/A | 127.0.0.1:52717 | tcp | |
| N/A | 127.0.0.1:52720 | tcp | |
| N/A | 127.0.0.1:52722 | tcp | |
| N/A | 127.0.0.1:52730 | tcp | |
| N/A | 127.0.0.1:52735 | tcp | |
| N/A | 127.0.0.1:52739 | tcp | |
| N/A | 127.0.0.1:52745 | tcp | |
| N/A | 127.0.0.1:52770 | tcp | |
| N/A | 127.0.0.1:52773 | tcp | |
| N/A | 127.0.0.1:52775 | tcp | |
| N/A | 127.0.0.1:52778 | tcp | |
| N/A | 127.0.0.1:52781 | tcp | |
| N/A | 127.0.0.1:52783 | tcp | |
| N/A | 127.0.0.1:52785 | tcp | |
| N/A | 127.0.0.1:52787 | tcp | |
| N/A | 127.0.0.1:52789 | tcp | |
| N/A | 127.0.0.1:52791 | tcp | |
| N/A | 127.0.0.1:52793 | tcp | |
| N/A | 127.0.0.1:52795 | tcp | |
| N/A | 127.0.0.1:52797 | tcp | |
| N/A | 127.0.0.1:52799 | tcp | |
| N/A | 127.0.0.1:52802 | tcp | |
| N/A | 127.0.0.1:52804 | tcp | |
| N/A | 127.0.0.1:52806 | tcp | |
| N/A | 127.0.0.1:52808 | tcp | |
| N/A | 127.0.0.1:52810 | tcp | |
| N/A | 127.0.0.1:52813 | tcp | |
| N/A | 127.0.0.1:52815 | tcp | |
| N/A | 127.0.0.1:52817 | tcp | |
| N/A | 127.0.0.1:52819 | tcp | |
| N/A | 127.0.0.1:52821 | tcp | |
| N/A | 127.0.0.1:52823 | tcp | |
| N/A | 127.0.0.1:52825 | tcp | |
| N/A | 127.0.0.1:52828 | tcp | |
| N/A | 127.0.0.1:52830 | tcp | |
| N/A | 127.0.0.1:52852 | tcp | |
| N/A | 127.0.0.1:52873 | tcp | |
| N/A | 127.0.0.1:52878 | tcp | |
| N/A | 127.0.0.1:52881 | tcp | |
| N/A | 127.0.0.1:52887 | tcp | |
| N/A | 127.0.0.1:52890 | tcp | |
| N/A | 127.0.0.1:52895 | tcp | |
| N/A | 127.0.0.1:52900 | tcp | |
| N/A | 127.0.0.1:52904 | tcp | |
| N/A | 127.0.0.1:52906 | tcp | |
| N/A | 127.0.0.1:52911 | tcp | |
| N/A | 127.0.0.1:52919 | tcp | |
| N/A | 127.0.0.1:52927 | tcp | |
| N/A | 127.0.0.1:52930 | tcp | |
| N/A | 127.0.0.1:52938 | tcp | |
| N/A | 127.0.0.1:52946 | tcp | |
| N/A | 127.0.0.1:52959 | tcp | |
| N/A | 127.0.0.1:52963 | tcp | |
| N/A | 127.0.0.1:52965 | tcp | |
| N/A | 127.0.0.1:52968 | tcp | |
| N/A | 127.0.0.1:52970 | tcp | |
| N/A | 127.0.0.1:52973 | tcp | |
| N/A | 127.0.0.1:52975 | tcp | |
| N/A | 127.0.0.1:56661 | tcp | |
| N/A | 127.0.0.1:52978 | tcp | |
| N/A | 127.0.0.1:52980 | tcp | |
| N/A | 127.0.0.1:52982 | tcp | |
| N/A | 127.0.0.1:52984 | tcp | |
| N/A | 127.0.0.1:52986 | tcp | |
| N/A | 127.0.0.1:52987 | tcp | |
| N/A | 127.0.0.1:52990 | tcp | |
| N/A | 127.0.0.1:52992 | tcp | |
| N/A | 127.0.0.1:52994 | tcp | |
| N/A | 127.0.0.1:52996 | tcp | |
| N/A | 127.0.0.1:52999 | tcp | |
| N/A | 127.0.0.1:53001 | tcp | |
| N/A | 127.0.0.1:53004 | tcp | |
| N/A | 127.0.0.1:53006 | tcp | |
| N/A | 127.0.0.1:53008 | tcp | |
| N/A | 127.0.0.1:53010 | tcp | |
| N/A | 127.0.0.1:53013 | tcp | |
| N/A | 127.0.0.1:53015 | tcp | |
| N/A | 127.0.0.1:53017 | tcp | |
| N/A | 127.0.0.1:53019 | tcp | |
| N/A | 127.0.0.1:53021 | tcp | |
| N/A | 127.0.0.1:53023 | tcp | |
| N/A | 127.0.0.1:53025 | tcp | |
| N/A | 127.0.0.1:53027 | tcp | |
| N/A | 127.0.0.1:53029 | tcp | |
| N/A | 127.0.0.1:53031 | tcp | |
| N/A | 127.0.0.1:53036 | tcp | |
| N/A | 127.0.0.1:53038 | tcp | |
| N/A | 127.0.0.1:53040 | tcp | |
| N/A | 127.0.0.1:53042 | tcp | |
| N/A | 127.0.0.1:53044 | tcp | |
| N/A | 127.0.0.1:53082 | tcp | |
| N/A | 127.0.0.1:53084 | tcp | |
| N/A | 127.0.0.1:53087 | tcp | |
| N/A | 127.0.0.1:53090 | tcp | |
| N/A | 127.0.0.1:53093 | tcp | |
| N/A | 127.0.0.1:53095 | tcp | |
| N/A | 127.0.0.1:53100 | tcp | |
| N/A | 127.0.0.1:53105 | tcp | |
| N/A | 127.0.0.1:53107 | tcp | |
| N/A | 127.0.0.1:53110 | tcp | |
| N/A | 127.0.0.1:53114 | tcp | |
| N/A | 127.0.0.1:53125 | tcp | |
| N/A | 127.0.0.1:53130 | tcp | |
| N/A | 127.0.0.1:53154 | tcp | |
| N/A | 127.0.0.1:53171 | tcp | |
| N/A | 127.0.0.1:53173 | tcp | |
| N/A | 127.0.0.1:53175 | tcp | |
| N/A | 127.0.0.1:53177 | tcp | |
| N/A | 127.0.0.1:53178 | tcp | |
| N/A | 127.0.0.1:53181 | tcp | |
| N/A | 127.0.0.1:53183 | tcp | |
| N/A | 127.0.0.1:53185 | tcp | |
| N/A | 127.0.0.1:53187 | tcp | |
| N/A | 127.0.0.1:53189 | tcp | |
| N/A | 127.0.0.1:53191 | tcp | |
| N/A | 127.0.0.1:53193 | tcp | |
| N/A | 127.0.0.1:53195 | tcp | |
| N/A | 127.0.0.1:53197 | tcp | |
| N/A | 127.0.0.1:53199 | tcp | |
| N/A | 127.0.0.1:53201 | tcp | |
| N/A | 127.0.0.1:53203 | tcp | |
| N/A | 127.0.0.1:53205 | tcp | |
| N/A | 127.0.0.1:53207 | tcp | |
| N/A | 127.0.0.1:53209 | tcp | |
| N/A | 127.0.0.1:53211 | tcp | |
| N/A | 127.0.0.1:53213 | tcp | |
| N/A | 127.0.0.1:53215 | tcp | |
| N/A | 127.0.0.1:53216 | tcp | |
| N/A | 127.0.0.1:53219 | tcp | |
| N/A | 127.0.0.1:53221 | tcp | |
| N/A | 127.0.0.1:53223 | tcp | |
| N/A | 127.0.0.1:53225 | tcp | |
| N/A | 127.0.0.1:53227 | tcp | |
| N/A | 127.0.0.1:53229 | tcp | |
| N/A | 127.0.0.1:53231 | tcp | |
| N/A | 127.0.0.1:53233 | tcp | |
| N/A | 127.0.0.1:53236 | tcp | |
| N/A | 127.0.0.1:53238 | tcp | |
| N/A | 127.0.0.1:53255 | tcp | |
| N/A | 127.0.0.1:53276 | tcp | |
| N/A | 127.0.0.1:53289 | tcp | |
| N/A | 127.0.0.1:53293 | tcp | |
| N/A | 127.0.0.1:53295 | tcp | |
| N/A | 127.0.0.1:53303 | tcp | |
| N/A | 127.0.0.1:53306 | tcp | |
| N/A | 127.0.0.1:53310 | tcp | |
| N/A | 127.0.0.1:53312 | tcp | |
| N/A | 127.0.0.1:53315 | tcp | |
| N/A | 127.0.0.1:53362 | tcp | |
| N/A | 127.0.0.1:53364 | tcp | |
| N/A | 127.0.0.1:53366 | tcp | |
| N/A | 127.0.0.1:53368 | tcp | |
| N/A | 127.0.0.1:53370 | tcp | |
| N/A | 127.0.0.1:53372 | tcp | |
| N/A | 127.0.0.1:53374 | tcp | |
| N/A | 127.0.0.1:53376 | tcp | |
| N/A | 127.0.0.1:53378 | tcp | |
| N/A | 127.0.0.1:53382 | tcp | |
| N/A | 127.0.0.1:53384 | tcp | |
| N/A | 127.0.0.1:53386 | tcp | |
| N/A | 127.0.0.1:53389 | tcp | |
| N/A | 127.0.0.1:53391 | tcp | |
| N/A | 127.0.0.1:53393 | tcp | |
| N/A | 127.0.0.1:53395 | tcp | |
| N/A | 127.0.0.1:53397 | tcp | |
| N/A | 127.0.0.1:53399 | tcp | |
| N/A | 127.0.0.1:53401 | tcp | |
| N/A | 127.0.0.1:53403 | tcp | |
| N/A | 127.0.0.1:53405 | tcp | |
| N/A | 127.0.0.1:53407 | tcp | |
| N/A | 127.0.0.1:53409 | tcp | |
| N/A | 127.0.0.1:53411 | tcp | |
| N/A | 127.0.0.1:53413 | tcp | |
| N/A | 127.0.0.1:53415 | tcp | |
| N/A | 127.0.0.1:53417 | tcp | |
| N/A | 127.0.0.1:53421 | tcp | |
| N/A | 127.0.0.1:53423 | tcp | |
| N/A | 127.0.0.1:53425 | tcp | |
| N/A | 127.0.0.1:53427 | tcp | |
| N/A | 127.0.0.1:53429 | tcp | |
| N/A | 127.0.0.1:53431 | tcp | |
| N/A | 127.0.0.1:53433 | tcp | |
| N/A | 127.0.0.1:53436 | tcp | |
| N/A | 127.0.0.1:53442 | tcp | |
| N/A | 127.0.0.1:53445 | tcp | |
| N/A | 127.0.0.1:53463 | tcp | |
| N/A | 127.0.0.1:53475 | tcp | |
| N/A | 127.0.0.1:53478 | tcp | |
| N/A | 127.0.0.1:53480 | tcp | |
| N/A | 127.0.0.1:53483 | tcp | |
| N/A | 127.0.0.1:53489 | tcp | |
| N/A | 127.0.0.1:53492 | tcp | |
| N/A | 127.0.0.1:53494 | tcp | |
| N/A | 127.0.0.1:53500 | tcp | |
| N/A | 127.0.0.1:53502 | tcp | |
| N/A | 127.0.0.1:53504 | tcp | |
| N/A | 127.0.0.1:53507 | tcp | |
| N/A | 127.0.0.1:53518 | tcp | |
| N/A | 127.0.0.1:53546 | tcp | |
| N/A | 127.0.0.1:53550 | tcp | |
| N/A | 127.0.0.1:53552 | tcp | |
| N/A | 127.0.0.1:53555 | tcp | |
| N/A | 127.0.0.1:53557 | tcp | |
| N/A | 127.0.0.1:53559 | tcp | |
| N/A | 127.0.0.1:53561 | tcp | |
| N/A | 127.0.0.1:53563 | tcp | |
| N/A | 127.0.0.1:53566 | tcp | |
| N/A | 127.0.0.1:53565 | tcp | |
| N/A | 127.0.0.1:53569 | tcp | |
| N/A | 127.0.0.1:53571 | tcp | |
| N/A | 127.0.0.1:53573 | tcp | |
| N/A | 127.0.0.1:53576 | tcp | |
| N/A | 127.0.0.1:53578 | tcp | |
| N/A | 127.0.0.1:53580 | tcp | |
| N/A | 127.0.0.1:53582 | tcp | |
| N/A | 127.0.0.1:53584 | tcp | |
| N/A | 127.0.0.1:53588 | tcp | |
| N/A | 127.0.0.1:53590 | tcp | |
| N/A | 127.0.0.1:53593 | tcp | |
| N/A | 127.0.0.1:53595 | tcp | |
| N/A | 127.0.0.1:53597 | tcp | |
| N/A | 127.0.0.1:53599 | tcp | |
| N/A | 127.0.0.1:53601 | tcp | |
| N/A | 127.0.0.1:53604 | tcp | |
| N/A | 127.0.0.1:53607 | tcp | |
| N/A | 127.0.0.1:53611 | tcp | |
| N/A | 127.0.0.1:53617 | tcp | |
| N/A | 127.0.0.1:53620 | tcp | |
| N/A | 127.0.0.1:53622 | tcp | |
| N/A | 127.0.0.1:53632 | tcp | |
| N/A | 127.0.0.1:53635 | tcp | |
| N/A | 127.0.0.1:53642 | tcp | |
| N/A | 127.0.0.1:53646 | tcp | |
| N/A | 127.0.0.1:53660 | tcp | |
| N/A | 127.0.0.1:53669 | tcp | |
| N/A | 127.0.0.1:53676 | tcp | |
| N/A | 127.0.0.1:53680 | tcp | |
| N/A | 127.0.0.1:53687 | tcp | |
| N/A | 127.0.0.1:53689 | tcp | |
| N/A | 127.0.0.1:53692 | tcp | |
| N/A | 127.0.0.1:53698 | tcp | |
| N/A | 127.0.0.1:53703 | tcp | |
| N/A | 127.0.0.1:53713 | tcp | |
| N/A | 127.0.0.1:53716 | tcp | |
| N/A | 127.0.0.1:53720 | tcp | |
| N/A | 127.0.0.1:53728 | tcp | |
| N/A | 127.0.0.1:53733 | tcp | |
| N/A | 127.0.0.1:53736 | tcp | |
| N/A | 127.0.0.1:53740 | tcp | |
| N/A | 127.0.0.1:53746 | tcp | |
| N/A | 127.0.0.1:53749 | tcp | |
| N/A | 127.0.0.1:53752 | tcp | |
| N/A | 127.0.0.1:53759 | tcp | |
| N/A | 127.0.0.1:53766 | tcp | |
| N/A | 127.0.0.1:53769 | tcp | |
| N/A | 127.0.0.1:53771 | tcp | |
| N/A | 127.0.0.1:53778 | tcp | |
| N/A | 127.0.0.1:53784 | tcp | |
| N/A | 127.0.0.1:53787 | tcp | |
| N/A | 127.0.0.1:53789 | tcp | |
| N/A | 127.0.0.1:53800 | tcp | |
| N/A | 127.0.0.1:53803 | tcp | |
| N/A | 127.0.0.1:53805 | tcp | |
| N/A | 127.0.0.1:53811 | tcp | |
| N/A | 127.0.0.1:53820 | tcp | |
| N/A | 127.0.0.1:53822 | tcp | |
| N/A | 127.0.0.1:53825 | tcp | |
| N/A | 127.0.0.1:53831 | tcp | |
| N/A | 127.0.0.1:53834 | tcp | |
| N/A | 127.0.0.1:53837 | tcp | |
| N/A | 127.0.0.1:53841 | tcp | |
| N/A | 127.0.0.1:53844 | tcp | |
| N/A | 127.0.0.1:53847 | tcp | |
| N/A | 127.0.0.1:53854 | tcp | |
| N/A | 127.0.0.1:53858 | tcp | |
| N/A | 127.0.0.1:53861 | tcp | |
| N/A | 127.0.0.1:53864 | tcp | |
| N/A | 127.0.0.1:53873 | tcp | |
| N/A | 127.0.0.1:53876 | tcp | |
| N/A | 127.0.0.1:53880 | tcp | |
| N/A | 127.0.0.1:53884 | tcp | |
| N/A | 127.0.0.1:53890 | tcp | |
| N/A | 127.0.0.1:53893 | tcp | |
| N/A | 127.0.0.1:53897 | tcp | |
| N/A | 127.0.0.1:53904 | tcp | |
| N/A | 127.0.0.1:53907 | tcp | |
| N/A | 127.0.0.1:53915 | tcp | |
| N/A | 127.0.0.1:53920 | tcp | |
| N/A | 127.0.0.1:53925 | tcp | |
| N/A | 127.0.0.1:53928 | tcp | |
| N/A | 127.0.0.1:53932 | tcp | |
| N/A | 127.0.0.1:53934 | tcp | |
| N/A | 127.0.0.1:53946 | tcp | |
| N/A | 127.0.0.1:53949 | tcp | |
| N/A | 127.0.0.1:53952 | tcp | |
| N/A | 127.0.0.1:53957 | tcp | |
| N/A | 127.0.0.1:56661 | tcp | |
| N/A | 127.0.0.1:53966 | tcp | |
| N/A | 127.0.0.1:53968 | tcp | |
| N/A | 127.0.0.1:53972 | tcp | |
| N/A | 127.0.0.1:53977 | tcp | |
| N/A | 127.0.0.1:53979 | tcp | |
| N/A | 127.0.0.1:53982 | tcp | |
| N/A | 127.0.0.1:53989 | tcp | |
| N/A | 127.0.0.1:53992 | tcp | |
| N/A | 127.0.0.1:53995 | tcp | |
| N/A | 127.0.0.1:54003 | tcp | |
| N/A | 127.0.0.1:54007 | tcp | |
| N/A | 127.0.0.1:54013 | tcp | |
| N/A | 127.0.0.1:54016 | tcp | |
| N/A | 127.0.0.1:54019 | tcp | |
| N/A | 127.0.0.1:54022 | tcp | |
| N/A | 127.0.0.1:54030 | tcp | |
| N/A | 127.0.0.1:54034 | tcp | |
| N/A | 127.0.0.1:54037 | tcp | |
| N/A | 127.0.0.1:54041 | tcp | |
| N/A | 127.0.0.1:54050 | tcp | |
| N/A | 127.0.0.1:54053 | tcp | |
| N/A | 127.0.0.1:54056 | tcp | |
| N/A | 127.0.0.1:54066 | tcp | |
| N/A | 127.0.0.1:54069 | tcp | |
| N/A | 127.0.0.1:54072 | tcp | |
| N/A | 127.0.0.1:54075 | tcp | |
| N/A | 127.0.0.1:54079 | tcp | |
| N/A | 127.0.0.1:54083 | tcp | |
| N/A | 127.0.0.1:54086 | tcp | |
| N/A | 127.0.0.1:54089 | tcp | |
| N/A | 127.0.0.1:54091 | tcp | |
| N/A | 127.0.0.1:54095 | tcp | |
| N/A | 127.0.0.1:54108 | tcp | |
| N/A | 127.0.0.1:54111 | tcp | |
| N/A | 127.0.0.1:54116 | tcp | |
| N/A | 127.0.0.1:54118 | tcp | |
| N/A | 127.0.0.1:54122 | tcp | |
| N/A | 127.0.0.1:54126 | tcp | |
| N/A | 127.0.0.1:54128 | tcp | |
| N/A | 127.0.0.1:54137 | tcp | |
| N/A | 127.0.0.1:54142 | tcp | |
| N/A | 127.0.0.1:54145 | tcp | |
| N/A | 127.0.0.1:54152 | tcp | |
| N/A | 127.0.0.1:54157 | tcp | |
| N/A | 127.0.0.1:54159 | tcp | |
| N/A | 127.0.0.1:54164 | tcp | |
| N/A | 127.0.0.1:54168 | tcp | |
| N/A | 127.0.0.1:54173 | tcp | |
| N/A | 127.0.0.1:54176 | tcp | |
| N/A | 127.0.0.1:54185 | tcp | |
| N/A | 127.0.0.1:54188 | tcp | |
| N/A | 127.0.0.1:54191 | tcp | |
| N/A | 127.0.0.1:54194 | tcp | |
| N/A | 127.0.0.1:54200 | tcp | |
| N/A | 127.0.0.1:54208 | tcp | |
| N/A | 127.0.0.1:54211 | tcp | |
| N/A | 127.0.0.1:54213 | tcp | |
| N/A | 127.0.0.1:54216 | tcp | |
| N/A | 127.0.0.1:54222 | tcp | |
| N/A | 127.0.0.1:54225 | tcp | |
| N/A | 127.0.0.1:54231 | tcp | |
| N/A | 127.0.0.1:54233 | tcp | |
| N/A | 127.0.0.1:54235 | tcp | |
| N/A | 127.0.0.1:54248 | tcp | |
| N/A | 127.0.0.1:54251 | tcp | |
| N/A | 127.0.0.1:54254 | tcp | |
| N/A | 127.0.0.1:54260 | tcp | |
| N/A | 127.0.0.1:54262 | tcp | |
| N/A | 127.0.0.1:54266 | tcp | |
| N/A | 127.0.0.1:54269 | tcp | |
| N/A | 127.0.0.1:54272 | tcp | |
| N/A | 127.0.0.1:54277 | tcp | |
| N/A | 127.0.0.1:54285 | tcp | |
| N/A | 127.0.0.1:54288 | tcp | |
| N/A | 127.0.0.1:54291 | tcp | |
| N/A | 127.0.0.1:54300 | tcp | |
| N/A | 127.0.0.1:54304 | tcp | |
| N/A | 127.0.0.1:54306 | tcp | |
| N/A | 127.0.0.1:54309 | tcp | |
| N/A | 127.0.0.1:54320 | tcp | |
| N/A | 127.0.0.1:54324 | tcp | |
| N/A | 127.0.0.1:54326 | tcp | |
| N/A | 127.0.0.1:54334 | tcp | |
| N/A | 127.0.0.1:54336 | tcp | |
| N/A | 127.0.0.1:54340 | tcp | |
| N/A | 127.0.0.1:54343 | tcp | |
| N/A | 127.0.0.1:54345 | tcp | |
| N/A | 127.0.0.1:54352 | tcp | |
| N/A | 127.0.0.1:54360 | tcp | |
| N/A | 127.0.0.1:54362 | tcp | |
| N/A | 127.0.0.1:54365 | tcp | |
| N/A | 127.0.0.1:54372 | tcp | |
| N/A | 127.0.0.1:54377 | tcp | |
| N/A | 127.0.0.1:54379 | tcp | |
| N/A | 127.0.0.1:54382 | tcp | |
| N/A | 127.0.0.1:54390 | tcp | |
| N/A | 127.0.0.1:54395 | tcp | |
| N/A | 127.0.0.1:54398 | tcp | |
| N/A | 127.0.0.1:54402 | tcp | |
| N/A | 127.0.0.1:54404 | tcp | |
| N/A | 127.0.0.1:54414 | tcp | |
| N/A | 127.0.0.1:54416 | tcp | |
| N/A | 127.0.0.1:54422 | tcp | |
| N/A | 127.0.0.1:54425 | tcp | |
| N/A | 127.0.0.1:54432 | tcp | |
| N/A | 127.0.0.1:54436 | tcp | |
| N/A | 127.0.0.1:54440 | tcp | |
| N/A | 127.0.0.1:54446 | tcp | |
| N/A | 127.0.0.1:54448 | tcp | |
| N/A | 127.0.0.1:54451 | tcp | |
| N/A | 127.0.0.1:54453 | tcp | |
| N/A | 127.0.0.1:54457 | tcp | |
| N/A | 127.0.0.1:54463 | tcp | |
| N/A | 127.0.0.1:54465 | tcp | |
| N/A | 127.0.0.1:54472 | tcp | |
| N/A | 127.0.0.1:54476 | tcp | |
| N/A | 127.0.0.1:54479 | tcp | |
| N/A | 127.0.0.1:54488 | tcp | |
| N/A | 127.0.0.1:54491 | tcp | |
| N/A | 127.0.0.1:54496 | tcp | |
| N/A | 127.0.0.1:54499 | tcp | |
| N/A | 127.0.0.1:54504 | tcp | |
| N/A | 127.0.0.1:54508 | tcp | |
| N/A | 127.0.0.1:54512 | tcp | |
| N/A | 127.0.0.1:54523 | tcp | |
| N/A | 127.0.0.1:54526 | tcp | |
| N/A | 127.0.0.1:54529 | tcp | |
| N/A | 127.0.0.1:54532 | tcp | |
| N/A | 127.0.0.1:54541 | tcp | |
| N/A | 127.0.0.1:54545 | tcp | |
| N/A | 127.0.0.1:54548 | tcp | |
| N/A | 127.0.0.1:54554 | tcp | |
| N/A | 127.0.0.1:54560 | tcp | |
| N/A | 127.0.0.1:54563 | tcp | |
| N/A | 127.0.0.1:54565 | tcp | |
| N/A | 127.0.0.1:54573 | tcp | |
| N/A | 127.0.0.1:54578 | tcp | |
| N/A | 127.0.0.1:54581 | tcp | |
| N/A | 127.0.0.1:54584 | tcp | |
| N/A | 127.0.0.1:54590 | tcp | |
| N/A | 127.0.0.1:54593 | tcp | |
| N/A | 127.0.0.1:54598 | tcp | |
| N/A | 127.0.0.1:54600 | tcp | |
| N/A | 127.0.0.1:54603 | tcp | |
| N/A | 127.0.0.1:54615 | tcp | |
| N/A | 127.0.0.1:54617 | tcp | |
| N/A | 127.0.0.1:54621 | tcp | |
| N/A | 127.0.0.1:54623 | tcp | |
| N/A | 127.0.0.1:54627 | tcp | |
| N/A | 127.0.0.1:54631 | tcp | |
| N/A | 127.0.0.1:54633 | tcp | |
| N/A | 127.0.0.1:54637 | tcp | |
| N/A | 127.0.0.1:54641 | tcp | |
| N/A | 127.0.0.1:54649 | tcp | |
| N/A | 127.0.0.1:54652 | tcp | |
| N/A | 127.0.0.1:54656 | tcp | |
| N/A | 127.0.0.1:54660 | tcp | |
| N/A | 127.0.0.1:54666 | tcp | |
| N/A | 127.0.0.1:54671 | tcp | |
| N/A | 127.0.0.1:54679 | tcp | |
| N/A | 127.0.0.1:54682 | tcp | |
| N/A | 127.0.0.1:54688 | tcp | |
| N/A | 127.0.0.1:54692 | tcp | |
| N/A | 127.0.0.1:54695 | tcp | |
| N/A | 127.0.0.1:54699 | tcp | |
| N/A | 127.0.0.1:54701 | tcp | |
| N/A | 127.0.0.1:56661 | tcp | |
| N/A | 127.0.0.1:54707 | tcp | |
| N/A | 127.0.0.1:54712 | tcp | |
| N/A | 127.0.0.1:54715 | tcp | |
| N/A | 127.0.0.1:54717 | tcp | |
| N/A | 127.0.0.1:54725 | tcp | |
| N/A | 127.0.0.1:54730 | tcp | |
| N/A | 127.0.0.1:54733 | tcp | |
| N/A | 127.0.0.1:54739 | tcp | |
| N/A | 127.0.0.1:54744 | tcp | |
| N/A | 127.0.0.1:54747 | tcp | |
| N/A | 127.0.0.1:54749 | tcp | |
| N/A | 127.0.0.1:54756 | tcp | |
| N/A | 127.0.0.1:54761 | tcp | |
| N/A | 127.0.0.1:54764 | tcp | |
| N/A | 127.0.0.1:54767 | tcp | |
| N/A | 127.0.0.1:54772 | tcp | |
| N/A | 127.0.0.1:54775 | tcp | |
| N/A | 127.0.0.1:54781 | tcp | |
| N/A | 127.0.0.1:54785 | tcp | |
| N/A | 127.0.0.1:54789 | tcp | |
| N/A | 127.0.0.1:54792 | tcp | |
| N/A | 127.0.0.1:54798 | tcp | |
| N/A | 127.0.0.1:54801 | tcp | |
| N/A | 127.0.0.1:54805 | tcp | |
| N/A | 127.0.0.1:54809 | tcp | |
| N/A | 127.0.0.1:54812 | tcp | |
| N/A | 127.0.0.1:54817 | tcp | |
| N/A | 127.0.0.1:54821 | tcp | |
| N/A | 127.0.0.1:54824 | tcp | |
| N/A | 127.0.0.1:54829 | tcp | |
| N/A | 127.0.0.1:54831 | tcp | |
| N/A | 127.0.0.1:54837 | tcp | |
| N/A | 127.0.0.1:54841 | tcp | |
| N/A | 127.0.0.1:54847 | tcp | |
| N/A | 127.0.0.1:54850 | tcp | |
| N/A | 127.0.0.1:54855 | tcp | |
| N/A | 127.0.0.1:54858 | tcp | |
| N/A | 127.0.0.1:54862 | tcp | |
| N/A | 127.0.0.1:54864 | tcp | |
| N/A | 127.0.0.1:54873 | tcp | |
| N/A | 127.0.0.1:54876 | tcp | |
| N/A | 127.0.0.1:54881 | tcp | |
| N/A | 127.0.0.1:54885 | tcp | |
| N/A | 127.0.0.1:54889 | tcp | |
| N/A | 127.0.0.1:54896 | tcp | |
| N/A | 127.0.0.1:54900 | tcp | |
| N/A | 127.0.0.1:54903 | tcp | |
| N/A | 127.0.0.1:54907 | tcp | |
| N/A | 127.0.0.1:54909 | tcp | |
| N/A | 127.0.0.1:54914 | tcp | |
| N/A | 127.0.0.1:54920 | tcp | |
| N/A | 127.0.0.1:54924 | tcp | |
| N/A | 127.0.0.1:54928 | tcp | |
| N/A | 127.0.0.1:54936 | tcp | |
| N/A | 127.0.0.1:54940 | tcp | |
| N/A | 127.0.0.1:54943 | tcp | |
| N/A | 127.0.0.1:54949 | tcp | |
| N/A | 127.0.0.1:54951 | tcp | |
| N/A | 127.0.0.1:54956 | tcp | |
| N/A | 127.0.0.1:54959 | tcp | |
| N/A | 127.0.0.1:54961 | tcp | |
| N/A | 127.0.0.1:54966 | tcp | |
| N/A | 127.0.0.1:54971 | tcp | |
| N/A | 127.0.0.1:54975 | tcp | |
| N/A | 127.0.0.1:54983 | tcp | |
| N/A | 127.0.0.1:54987 | tcp | |
| N/A | 127.0.0.1:54995 | tcp | |
| N/A | 127.0.0.1:54998 | tcp | |
| N/A | 127.0.0.1:55000 | tcp | |
| N/A | 127.0.0.1:55003 | tcp | |
| N/A | 127.0.0.1:55008 | tcp | |
| N/A | 127.0.0.1:55012 | tcp | |
| N/A | 127.0.0.1:55017 | tcp | |
| N/A | 127.0.0.1:55020 | tcp | |
| N/A | 127.0.0.1:55029 | tcp | |
| N/A | 127.0.0.1:55032 | tcp | |
| N/A | 127.0.0.1:55036 | tcp | |
| N/A | 127.0.0.1:55042 | tcp | |
| N/A | 127.0.0.1:55047 | tcp | |
| N/A | 127.0.0.1:55049 | tcp | |
| N/A | 127.0.0.1:55052 | tcp | |
| N/A | 127.0.0.1:55054 | tcp | |
| N/A | 127.0.0.1:55057 | tcp | |
| N/A | 127.0.0.1:55069 | tcp | |
| N/A | 127.0.0.1:55073 | tcp | |
| N/A | 127.0.0.1:55075 | tcp | |
| N/A | 127.0.0.1:55081 | tcp | |
| N/A | 127.0.0.1:55083 | tcp | |
| N/A | 127.0.0.1:55088 | tcp | |
| N/A | 127.0.0.1:55090 | tcp | |
| N/A | 127.0.0.1:55093 | tcp | |
| N/A | 127.0.0.1:55104 | tcp | |
| N/A | 127.0.0.1:55107 | tcp | |
| N/A | 127.0.0.1:55110 | tcp | |
| N/A | 127.0.0.1:55115 | tcp | |
| N/A | 127.0.0.1:55118 | tcp | |
| N/A | 127.0.0.1:55122 | tcp | |
| N/A | 127.0.0.1:55125 | tcp | |
| N/A | 127.0.0.1:55129 | tcp | |
| N/A | 127.0.0.1:55132 | tcp | |
| N/A | 127.0.0.1:55138 | tcp | |
| N/A | 127.0.0.1:55143 | tcp | |
| N/A | 127.0.0.1:55147 | tcp | |
| N/A | 127.0.0.1:55150 | tcp | |
| N/A | 127.0.0.1:55157 | tcp | |
| N/A | 127.0.0.1:55161 | tcp | |
| N/A | 127.0.0.1:55164 | tcp | |
| N/A | 127.0.0.1:55167 | tcp | |
| N/A | 127.0.0.1:55172 | tcp | |
| N/A | 127.0.0.1:55177 | tcp | |
| N/A | 127.0.0.1:55180 | tcp | |
| N/A | 127.0.0.1:55183 | tcp | |
| N/A | 127.0.0.1:55194 | tcp | |
| N/A | 127.0.0.1:55197 | tcp | |
| N/A | 127.0.0.1:55200 | tcp | |
| N/A | 127.0.0.1:55203 | tcp | |
| N/A | 127.0.0.1:55206 | tcp | |
| N/A | 127.0.0.1:55209 | tcp | |
| N/A | 127.0.0.1:55213 | tcp | |
| N/A | 127.0.0.1:55216 | tcp | |
| N/A | 127.0.0.1:55225 | tcp | |
| N/A | 127.0.0.1:55231 | tcp | |
| N/A | 127.0.0.1:55233 | tcp | |
| N/A | 127.0.0.1:55239 | tcp | |
| N/A | 127.0.0.1:55243 | tcp | |
| N/A | 127.0.0.1:55245 | tcp | |
| N/A | 127.0.0.1:55249 | tcp | |
| N/A | 127.0.0.1:55252 | tcp | |
| N/A | 127.0.0.1:55253 | tcp | |
| N/A | 127.0.0.1:55264 | tcp | |
| N/A | 127.0.0.1:55269 | tcp |
Files
memory/4116-1-0x0000000001E20000-0x0000000001F20000-memory.dmp
memory/4116-2-0x0000000001D70000-0x0000000001D7B000-memory.dmp
memory/4116-3-0x0000000000400000-0x0000000001A2A000-memory.dmp
memory/3336-4-0x0000000000DA0000-0x0000000000DB6000-memory.dmp
memory/4116-5-0x0000000000400000-0x0000000001A2A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\487E.exe
| MD5 | 398ab69b1cdc624298fbc00526ea8aca |
| SHA1 | b2c76463ae08bb3a08accfcbf609ec4c2a9c0821 |
| SHA256 | ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be |
| SHA512 | 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739 |
memory/2124-16-0x0000000003890000-0x0000000003A54000-memory.dmp
memory/2124-17-0x0000000003A60000-0x0000000003C17000-memory.dmp
memory/5104-18-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\487E.exe
| MD5 | 34c292f7112a9db3194e6c78ab2fe7b1 |
| SHA1 | 150dd5ac6efd93b95d167897a2c870c5125df0ab |
| SHA256 | c029d47b22cb4a9cc49bbc1bde9983bf675f6a981fce1e5fb7f62a9bc54c8f01 |
| SHA512 | f44ed24daaf28441776952fe821d2de7b1a0f6b2800a3d75eabbf15a37e85c35b8d788fd86ae674468a2f16c6c49b33610b2ad988a2cea62b9a3d2d6790ea6be |
memory/5104-21-0x0000000000400000-0x0000000000848000-memory.dmp
memory/5104-22-0x0000000000400000-0x0000000000848000-memory.dmp
memory/5104-23-0x0000000000400000-0x0000000000848000-memory.dmp
memory/5104-25-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4EA9.dll
| MD5 | ed986d6b08106af1c55636ae8d793508 |
| SHA1 | 8988503a0c8946594138596d42a64a93cdf1fa75 |
| SHA256 | 2d29409de06e205a6513f63283c5e49bdc3b1dceca99130b99afd10d4cf46e5d |
| SHA512 | f38c8ec0520b4545a3da4f8e1f8f9593afe4ec1a52ddf295f49e648efdd76db396d53fa01f8b91962ad217845510f933311f7b1791226572929cf2e4ccbfe695 |
memory/5104-26-0x0000000000400000-0x0000000000848000-memory.dmp
\Users\Admin\AppData\Local\Temp\4EA9.dll
| MD5 | e030c4a1f29b8f10811e0fadfcd75fdf |
| SHA1 | 14cf7265ee77a7db459cc10cdb06da0d0b7cb71b |
| SHA256 | fe01c78055449b98a2098c57f7a30bffd01e8a236949b90d5e584a43d1617ac9 |
| SHA512 | 7164522480c2df4fd68a7858d8e68b0f3e008c0b6d400343cef7a0b8495636f0a5dbf0837c8a579175a72108cc39dfe77536672cf0302b5b7cf06fcfb6e56283 |
memory/5104-30-0x0000000010000000-0x0000000010202000-memory.dmp
memory/5104-29-0x00000000008F0000-0x00000000008F6000-memory.dmp
\Users\Admin\AppData\Local\Temp\4EA9.dll
| MD5 | db6aabed43bd575ad2357933af13930c |
| SHA1 | 45786fdc18665316620bc4b5d9bf6a77950493cd |
| SHA256 | d1f894a3a225613f9e2df61cac03f1d661764e90d9bb622f1cf1b009b7fd7e5d |
| SHA512 | a34f0d522f2e030ca26ff4ec647c7a7d0d73661f8100a202f7d9582b614dae894d63c72b0238128d60a0db0d51568baa531ddb9a3e31e75110932a8560e43eac |
memory/2532-33-0x0000000003420000-0x0000000003426000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\6975.exe
| MD5 | f40c4039bc971e6a0641c409b9080e9d |
| SHA1 | 1289fcf7b9129c101346c5f953ecaa46326a7aab |
| SHA256 | 338913963fcdd2bdd27808330b68d572b6c16aa4902d996fe7e0929f6143c9fa |
| SHA512 | c2843fb37066db57e5a54cdb0c0da9a3b1d5a4862bc44377ef53fe889f59f239f65fda4820d8f399d80270b8020ca023d3f1cf2e32e4ce0c0f0406977821b668 |
C:\Users\Admin\AppData\Local\Temp\6975.exe
| MD5 | 3fe89c4a3d58f644ee164df22c44a416 |
| SHA1 | 3389d3a2c1fb101c71c102da7808115eab95e3e7 |
| SHA256 | 24f7b2367bad2b71547555b1f41e406e1c3cf479b9f0983a692180278872db70 |
| SHA512 | c69f9c2d3ece7b882c51801c6c3fb590d8157e33f6139d6e46dd877779122d319bd79f039a842293f6445750bfb60468837f831e572123740f472708b833ab50 |
memory/752-40-0x0000000000E50000-0x0000000000E51000-memory.dmp
memory/752-42-0x00000000000A0000-0x0000000000991000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\705C.exe
| MD5 | a1b5ee1b9649ab629a7ac257e2392f8d |
| SHA1 | dc1b14b6d57589440fb3021c9e06a3e3191968dc |
| SHA256 | 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65 |
| SHA512 | 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b |
memory/752-41-0x00000000000A0000-0x0000000000991000-memory.dmp
memory/4804-52-0x0000000001D70000-0x0000000001E70000-memory.dmp
memory/4804-53-0x0000000001CF0000-0x0000000001D5B000-memory.dmp
memory/4804-51-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/752-55-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/752-56-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/752-57-0x0000000000E70000-0x0000000000E71000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\831A.exe
| MD5 | 09b908ad7bc40121a651f2207d0f4dc0 |
| SHA1 | 5fcd19b3e2ef27af681466e645867e10886ae055 |
| SHA256 | ffcc61277da663ce5f6fc67fdee861e0d8932d8c943b202943c95bb0edc9a2e8 |
| SHA512 | 6b34ba13571ce51671cd7f8a880584947bfd817028ff034582a2e301e0e2aecf3f6183c85bae983c407dc5ed01b8c147f94eb8c8fc5c71216173f753ca0e3c75 |
C:\Users\Admin\AppData\Local\Temp\831A.exe
| MD5 | 220342999e322c33936d33f437350eb0 |
| SHA1 | d3e016af7dc4b05e1a4540ffe10d0d89891920f6 |
| SHA256 | 6ecdc5db43ea39d0dc9e4423c0b3ceedd40dd315ac62e53c77c5f7c7a47bbe09 |
| SHA512 | 613961c2820992e40a01c7de0a6ec943eb6a4792b09a87154ab16ce0c928cecfabf8f4d7c2e722c615ec079902f9267a3cfd27ecac9eb0a98283f4bfe7563d7d |
memory/4776-62-0x0000000000E60000-0x00000000012EC000-memory.dmp
memory/4776-63-0x0000000073110000-0x00000000737FE000-memory.dmp
memory/2532-65-0x0000000005150000-0x0000000005278000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
| MD5 | 0564a9bf638169a89ccb3820a6b9a58e |
| SHA1 | 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb |
| SHA256 | 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058 |
| SHA512 | 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6 |
memory/2532-71-0x0000000005280000-0x000000000538D000-memory.dmp
memory/4912-77-0x0000000001BB0000-0x0000000001CB0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 2ce2c35ccba681d1dfdb273e894f1cf2 |
| SHA1 | 32730298565385205b865aef50f7f60eb1f1ae2f |
| SHA256 | ed018a0feeacecd48c52e26c097ae7faaba6d2a206793d71759578c0555631ce |
| SHA512 | 34f4fc03f1300237ef06d361540774b42d850c3523f52b647de4680943610403f3c2034df80f1bd13b69811d8f256e119c5a9f493ca40eec04c25269e82ebf45 |
memory/2532-83-0x0000000005280000-0x000000000538D000-memory.dmp
memory/4912-82-0x0000000003550000-0x00000000035B7000-memory.dmp
memory/4776-84-0x0000000073110000-0x00000000737FE000-memory.dmp
memory/4912-86-0x0000000000400000-0x0000000001A4B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\95C8.exe
| MD5 | 38617539f3925b6017474f088cc3769a |
| SHA1 | c689b57ab62eac790a204c8231b02bfe0bc243a6 |
| SHA256 | defe2d4c932a7ef607e8ef1a643fb57b9c69cbc53b52bf802f9471aae5caef49 |
| SHA512 | 15d87c6231a8f2115ae3f0f021949d175d3f36735637c7b508a229af5b2a93f70f32e19d9b8e3d1e0fa41bd21ee46ab5d9c6ef630c826afe2210a789e5da53e7 |
memory/5104-88-0x0000000002D30000-0x0000000002E58000-memory.dmp
memory/2532-93-0x0000000005280000-0x000000000538D000-memory.dmp
memory/4804-92-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/5104-95-0x0000000010000000-0x0000000010202000-memory.dmp
memory/4980-98-0x00000000039F0000-0x0000000003DF5000-memory.dmp
memory/5104-99-0x0000000002E60000-0x0000000002F6D000-memory.dmp
memory/4980-101-0x0000000003F00000-0x00000000047EB000-memory.dmp
memory/5104-103-0x0000000002E60000-0x0000000002F6D000-memory.dmp
memory/4980-104-0x0000000000400000-0x0000000001E0F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\u3sg.0.exe
| MD5 | 5c47e4602163dd29a39294b7192f0658 |
| SHA1 | 268d1bf1f4c8c8b696298f802b95af8bd3891c10 |
| SHA256 | 5c0b29d51d9b148c8c19ce0efca365ccb1bbe720f634a15897684abbd1dc5d76 |
| SHA512 | 7baa0359781ba21c378a0fbd37dfcde2d1b0c5a9ce3afcf8db0617f91a49dd552416c90963731798669002eda0a15f2296120cb9307c8cafef18dfdb4a52ad91 |
C:\Users\Admin\AppData\Roaming\udawfbu
| MD5 | 4e13689f591b1f5a2b52beb9a3f687e6 |
| SHA1 | 8ed7ecec05fe1a3bc1d6e52608ee8acc53c8fec3 |
| SHA256 | 1d8bed0ced5dd41173ed4ea1c9115dc9ad9886e674c29d080cb8ab9b0538b3e6 |
| SHA512 | c4a8db72354a86f68be18cf03b0d1adb17a7cf7fd156681ad56fd453eeeb0c3b008855f907eec8c5a193a35ff3d655972ae5f968f784c863bdee99804f91a8c6 |
memory/5104-108-0x0000000002E60000-0x0000000002F6D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\u3sg.1.exe
| MD5 | 09e4484c9c2562174e049c05f1b43c04 |
| SHA1 | ddc0039ac7510de6fa83c51aa69fa80dd534356e |
| SHA256 | 7aa8b86a00ae4d5af949d6bb70466a3b92ad03fe4d9113d1866eac8b6371bc19 |
| SHA512 | 88b06ca2c5d189a2ac85254870df164e037f5d9847c72e508d2e9fe4b257ec4dded7182afbe01e1eace2e294b491491b8f1b4c0fcdd9911b3957f042060fe920 |
memory/4436-116-0x0000000000400000-0x0000000000930000-memory.dmp
memory/4912-115-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/752-117-0x00000000000A0000-0x0000000000991000-memory.dmp
memory/4436-118-0x00000000009C0000-0x00000000009C1000-memory.dmp
C:\Users\Admin\AppData\Roaming\udawfbu
| MD5 | 8b2833c499b9828f3dd2bc9b9b61f4d3 |
| SHA1 | e46351048b6352f6ac192581b00f5f8279cc11df |
| SHA256 | 064e660799856e026868dd067a340ca97ad025e7f257ee146ef5078d11fbd527 |
| SHA512 | 2a08c0d1a3cda31c84676ac9a14afb63114481b43076dd8f6b86578170940eb167db8fead726107dd37c4468d5eed407a80413c3de3527bc67ca5732f912a7da |
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | f31b46c624d64f1e8c5fde4882f290f5 |
| SHA1 | 9f192fbf40f228642c7695d8058968516b7cc752 |
| SHA256 | c28aee41e7e7212f221c328b7b76179c1005127737cdf89fe0d2f0337c572332 |
| SHA512 | 5b128eb78476733d74d77b400841754fbf808a844f3d8c936aeacc50503232173689850d8957db9ea4559fb57944188c7bbdb29c7a067c81c81d4031d20d12b2 |
memory/5104-138-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | a53443cd530823042eaae102104c0e06 |
| SHA1 | 6af79aaef7a502bbc176f67068e639079eb9cf9f |
| SHA256 | acd0f739821362048a00d4b20cd5198de61199da36e14859ba0d31d46ad2beb6 |
| SHA512 | 306151e189c87063431d88684868c3e1205666453944f7c32e3c7c1f5469fa0f35f7d7a4140c33a032e1a300747208e63f3c00cfb9572484a0d6ba35f263e53a |
memory/4804-140-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/4980-142-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/4384-144-0x0000000000400000-0x00000000022D3000-memory.dmp
memory/4384-150-0x00000000024D0000-0x00000000025D0000-memory.dmp
memory/4384-151-0x00000000023E0000-0x00000000023EB000-memory.dmp
memory/4436-152-0x0000000000400000-0x0000000000930000-memory.dmp
memory/224-153-0x0000000002370000-0x0000000002397000-memory.dmp
memory/224-154-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/4196-155-0x0000000000400000-0x0000000001A2A000-memory.dmp
memory/4656-159-0x0000000000C50000-0x0000000000C86000-memory.dmp
memory/224-158-0x0000000002400000-0x0000000002500000-memory.dmp
memory/4196-160-0x0000000001BB0000-0x0000000001CB0000-memory.dmp
memory/4656-161-0x0000000071C00000-0x00000000722EE000-memory.dmp
memory/4656-162-0x0000000006AD0000-0x00000000070F8000-memory.dmp
memory/3336-164-0x0000000002BD0000-0x0000000002BE6000-memory.dmp
memory/224-168-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/4656-172-0x0000000000CA0000-0x0000000000CB0000-memory.dmp
memory/4804-170-0x0000000001D70000-0x0000000001E70000-memory.dmp
memory/752-167-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/4656-176-0x0000000007440000-0x00000000074A6000-memory.dmp
memory/4384-166-0x0000000000400000-0x00000000022D3000-memory.dmp
memory/4656-178-0x0000000007210000-0x0000000007276000-memory.dmp
memory/4656-163-0x0000000007170000-0x0000000007192000-memory.dmp
memory/4656-184-0x00000000075B0000-0x0000000007900000-memory.dmp
memory/4980-181-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/4656-199-0x0000000000CA0000-0x0000000000CB0000-memory.dmp
memory/4656-203-0x0000000007420000-0x000000000743C000-memory.dmp
memory/4656-208-0x0000000007E10000-0x0000000007E5B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ftz5ru3f.ass.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/4656-243-0x0000000008980000-0x00000000089BC000-memory.dmp
memory/4656-274-0x0000000008A40000-0x0000000008AB6000-memory.dmp
\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
\ProgramData\nss3.dll
| MD5 | a35ea9f5791776f02d6023bf19c9f5e9 |
| SHA1 | 0dd807f7a03f30ea2672f93bb997c175972e8f21 |
| SHA256 | e583574d06ea87faa8ab27a424000883e8b07f1cd4a9e59c7d8bd13fee6e0243 |
| SHA512 | fa4fdaf6a6e8b1a0b4658080b0b92943edddae47c1dad49bb459c96c98dd375d1343511b807d452ac511ee40ea521918c13dfee34a7efea069601cff243e8421 |
memory/4656-304-0x0000000009860000-0x0000000009893000-memory.dmp
memory/4656-305-0x0000000072D80000-0x0000000072DCB000-memory.dmp
memory/4656-306-0x000000006E9F0000-0x000000006ED40000-memory.dmp
memory/4656-307-0x000000007E2F0000-0x000000007E300000-memory.dmp
memory/4656-311-0x0000000009840000-0x000000000985E000-memory.dmp
memory/4656-316-0x00000000098A0000-0x0000000009945000-memory.dmp
memory/4656-317-0x0000000000CA0000-0x0000000000CB0000-memory.dmp
memory/4656-318-0x0000000009AC0000-0x0000000009B54000-memory.dmp
memory/752-387-0x00000000000A0000-0x0000000000991000-memory.dmp
memory/4656-516-0x0000000009A20000-0x0000000009A3A000-memory.dmp
memory/4656-521-0x0000000009A00000-0x0000000009A08000-memory.dmp
memory/4980-544-0x00000000039F0000-0x0000000003DF5000-memory.dmp
memory/4980-545-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/4656-548-0x0000000071C00000-0x00000000722EE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | a6be9fb5adf8b741c6196056f539dff7 |
| SHA1 | c05336946d4f858d173da2c5f30111a47602d077 |
| SHA256 | 7ce22cbaf19f861d624bd9065560cf57e0fff200404f6b1fb236d35c5ef798df |
| SHA512 | 1f07803025bab2f2314874af9470b6913558d5783aeabf29b742584829626fcdd9dde6ec5cd86d16cdfd6eb91d207384aef3d685ba4c2218fb9b148e92f13276 |
memory/4980-552-0x0000000000400000-0x0000000001E0F000-memory.dmp
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | db01a2c1c7e70b2b038edf8ad5ad9826 |
| SHA1 | 540217c647a73bad8d8a79e3a0f3998b5abd199b |
| SHA256 | 413da361d77055dae7007f82b58b366c8783aa72e0b8fbe41519b940c253b38d |
| SHA512 | c76ff57fcee5cdf9fdf3116d4e1dc0cf106867bf19ab474b763e242acf5dca9a7509cb837c35e130c3e056636b4e8a4e135512a978bcd3dd641e20f5bf76c3d6 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | dc52c92c8aff322cb5b0175d2f89b9d2 |
| SHA1 | e9c6580d925a7f1d81bcb6b656ae5ff5b7837886 |
| SHA256 | e890e98f7b1577bf43d5b5f4510b12df27dffca024ab4050a3ad8b49710e3687 |
| SHA512 | e0c075f2b0ff63604cdf7ac4de591310fb660f9c3f51dc01e6d3a612798a183b185e71d640249f4fed29389bbeb2fb9561b8a50db524c2bf849b72a30821903a |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
| MD5 | 0f38a17bbaa7b6f75f51c671be981097 |
| SHA1 | ee95e5225cfb623b6ddd58902bf72504993e2030 |
| SHA256 | 03f4d293b34e18f429d34282179a04a705d448f3b88b88982486997f6cd51f39 |
| SHA512 | 429100ae213ea857fa3fefea7b512bb616219f76cf2a55a4735776650806d42582ff886cd4779a1406d2bc9d0f514c93e40c3d12d9e764ffa8b880067bd704a2 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | a0de5a36e5e275f2009b015d689dba48 |
| SHA1 | 6231ccbc2b88224dd46170283387b493d3e68d5b |
| SHA256 | b7c263babc51a4efcfc898b3c69e9371c264a3f003a4cfddd1b39d0974ae0a8b |
| SHA512 | d41547528ec3a53b067ea6cf1fb73ca8c6cbd71ef0cc31a6cb27db950ce8a9fd173eccaea3eeb3590a918c01c585d4800dee54f74f2fa82dde1ea79f96335033 |
C:\Windows\rss\csrss.exe
| MD5 | 3a40d0aaff97ddb91ddc200778c24b97 |
| SHA1 | dfdbef7bcedfd689da7d976438b6b49edfa0dc32 |
| SHA256 | 9d734c38e56911d196f0aa0c7ce493384ef54c4879e148100edab79dd96fde08 |
| SHA512 | 150e9278d991d1524f9fac048c2bc8bb9bef15bb3be7ac9f9efad8ae8229b68442e367456de350a01f308caccdb35df20bf608cd00f41314eb55ae4c170fb1b1 |
C:\Windows\rss\csrss.exe
| MD5 | 4db27e9933e50a6333d88dcff417c3e0 |
| SHA1 | 57b4eda4b9e948b2c10cd25e57453ad4ce9e36e8 |
| SHA256 | be7006a5dc4e4889a1e1db7abe54b4e34ea2a85f3e717570618a8d3f6c4639ae |
| SHA512 | ce96d5a6977fff22815783ca94c94632f014d6858286f78143d387d65cf111412b37d731a0aa05e684c8980df88278554b7f5669405d8aa0e2e0822098533a3f |
C:\Windows\rss\csrss.exe
| MD5 | 6506b0ff331ef8468fe62ae2af7c2469 |
| SHA1 | 32eb7ba771c26966c8caac997a444a116bb457d0 |
| SHA256 | 72d896a52ee53609226c11165d89b985d2dee4581bfa544d4d9b392543aee7e2 |
| SHA512 | 994d2ce4c6391a2a946fadbe627c7d7879b20df57af55bf64b7f3e9624a9cb7b2a52cdcb273cb736b4cef285ff844dc8338ee2c8e3b1e757f0d0f3537a08576f |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 7992eada435c1aa439f462b2768a787e |
| SHA1 | 68941cac57b4b0ac2c6949c87b9c8779208ab54a |
| SHA256 | 8c0c9462d3e9e162b6d65858ef998d291a0e8b5e8e7679379df2270d9148d0ed |
| SHA512 | b30ddb33c7a5adae7db9ebe9fb8cd78b3f8bfbc5e2e6fdafb0d865d4c34c6a951925d481fe1b56f3f7b9343831f6d893468aa47cd9e9481a740000f82947379d |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 1377e0429ebec67673d1a0586716380b |
| SHA1 | 2c640d33dab1a6c9734cf65e8c6230ae70fd8c02 |
| SHA256 | b5ff3461ab23a15e5af9a6bef4eb44b986309e361fc0f8fa668857bc68dacb06 |
| SHA512 | f52dd802f366ab98bcf0782cfa0acfb9e9717b4e593b9229eb66332bc3723320e6b3c029ca223b33fc02ed9d61894b13e768c4476d355193f88eb1076193ee37 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | b88bb7f96468ab7d4bab0e9022fe53d4 |
| SHA1 | 30fc01b7cc125b07ca87ab6791733c7c959ce54a |
| SHA256 | c9e8476023f82bfafc4c2aaf6763d630572f4426acd17552c0697499db69271c |
| SHA512 | c5a8449de0020f93af78c3cd6857c330690205b8666d2a396fb678b1124c8b825f9666a3dcb352ff3ba0aea4c427f87105a4abbd522738175faa2f32051f123e |
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
| MD5 | d98e33b66343e7c96158444127a117f6 |
| SHA1 | bb716c5509a2bf345c6c1152f6e3e1452d39d50d |
| SHA256 | 5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1 |
| SHA512 | 705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5 |
C:\Windows\windefender.exe
| MD5 | 8e67f58837092385dcf01e8a2b4f5783 |
| SHA1 | 012c49cfd8c5d06795a6f67ea2baf2a082cf8625 |
| SHA256 | 166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa |
| SHA512 | 40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec |
C:\Windows\windefender.exe
| MD5 | a4d0b860d62cbc356b40ff58dd6a820b |
| SHA1 | f718c09a80e541813894a1b3ff63004defeb96c8 |
| SHA256 | 20a3d26340ae76243cb5f092bfdd14a161bb7747ca86bf32fc905c62148fc42f |
| SHA512 | 9e3a5d55aa3ea86a9b11283c9ebc8b8638e20cf8bd66b8e33fea14bbf7d14c6ff6175ef25bdb218ec90dd32d7235bafcaf7364ca9f73a142ef3288c60f4c162d |