Analysis Overview
SHA256
6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23
Threat Level: Known bad
The file 6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23 was found to be: Known bad.
Malicious Activity Summary
SmokeLoader
Pitou
Lumma Stealer
Glupteba payload
DcRat
Glupteba
Windows security bypass
Modifies Windows Firewall
Downloads MZ/PE file
Loads dropped DLL
Reads data files stored by FTP clients
UPX packed file
Deletes itself
Windows security modification
Executes dropped EXE
Reads user/profile data of web browsers
Checks installed software on the system
Adds Run key to start application
Writes to the Master Boot Record (MBR)
Manipulates WinMonFS driver.
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Drops file in System32 directory
Checks for VirtualBox DLLs, possible anti-VM trick
Drops file in Windows directory
Launches sc.exe
Unsigned PE
Enumerates physical storage devices
Program crash
Suspicious behavior: GetForegroundWindowSpam
Uses Task Scheduler COM API
Checks SCSI registry key(s)
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Creates scheduled task(s)
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-29 04:55
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-29 04:55
Reported
2024-02-29 05:00
Platform
win7-20240220-en
Max time kernel
38s
Max time network
302s
Command Line
Signatures
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Pitou
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Downloads MZ/PE file
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6C2B.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6C2B.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\850A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8C2C.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9FBD.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6C2B.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\6C2B.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\8C2C.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2544 set thread context of 2700 | N/A | C:\Users\Admin\AppData\Local\Temp\6C2B.exe | C:\Users\Admin\AppData\Local\Temp\6C2B.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\850A.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe
"C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe"
C:\Users\Admin\AppData\Local\Temp\6C2B.exe
C:\Users\Admin\AppData\Local\Temp\6C2B.exe
C:\Users\Admin\AppData\Local\Temp\6C2B.exe
C:\Users\Admin\AppData\Local\Temp\6C2B.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\72C1.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\72C1.dll
C:\Users\Admin\AppData\Local\Temp\850A.exe
C:\Users\Admin\AppData\Local\Temp\850A.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 124
C:\Users\Admin\AppData\Local\Temp\8C2C.exe
C:\Users\Admin\AppData\Local\Temp\8C2C.exe
C:\Users\Admin\AppData\Local\Temp\9FBD.exe
C:\Users\Admin\AppData\Local\Temp\9FBD.exe
C:\Users\Admin\AppData\Local\Temp\B2E0.exe
C:\Users\Admin\AppData\Local\Temp\B2E0.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\ux0.0.exe
"C:\Users\Admin\AppData\Local\Temp\ux0.0.exe"
C:\Users\Admin\AppData\Local\Temp\ux0.1.exe
"C:\Users\Admin\AppData\Local\Temp\ux0.1.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| GB | 139.162.210.252:443 | tcp | |
| N/A | 127.0.0.1:49223 | tcp | |
| DE | 185.250.36.209:9001 | tcp | |
| US | 207.148.26.28:9001 | tcp | |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| MX | 187.156.75.116:80 | trmpc.com | tcp |
| US | 8.8.8.8:53 | joly.bestsup.su | udp |
| US | 172.67.171.112:80 | joly.bestsup.su | tcp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| US | 207.148.26.28:9001 | tcp | |
| DE | 185.250.36.209:9001 | tcp | |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| US | 8.8.8.8:53 | alliance-enterprise.com | udp |
| US | 8.8.8.8:53 | regipa.com | udp |
| US | 8.8.8.8:53 | swoi.co.uk | udp |
| US | 8.8.8.8:53 | alliance-enterprise.com | udp |
| US | 8.8.8.8:53 | swoi.co.uk | udp |
| US | 8.8.8.8:53 | quint.ag | udp |
| US | 8.8.8.8:53 | regipa.com | udp |
| US | 8.8.8.8:53 | superiorpmw.com | udp |
| US | 8.8.8.8:53 | gufum.com | udp |
| US | 8.8.8.8:53 | parteecogrup.ro | udp |
| US | 8.8.8.8:53 | innovativecontrolsys.com | udp |
| US | 8.8.8.8:53 | regalcredit.com | udp |
| US | 8.8.8.8:53 | maxwellcasting.com | udp |
| US | 8.8.8.8:53 | innovativecontrolsys.com | udp |
| US | 8.8.8.8:53 | quint.ag | udp |
| US | 8.8.8.8:53 | quint.ag | udp |
| US | 8.8.8.8:53 | quint.ag | udp |
| US | 8.8.8.8:53 | parteecogrup.ro | udp |
| US | 8.8.8.8:53 | superiorpmw.com | udp |
| US | 8.8.8.8:53 | parteecogrup.ro | udp |
| US | 8.8.8.8:53 | mx00.ionos.com | udp |
| US | 8.8.8.8:53 | mx01.ionos.fr | udp |
| US | 8.8.8.8:53 | mx01.ionos.fr | udp |
| US | 8.8.8.8:53 | gufum.com | udp |
| US | 8.8.8.8:53 | gufum.com | udp |
| US | 8.8.8.8:53 | regalcredit.com | udp |
| US | 8.8.8.8:53 | maxwellcasting.com | udp |
| US | 8.8.8.8:53 | maxwellcasting.com | udp |
| US | 8.8.8.8:53 | pianofutures.com | udp |
| US | 8.8.8.8:53 | ou.pt | udp |
| US | 8.8.8.8:53 | jtbank.ch | udp |
| US | 8.8.8.8:53 | glaucuslogistics.com | udp |
| US | 8.8.8.8:53 | pianofutures.com | udp |
| US | 216.69.141.67:22 | pianofutures.com | tcp |
| US | 8.8.8.8:53 | berrystreetproperties.com | udp |
| US | 8.8.8.8:53 | ou.pt | udp |
| US | 23.236.62.72:443 | regalcredit.com | tcp |
| US | 8.8.8.8:53 | jtbank.ch | udp |
| US | 8.8.8.8:53 | mail.gufum.com | udp |
| US | 8.8.8.8:53 | superiorpmw-com.mail.protection.outlook.com | udp |
| DE | 64.190.63.222:21 | ou.pt | tcp |
| US | 23.236.62.72:21 | regalcredit.com | tcp |
| US | 52.101.10.10:143 | superiorpmw-com.mail.protection.outlook.com | tcp |
| US | 173.230.139.246:143 | mail.gufum.com | tcp |
| DE | 64.190.63.222:22 | ou.pt | tcp |
| CH | 91.208.173.130:22 | jtbank.ch | tcp |
| US | 8.8.8.8:53 | glaucuslogistics.com | udp |
| US | 216.69.141.67:21 | pianofutures.com | tcp |
| SG | 68.178.224.133:22 | glaucuslogistics.com | tcp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | regalcredit-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | innovativecontrolsys-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | innovativecontrolsys-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | regalcredit-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | berrystreetproperties.com | udp |
| US | 8.8.8.8:53 | pianofutures-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | pianofutures-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.jtbank.ch | udp |
| US | 172.67.195.176:80 | gufum.com | tcp |
| US | 52.101.10.5:143 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 3.33.130.190:80 | superiorpmw.com | tcp |
| DE | 64.190.63.222:443 | ou.pt | tcp |
| RO | 81.196.191.10:143 | parteecogrup.ro | tcp |
| CH | 91.208.173.130:21 | jtbank.ch | tcp |
| US | 104.21.37.114:80 | innovativecontrolsys.com | tcp |
| RO | 81.196.191.10:80 | parteecogrup.ro | tcp |
| BE | 66.102.1.26:465 | aspmx.l.google.com | tcp |
| SG | 68.178.224.133:21 | glaucuslogistics.com | tcp |
| US | 52.101.9.0:995 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 173.230.139.246:995 | mail.gufum.com | tcp |
| RO | 81.196.191.10:995 | parteecogrup.ro | tcp |
| CH | 91.208.173.130:443 | jtbank.ch | tcp |
| RO | 81.196.191.10:465 | parteecogrup.ro | tcp |
| US | 52.101.9.0:465 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 52.101.10.5:995 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 104.47.66.10:465 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| US | 216.69.141.67:80 | pianofutures.com | tcp |
| DE | 64.190.63.222:80 | ou.pt | tcp |
| CH | 91.208.173.142:143 | mail.jtbank.ch | tcp |
| CH | 91.208.173.142:465 | mail.jtbank.ch | tcp |
| US | 52.101.10.10:995 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 23.236.62.72:80 | regalcredit.com | tcp |
| US | 52.101.41.4:465 | pianofutures-com.mail.protection.outlook.com | tcp |
| FI | 65.109.115.152:80 | maxwellcasting.com | tcp |
| BE | 66.102.1.26:995 | aspmx.l.google.com | tcp |
| US | 52.101.41.0:995 | regalcredit-com.mail.protection.outlook.com | tcp |
| SG | 68.178.224.133:443 | glaucuslogistics.com | tcp |
| US | 52.101.11.7:143 | pianofutures-com.mail.protection.outlook.com | tcp |
| DE | 217.160.0.143:21 | alliance-enterprise.com | tcp |
| US | 52.101.41.4:995 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 104.47.59.138:995 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| US | 52.101.194.0:465 | pianofutures-com.mail.protection.outlook.com | tcp |
| GB | 109.203.109.104:22 | swoi.co.uk | tcp |
| US | 52.101.194.0:995 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| DE | 217.160.0.143:22 | alliance-enterprise.com | tcp |
| US | 23.236.62.72:80 | regalcredit.com | tcp |
| US | 173.230.139.246:143 | mail.gufum.com | tcp |
| CH | 91.208.173.130:80 | jtbank.ch | tcp |
| US | 104.47.66.10:143 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| DE | 64.190.63.222:22 | ou.pt | tcp |
| CH | 91.208.173.130:22 | jtbank.ch | tcp |
| US | 216.69.141.67:22 | pianofutures.com | tcp |
| US | 172.67.195.176:80 | gufum.com | tcp |
| US | 23.236.62.72:21 | regalcredit.com | tcp |
| US | 52.101.10.10:143 | pianofutures-com.mail.protection.outlook.com | tcp |
| FI | 142.250.150.26:143 | alt3.aspmx.l.google.com | tcp |
| US | 216.69.141.67:80 | pianofutures.com | tcp |
| US | 8.8.8.8:53 | superiorpmw-com.mail.protection.outlook.com | udp |
| US | 216.69.141.67:21 | pianofutures.com | tcp |
| US | 173.230.139.246:465 | mail.gufum.com | tcp |
| DE | 64.190.63.222:21 | ou.pt | tcp |
| US | 52.101.41.4:143 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 52.101.8.46:995 | superiorpmw-com.mail.protection.outlook.com | tcp |
| SG | 68.178.224.133:80 | glaucuslogistics.com | tcp |
| DE | 64.190.63.222:80 | ou.pt | tcp |
| CH | 91.208.173.130:21 | jtbank.ch | tcp |
| CH | 91.208.173.130:80 | jtbank.ch | tcp |
| US | 104.21.37.114:443 | innovativecontrolsys.com | tcp |
| SG | 68.178.224.133:21 | glaucuslogistics.com | tcp |
| US | 173.230.139.246:995 | mail.gufum.com | tcp |
| RO | 81.196.191.10:465 | parteecogrup.ro | tcp |
| US | 52.101.9.0:143 | superiorpmw-com.mail.protection.outlook.com | tcp |
| US | 104.47.66.10:465 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| US | 52.101.10.10:465 | pianofutures-com.mail.protection.outlook.com | tcp |
| DE | 64.190.63.222:80 | ou.pt | tcp |
| US | 52.101.9.0:465 | superiorpmw-com.mail.protection.outlook.com | tcp |
| SG | 68.178.224.133:22 | glaucuslogistics.com | tcp |
| US | 8.8.8.8:53 | innovativecontrolsys-com.mail.protection.outlook.com | udp |
| BE | 66.102.1.26:143 | aspmx.l.google.com | tcp |
| US | 23.236.62.72:443 | regalcredit.com | tcp |
| FI | 142.250.150.26:465 | alt3.aspmx.l.google.com | tcp |
| RO | 81.196.191.10:995 | parteecogrup.ro | tcp |
| US | 52.101.41.4:465 | pianofutures-com.mail.protection.outlook.com | tcp |
| CH | 91.208.173.142:995 | mail.jtbank.ch | tcp |
| RO | 81.196.191.10:143 | parteecogrup.ro | tcp |
| BE | 66.102.1.26:465 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | pianofutures-com.mail.protection.outlook.com | udp |
| DE | 217.160.0.143:80 | alliance-enterprise.com | tcp |
| US | 52.101.9.0:995 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 52.101.10.5:143 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| US | 3.33.130.190:443 | superiorpmw.com | tcp |
| US | 52.101.10.5:995 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| SG | 68.178.224.133:80 | glaucuslogistics.com | tcp |
| FI | 65.109.115.152:80 | maxwellcasting.com | tcp |
| CH | 91.208.173.142:465 | mail.jtbank.ch | tcp |
| US | 104.47.55.138:143 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| DE | 64.190.63.222:995 | ou.pt | tcp |
| FI | 142.250.150.26:995 | alt3.aspmx.l.google.com | tcp |
| CH | 91.208.173.142:143 | mail.jtbank.ch | tcp |
| US | 172.67.195.176:80 | gufum.com | tcp |
| BE | 66.102.1.26:995 | aspmx.l.google.com | tcp |
| US | 52.101.9.0:995 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 173.230.139.246:993 | mail.gufum.com | tcp |
| DE | 64.190.63.222:143 | ou.pt | tcp |
| DE | 217.160.0.2:21 | regipa.com | tcp |
| US | 52.101.41.0:143 | regalcredit-com.mail.protection.outlook.com | tcp |
| CH | 91.208.173.130:80 | jtbank.ch | tcp |
| US | 52.101.41.0:143 | regalcredit-com.mail.protection.outlook.com | tcp |
| US | 52.101.10.5:465 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| US | 52.101.41.0:465 | regalcredit-com.mail.protection.outlook.com | tcp |
| US | 23.236.62.72:80 | regalcredit.com | tcp |
| US | 104.47.55.138:465 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| US | 52.101.41.0:995 | regalcredit-com.mail.protection.outlook.com | tcp |
| US | 52.101.10.2:995 | superiorpmw-com.mail.protection.outlook.com | tcp |
| US | 52.101.194.0:143 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 52.101.194.0:465 | pianofutures-com.mail.protection.outlook.com | tcp |
| DE | 64.190.63.222:80 | ou.pt | tcp |
| US | 52.101.41.0:465 | regalcredit-com.mail.protection.outlook.com | tcp |
| US | 173.230.139.246:587 | mail.gufum.com | tcp |
| US | 52.101.9.5:143 | pianofutures-com.mail.protection.outlook.com | tcp |
| CH | 91.208.173.130:80 | jtbank.ch | tcp |
| US | 52.101.9.5:465 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 104.47.59.138:995 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| US | 23.236.62.72:990 | regalcredit.com | tcp |
| DE | 217.160.0.143:990 | alliance-enterprise.com | tcp |
| US | 173.230.139.246:110 | mail.gufum.com | tcp |
| GB | 109.203.109.104:222 | swoi.co.uk | tcp |
| US | 52.101.8.32:995 | pianofutures-com.mail.protection.outlook.com | tcp |
| DE | 64.190.63.222:80 | ou.pt | tcp |
| US | 52.101.9.5:995 | pianofutures-com.mail.protection.outlook.com | tcp |
| DE | 217.160.0.143:222 | alliance-enterprise.com | tcp |
| US | 52.101.11.10:995 | superiorpmw-com.mail.protection.outlook.com | tcp |
| US | 52.101.10.10:143 | pianofutures-com.mail.protection.outlook.com | tcp |
| DE | 217.160.0.2:22 | regipa.com | tcp |
| US | 52.101.10.10:465 | pianofutures-com.mail.protection.outlook.com | tcp |
| DE | 217.160.0.143:80 | alliance-enterprise.com | tcp |
| US | 104.47.66.10:995 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| US | 3.33.130.190:80 | superiorpmw.com | tcp |
| US | 23.236.62.72:80 | regalcredit.com | tcp |
| US | 104.21.37.114:80 | innovativecontrolsys.com | tcp |
| US | 52.101.8.32:465 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 216.69.141.67:222 | pianofutures.com | tcp |
| FI | 65.109.115.152:443 | maxwellcasting.com | tcp |
| US | 172.67.195.176:80 | gufum.com | tcp |
| US | 8.8.8.8:53 | innovativecontrolsys-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | regalcredit-com.mail.protection.outlook.com | udp |
| US | 52.101.10.6:995 | regalcredit-com.mail.protection.outlook.com | tcp |
| DE | 64.190.63.222:222 | ou.pt | tcp |
| CH | 91.208.173.130:222 | jtbank.ch | tcp |
| US | 104.47.66.10:993 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| US | 216.69.141.67:990 | pianofutures.com | tcp |
| DE | 64.190.63.222:80 | ou.pt | tcp |
| CH | 91.208.173.130:80 | jtbank.ch | tcp |
| US | 216.69.141.67:80 | pianofutures.com | tcp |
| CH | 91.208.173.142:995 | mail.jtbank.ch | tcp |
| CH | 91.208.173.130:80 | jtbank.ch | tcp |
| DE | 64.190.63.222:990 | ou.pt | tcp |
| BE | 66.102.1.26:587 | aspmx.l.google.com | tcp |
| FI | 142.250.150.27:143 | alt3.aspmx.l.google.com | tcp |
| US | 52.101.8.46:993 | superiorpmw-com.mail.protection.outlook.com | tcp |
| SG | 68.178.224.133:222 | glaucuslogistics.com | tcp |
| BE | 66.102.1.26:993 | aspmx.l.google.com | tcp |
| US | 104.47.66.10:587 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| US | 52.101.11.3:993 | regalcredit-com.mail.protection.outlook.com | tcp |
| US | 52.101.8.46:587 | superiorpmw-com.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | superiorpmw-com.mail.protection.outlook.com | udp |
| RO | 81.196.191.10:993 | parteecogrup.ro | tcp |
| CH | 91.208.173.130:990 | jtbank.ch | tcp |
| US | 52.101.11.3:110 | regalcredit-com.mail.protection.outlook.com | tcp |
| DE | 217.160.0.143:80 | alliance-enterprise.com | tcp |
| SG | 68.178.224.133:990 | glaucuslogistics.com | tcp |
| DE | 64.190.63.222:995 | ou.pt | tcp |
| DE | 64.190.63.222:80 | ou.pt | tcp |
| US | 52.101.11.3:587 | regalcredit-com.mail.protection.outlook.com | tcp |
| RO | 81.196.191.10:587 | parteecogrup.ro | tcp |
| US | 8.8.8.8:53 | pianofutures-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ftp.berrystreetproperties.com | udp |
| US | 52.101.9.0:110 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 52.101.9.0:993 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 172.67.195.176:80 | gufum.com | tcp |
| US | 173.230.139.246:993 | mail.gufum.com | tcp |
| US | 52.101.9.0:587 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 173.230.139.246:587 | mail.gufum.com | tcp |
| US | 104.47.55.138:993 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| RO | 81.196.191.10:110 | parteecogrup.ro | tcp |
| US | 23.236.62.72:443 | regalcredit.com | tcp |
| FI | 142.250.150.27:465 | alt3.aspmx.l.google.com | tcp |
| FI | 65.109.115.152:443 | maxwellcasting.com | tcp |
| US | 52.101.10.2:993 | superiorpmw-com.mail.protection.outlook.com | tcp |
| US | 104.47.66.10:110 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| CH | 91.208.173.142:993 | mail.jtbank.ch | tcp |
| CH | 91.208.173.142:587 | mail.jtbank.ch | tcp |
| US | 8.8.8.8:53 | mail.berrystreetproperties.com | udp |
| SG | 68.178.224.133:80 | glaucuslogistics.com | tcp |
| US | 52.101.9.0:110 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 23.236.62.72:80 | regalcredit.com | tcp |
| BE | 66.102.1.26:110 | aspmx.l.google.com | tcp |
| FI | 142.250.150.27:995 | alt3.aspmx.l.google.com | tcp |
| US | 3.33.130.190:443 | superiorpmw.com | tcp |
| DE | 217.160.0.2:990 | regipa.com | tcp |
| GB | 109.203.109.104:21 | swoi.co.uk | tcp |
| US | 52.101.10.2:587 | superiorpmw-com.mail.protection.outlook.com | tcp |
| US | 104.47.55.138:587 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| US | 52.101.8.34:993 | superiorpmw-com.mail.protection.outlook.com | tcp |
| US | 104.21.37.114:443 | innovativecontrolsys.com | tcp |
| US | 8.8.8.8:53 | ftp.quint.ag | udp |
| DE | 64.190.63.222:80 | ou.pt | tcp |
| US | 52.101.8.34:587 | superiorpmw-com.mail.protection.outlook.com | tcp |
| US | 52.101.11.10:993 | superiorpmw-com.mail.protection.outlook.com | tcp |
| DE | 217.160.0.143:222 | alliance-enterprise.com | tcp |
| CH | 91.208.173.130:80 | jtbank.ch | tcp |
| US | 52.101.8.34:110 | superiorpmw-com.mail.protection.outlook.com | tcp |
| CH | 91.208.173.130:80 | jtbank.ch | tcp |
| DE | 217.160.0.143:80 | alliance-enterprise.com | tcp |
| DE | 217.160.0.143:990 | alliance-enterprise.com | tcp |
| DE | 64.190.63.222:143 | ou.pt | tcp |
| US | 172.67.195.176:80 | gufum.com | tcp |
| DE | 64.190.63.222:80 | ou.pt | tcp |
| US | 52.101.8.34:110 | superiorpmw-com.mail.protection.outlook.com | tcp |
| US | 52.101.8.32:993 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 23.236.62.72:990 | regalcredit.com | tcp |
| US | 52.101.11.10:587 | superiorpmw-com.mail.protection.outlook.com | tcp |
| US | 52.101.8.32:587 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 52.101.10.6:993 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 52.101.10.6:110 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 52.101.10.6:587 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 52.101.8.32:110 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 104.47.55.138:110 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| RO | 81.196.191.10:80 | parteecogrup.ro | tcp |
| US | 52.101.10.6:110 | pianofutures-com.mail.protection.outlook.com | tcp |
| DE | 64.190.63.222:465 | ou.pt | tcp |
| US | 173.230.139.246:110 | mail.gufum.com | tcp |
| GB | 109.203.109.104:222 | swoi.co.uk | tcp |
| US | 216.69.141.67:80 | pianofutures.com | tcp |
| GB | 109.203.109.104:990 | swoi.co.uk | tcp |
| US | 52.101.10.6:587 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 104.47.66.10:993 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| US | 23.236.62.72:443 | regalcredit.com | tcp |
| US | 52.101.10.6:110 | pianofutures-com.mail.protection.outlook.com | tcp |
| DE | 64.190.63.222:80 | ou.pt | tcp |
| US | 104.21.37.114:22 | innovativecontrolsys.com | tcp |
| US | 216.69.141.67:222 | pianofutures.com | tcp |
| DE | 64.190.63.222:222 | ou.pt | tcp |
| US | 173.230.139.246:25 | mail.gufum.com | tcp |
| FI | 65.109.115.152:443 | maxwellcasting.com | tcp |
| US | 8.8.8.8:53 | innovativecontrolsys-com.mail.protection.outlook.com | udp |
| DE | 217.160.0.2:222 | regipa.com | tcp |
| US | 8.8.8.8:53 | regalcredit-com.mail.protection.outlook.com | udp |
| US | 173.230.139.246:220 | mail.gufum.com | tcp |
| CH | 91.208.173.130:80 | jtbank.ch | tcp |
| US | 216.69.141.67:990 | pianofutures.com | tcp |
| US | 216.69.141.67:80 | pianofutures.com | tcp |
| US | 104.21.37.114:80 | innovativecontrolsys.com | tcp |
| US | 23.236.62.72:80 | regalcredit.com | tcp |
| CH | 91.208.173.130:990 | jtbank.ch | tcp |
| CH | 91.208.173.142:110 | mail.jtbank.ch | tcp |
| US | 52.101.9.0:993 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 52.101.9.0:993 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | mail.quint.ag | udp |
| US | 8.8.8.8:53 | superiorpmw-com.mail.protection.outlook.com | udp |
| BE | 66.102.1.26:587 | aspmx.l.google.com | tcp |
| US | 52.101.41.4:110 | regalcredit-com.mail.protection.outlook.com | tcp |
| DE | 64.190.63.222:990 | ou.pt | tcp |
| FI | 142.250.150.27:993 | alt3.aspmx.l.google.com | tcp |
| SG | 68.178.224.133:222 | glaucuslogistics.com | tcp |
| BE | 66.102.1.26:993 | aspmx.l.google.com | tcp |
| US | 52.101.9.0:587 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 104.47.66.10:587 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| US | 3.33.130.190:80 | superiorpmw.com | tcp |
| US | 172.67.207.211:22 | innovativecontrolsys.com | tcp |
| US | 104.47.55.138:993 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | pianofutures-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | pianofutures-com.mail.protection.outlook.com | udp |
| SG | 68.178.224.133:990 | glaucuslogistics.com | tcp |
| RO | 81.196.191.10:110 | parteecogrup.ro | tcp |
| US | 52.101.41.4:993 | pianofutures-com.mail.protection.outlook.com | tcp |
| CH | 91.208.173.130:222 | jtbank.ch | tcp |
| FI | 142.250.150.27:587 | alt3.aspmx.l.google.com | tcp |
| US | 172.67.195.176:995 | gufum.com | tcp |
| DE | 64.190.63.222:110 | ou.pt | tcp |
| US | 52.101.9.17:110 | superiorpmw-com.mail.protection.outlook.com | tcp |
| RO | 81.196.191.10:587 | parteecogrup.ro | tcp |
| US | 52.101.9.11:587 | pianofutures-com.mail.protection.outlook.com | tcp |
| DE | 217.160.0.2:80 | regipa.com | tcp |
| US | 52.101.41.4:587 | pianofutures-com.mail.protection.outlook.com | tcp |
| BE | 66.102.1.26:110 | aspmx.l.google.com | tcp |
| SG | 68.178.224.133:80 | glaucuslogistics.com | tcp |
| US | 104.47.66.10:110 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| RO | 81.196.191.10:993 | parteecogrup.ro | tcp |
| FI | 65.109.115.152:443 | maxwellcasting.com | tcp |
| US | 23.236.62.72:80 | regalcredit.com | tcp |
| US | 52.101.9.5:110 | pianofutures-com.mail.protection.outlook.com | tcp |
| CH | 91.208.173.142:993 | mail.jtbank.ch | tcp |
| SG | 68.178.224.133:80 | glaucuslogistics.com | tcp |
| US | 52.101.8.34:993 | superiorpmw-com.mail.protection.outlook.com | tcp |
| US | 52.101.10.5:587 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | ssh.berrystreetproperties.com | udp |
| US | 52.101.41.0:110 | superiorpmw-com.mail.protection.outlook.com | tcp |
| US | 52.101.8.32:993 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 52.101.8.34:587 | superiorpmw-com.mail.protection.outlook.com | tcp |
| US | 52.101.10.6:993 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 104.47.59.138:587 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| US | 52.101.41.0:993 | superiorpmw-com.mail.protection.outlook.com | tcp |
| DE | 217.160.0.2:990 | regipa.com | tcp |
| US | 104.21.92.162:995 | gufum.com | tcp |
| US | 8.8.8.8:53 | ftp.regalcredit.com | udp |
| US | 8.8.8.8:53 | ftp.alliance-enterprise.com | udp |
| CH | 91.208.173.142:587 | mail.jtbank.ch | tcp |
| US | 52.101.9.0:587 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 104.21.37.114:443 | innovativecontrolsys.com | tcp |
| US | 52.101.41.0:587 | superiorpmw-com.mail.protection.outlook.com | tcp |
| US | 52.101.40.4:110 | superiorpmw-com.mail.protection.outlook.com | tcp |
| US | 52.101.10.6:587 | pianofutures-com.mail.protection.outlook.com | tcp |
| FI | 142.250.150.27:110 | alt3.aspmx.l.google.com | tcp |
| US | 3.33.130.190:443 | superiorpmw.com | tcp |
| CH | 91.208.173.130:80 | jtbank.ch | tcp |
| DE | 217.160.0.2:80 | regipa.com | tcp |
| US | 52.101.10.5:110 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 52.101.10.2:110 | regalcredit-com.mail.protection.outlook.com | tcp |
| US | 104.21.37.114:222 | innovativecontrolsys.com | tcp |
| DE | 64.190.63.222:465 | ou.pt | tcp |
| US | 52.101.10.6:993 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 104.47.66.10:220 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| RO | 81.196.191.10:21 | parteecogrup.ro | tcp |
| FI | 65.109.115.152:443 | maxwellcasting.com | tcp |
| US | 23.236.62.72:443 | ftp.regalcredit.com | tcp |
| DE | 64.190.63.222:993 | ou.pt | tcp |
| DE | 217.160.0.143:2222 | alliance-enterprise.com | tcp |
| US | 52.101.10.2:993 | regalcredit-com.mail.protection.outlook.com | tcp |
| US | 52.101.10.5:110 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 52.101.40.0:587 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 173.230.139.246:220 | mail.gufum.com | tcp |
| GB | 109.203.109.104:80 | swoi.co.uk | tcp |
| DE | 217.160.0.2:222 | regipa.com | tcp |
| GB | 109.203.109.104:2222 | swoi.co.uk | tcp |
| US | 52.101.42.9:110 | superiorpmw-com.mail.protection.outlook.com | tcp |
| GB | 109.203.109.104:990 | swoi.co.uk | tcp |
| US | 104.47.59.138:110 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| US | 52.101.41.4:110 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | ftp.pianofutures.com | udp |
| US | 8.8.8.8:53 | ssh.quint.ag | udp |
| US | 8.8.8.8:53 | innovativecontrolsys-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ftp.ou.pt | udp |
| US | 8.8.8.8:53 | pop.berrystreetproperties.com | udp |
| US | 23.236.62.72:21 | ftp.regalcredit.com | tcp |
| RO | 81.196.191.10:22 | parteecogrup.ro | tcp |
| CH | 91.208.173.130:2222 | jtbank.ch | tcp |
| US | 172.67.207.211:222 | innovativecontrolsys.com | tcp |
| DE | 64.190.63.222:2222 | ftp.ou.pt | tcp |
| US | 52.101.10.5:220 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 173.230.139.246:25 | mail.gufum.com | tcp |
| US | 216.69.141.67:2222 | ftp.pianofutures.com | tcp |
| US | 216.69.141.67:80 | ftp.pianofutures.com | tcp |
| US | 104.21.37.114:80 | innovativecontrolsys.com | tcp |
| US | 3.33.130.190:80 | superiorpmw.com | tcp |
| US | 52.101.9.17:220 | superiorpmw-com.mail.protection.outlook.com | tcp |
| BE | 66.102.1.26:220 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | parclan.com | udp |
| US | 8.8.8.8:53 | superiorpmw-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | regalcredit-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ftp.jtbank.ch | udp |
| US | 8.8.8.8:53 | pianofutures-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.parteecogrup.ro | udp |
| US | 8.8.8.8:53 | parclan.com | udp |
| FI | 142.250.150.27:993 | alt3.aspmx.l.google.com | tcp |
| GB | 109.203.109.104:143 | swoi.co.uk | tcp |
| SG | 68.178.224.133:2222 | glaucuslogistics.com | tcp |
| US | 104.47.55.138:25 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| DE | 64.190.63.222:21 | ftp.ou.pt | tcp |
| FI | 65.109.115.152:443 | maxwellcasting.com | tcp |
| RO | 81.196.191.10:220 | mail.parteecogrup.ro | tcp |
| DE | 217.160.0.2:80 | regipa.com | tcp |
| US | 104.47.59.138:220 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| US | 216.69.141.67:21 | ftp.pianofutures.com | tcp |
| US | 172.67.195.176:995 | gufum.com | tcp |
| US | 23.236.62.72:995 | ftp.regalcredit.com | tcp |
| CH | 91.208.173.142:110 | mail.jtbank.ch | tcp |
| GB | 109.203.109.104:80 | swoi.co.uk | tcp |
| FI | 142.250.150.27:587 | alt3.aspmx.l.google.com | tcp |
| US | 52.101.9.0:25 | superiorpmw-com.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | ftp.glaucuslogistics.com | udp |
| US | 8.8.8.8:53 | ftp.regipa.com | udp |
| US | 8.8.8.8:53 | outlook.co.tcom | udp |
| RO | 81.196.191.10:995 | mail.parteecogrup.ro | tcp |
| US | 52.101.42.10:25 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 3.33.130.190:21 | superiorpmw.com | tcp |
| US | 3.33.130.190:22 | superiorpmw.com | tcp |
| US | 52.101.42.10:220 | pianofutures-com.mail.protection.outlook.com | tcp |
| CH | 91.208.173.130:21 | ftp.jtbank.ch | tcp |
| US | 23.236.62.72:80 | ftp.regalcredit.com | tcp |
| BE | 66.102.1.26:25 | aspmx.l.google.com | tcp |
| FI | 142.250.150.27:995 | alt3.aspmx.l.google.com | tcp |
| US | 52.101.40.4:220 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 52.101.40.1:25 | pianofutures-com.mail.protection.outlook.com | tcp |
| RO | 81.196.191.10:25 | mail.parteecogrup.ro | tcp |
| US | 3.33.130.190:995 | superiorpmw.com | tcp |
| US | 52.101.9.2:25 | regalcredit-com.mail.protection.outlook.com | tcp |
| SG | 68.178.224.133:21 | ftp.glaucuslogistics.com | tcp |
| US | 52.101.40.1:220 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 104.21.92.162:995 | gufum.com | tcp |
| DE | 64.190.63.222:110 | ftp.ou.pt | tcp |
| SG | 68.178.224.133:80 | ftp.glaucuslogistics.com | tcp |
| US | 104.21.37.114:995 | innovativecontrolsys.com | tcp |
| ES | 82.165.2.242:21 | ftp.regipa.com | tcp |
| FI | 142.250.150.27:110 | alt3.aspmx.l.google.com | tcp |
| US | 216.69.141.67:995 | ftp.pianofutures.com | tcp |
| US | 52.101.42.13:25 | superiorpmw-com.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | outlook.co.tcom | udp |
| US | 8.8.8.8:53 | vfe.waom | udp |
| US | 8.8.8.8:53 | stc.net.sa | udp |
| US | 8.8.8.8:53 | fast-technologies.com | udp |
| US | 8.8.8.8:53 | alliedprintgroup.com | udp |
| US | 8.8.8.8:53 | vfe.waom | udp |
| US | 8.8.8.8:53 | alliedprintgroup.com | udp |
| US | 8.8.8.8:53 | outlook.co.tcom | udp |
| US | 8.8.8.8:53 | stc.net.sa | udp |
| US | 8.8.8.8:53 | mail.parclan.com | udp |
| US | 8.8.8.8:53 | ftp.swoi.co.uk | udp |
| US | 52.101.194.3:25 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 15.197.148.33:21 | superiorpmw.com | tcp |
| US | 52.101.10.8:220 | regalcredit-com.mail.protection.outlook.com | tcp |
| US | 15.197.148.33:22 | superiorpmw.com | tcp |
| US | 52.101.194.3:220 | pianofutures-com.mail.protection.outlook.com | tcp |
| US | 172.67.207.211:995 | innovativecontrolsys.com | tcp |
| US | 15.197.148.33:995 | superiorpmw.com | tcp |
| CH | 91.208.173.142:220 | mail.jtbank.ch | tcp |
| US | 8.8.8.8:53 | fast-technologies.com | udp |
| DE | 217.160.0.2:80 | regipa.com | tcp |
| US | 104.21.37.114:443 | innovativecontrolsys.com | tcp |
| US | 104.47.55.138:220 | innovativecontrolsys-com.mail.protection.outlook.com | tcp |
| RO | 81.196.191.10:990 | mail.parteecogrup.ro | tcp |
| GB | 109.203.109.104:993 | ftp.swoi.co.uk | tcp |
| FI | 65.109.115.152:443 | maxwellcasting.com | tcp |
| US | 23.236.62.72:21 | ftp.regalcredit.com | tcp |
| US | 104.21.37.114:222 | innovativecontrolsys.com | tcp |
| US | 172.67.195.176:143 | gufum.com | tcp |
| DE | 217.160.0.2:2222 | regipa.com | tcp |
| US | 74.208.5.3:143 | mx00.ionos.com | tcp |
| US | 216.69.141.67:2222 | ftp.pianofutures.com | tcp |
| US | 157.230.203.88:143 | mail.parclan.com | tcp |
| US | 52.101.9.2:220 | regalcredit-com.mail.protection.outlook.com | tcp |
| US | 104.21.92.162:143 | gufum.com | tcp |
| DE | 64.190.63.222:587 | ftp.ou.pt | tcp |
| US | 173.231.192.44:21 | alliedprintgroup.com | tcp |
| US | 173.230.139.246:2525 | mail.gufum.com | tcp |
| US | 216.69.141.67:21 | ftp.pianofutures.com | tcp |
| GB | 109.203.109.104:2222 | ftp.swoi.co.uk | tcp |
| RO | 81.196.191.10:222 | mail.parteecogrup.ro | tcp |
| DE | 64.190.63.222:2222 | ftp.ou.pt | tcp |
| US | 8.8.8.8:53 | khanhhoa.edu.om | udp |
| US | 8.8.8.8:53 | dsplus.co | udp |
| US | 8.8.8.8:53 | haebom.ga | udp |
| US | 8.8.8.8:53 | haebom.ga | udp |
| US | 8.8.8.8:53 | dan.ul.com | udp |
| US | 8.8.8.8:53 | regalcredit.com | udp |
| US | 8.8.8.8:53 | superiorpmw-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | innovativecontrolsys-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | regalcredit-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | khanhhoa.edu.om | udp |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| US | 3.33.130.190:443 | superiorpmw.com | tcp |
| US | 157.230.203.88:465 | mail.parclan.com | tcp |
| US | 162.255.119.53:22 | fast-technologies.com | tcp |
| CH | 91.208.173.130:2222 | ftp.jtbank.ch | tcp |
| US | 23.236.62.72:443 | regalcredit.com | tcp |
| RO | 81.196.191.10:25 | mail.parteecogrup.ro | tcp |
| US | 8.8.8.8:53 | haebom.ga | udp |
| US | 8.8.8.8:53 | idfc-ag.com | udp |
| US | 8.8.8.8:53 | realia.co | udp |
| US | 8.8.8.8:53 | pianofutures-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | alt4.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | dsplus.co | udp |
| US | 8.8.8.8:53 | ssh.alliance-enterprise.com | udp |
| US | 8.8.8.8:53 | dan.ul.com | udp |
| US | 8.8.8.8:53 | dan.ul.com | udp |
| US | 8.8.8.8:53 | mail.ou.pt | udp |
| US | 8.8.8.8:53 | stcimss1.stc.com.sa | udp |
| US | 216.69.141.67:80 | ftp.pianofutures.com | tcp |
| US | 104.21.37.114:80 | innovativecontrolsys.com | tcp |
| US | 8.8.8.8:53 | standard-logistic.rs | udp |
| US | 8.8.8.8:53 | ssh.pianofutures.com | udp |
| US | 8.8.8.8:53 | idfc-ag.com | udp |
| US | 8.8.8.8:53 | idfc-ag.com | udp |
| US | 8.8.8.8:53 | ssh.swoi.co.uk | udp |
| RO | 81.196.191.10:80 | mail.parteecogrup.ro | tcp |
| CH | 91.208.173.142:25 | mail.jtbank.ch | tcp |
| US | 162.255.119.53:80 | fast-technologies.com | tcp |
| US | 8.8.8.8:53 | realia.co | udp |
| US | 8.8.8.8:53 | ssh.ou.pt | udp |
| US | 8.8.8.8:53 | ssh.jtbank.ch | udp |
| US | 8.8.8.8:53 | dsplus-co.mail.protection.outlook.com | udp |
| US | 3.33.130.190:80 | superiorpmw.com | tcp |
| GB | 109.203.109.104:80 | ftp.swoi.co.uk | tcp |
| US | 8.8.8.8:53 | dollve.fr | udp |
| US | 8.8.8.8:53 | earncashie.ml | udp |
| US | 8.8.8.8:53 | gmail.c.th | udp |
| US | 8.8.8.8:53 | superiorpmw-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | standard-logistic.rs | udp |
| US | 8.8.8.8:53 | regalcredit-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | dollve.fr | udp |
| US | 8.8.8.8:53 | standard-logistic.rs | udp |
| US | 8.8.8.8:53 | standard-logistic.rs | udp |
| US | 8.8.8.8:53 | pianofutures-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | innovativecontrolsys-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | realia-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | earncashie.ml | udp |
| US | 8.8.8.8:53 | realia-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | earncashie.ml | udp |
| US | 8.8.8.8:53 | midplainspower.com | udp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | www.fast-technologies.com | udp |
| US | 8.8.8.8:53 | gmail.c.th | udp |
| US | 8.8.8.8:53 | ftp.parteecogrup.ro | udp |
| US | 8.8.8.8:53 | midplainspower.com | udp |
| US | 8.8.8.8:53 | pop.quint.ag | udp |
| US | 8.8.8.8:53 | ssh.regipa.com | udp |
| SG | 68.178.224.133:80 | ftp.glaucuslogistics.com | tcp |
| US | 23.236.62.72:80 | regalcredit.com | tcp |
| US | 173.231.192.44:80 | alliedprintgroup.com | tcp |
| US | 104.21.37.114:443 | innovativecontrolsys.com | tcp |
| US | 20.49.97.15:80 | dsplus.co | tcp |
| DE | 217.160.0.143:80 | alliance-enterprise.com | tcp |
| US | 15.197.142.173:80 | realia.co | tcp |
| DE | 217.160.0.2:80 | regipa.com | tcp |
| US | 3.33.130.190:443 | superiorpmw.com | tcp |
| US | 162.255.119.53:80 | fast-technologies.com | tcp |
| RO | 81.196.191.10:80 | ftp.parteecogrup.ro | tcp |
| RS | 194.106.182.2:80 | standard-logistic.rs | tcp |
| US | 216.69.141.67:80 | ftp.pianofutures.com | tcp |
| US | 8.8.8.8:53 | vervel.eu | udp |
| US | 8.8.8.8:53 | velammalnexus.com | udp |
| US | 8.8.8.8:53 | astroquick.fr | udp |
| US | 8.8.8.8:53 | dsplus-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gmaqq.com | udp |
| US | 8.8.8.8:53 | velammalnexus.com | udp |
| US | 8.8.8.8:53 | vervel.eu | udp |
| US | 8.8.8.8:53 | astroquick.fr | udp |
| US | 8.8.8.8:53 | vervel.eu | udp |
| US | 8.8.8.8:53 | innovativecontrolsys-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | realia-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | pop3.berrystreetproperties.com | udp |
| US | 8.8.8.8:53 | realia-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | pianofutures-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | regalcredit-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gmaqq.com | udp |
| US | 8.8.8.8:53 | pop.gufum.com | udp |
| US | 8.8.8.8:53 | ftp.superiorpmw.com | udp |
| US | 8.8.8.8:53 | superiorpmw-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | office365.ail.com | udp |
| GB | 109.203.109.104:80 | ftp.swoi.co.uk | tcp |
| GB | 109.203.109.104:80 | ftp.swoi.co.uk | tcp |
| US | 20.49.97.15:443 | dsplus.co | tcp |
| SG | 68.178.224.133:80 | ftp.glaucuslogistics.com | tcp |
| DE | 217.160.0.143:80 | alliance-enterprise.com | tcp |
| US | 15.197.142.173:80 | realia.co | tcp |
| DE | 217.160.0.2:80 | regipa.com | tcp |
| US | 173.231.192.44:80 | alliedprintgroup.com | tcp |
| US | 20.49.97.15:443 | dsplus.co | tcp |
| US | 104.21.37.114:80 | innovativecontrolsys.com | tcp |
| US | 8.8.8.8:53 | brizy.io | udp |
| US | 8.8.8.8:53 | gmail.cl.rr.com | udp |
| US | 8.8.8.8:53 | ssh.innovativecontrolsys.com | udp |
| US | 8.8.8.8:53 | imap.berrystreetproperties.com | udp |
| US | 8.8.8.8:53 | mx1.forwardemail.net | udp |
| US | 8.8.8.8:53 | office365.ail.com | udp |
| US | 8.8.8.8:53 | brizy.io | udp |
| US | 8.8.8.8:53 | ovooovo.com | udp |
| US | 8.8.8.8:53 | bylup.com | udp |
| US | 8.8.8.8:53 | gmail.cl.rr.com | udp |
| US | 8.8.8.8:53 | velammalnexus.com | udp |
| US | 8.8.8.8:53 | mail.swoi.co.uk | udp |
| US | 8.8.8.8:53 | ftp.alliedprintgroup.com | udp |
| US | 8.8.8.8:53 | realia-co.mail.protection.outlook.com | udp |
| RS | 194.106.182.2:80 | standard-logistic.rs | tcp |
| US | 8.8.8.8:53 | regalcredit-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mxb.ovh.net | udp |
| US | 8.8.8.8:53 | mx1.ovh.net | udp |
| US | 8.8.8.8:53 | dsplus-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | dsplus-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.regalcredit.com | udp |
| US | 8.8.8.8:53 | pop.parteecogrup.ro | udp |
| US | 8.8.8.8:53 | mail.innovativecontrolsys.com | udp |
| US | 8.8.8.8:53 | velammalnexus.com | udp |
| US | 8.8.8.8:53 | pianofutures-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | innovativecontrolsys-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ftp.parclan.com | udp |
| US | 8.8.8.8:53 | bylup.com | udp |
| US | 8.8.8.8:53 | superiorpmw-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.superiorpmw.com | udp |
| US | 8.8.8.8:53 | velammalnexus.com | udp |
| US | 3.33.130.190:80 | ftp.superiorpmw.com | tcp |
| US | 8.8.8.8:53 | gmkgroup.co.za | udp |
| US | 8.8.8.8:53 | emdeteceirl.com | udp |
| US | 8.8.8.8:53 | dsplus-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | velammalnexus.com | udp |
| US | 8.8.8.8:53 | ftp.outlook.co.tcom | udp |
| US | 8.8.8.8:53 | ovooovo.com | udp |
| US | 8.8.8.8:53 | mail.pianofutures.com | udp |
| US | 8.8.8.8:53 | gmkgroup.co.za | udp |
| DE | 217.160.0.143:80 | alliance-enterprise.com | tcp |
| US | 15.197.142.173:80 | realia.co | tcp |
| DE | 217.160.0.2:80 | regipa.com | tcp |
| IN | 65.2.105.240:80 | velammalnexus.com | tcp |
| US | 173.231.192.44:80 | ftp.alliedprintgroup.com | tcp |
| US | 8.8.8.8:53 | gopek.us | udp |
| US | 8.8.8.8:53 | emdeteceirl.com | udp |
| US | 23.236.62.72:80 | mail.regalcredit.com | tcp |
| FR | 213.186.33.87:80 | vervel.eu | tcp |
| FR | 213.186.33.2:80 | astroquick.fr | tcp |
| GB | 109.203.109.104:80 | mail.swoi.co.uk | tcp |
| US | 8.8.8.8:53 | velammalnexus.com | udp |
| US | 8.8.8.8:53 | ambientesconfortables.com | udp |
| US | 8.8.8.8:53 | gmaihotmail.co.uk | udp |
| US | 8.8.8.8:53 | mx.mail-data.net | udp |
| US | 8.8.8.8:53 | dsplus-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | innovativecontrolsys-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | pop.jtbank.ch | udp |
| US | 8.8.8.8:53 | ssh.parteecogrup.ro | udp |
| US | 8.8.8.8:53 | ssh.superiorpmw.com | udp |
| US | 8.8.8.8:53 | aspmx3.googlemail.com | udp |
| US | 8.8.8.8:53 | realia-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ftp.haebom.ga | udp |
| US | 8.8.8.8:53 | gopek.us | udp |
| US | 8.8.8.8:53 | ftp.vfe.waom | udp |
| US | 8.8.8.8:53 | ftp.fast-technologies.com | udp |
| US | 8.8.8.8:53 | ftp.dsplus.co | udp |
| US | 8.8.8.8:53 | regalcredit.com | udp |
| US | 8.8.8.8:53 | superiorpmw-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | usw4.bumpemail.com | udp |
| US | 8.8.8.8:53 | ambientesconfortables.com | udp |
| US | 8.8.8.8:53 | pianofutures-com.mail.protection.outlook.com | udp |
| US | 20.49.97.15:80 | dsplus.co | tcp |
| US | 8.8.8.8:53 | proton.me | udp |
| DE | 217.160.0.143:80 | alliance-enterprise.com | tcp |
| US | 216.69.141.67:80 | ftp.pianofutures.com | tcp |
| US | 192.124.249.103:80 | brizy.io | tcp |
| RO | 81.196.191.10:80 | ftp.parteecogrup.ro | tcp |
| US | 162.255.119.53:80 | fast-technologies.com | tcp |
| US | 15.197.142.173:80 | realia.co | tcp |
| US | 8.8.8.8:53 | regalcredit-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | lahoku.com | udp |
| US | 8.8.8.8:53 | alunos.estacio.br | udp |
| US | 8.8.8.8:53 | velammalnexus.com | udp |
| US | 8.8.8.8:53 | pop.ou.pt | udp |
| US | 8.8.8.8:53 | realia-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | www.astroquick.fr | udp |
| US | 8.8.8.8:53 | ftp.stc.net.sa | udp |
| US | 8.8.8.8:53 | ftp.dan.ul.com | udp |
| US | 8.8.8.8:53 | gmaihotmail.co.uk | udp |
| US | 8.8.8.8:53 | ftp.khanhhoa.edu.om | udp |
| US | 8.8.8.8:53 | aorjesuits.org | udp |
| US | 8.8.8.8:53 | imap.quint.ag | udp |
| US | 8.8.8.8:53 | lahoku.com | udp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | proton.me | udp |
| US | 8.8.8.8:53 | dsplus-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | dsplus-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | domains.33mail.com | udp |
| US | 173.231.192.44:80 | ftp.alliedprintgroup.com | tcp |
| IN | 65.2.105.240:80 | velammalnexus.com | tcp |
| FR | 213.186.33.87:80 | vervel.eu | tcp |
| SG | 68.178.224.133:80 | ftp.glaucuslogistics.com | tcp |
| US | 8.8.8.8:53 | ftp.idfc-ag.com | udp |
| FR | 213.186.33.2:80 | www.astroquick.fr | tcp |
| DE | 217.160.0.2:80 | regipa.com | tcp |
| US | 3.33.130.190:80 | emdeteceirl.com | tcp |
| ZA | 164.160.91.20:80 | gmkgroup.co.za | tcp |
| ZA | 164.160.91.20:80 | gmkgroup.co.za | tcp |
| GB | 109.203.109.104:80 | mail.swoi.co.uk | tcp |
| US | 8.8.8.8:53 | superiorpmw-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ftp.standard-logistic.rs | udp |
| US | 8.8.8.8:53 | ftp.innovativecontrolsys.com | udp |
| US | 8.8.8.8:53 | dsplus-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | innovativecontrolsys-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | alunos.estacio.br | udp |
| US | 8.8.8.8:53 | realia-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.vfe.waom | udp |
| US | 8.8.8.8:53 | velammalnexus.com | udp |
| US | 8.8.8.8:53 | aorjesuits.org | udp |
| US | 8.8.8.8:53 | ftp.dollve.fr | udp |
| US | 8.8.8.8:53 | mail.outlook.co.tcom | udp |
| US | 8.8.8.8:53 | aluno.ce.gov.br | udp |
| US | 8.8.8.8:53 | mvmsz.hu | udp |
| US | 8.8.8.8:53 | gmai.jp | udp |
| US | 8.8.8.8:53 | x365g.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | pixnplay.com | udp |
| US | 8.8.8.8:53 | usbc.be | udp |
| US | 8.8.8.8:53 | gmail.ps | udp |
| US | 8.8.8.8:53 | ftp.gufum.com | udp |
| US | 8.8.8.8:53 | imap.gufum.com | udp |
| US | 8.8.8.8:53 | mvmsz.hu | udp |
| US | 8.8.8.8:53 | pianofutures-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ftp.earncashie.ml | udp |
| US | 8.8.8.8:53 | mail.protonmail.ch | udp |
| US | 8.8.8.8:53 | mail.haebom.ga | udp |
| US | 8.8.8.8:53 | gmai.jp | udp |
| US | 8.8.8.8:53 | mail.dan.ul.com | udp |
| US | 8.8.8.8:53 | aluno.ce.gov.br | udp |
| US | 8.8.8.8:53 | mx1-us1.ppe-hosted.com | udp |
| US | 8.8.8.8:53 | aluno.ce.gov.br | udp |
| US | 8.8.8.8:53 | velammalnexus.com | udp |
| US | 8.8.8.8:53 | mail.regalcredit.com | udp |
| US | 8.8.8.8:53 | regalcredit-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | stcimss2.stc.com.sa | udp |
| US | 8.8.8.8:53 | velammalnexus.com | udp |
| US | 8.8.8.8:53 | x365g.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ssh.parclan.com | udp |
| US | 8.8.8.8:53 | mail.idfc-ag.com | udp |
| US | 8.8.8.8:53 | velammalnexus.com | udp |
| US | 8.8.8.8:53 | ftp.realia.co | udp |
| US | 8.8.8.8:53 | ssh.outlook.co.tcom | udp |
| US | 15.197.142.173:80 | realia.co | tcp |
| US | 65.99.205.146:80 | ambientesconfortables.com | tcp |
| IN | 65.2.105.240:443 | velammalnexus.com | tcp |
| US | 20.49.97.15:443 | dsplus.co | tcp |
| FR | 213.186.33.87:80 | vervel.eu | tcp |
| DE | 185.70.42.45:80 | proton.me | tcp |
| US | 162.255.119.53:80 | fast-technologies.com | tcp |
| US | 216.69.141.67:80 | ftp.pianofutures.com | tcp |
| RO | 81.196.191.10:80 | ftp.parteecogrup.ro | tcp |
| DE | 217.160.0.2:80 | regipa.com | tcp |
| US | 162.255.119.108:80 | gopek.us | tcp |
| US | 173.231.192.44:80 | ftp.alliedprintgroup.com | tcp |
| US | 65.99.205.146:80 | ambientesconfortables.com | tcp |
| US | 8.8.8.8:53 | ssh.fast-technologies.com | udp |
| US | 8.8.8.8:53 | alunos-estacio-br.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | pixnplay.com | udp |
| US | 8.8.8.8:53 | usw4.bumpemail.com | udp |
| US | 8.8.8.8:53 | gmail.ps | udp |
| US | 8.8.8.8:53 | ftp.vervel.eu | udp |
| US | 8.8.8.8:53 | ssh.vfe.waom | udp |
| US | 8.8.8.8:53 | mail.khanhhoa.edu.om | udp |
| US | 8.8.8.8:53 | regalcredit.com | udp |
| US | 8.8.8.8:53 | dns-computer.net | udp |
| US | 8.8.8.8:53 | usbc.be | udp |
| US | 8.8.8.8:53 | ftp.astroquick.fr | udp |
| US | 8.8.8.8:53 | dns-computer.net | udp |
| US | 8.8.8.8:53 | superiorpmw-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | pop3.quint.ag | udp |
| US | 8.8.8.8:53 | srivango.com | udp |
| US | 8.8.8.8:53 | ftp.gmail.c.th | udp |
| US | 8.8.8.8:53 | innovativecontrolsys-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | realia-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | fregmail.com | udp |
| FR | 213.186.33.2:80 | www.astroquick.fr | tcp |
| US | 8.8.8.8:53 | srivango.com | udp |
| US | 8.8.8.8:53 | centeronline.edu.vn | udp |
| US | 8.8.8.8:53 | velammalnexus.com | udp |
| US | 8.8.8.8:53 | dsplus-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | kamsmad.com | udp |
| US | 8.8.8.8:53 | ftp.midplainspower.com | udp |
| SG | 68.178.224.133:80 | ftp.glaucuslogistics.com | tcp |
| GB | 109.203.109.104:80 | mail.swoi.co.uk | tcp |
| US | 8.8.8.8:53 | icl.co.uk | udp |
| US | 50.87.147.129:80 | aorjesuits.org | tcp |
| ZA | 164.160.91.20:80 | gmkgroup.co.za | tcp |
| US | 192.124.249.103:443 | brizy.io | tcp |
| DE | 217.160.0.143:80 | alliance-enterprise.com | tcp |
Files
memory/2916-2-0x0000000000220000-0x000000000022B000-memory.dmp
memory/2916-1-0x0000000002390000-0x0000000002490000-memory.dmp
memory/2916-3-0x0000000000400000-0x00000000022D1000-memory.dmp
memory/1196-4-0x0000000002E30000-0x0000000002E46000-memory.dmp
memory/2916-5-0x0000000000400000-0x00000000022D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\6C2B.exe
| MD5 | 398ab69b1cdc624298fbc00526ea8aca |
| SHA1 | b2c76463ae08bb3a08accfcbf609ec4c2a9c0821 |
| SHA256 | ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be |
| SHA512 | 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739 |
memory/2544-17-0x0000000003600000-0x00000000037B8000-memory.dmp
memory/2544-22-0x00000000037C0000-0x0000000003977000-memory.dmp
memory/2544-21-0x0000000003600000-0x00000000037B8000-memory.dmp
memory/2700-20-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2700-24-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2700-27-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2700-28-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2700-29-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2700-30-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2700-31-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\72C1.dll
| MD5 | 9b1697d40dfd386fdd7e9327844f301a |
| SHA1 | e75defb119e2c7b7d3f75ab70a100ec504af5ebf |
| SHA256 | 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d |
| SHA512 | 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69 |
memory/2432-39-0x0000000010000000-0x0000000010202000-memory.dmp
memory/2432-41-0x0000000000110000-0x0000000000116000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | 46b1068f4a605358281eafb05bf4f7ce |
| SHA1 | acdaf418f82cb4fdaa43c5e41c3c1381b14faa23 |
| SHA256 | df3c7e15390ddbf8b5a191788af6a5e3adaa25915deeecc34b664cc7b2f061ba |
| SHA512 | 3a1df0477ab7bfd322a2e382aa85c385017c7bf5435847344dd6a811f32d6a503da326453b89b81613ffa34257a7f765c71a2202bba89252f22e0b66d4bbbadb |
memory/2432-50-0x0000000002530000-0x0000000002658000-memory.dmp
memory/2432-51-0x0000000002660000-0x000000000276D000-memory.dmp
memory/2432-54-0x0000000002660000-0x000000000276D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\850A.exe
| MD5 | 5a95b79f59a43fe99cc66e1b1f28b295 |
| SHA1 | fdedd488be6d3153439b8da1932216c71e279504 |
| SHA256 | a4c663eeb5fdaf71b6c5c04c0817ee83b268e202b053c3eba23754d3c47c2fdd |
| SHA512 | 1c7748c2bcf806c16cb3c23eb1cf68099c7119b4a80ef76d102fdceab36805d2542f2d667a948d78a202d2b3ce272a57743b9d6bdf06d071c45288998ae82b73 |
C:\Users\Admin\AppData\Local\Temp\850A.exe
| MD5 | 4e66ddefa200a2799b61642f2ce006ea |
| SHA1 | 52a8da4f9dfa61def238158a4b694582ceb8acc4 |
| SHA256 | 7eae467f9395b017dde39767470c47b9b8027df75bc5cb72435799c2c256a6b9 |
| SHA512 | a07522ed184a930fbc6b04727309a704cfe004a71479a59ea71ff562ec509460ae5a770ab088fca9840a3ab515b6d976ab0eb93a9a5e3af7f1e813244322c730 |
memory/1592-61-0x00000000000F0000-0x00000000000F1000-memory.dmp
memory/1592-64-0x00000000000F0000-0x00000000000F1000-memory.dmp
memory/1592-63-0x0000000001080000-0x0000000001971000-memory.dmp
memory/1592-66-0x00000000000F0000-0x00000000000F1000-memory.dmp
memory/1592-67-0x0000000077AA0000-0x0000000077AA1000-memory.dmp
memory/1592-70-0x0000000000100000-0x0000000000101000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | c7eddb792c8cf67534a9e7b578fd626c |
| SHA1 | 6262e7282cafdab451a7d2d510813802731578b0 |
| SHA256 | f3e3a2c6ace6bc4a7e0f832289b204197718443880e07a273ef6a6fead72e9b2 |
| SHA512 | 70d061039d57d33f42d34fd09524e66f7c210de0685f6b6d7db1e00b51e059337bac8bb0b68922c1c4e17e29b30ec3a473e6c2dc1f6b1b73f054951eab3acc30 |
C:\Users\Admin\AppData\Local\Temp\8C2C.exe
| MD5 | 938a4855471e0480aa40d77f313a3edc |
| SHA1 | 18918b6771d11b102553b585f0423b961c331949 |
| SHA256 | 4876077475e867e7264eaa2da1e9a581cd705c892a044f60ebb8e14e59ae26c7 |
| SHA512 | 738408b6f2d957d69506af10a912c0e9033447f52c818e07b30df7c60ec6b711a815f2ec35dffd5a1de485da5fa7832f69dedca216d3458ede716cab0ccefff2 |
C:\Users\Admin\AppData\Local\Temp\8C2C.exe
| MD5 | b8eab14d87bc6067e0a49d259a3426e2 |
| SHA1 | e1ceb7f0342ed7b009da6458138ef611619b1b1c |
| SHA256 | 5a887427d2ae4accab46b9171ffe1c8b09a6c73e5af9f55946d39564ac27636e |
| SHA512 | 1f2f73a606d6d54293857a4f3d1953164849a6f23020d30f3c6a0d5c148695d1b70700fd10fc5547a2496ce13f06900b1d84ab97cfc85085e71370f16185896a |
memory/1260-86-0x0000000000250000-0x0000000000350000-memory.dmp
memory/1260-87-0x0000000001A80000-0x0000000001AEB000-memory.dmp
memory/1260-89-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/1260-88-0x0000000000400000-0x0000000001A77000-memory.dmp
\Users\Admin\AppData\Local\Temp\850A.exe
| MD5 | 0544b3f80b1559c9cebc13147477068c |
| SHA1 | e12844adca336d48ffe29ae7a6a3e92b627b5f24 |
| SHA256 | af8df3be307e55d6102571ed74b7ace02e9647b6c445cf17be5804decc331229 |
| SHA512 | c3676856b10e6c0a970f6f4f23137f2b23cdddb160d695600958dc24d31f7e5ee13a9c94e721ac77caa21f14fe817174ad14942e1c796c875277ed70957b1561 |
\Users\Admin\AppData\Local\Temp\850A.exe
| MD5 | 8d23a5fb5f808cb422a03d7288ff4b78 |
| SHA1 | bc7e3f98fc05ac71bd01b2a37671f533f6c59d42 |
| SHA256 | 4bf0bf489991516faff3c2b1d38bb98ff1c9bdc1cfea66f4aaa8dd3bb780d82d |
| SHA512 | 18dc5701d4d146373f974dab401e93fb8406b168e632b3db82cf9953cfea8b6b35ac3a88a3af44accb3c27258afbc816d2056e5e3c17a36436ca511c9a947d1a |
memory/2700-97-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1760-98-0x00000000012C0000-0x000000000174C000-memory.dmp
memory/2432-99-0x0000000010000000-0x0000000010202000-memory.dmp
memory/2700-100-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\9FBD.exe
| MD5 | f18882fa8d65eb81df3c7396e7abbaa5 |
| SHA1 | f5a4d66dd32aa6496c925b4ba6f0e8d05d57a93e |
| SHA256 | ff468bac112d6ea8461894069c19a66e27de7b7fc6227d9a60967bda33dcc16a |
| SHA512 | 608ec121e063aa8cce55903a5235e8037a0d631858d14952119ca68bbf3681e2dfbb5e5f092f3b868e74990d2db6741d9ac576943320f16e07f0d03a3fd35ef6 |
C:\Users\Admin\AppData\Local\Temp\9FBD.exe
| MD5 | 2c7078b90caee9d791dd338c2441ca32 |
| SHA1 | 56901d99127fd701353ab7c68e66c94c49eb507c |
| SHA256 | 8ad20c4b4c312feb468a58d1748c0d7abba3dd2d0fb8e6bfbee837c47a0e8c5a |
| SHA512 | 000d81908bc2df1f09fcbf0ac50c72079064923f23fbea2ee0868590eaf693dff4246bb0090083aaec6f031b11353147393b710f72cd1e3630c2ecd071401ef6 |
\Users\Admin\AppData\Local\Temp\850A.exe
| MD5 | ea446e36071029f84b871f4ade6eb3bf |
| SHA1 | 1eb4be5b2321d2cc78e8e5b6fa0c55625fc6a612 |
| SHA256 | 225a8f771eea223e9fc913d6dcbb32c93625192a82dc5671e58b16861d300568 |
| SHA512 | e356e8e4d08914658d027f2fe346143a9eaba327c02ac3093e1a4aaef7472795d098889df422d693a8914da0248f4cc7a00d335dbbd4356b886a8bd561a9268e |
C:\Users\Admin\AppData\Local\Temp\B2E0.exe
| MD5 | 38617539f3925b6017474f088cc3769a |
| SHA1 | c689b57ab62eac790a204c8231b02bfe0bc243a6 |
| SHA256 | defe2d4c932a7ef607e8ef1a643fb57b9c69cbc53b52bf802f9471aae5caef49 |
| SHA512 | 15d87c6231a8f2115ae3f0f021949d175d3f36735637c7b508a229af5b2a93f70f32e19d9b8e3d1e0fa41bd21ee46ab5d9c6ef630c826afe2210a789e5da53e7 |
\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
| MD5 | 0564a9bf638169a89ccb3820a6b9a58e |
| SHA1 | 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb |
| SHA256 | 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058 |
| SHA512 | 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6 |
memory/1760-118-0x00000000737A0000-0x0000000073E8E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1760-130-0x00000000737A0000-0x0000000073E8E000-memory.dmp
memory/1260-127-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/1188-131-0x0000000000280000-0x00000000002E7000-memory.dmp
memory/2236-129-0x0000000003660000-0x0000000003A58000-memory.dmp
memory/1188-132-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/1360-133-0x00000000023E0000-0x00000000024E0000-memory.dmp
memory/1360-134-0x0000000000220000-0x000000000022B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 0f31a6f4237fde56bde9a78573f243b6 |
| SHA1 | 825c062cb3dd23aaf8e92edf374c1d4964e215a2 |
| SHA256 | 5c6c2d56e5face6fa505cb52126735dd529a0a9d1601c50554b4bc5d5ea9557f |
| SHA512 | 2b546d8eb2fe937a0e401f8609d4acf745ee56062d9ed7c29effc2fd20081ecbdc4c61fd227c91081b48bc3d1c7459e3c36ca30ec47eb66dddab0a3982066706 |
\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | f67434fd2833efcf9ddc85aa3fcf2982 |
| SHA1 | 524624bf0e6cbb26b536b04c008157e41f95dc60 |
| SHA256 | d1329c79666d11d8439c46de6a1ecfff9996a32fe52f614b0d1551bd3d267c15 |
| SHA512 | 982712084ba7f87e3150767d3a669b653f4d6fa76497ee87a425efb41f3629ea2bf7aa398de9d1b91ceb3ab12c7b4d049b66cc2d9b09ee538381925179ba74b5 |
\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | f948e50fa1bdf826734f8cdb474beebd |
| SHA1 | db6420f950de5fa06636c3b82b0e1dda914b5754 |
| SHA256 | 8b4b335b853f2571b7868257b659023bf2bb1c53d197eab384c05a916b7281e9 |
| SHA512 | cd2c28a32746508b6234298963f3a5dcdb17567ab493897e012920b7fbd3fb4f2650685de64c32850c50079169f8e648458176db4ff61451fb22db1aaf752332 |
memory/1360-135-0x0000000000400000-0x00000000022D3000-memory.dmp
memory/2700-119-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2236-136-0x0000000003A60000-0x000000000434B000-memory.dmp
memory/2700-137-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1188-138-0x0000000001E70000-0x0000000001F70000-memory.dmp
memory/2236-140-0x0000000003660000-0x0000000003A58000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ux0.0.exe
| MD5 | 5c47e4602163dd29a39294b7192f0658 |
| SHA1 | 268d1bf1f4c8c8b696298f802b95af8bd3891c10 |
| SHA256 | 5c0b29d51d9b148c8c19ce0efca365ccb1bbe720f634a15897684abbd1dc5d76 |
| SHA512 | 7baa0359781ba21c378a0fbd37dfcde2d1b0c5a9ce3afcf8db0617f91a49dd552416c90963731798669002eda0a15f2296120cb9307c8cafef18dfdb4a52ad91 |
memory/2236-141-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/1196-158-0x0000000003F00000-0x0000000003F16000-memory.dmp
memory/1360-159-0x0000000000400000-0x00000000022D3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ux0.1.exe
| MD5 | 5b87828ea000c7111084d8beed17175e |
| SHA1 | e8aa3848e39c449051702a333e608fafd2e5330f |
| SHA256 | 1a557fae2d39d06392f4bea760fb72c87f0959a7c3ac66865e36f316866f57d3 |
| SHA512 | 56b0d0e5422b89a4659969f59570962dbb267fde913ed051fbedf3d66653c9c23d15c945a6ae8ce5570af010b3671eb0be085e8afb44c3088def9f423290f385 |
memory/1188-176-0x0000000004C10000-0x0000000005140000-memory.dmp
memory/1188-182-0x0000000004C10000-0x0000000005140000-memory.dmp
memory/1188-177-0x0000000000400000-0x0000000001A4B000-memory.dmp
\Users\Admin\AppData\Local\Temp\ux0.1.exe
| MD5 | c96b4b71ab6516064923076e785865b9 |
| SHA1 | 6a0b0580ef79932b00b812132b63ad147fe9adda |
| SHA256 | f91cd76986c56d480677420a1ecc573a2e9b4406b2df3d7791bc820ec223849f |
| SHA512 | 5feba92f769e9a00d240189f843fcdeba2818cef31b1098ac6d5f5ad1a57328e949220e334db8d13b45d4008bb320ac850104096b049a72f8591d23d433fcee3 |
\Users\Admin\AppData\Local\Temp\ux0.1.exe
| MD5 | b7fbce03ceacd0d35d59fc883b7f2bc4 |
| SHA1 | 115e9b6364eadb72b86b5231adf3f7645235940c |
| SHA256 | 6bd05d8d4869eda9fc07967310ebf5adbd489cf4499b45f4933fb24eea234f30 |
| SHA512 | 64194db39a571f0bc657eb8faadea943728af4170a2599ad40b9e2752872fc0d0c34cc817e1bf760e1ee114fd50aeb13d58bb92cae0a5620c329470ecd0406b9 |
memory/1188-183-0x0000000004C10000-0x0000000005140000-memory.dmp
\Users\Admin\AppData\Local\Temp\ux0.1.exe
| MD5 | 5c6832ee6f4401aa64ba55041a2e55b9 |
| SHA1 | 4238c51b1de8c673e8da8404ea81560092036f7a |
| SHA256 | ec63ea6421ccdba657515e55a4af428619b13996425aba0f29e147dd8ea5a9da |
| SHA512 | c9bde035ea0c8a1883771f4c042ea4abf0bf619e739427c658e0640e3c54a9d58353d76fb748be7a696e251ac2f3bb1bee5ce8f246a356d350104b8047c56893 |
memory/1920-184-0x0000000000230000-0x0000000000231000-memory.dmp
memory/1920-186-0x0000000000400000-0x0000000000930000-memory.dmp
memory/2700-191-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1592-192-0x0000000001080000-0x0000000001971000-memory.dmp
memory/692-193-0x0000000002720000-0x0000000002820000-memory.dmp
memory/692-194-0x00000000003C0000-0x00000000003E7000-memory.dmp
memory/692-195-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/2236-201-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/692-202-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/1920-203-0x0000000000400000-0x0000000000930000-memory.dmp
memory/2700-207-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2700-210-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2236-209-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/2700-212-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2700-213-0x0000000000400000-0x0000000000848000-memory.dmp
memory/692-211-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/2700-215-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2700-216-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2700-217-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2700-219-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2700-218-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2700-220-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2700-222-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2700-221-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2700-214-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2700-224-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2700-225-0x0000000000400000-0x0000000000848000-memory.dmp
\ProgramData\mozglue.dll
| MD5 | d59c557dbf26c0d10b81c8ed2a83919b |
| SHA1 | a4b24205b2f6b775453d42934bfddb3ec0325cef |
| SHA256 | 947b04110fc584fc7cf02f993cdef8509dd617dd648ec51deec2a97be6ea1a18 |
| SHA512 | 8a2a89a45058fdebede4649843b547721b22eb733ddbfe9dc55b57e2d3d64c444d613fe724bb54199aef11c3be5640e92bf55d696f0f95054dafd2d7022820ed |
\ProgramData\nss3.dll
| MD5 | acfdbd77ed9a514fe9f0a5dade4a7073 |
| SHA1 | 79a06e99af3774ef3f9a21011e2f440f41a05962 |
| SHA256 | bb372fbb1f556be3a864a6642be80f429fa22bda4150f7ffb64c2cddcc721dc1 |
| SHA512 | d224722e9f4cb2052d6110d80878d028e90958a374f24efd8b56fdd933f59d5e324532c020232f471d8fd0c0009c021bbb0ce76946e25b418a7f94c672d92b58 |
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 44ff2ed7f28622afe0e5ba7c1cd702a7 |
| SHA1 | 5aec4a3f1f3a57a7cd8a366c736e2e932f529ed8 |
| SHA256 | 7d16cc26a07cc79b96c5ee6512102dae8ae526c4ae529380c412b0d45bc8351a |
| SHA512 | c0b766f1f8a4977fdc47adbcd10dbfabc0996a9421cab4d98ded773ddcefbb101d3137beb9e2ff4ea2b5d66849875e754bcbe0486396ce6a43b15262ccf82266 |
memory/692-4034-0x0000000000400000-0x00000000022DA000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-29 04:55
Reported
2024-02-29 05:00
Platform
win10-20240221-en
Max time kernel
155s
Max time network
301s
Command Line
Signatures
DcRat
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\C68C.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
Pitou
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Windows security bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C68C.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C68C.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\D93B.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\DDB1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EA73.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\F7D2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3gc.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3gc.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| N/A | N/A | C:\Windows\rss\csrss.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe | N/A |
| N/A | N/A | C:\Windows\windefender.exe | N/A |
| N/A | N/A | C:\Windows\windefender.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3gc.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3gc.0.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Windows security modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\C68C.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" | C:\Windows\rss\csrss.exe | N/A |
Checks installed software on the system
Manipulates WinMonFS driver.
| Description | Indicator | Process | Target |
| File opened for modification | \??\WinMonFS | C:\Windows\rss\csrss.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\DDB1.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1008 set thread context of 220 | N/A | C:\Users\Admin\AppData\Local\Temp\C68C.exe | C:\Users\Admin\AppData\Local\Temp\C68C.exe |
Checks for VirtualBox DLLs, possible anti-VM trick
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\rss | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| File created | C:\Windows\rss\csrss.exe | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| File created | C:\Windows\windefender.exe | C:\Windows\rss\csrss.exe | N/A |
| File opened for modification | C:\Windows\windefender.exe | C:\Windows\rss\csrss.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\F7D2.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\F7D2.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\F7D2.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\u3gc.0.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\u3gc.0.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-732 = "Fiji Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1802 = "Line Islands Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-512 = "Central Asia Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-512 = "Central Asia Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-982 = "Kamchatka Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-451 = "Caucasus Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1841 = "Russia TZ 4 Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1861 = "Russia TZ 6 Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1502 = "Turkey Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1971 = "Belarus Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2002 = "Cabo Verde Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1872 = "Russia TZ 7 Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-11 = "Azores Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1021 = "Bangladesh Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-661 = "Cen. Australia Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-162 = "Central Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-232 = "Hawaiian Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-632 = "Tokyo Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-282 = "Central Europe Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-251 = "Dateline Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2512 = "Lord Howe Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1871 = "Russia TZ 7 Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2322 = "Sakhalin Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-291 = "Central European Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-122 = "SA Pacific Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-361 = "GTB Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-242 = "Samoa Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-42 = "E. South America Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-381 = "South Africa Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-105 = "Central Brazilian Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-671 = "AUS Eastern Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-11 = "Azores Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-731 = "Fiji Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-831 = "SA Eastern Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2751 = "Tomsk Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\F7D2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\rss\csrss.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3gc.1.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe
"C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe"
C:\Users\Admin\AppData\Local\Temp\C68C.exe
C:\Users\Admin\AppData\Local\Temp\C68C.exe
C:\Users\Admin\AppData\Local\Temp\C68C.exe
C:\Users\Admin\AppData\Local\Temp\C68C.exe
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\CB7F.dll
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\CB7F.dll
C:\Users\Admin\AppData\Local\Temp\D93B.exe
C:\Users\Admin\AppData\Local\Temp\D93B.exe
C:\Users\Admin\AppData\Local\Temp\DDB1.exe
C:\Users\Admin\AppData\Local\Temp\DDB1.exe
C:\Users\Admin\AppData\Local\Temp\EA73.exe
C:\Users\Admin\AppData\Local\Temp\EA73.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\F7D2.exe
C:\Users\Admin\AppData\Local\Temp\F7D2.exe
C:\Users\Admin\AppData\Local\Temp\u3gc.0.exe
"C:\Users\Admin\AppData\Local\Temp\u3gc.0.exe"
C:\Users\Admin\AppData\Local\Temp\u3gc.1.exe
"C:\Users\Admin\AppData\Local\Temp\u3gc.1.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\System32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\windefender.exe
"C:\Windows\windefender.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\SysWOW64\sc.exe
sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\windefender.exe
C:\Windows\windefender.exe
C:\Users\Admin\AppData\Roaming\wbgavdc
C:\Users\Admin\AppData\Roaming\wbgavdc
C:\Users\Admin\AppData\Roaming\tagavdc
C:\Users\Admin\AppData\Roaming\tagavdc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| US | 8.8.8.8:53 | 120.85.215.91.in-addr.arpa | udp |
| US | 199.249.230.174:443 | tcp | |
| N/A | 127.0.0.1:49805 | tcp | |
| US | 71.200.64.77:9001 | tcp | |
| NL | 51.158.147.25:443 | tcp | |
| US | 8.8.8.8:53 | 25.147.158.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | resergvearyinitiani.shop | udp |
| US | 172.67.217.100:443 | resergvearyinitiani.shop | tcp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| DE | 93.186.202.32:9001 | tcp | |
| SE | 171.25.193.9:80 | tcp | |
| US | 8.8.8.8:53 | 100.217.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.193.25.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| MX | 187.156.75.116:80 | trmpc.com | tcp |
| US | 8.8.8.8:53 | 90.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.75.156.187.in-addr.arpa | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| NL | 51.15.150.228:443 | tcp | |
| NL | 45.139.163.75:9300 | tcp | |
| US | 8.8.8.8:53 | 127.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.150.15.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.163.139.45.in-addr.arpa | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| US | 8.8.8.8:53 | joly.bestsup.su | udp |
| US | 104.21.29.103:80 | joly.bestsup.su | tcp |
| US | 8.8.8.8:53 | 109.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.29.21.104.in-addr.arpa | udp |
| NL | 51.15.150.228:443 | tcp | |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| NL | 45.139.163.75:9300 | tcp | |
| US | 8.8.8.8:53 | 145.128.172.185.in-addr.arpa | udp |
| SE | 193.11.114.45:9002 | tcp | |
| US | 8.8.8.8:53 | 45.114.11.193.in-addr.arpa | udp |
| N/A | 127.0.0.1:60601 | tcp | |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | 132.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | 92.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 253.76.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.10.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kamsmad.com | udp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | 70.29.182.210.in-addr.arpa | udp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | c37efade-f9f8-40e6-9906-608a48be0e9b.uuid.localstats.org | udp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | server4.localstats.org | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | stun.ipfire.org | udp |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| DE | 81.3.27.44:3478 | stun.ipfire.org | udp |
| BG | 185.82.216.111:443 | server4.localstats.org | tcp |
| US | 8.8.8.8:53 | carsalessystem.com | udp |
| US | 104.21.94.82:443 | carsalessystem.com | tcp |
| US | 8.8.8.8:53 | 44.27.3.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.133.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.216.82.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.94.21.104.in-addr.arpa | udp |
| BG | 185.82.216.111:443 | server4.localstats.org | tcp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:60601 | tcp | |
| N/A | 127.0.0.1:60601 | tcp | |
| N/A | 127.0.0.1:60601 | tcp | |
| US | 8.8.8.8:53 | yahooxample.com | udp |
| US | 8.8.8.8:53 | yahooxample.com | udp |
| US | 8.8.8.8:53 | qv.bg | udp |
| US | 8.8.8.8:53 | qv.bg | udp |
| US | 8.8.8.8:53 | ingegroup.cl | udp |
| US | 8.8.8.8:53 | scoala3.ro | udp |
| US | 8.8.8.8:53 | ingegroup.cl | udp |
| N/A | 127.0.0.1:60601 | tcp | |
| N/A | 127.0.0.1:51908 | tcp | |
| N/A | 127.0.0.1:51914 | tcp | |
| N/A | 127.0.0.1:51917 | tcp | |
| US | 8.8.8.8:53 | scoala3.ro | udp |
| US | 8.8.8.8:53 | aieseccolombia.org | udp |
| US | 8.8.8.8:53 | aieseccolombia.org | udp |
| US | 8.8.8.8:53 | xsvfj.onmicrosoft.com | udp |
| N/A | 127.0.0.1:51924 | tcp | |
| N/A | 127.0.0.1:51926 | tcp | |
| N/A | 127.0.0.1:51932 | tcp | |
| N/A | 127.0.0.1:51938 | tcp | |
| N/A | 127.0.0.1:51940 | tcp | |
| N/A | 127.0.0.1:51943 | tcp | |
| N/A | 127.0.0.1:51947 | tcp | |
| N/A | 127.0.0.1:51950 | tcp | |
| N/A | 127.0.0.1:51958 | tcp | |
| N/A | 127.0.0.1:51962 | tcp | |
| N/A | 127.0.0.1:51966 | tcp | |
| N/A | 127.0.0.1:51968 | tcp | |
| N/A | 127.0.0.1:51973 | tcp | |
| N/A | 127.0.0.1:51978 | tcp | |
| N/A | 127.0.0.1:51982 | tcp | |
| N/A | 127.0.0.1:51984 | tcp | |
| N/A | 127.0.0.1:51988 | tcp | |
| N/A | 127.0.0.1:51992 | tcp | |
| N/A | 127.0.0.1:51995 | tcp | |
| N/A | 127.0.0.1:52003 | tcp | |
| N/A | 127.0.0.1:52005 | tcp | |
| N/A | 127.0.0.1:52010 | tcp | |
| N/A | 127.0.0.1:52015 | tcp | |
| N/A | 127.0.0.1:52021 | tcp | |
| N/A | 127.0.0.1:52024 | tcp | |
| N/A | 127.0.0.1:52029 | tcp | |
| N/A | 127.0.0.1:52031 | tcp | |
| N/A | 127.0.0.1:52037 | tcp | |
| N/A | 127.0.0.1:52039 | tcp | |
| N/A | 127.0.0.1:52042 | tcp | |
| N/A | 127.0.0.1:52046 | tcp | |
| N/A | 127.0.0.1:52051 | tcp | |
| N/A | 127.0.0.1:52053 | tcp | |
| US | 8.8.8.8:53 | xsvfj.onmicrosoft.com | udp |
| N/A | 127.0.0.1:52058 | tcp | |
| N/A | 127.0.0.1:52060 | tcp | |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| N/A | 127.0.0.1:52064 | tcp | |
| US | 65.181.111.130:22 | ingegroup.cl | tcp |
| PL | 86.105.187.128:22 | scoala3.ro | tcp |
| PL | 86.105.187.128:21 | scoala3.ro | tcp |
| US | 65.181.111.130:443 | ingegroup.cl | tcp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 65.181.111.130:21 | ingegroup.cl | tcp |
| US | 8.8.8.8:53 | mx.spamexperts.com | udp |
| PL | 86.105.187.128:443 | scoala3.ro | tcp |
| US | 44.239.178.18:22 | aieseccolombia.org | tcp |
| US | 44.239.178.18:21 | aieseccolombia.org | tcp |
| US | 8.8.8.8:53 | alt4.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | liveonetrade.com.br | udp |
| US | 8.8.8.8:53 | liveonetrade.com.br | udp |
| US | 8.8.8.8:53 | gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | 130.111.181.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kingstonk12.org | udp |
| US | 8.8.8.8:53 | yahooxample.com | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | xsvfj.mail.protection.outlook.com | udp |
| US | 44.239.178.18:443 | aieseccolombia.org | tcp |
| SG | 74.125.200.26:143 | alt4.aspmx.l.google.com | tcp |
| GB | 193.200.214.101:143 | mx.spamexperts.com | tcp |
| GB | 193.200.214.101:465 | mx.spamexperts.com | tcp |
| US | 65.181.111.130:80 | ingegroup.cl | tcp |
| US | 8.8.8.8:53 | gmaandex.by | udp |
| US | 8.8.8.8:53 | qv.bg | udp |
| PL | 86.105.187.128:80 | scoala3.ro | tcp |
| US | 8.8.8.8:53 | 18.178.239.44.in-addr.arpa | udp |
| GB | 193.200.214.101:995 | mx.spamexperts.com | tcp |
| US | 65.181.111.130:80 | ingegroup.cl | tcp |
| US | 8.8.8.8:53 | fie.undef.edu.ar | udp |
| US | 8.8.8.8:53 | gmaandex.by | udp |
| SG | 74.125.200.26:465 | alt4.aspmx.l.google.com | tcp |
| SG | 74.125.200.26:995 | alt4.aspmx.l.google.com | tcp |
| BR | 187.45.195.26:22 | liveonetrade.com.br | tcp |
| BR | 187.45.195.26:21 | liveonetrade.com.br | tcp |
| BE | 64.233.167.27:143 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | fie.undef.edu.ar | udp |
| US | 8.8.8.8:53 | makingmommys.com | udp |
| US | 65.181.111.130:80 | ingegroup.cl | tcp |
| HK | 52.101.132.28:143 | xsvfj.mail.protection.outlook.com | tcp |
| BE | 64.233.167.27:465 | aspmx.l.google.com | tcp |
| US | 44.239.178.18:80 | aieseccolombia.org | tcp |
| HK | 52.101.132.28:465 | xsvfj.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | liveonetrade-com-br.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | xsvfj.onmicrosoft.com | udp |
| US | 34.238.178.141:22 | kingstonk12.org | tcp |
| BR | 187.45.195.26:443 | liveonetrade.com.br | tcp |
| US | 34.238.178.141:21 | kingstonk12.org | tcp |
| US | 8.8.8.8:53 | makingmommys.com | udp |
| BE | 64.233.167.27:995 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | aspmx3.googlemail.com | udp |
| HK | 52.101.132.28:995 | xsvfj.mail.protection.outlook.com | tcp |
| US | 34.238.178.141:443 | kingstonk12.org | tcp |
| N/A | 127.0.0.1:52070 | tcp | |
| US | 8.8.8.8:53 | yahooxample.com | udp |
| AR | 200.58.105.230:22 | fie.undef.edu.ar | tcp |
| N/A | 127.0.0.1:52074 | tcp | |
| N/A | 127.0.0.1:52084 | tcp | |
| N/A | 127.0.0.1:52086 | tcp | |
| N/A | 127.0.0.1:52090 | tcp | |
| N/A | 127.0.0.1:52103 | tcp | |
| N/A | 127.0.0.1:52107 | tcp | |
| N/A | 127.0.0.1:52111 | tcp | |
| N/A | 127.0.0.1:52114 | tcp | |
| N/A | 127.0.0.1:52124 | tcp | |
| N/A | 127.0.0.1:52125 | tcp | |
| N/A | 127.0.0.1:52128 | tcp | |
| N/A | 127.0.0.1:52132 | tcp | |
| N/A | 127.0.0.1:52135 | tcp | |
| N/A | 127.0.0.1:52139 | tcp | |
| N/A | 127.0.0.1:52145 | tcp | |
| N/A | 127.0.0.1:52151 | tcp | |
| N/A | 127.0.0.1:52156 | tcp | |
| N/A | 127.0.0.1:52161 | tcp | |
| N/A | 127.0.0.1:52166 | tcp | |
| N/A | 127.0.0.1:52168 | tcp | |
| N/A | 127.0.0.1:52170 | tcp | |
| N/A | 127.0.0.1:52178 | tcp | |
| N/A | 127.0.0.1:52180 | tcp | |
| N/A | 127.0.0.1:52182 | tcp | |
| N/A | 127.0.0.1:52186 | tcp | |
| N/A | 127.0.0.1:52190 | tcp | |
| N/A | 127.0.0.1:52195 | tcp | |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | gmaimsalud.gov.co | udp |
| AR | 200.58.105.230:21 | fie.undef.edu.ar | tcp |
| US | 44.239.178.18:22 | aieseccolombia.org | tcp |
| US | 8.8.8.8:53 | mail.wu.ac.th | udp |
| US | 8.8.8.8:53 | gmail.coco.uk | udp |
| US | 8.8.8.8:53 | mail.wu.ac.th | udp |
| US | 44.239.178.18:80 | aieseccolombia.org | tcp |
| GB | 193.200.214.101:465 | mx.spamexperts.com | tcp |
| NL | 142.251.9.27:143 | aspmx3.googlemail.com | tcp |
| US | 52.101.194.4:143 | liveonetrade-com-br.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | aspmx4.googlemail.com | udp |
| BR | 187.45.195.26:80 | liveonetrade.com.br | tcp |
| SG | 52.101.137.2:143 | xsvfj.mail.protection.outlook.com | tcp |
| SG | 52.101.137.2:465 | xsvfj.mail.protection.outlook.com | tcp |
| AR | 200.58.105.230:443 | fie.undef.edu.ar | tcp |
| US | 52.101.194.4:465 | liveonetrade-com-br.mail.protection.outlook.com | tcp |
| NL | 142.251.9.27:465 | aspmx3.googlemail.com | tcp |
| US | 65.181.111.130:80 | ingegroup.cl | tcp |
| US | 34.238.178.141:80 | kingstonk12.org | tcp |
| US | 52.101.194.4:995 | liveonetrade-com-br.mail.protection.outlook.com | tcp |
| N/A | 127.0.0.1:52199 | tcp | |
| US | 8.8.8.8:53 | gmail.coco.uk | udp |
| US | 8.8.8.8:53 | ahmi.fr | udp |
| SG | 52.101.137.2:995 | xsvfj.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | 141.178.238.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.195.45.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.105.58.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gmaandex.by | udp |
| US | 44.239.178.18:443 | aieseccolombia.org | tcp |
| US | 8.8.8.8:53 | ahmi.fr | udp |
| NL | 142.251.9.27:995 | aspmx3.googlemail.com | tcp |
| TH | 202.28.68.76:22 | mail.wu.ac.th | tcp |
| US | 65.181.111.130:80 | ingegroup.cl | tcp |
| FI | 142.250.150.26:143 | aspmx4.googlemail.com | tcp |
| US | 65.181.111.130:80 | ingegroup.cl | tcp |
| N/A | 127.0.0.1:52203 | tcp | |
| HK | 52.101.132.30:143 | xsvfj.mail.protection.outlook.com | tcp |
| HK | 52.101.132.30:465 | xsvfj.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | www.kingstonk12.org | udp |
| US | 8.8.8.8:53 | qv.bg | udp |
| US | 8.8.8.8:53 | lexbentleyllc.com | udp |
| US | 44.239.178.18:80 | aieseccolombia.org | tcp |
| N/A | 127.0.0.1:52205 | tcp | |
| US | 8.8.8.8:53 | lexbentleyllc.com | udp |
| N/A | 127.0.0.1:52207 | tcp | |
| N/A | 127.0.0.1:52213 | tcp | |
| N/A | 127.0.0.1:52217 | tcp | |
| N/A | 127.0.0.1:52222 | tcp | |
| N/A | 127.0.0.1:52224 | tcp | |
| N/A | 127.0.0.1:52226 | tcp | |
| N/A | 127.0.0.1:52235 | tcp | |
| N/A | 127.0.0.1:52239 | tcp | |
| N/A | 127.0.0.1:52241 | tcp | |
| N/A | 127.0.0.1:52244 | tcp | |
| N/A | 127.0.0.1:52247 | tcp | |
| N/A | 127.0.0.1:52250 | tcp | |
| N/A | 127.0.0.1:52254 | tcp | |
| US | 52.101.40.6:143 | liveonetrade-com-br.mail.protection.outlook.com | tcp |
| US | 65.181.111.130:21 | ingegroup.cl | tcp |
| TH | 202.28.68.76:21 | mail.wu.ac.th | tcp |
| FI | 142.250.150.26:465 | aspmx4.googlemail.com | tcp |
| AR | 200.58.105.230:80 | fie.undef.edu.ar | tcp |
| HK | 52.101.132.30:995 | xsvfj.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | makingmommys.com | udp |
| US | 52.101.40.6:465 | liveonetrade-com-br.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | ftp.yahooxample.com | udp |
| US | 8.8.8.8:53 | yahooxample.com | udp |
| US | 8.8.8.8:53 | valgrantt.com | udp |
| FI | 142.250.150.26:995 | aspmx4.googlemail.com | tcp |
| US | 52.101.40.6:995 | liveonetrade-com-br.mail.protection.outlook.com | tcp |
| FR | 193.37.145.65:22 | ahmi.fr | tcp |
| US | 65.181.111.130:22 | ingegroup.cl | tcp |
| US | 44.239.178.18:443 | aieseccolombia.org | tcp |
| PL | 86.105.187.128:22 | scoala3.ro | tcp |
| US | 8.8.8.8:53 | ALT1.ASPMX.L.GOOGLE.COM | udp |
| US | 8.8.8.8:53 | ftp.qv.bg | udp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | valgrantt.com | udp |
| FR | 193.37.145.65:21 | ahmi.fr | tcp |
| PL | 86.105.187.128:21 | scoala3.ro | tcp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| TH | 202.28.68.76:443 | mail.wu.ac.th | tcp |
| US | 44.239.178.18:21 | aieseccolombia.org | tcp |
| PL | 86.105.187.128:80 | scoala3.ro | tcp |
| GB | 193.200.214.101:143 | mx.spamexperts.com | tcp |
| GB | 193.200.214.101:587 | mx.spamexperts.com | tcp |
| AR | 200.58.105.230:80 | fie.undef.edu.ar | tcp |
| US | 52.101.10.1:995 | liveonetrade-com-br.mail.protection.outlook.com | tcp |
| AR | 200.58.105.230:21 | fie.undef.edu.ar | tcp |
| US | 8.8.8.8:53 | gmaandex.by | udp |
| US | 8.8.8.8:53 | gmail.coco.uk | udp |
| US | 8.8.8.8:53 | mail.ahmi.fr | udp |
| US | 8.8.8.8:53 | xsvfj.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| N/A | 127.0.0.1:52257 | tcp | |
| FR | 193.37.145.65:443 | ahmi.fr | tcp |
| US | 8.8.8.8:53 | howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | 65.145.37.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dafnis.com | udp |
| US | 107.162.228.20:443 | www.kingstonk12.org | tcp |
| NL | 142.250.153.26:143 | ALT1.ASPMX.L.GOOGLE.COM | tcp |
| BR | 187.45.195.26:22 | liveonetrade.com.br | tcp |
| SG | 74.125.200.26:143 | alt4.aspmx.l.google.com | tcp |
| GB | 193.200.214.101:995 | mx.spamexperts.com | tcp |
| SG | 74.125.200.26:465 | alt4.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mail.yahooxample.com | udp |
| US | 8.8.8.8:53 | qv.bg | udp |
| US | 8.8.8.8:53 | gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | liveonetrade-com-br.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| BR | 187.45.195.26:21 | liveonetrade.com.br | tcp |
| US | 8.8.8.8:53 | howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | dafnis.com | udp |
| US | 8.8.8.8:53 | gmail.choo.co.uk | udp |
| BE | 64.233.167.27:143 | aspmx.l.google.com | tcp |
| BR | 187.45.195.26:80 | liveonetrade.com.br | tcp |
| NL | 142.250.153.26:465 | ALT1.ASPMX.L.GOOGLE.COM | tcp |
| TH | 202.28.68.76:80 | mail.wu.ac.th | tcp |
| US | 65.181.111.130:80 | ingegroup.cl | tcp |
| US | 65.181.111.130:80 | ingegroup.cl | tcp |
| FR | 185.98.131.25:143 | mail.ahmi.fr | tcp |
| US | 44.239.178.18:22 | aieseccolombia.org | tcp |
| AR | 200.58.105.230:80 | fie.undef.edu.ar | tcp |
| SG | 52.101.137.2:143 | xsvfj.mail.protection.outlook.com | tcp |
| SG | 52.101.137.2:465 | xsvfj.mail.protection.outlook.com | tcp |
| US | 34.238.178.141:22 | kingstonk12.org | tcp |
| N/A | 127.0.0.1:52271 | tcp | |
| US | 8.8.8.8:53 | lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | ftp.xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | 101.214.200.193.in-addr.arpa | udp |
| N/A | 127.0.0.1:52273 | tcp | |
| FI | 65.21.238.170:21 | valgrantt.com | tcp |
| FI | 65.21.238.170:22 | valgrantt.com | tcp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| N/A | 127.0.0.1:52277 | tcp | |
| US | 8.8.8.8:53 | eriglobal.com | udp |
| US | 8.8.8.8:53 | gmail.choo.co.uk | udp |
| SG | 74.125.200.26:995 | alt4.aspmx.l.google.com | tcp |
| N/A | 127.0.0.1:52284 | tcp | |
| N/A | 127.0.0.1:52304 | tcp | |
| N/A | 127.0.0.1:52307 | tcp | |
| N/A | 127.0.0.1:52310 | tcp | |
| N/A | 127.0.0.1:52312 | tcp | |
| N/A | 127.0.0.1:52316 | tcp | |
| BE | 64.233.167.27:465 | aspmx.l.google.com | tcp |
| NL | 142.250.153.26:995 | ALT1.ASPMX.L.GOOGLE.COM | tcp |
| FR | 193.37.145.65:80 | ahmi.fr | tcp |
| FR | 185.98.131.25:465 | mail.ahmi.fr | tcp |
| US | 44.239.178.18:80 | aieseccolombia.org | tcp |
| US | 34.238.178.141:21 | kingstonk12.org | tcp |
| US | 34.238.178.141:80 | kingstonk12.org | tcp |
| BR | 187.45.195.26:443 | liveonetrade.com.br | tcp |
| SG | 52.101.137.2:995 | xsvfj.mail.protection.outlook.com | tcp |
| BE | 64.233.167.27:995 | aspmx.l.google.com | tcp |
| FI | 65.21.238.170:443 | valgrantt.com | tcp |
| US | 52.101.42.6:143 | liveonetrade-com-br.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gmaandex.by | udp |
| TH | 202.28.68.76:80 | mail.wu.ac.th | tcp |
| US | 8.8.8.8:53 | ftp.yahooxample.com | udp |
| US | 8.8.8.8:53 | mail.qv.bg | udp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | ftp.qv.bg | udp |
| US | 8.8.8.8:53 | ftp.bigpoint.acc | udp |
| US | 8.8.8.8:53 | makingmommys.com | udp |
| US | 8.8.8.8:53 | 20.228.162.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yahooxample.com | udp |
| US | 8.8.8.8:53 | ssh.yahooxample.com | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| US | 8.8.8.8:53 | eriglobal.com | udp |
| US | 8.8.8.8:53 | ebpearls.com.au | udp |
| NL | 142.251.9.27:143 | aspmx3.googlemail.com | tcp |
| US | 44.239.178.18:80 | aieseccolombia.org | tcp |
| FR | 185.98.131.25:995 | mail.ahmi.fr | tcp |
| HK | 52.101.132.30:143 | xsvfj.mail.protection.outlook.com | tcp |
| AR | 200.58.105.230:22 | fie.undef.edu.ar | tcp |
| DE | 23.88.84.200:22 | dafnis.com | tcp |
| HK | 52.101.132.30:995 | xsvfj.mail.protection.outlook.com | tcp |
| HK | 52.101.132.30:465 | xsvfj.mail.protection.outlook.com | tcp |
| FR | 193.37.145.65:22 | ahmi.fr | tcp |
| US | 52.101.42.6:465 | liveonetrade-com-br.mail.protection.outlook.com | tcp |
| AR | 200.58.105.230:80 | fie.undef.edu.ar | tcp |
| US | 52.101.9.14:143 | liveonetrade-com-br.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gmail.coco.uk | udp |
| US | 8.8.8.8:53 | 25.131.98.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.238.21.65.in-addr.arpa | udp |
| DE | 23.88.84.200:21 | dafnis.com | tcp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| US | 8.8.8.8:53 | ebpearls.com.au | udp |
| FI | 65.21.238.170:143 | valgrantt.com | tcp |
| TH | 202.28.68.76:80 | mail.wu.ac.th | tcp |
| US | 52.101.9.14:465 | liveonetrade-com-br.mail.protection.outlook.com | tcp |
| NL | 142.251.9.27:465 | aspmx3.googlemail.com | tcp |
| GB | 193.200.214.101:587 | mx.spamexperts.com | tcp |
| US | 52.101.42.6:995 | liveonetrade-com-br.mail.protection.outlook.com | tcp |
| NL | 142.251.9.27:995 | aspmx3.googlemail.com | tcp |
| FR | 193.37.145.65:80 | ahmi.fr | tcp |
| TH | 202.28.68.76:22 | mail.wu.ac.th | tcp |
| FI | 142.250.150.26:143 | aspmx4.googlemail.com | tcp |
| US | 65.181.111.130:21 | ingegroup.cl | tcp |
| US | 8.8.8.8:53 | mail.dafnis.com | udp |
| US | 8.8.8.8:53 | howtogetafreeiphone.infoco.th | udp |
| BR | 187.45.195.26:80 | liveonetrade.com.br | tcp |
| US | 8.8.8.8:53 | mail.yahooxample.com | udp |
| US | 8.8.8.8:53 | gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | ftp.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | xsvfj.onmicrosoft.com | udp |
| BR | 187.45.195.26:443 | liveonetrade.com.br | tcp |
| DE | 23.88.84.200:443 | dafnis.com | tcp |
| N/A | 127.0.0.1:52322 | tcp | |
| N/A | 127.0.0.1:52325 | tcp | |
| N/A | 127.0.0.1:52328 | tcp | |
| N/A | 127.0.0.1:52330 | tcp | |
| N/A | 127.0.0.1:52337 | tcp | |
| US | 8.8.8.8:53 | highlandmultimedia.com | udp |
| US | 8.8.8.8:53 | highlandmultimedia.com | udp |
| US | 8.8.8.8:53 | makingmommys.com | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| US | 8.8.8.8:53 | gmail.cooolsite.net | udp |
| US | 52.101.9.14:995 | liveonetrade-com-br.mail.protection.outlook.com | tcp |
| AR | 200.58.105.230:80 | fie.undef.edu.ar | tcp |
| FI | 65.21.238.170:465 | valgrantt.com | tcp |
| US | 8.8.8.8:53 | mail.choo.co.uk | udp |
| US | 8.8.8.8:53 | gmaandex.by | udp |
| US | 8.8.8.8:53 | lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | ftp.xsvfj.onmicrosoft.com | udp |
| FI | 65.21.238.170:80 | valgrantt.com | tcp |
| FI | 142.250.150.26:465 | aspmx4.googlemail.com | tcp |
| TH | 202.28.68.76:21 | mail.wu.ac.th | tcp |
| AR | 200.58.105.230:990 | fie.undef.edu.ar | tcp |
| US | 65.181.111.130:222 | ingegroup.cl | tcp |
| FI | 142.250.150.26:995 | aspmx4.googlemail.com | tcp |
| US | 198.12.247.192:21 | eriglobal.com | tcp |
| FI | 65.21.238.170:995 | valgrantt.com | tcp |
| US | 8.8.8.8:53 | gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | chei.uno | udp |
| PL | 86.105.187.128:80 | scoala3.ro | tcp |
| US | 65.181.111.130:80 | ingegroup.cl | tcp |
| US | 34.238.178.141:80 | kingstonk12.org | tcp |
| PL | 86.105.187.128:222 | scoala3.ro | tcp |
| US | 65.181.111.130:80 | ingegroup.cl | tcp |
| DE | 5.9.155.27:143 | mail.dafnis.com | tcp |
| FR | 193.37.145.65:443 | ahmi.fr | tcp |
| PL | 86.105.187.128:990 | scoala3.ro | tcp |
| FR | 193.37.145.65:21 | ahmi.fr | tcp |
| US | 44.239.178.18:443 | aieseccolombia.org | tcp |
| PL | 86.105.187.128:80 | scoala3.ro | tcp |
| US | 44.239.178.18:990 | aieseccolombia.org | tcp |
| FI | 65.21.238.170:80 | valgrantt.com | tcp |
| US | 8.8.8.8:53 | xsvfj.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ssh.qv.bg | udp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | ftp.gmaandex.by | udp |
| US | 8.8.8.8:53 | mail.qv.bg | udp |
| US | 8.8.8.8:53 | ftp.bigpoint.acc | udp |
| US | 8.8.8.8:53 | ftp.qv.bg | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| NL | 142.250.153.26:143 | ALT1.ASPMX.L.GOOGLE.COM | tcp |
| SG | 74.125.200.26:993 | alt4.aspmx.l.google.com | tcp |
| US | 198.12.247.192:443 | eriglobal.com | tcp |
| US | 8.8.8.8:53 | eriglobal-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | liveonetrade-com-br.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| US | 8.8.8.8:53 | howtogetafreeiphone.infoco.th | udp |
| GB | 193.200.214.101:110 | mx.spamexperts.com | tcp |
| US | 8.8.8.8:53 | 200.84.88.23.in-addr.arpa | udp |
| CA | 67.205.121.216:22 | highlandmultimedia.com | tcp |
| US | 141.193.213.11:21 | ebpearls.com.au | tcp |
| SG | 74.125.200.26:587 | alt4.aspmx.l.google.com | tcp |
| SG | 74.125.200.26:110 | alt4.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | chei.uno | udp |
| US | 8.8.8.8:53 | hotmai.cocl | udp |
| BR | 187.45.195.26:80 | liveonetrade.com.br | tcp |
| DE | 5.9.155.27:465 | mail.dafnis.com | tcp |
| DE | 23.88.84.200:80 | dafnis.com | tcp |
| BR | 187.45.195.26:222 | liveonetrade.com.br | tcp |
| GB | 79.170.40.74:143 | mail.choo.co.uk | tcp |
| BE | 64.233.167.27:993 | aspmx.l.google.com | tcp |
| NL | 142.250.153.26:465 | ALT1.ASPMX.L.GOOGLE.COM | tcp |
| FR | 185.98.131.25:143 | mail.ahmi.fr | tcp |
| FR | 193.37.145.65:22 | ahmi.fr | tcp |
| US | 8.8.8.8:53 | ssh.yahooxample.com | udp |
| US | 8.8.8.8:53 | mail.yahooxample.com | udp |
| US | 8.8.8.8:53 | yahooxample.com | udp |
| FI | 65.21.238.170:22 | valgrantt.com | tcp |
| TH | 202.28.68.76:80 | mail.wu.ac.th | tcp |
| US | 8.8.8.8:53 | gmaandex.by | udp |
| US | 8.8.8.8:53 | mail.bigpoint.acc | udp |
| US | 8.8.8.8:53 | gmail.coco.uk | udp |
| US | 8.8.8.8:53 | lexbentleyllc.com | udp |
| N/A | 127.0.0.1:52340 | tcp | |
| US | 8.8.8.8:53 | 27.155.9.5.in-addr.arpa | udp |
| US | 141.193.213.11:443 | ebpearls.com.au | tcp |
| US | 8.8.8.8:53 | hotmai.cocl | udp |
| CA | 67.205.121.216:21 | highlandmultimedia.com | tcp |
| US | 34.238.178.141:222 | kingstonk12.org | tcp |
| FI | 65.21.238.170:21 | valgrantt.com | tcp |
| US | 8.8.8.8:53 | essencedripscents.com | udp |
| N/A | 127.0.0.1:52342 | tcp | |
| US | 44.239.178.18:22 | aieseccolombia.org | tcp |
| AR | 200.58.105.230:80 | fie.undef.edu.ar | tcp |
| GB | 79.170.40.74:465 | mail.choo.co.uk | tcp |
| SG | 52.101.137.2:993 | xsvfj.mail.protection.outlook.com | tcp |
| SG | 52.101.137.2:587 | xsvfj.mail.protection.outlook.com | tcp |
| N/A | 127.0.0.1:52344 | tcp | |
| N/A | 127.0.0.1:52346 | tcp | |
| N/A | 127.0.0.1:52349 | tcp | |
| N/A | 127.0.0.1:52351 | tcp | |
| N/A | 127.0.0.1:52367 | tcp | |
| N/A | 127.0.0.1:52371 | tcp | |
| N/A | 127.0.0.1:52374 | tcp | |
| N/A | 127.0.0.1:52377 | tcp | |
| N/A | 127.0.0.1:52379 | tcp | |
| N/A | 127.0.0.1:52382 | tcp | |
| N/A | 127.0.0.1:52393 | tcp | |
| N/A | 127.0.0.1:52397 | tcp | |
| N/A | 127.0.0.1:52402 | tcp | |
| N/A | 127.0.0.1:52410 | tcp | |
| BE | 64.233.167.27:587 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mail.qv.bg | udp |
| US | 8.8.8.8:53 | qv.bg | udp |
| US | 8.8.8.8:53 | gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | ftp.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | makingmommys.com | udp |
| NL | 142.250.153.26:995 | ALT1.ASPMX.L.GOOGLE.COM | tcp |
| FR | 185.98.131.25:465 | mail.ahmi.fr | tcp |
| SG | 52.101.137.2:110 | xsvfj.mail.protection.outlook.com | tcp |
| US | 34.238.178.141:990 | kingstonk12.org | tcp |
| US | 52.101.10.2:993 | liveonetrade-com-br.mail.protection.outlook.com | tcp |
| US | 52.101.10.1:143 | eriglobal-com.mail.protection.outlook.com | tcp |
| BE | 64.233.167.27:110 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| BR | 187.45.195.26:80 | liveonetrade.com.br | tcp |
| DE | 23.88.84.200:80 | dafnis.com | tcp |
| LT | 84.32.84.32:22 | chei.uno | tcp |
| GB | 79.170.40.74:995 | mail.choo.co.uk | tcp |
| US | 8.8.8.8:53 | essencedripscents.com | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| US | 8.8.8.8:53 | gmail.cooolsite.net | udp |
| NL | 142.251.9.27:993 | aspmx3.googlemail.com | tcp |
| DE | 23.88.84.200:22 | dafnis.com | tcp |
| TH | 202.28.68.76:80 | mail.wu.ac.th | tcp |
| FR | 185.98.131.25:995 | mail.ahmi.fr | tcp |
| AR | 200.58.105.230:222 | fie.undef.edu.ar | tcp |
| US | 52.101.10.2:587 | liveonetrade-com-br.mail.protection.outlook.com | tcp |
| GB | 193.200.214.101:587 | mx.spamexperts.com | tcp |
| AR | 200.58.105.230:80 | fie.undef.edu.ar | tcp |
| N/A | 127.0.0.1:52414 | tcp | |
| N/A | 127.0.0.1:52417 | tcp | |
| US | 8.8.8.8:53 | 216.121.205.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.213.193.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssh.xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | mail.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ftp.xsvfj.onmicrosoft.com | udp |
| FI | 65.21.238.170:80 | valgrantt.com | tcp |
| TH | 202.28.68.76:80 | mail.wu.ac.th | tcp |
| US | 65.181.111.130:21 | ingegroup.cl | tcp |
| US | 52.101.10.1:465 | eriglobal-com.mail.protection.outlook.com | tcp |
| US | 198.12.247.192:80 | eriglobal.com | tcp |
| CA | 67.205.121.216:443 | highlandmultimedia.com | tcp |
| DE | 23.88.84.200:21 | dafnis.com | tcp |
| LT | 84.32.84.32:21 | chei.uno | tcp |
| BE | 64.233.167.27:143 | aspmx.l.google.com | tcp |
| US | 198.12.247.192:22 | eriglobal.com | tcp |
| US | 8.8.8.8:53 | xbananaw.xyz | udp |
| US | 8.8.8.8:53 | lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | ftp.makingmommys.com | udp |
| US | 52.101.10.2:110 | liveonetrade-com-br.mail.protection.outlook.com | tcp |
| NL | 142.251.9.27:587 | aspmx3.googlemail.com | tcp |
| NL | 142.251.9.27:110 | aspmx3.googlemail.com | tcp |
| FR | 193.37.145.65:990 | ahmi.fr | tcp |
| TH | 202.28.68.76:222 | mail.wu.ac.th | tcp |
| FI | 142.250.150.26:993 | aspmx4.googlemail.com | tcp |
| FI | 65.21.238.170:80 | valgrantt.com | tcp |
| FI | 65.21.238.170:465 | valgrantt.com | tcp |
| N/A | 127.0.0.1:52419 | tcp | |
| N/A | 127.0.0.1:52424 | tcp | |
| N/A | 127.0.0.1:52427 | tcp | |
| US | 44.239.178.18:443 | aieseccolombia.org | tcp |
| TH | 202.28.68.76:990 | mail.wu.ac.th | tcp |
| US | 8.8.8.8:53 | mx2.improvmx.com | udp |
| US | 8.8.8.8:53 | gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | gmaandex.by | udp |
| US | 8.8.8.8:53 | ftp.yahooxample.com | udp |
| US | 8.8.8.8:53 | ftp.gmaandex.by | udp |
| US | 8.8.8.8:53 | ssh.qv.bg | udp |
| US | 8.8.8.8:53 | ssh.bigpoint.acc | udp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | ftp.qv.bg | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| US | 8.8.8.8:53 | mail.qv.bg | udp |
| US | 8.8.8.8:53 | ftp.bigpoint.acc | udp |
| FI | 142.250.150.26:587 | aspmx4.googlemail.com | tcp |
| AR | 200.58.105.230:990 | fie.undef.edu.ar | tcp |
| US | 65.181.111.130:222 | ingegroup.cl | tcp |
| DE | 5.9.155.27:143 | mail.dafnis.com | tcp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| FR | 193.37.145.65:80 | ahmi.fr | tcp |
| FI | 142.250.150.26:110 | aspmx4.googlemail.com | tcp |
| N/A | 127.0.0.1:52441 | tcp | |
| LT | 84.32.84.32:443 | chei.uno | tcp |
| BE | 64.233.167.27:465 | aspmx.l.google.com | tcp |
| US | 141.193.213.11:80 | ebpearls.com.au | tcp |
| SG | 74.125.200.26:143 | alt4.aspmx.l.google.com | tcp |
| US | 141.193.213.11:22 | ebpearls.com.au | tcp |
| US | 198.12.247.192:21 | eriglobal.com | tcp |
| CA | 23.227.38.32:22 | essencedripscents.com | tcp |
| FI | 65.21.238.170:995 | valgrantt.com | tcp |
| US | 8.8.8.8:53 | xbananaw.xyz | udp |
| US | 8.8.8.8:53 | gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | hotmai.cocl | udp |
| N/A | 127.0.0.1:52446 | tcp | |
| N/A | 127.0.0.1:52450 | tcp | |
| N/A | 127.0.0.1:52453 | tcp | |
| N/A | 127.0.0.1:52456 | tcp | |
| N/A | 127.0.0.1:52461 | tcp | |
| N/A | 127.0.0.1:52467 | tcp | |
| N/A | 127.0.0.1:52470 | tcp | |
| N/A | 127.0.0.1:52474 | tcp | |
| N/A | 127.0.0.1:52478 | tcp | |
| N/A | 127.0.0.1:52484 | tcp | |
| N/A | 127.0.0.1:52487 | tcp | |
| N/A | 127.0.0.1:52491 | tcp | |
| N/A | 127.0.0.1:52494 | tcp | |
| N/A | 127.0.0.1:52501 | tcp | |
| N/A | 127.0.0.1:52503 | tcp | |
| N/A | 127.0.0.1:52505 | tcp | |
| US | 107.162.228.20:443 | www.kingstonk12.org | tcp |
| PL | 86.105.187.128:222 | scoala3.ro | tcp |
| US | 44.239.178.18:80 | aieseccolombia.org | tcp |
| PL | 86.105.187.128:990 | scoala3.ro | tcp |
| US | 34.238.178.141:80 | kingstonk12.org | tcp |
| DE | 23.88.84.200:443 | dafnis.com | tcp |
| PL | 86.105.187.128:80 | scoala3.ro | tcp |
| US | 44.239.178.18:990 | aieseccolombia.org | tcp |
| N/A | 127.0.0.1:52507 | tcp | |
| GB | 193.200.214.101:993 | mx.spamexperts.com | tcp |
| FR | 185.98.131.25:993 | mail.ahmi.fr | tcp |
| NL | 142.250.153.26:993 | ALT1.ASPMX.L.GOOGLE.COM | tcp |
| N/A | 127.0.0.1:52509 | tcp | |
| N/A | 127.0.0.1:52511 | tcp | |
| FR | 193.37.145.65:22 | ahmi.fr | tcp |
| US | 8.8.8.8:53 | xsvfj.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | makingmommys.com | udp |
| US | 8.8.8.8:53 | ssh.yahooxample.com | udp |
| N/A | 127.0.0.1:52513 | tcp | |
| US | 8.8.8.8:53 | yahooxample.com | udp |
| US | 8.8.8.8:53 | mail.yahooxample.com | udp |
| US | 8.8.8.8:53 | mail.bigpoint.acc | udp |
| US | 8.8.8.8:53 | gmail.coco.uk | udp |
| US | 8.8.8.8:53 | ftp.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | liveonetrade-com-br.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | eriglobal-com.mail.protection.outlook.com | udp |
| SG | 74.125.200.26:993 | alt4.aspmx.l.google.com | tcp |
| N/A | 127.0.0.1:52516 | tcp | |
| N/A | 127.0.0.1:52525 | tcp | |
| N/A | 127.0.0.1:52527 | tcp | |
| N/A | 127.0.0.1:52532 | tcp | |
| N/A | 127.0.0.1:52538 | tcp | |
| N/A | 127.0.0.1:52541 | tcp | |
| GB | 193.200.214.101:110 | mx.spamexperts.com | tcp |
| BE | 64.233.167.27:995 | aspmx.l.google.com | tcp |
| SG | 74.125.200.26:465 | alt4.aspmx.l.google.com | tcp |
| CA | 23.227.38.32:21 | essencedripscents.com | tcp |
| CA | 67.205.121.216:80 | highlandmultimedia.com | tcp |
| SG | 74.125.200.26:587 | alt4.aspmx.l.google.com | tcp |
| FI | 65.21.238.170:990 | valgrantt.com | tcp |
| US | 8.8.8.8:53 | yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | sadunco21.onmicrosoft.com | udp |
| US | 107.162.228.20:443 | www.kingstonk12.org | tcp |
| BR | 187.45.195.26:80 | liveonetrade.com.br | tcp |
| US | 65.181.111.130:80 | ingegroup.cl | tcp |
| FI | 65.21.238.170:222 | valgrantt.com | tcp |
| DE | 5.9.155.27:465 | mail.dafnis.com | tcp |
| BR | 187.45.195.26:222 | liveonetrade.com.br | tcp |
| GB | 79.170.40.74:143 | mail.choo.co.uk | tcp |
| FR | 15.236.61.92:143 | mx2.improvmx.com | tcp |
| BE | 64.233.167.27:993 | aspmx.l.google.com | tcp |
| FR | 193.37.145.65:80 | ahmi.fr | tcp |
| NL | 142.250.153.26:587 | ALT1.ASPMX.L.GOOGLE.COM | tcp |
| US | 44.239.178.18:22 | aieseccolombia.org | tcp |
| US | 8.8.8.8:53 | howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | qv.bg | udp |
| US | 8.8.8.8:53 | ftp.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | ssh.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| CA | 23.227.38.32:443 | essencedripscents.com | tcp |
| US | 8.8.8.8:53 | yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | stablepizza.com | udp |
| US | 8.8.8.8:53 | sadunco21.onmicrosoft.com | udp |
| SG | 74.125.200.26:995 | alt4.aspmx.l.google.com | tcp |
| BR | 187.45.195.26:990 | liveonetrade.com.br | tcp |
| US | 141.193.213.11:80 | ebpearls.com.au | tcp |
| CA | 67.205.121.216:80 | highlandmultimedia.com | tcp |
| CA | 67.205.121.216:21 | highlandmultimedia.com | tcp |
| US | 34.238.178.141:222 | kingstonk12.org | tcp |
| DE | 5.9.155.27:995 | mail.dafnis.com | tcp |
| FR | 185.98.131.25:587 | mail.ahmi.fr | tcp |
| US | 8.8.8.8:53 | hotmai.cocl | udp |
| US | 8.8.8.8:53 | essencedripscents-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| US | 8.8.8.8:53 | gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | 32.84.32.84.in-addr.arpa | udp |
| LT | 84.32.84.32:80 | chei.uno | tcp |
| LT | 84.32.84.32:80 | chei.uno | tcp |
| FR | 185.98.131.25:110 | mail.ahmi.fr | tcp |
| BE | 64.233.167.27:587 | aspmx.l.google.com | tcp |
| N/A | 127.0.0.1:52547 | tcp | |
| N/A | 127.0.0.1:52550 | tcp | |
| N/A | 127.0.0.1:52553 | tcp | |
| N/A | 127.0.0.1:52563 | tcp | |
| N/A | 127.0.0.1:52566 | tcp | |
| N/A | 127.0.0.1:52570 | tcp | |
| N/A | 127.0.0.1:52572 | tcp | |
| N/A | 127.0.0.1:52588 | tcp | |
| N/A | 127.0.0.1:52592 | tcp | |
| N/A | 127.0.0.1:52597 | tcp | |
| N/A | 127.0.0.1:52603 | tcp | |
| N/A | 127.0.0.1:52610 | tcp | |
| US | 8.8.8.8:53 | gmail.coco.uk | udp |
| US | 8.8.8.8:53 | gmaandex.by | udp |
| US | 8.8.8.8:53 | xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ssh.xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | mail.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | ftp.lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | ftp.xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ftp.fie.undef.edu.ar | udp |
| FI | 65.21.238.170:80 | valgrantt.com | tcp |
| BE | 64.233.167.27:110 | aspmx.l.google.com | tcp |
| N/A | 127.0.0.1:52613 | tcp | |
| N/A | 127.0.0.1:52616 | tcp | |
| N/A | 127.0.0.1:52624 | tcp | |
| N/A | 127.0.0.1:52630 | tcp | |
| N/A | 127.0.0.1:52634 | tcp | |
| N/A | 127.0.0.1:52637 | tcp | |
| N/A | 127.0.0.1:52639 | tcp | |
| N/A | 127.0.0.1:52642 | tcp | |
| N/A | 127.0.0.1:52645 | tcp | |
| N/A | 127.0.0.1:52654 | tcp | |
| N/A | 127.0.0.1:52660 | tcp | |
| N/A | 127.0.0.1:52667 | tcp | |
| N/A | 127.0.0.1:52670 | tcp | |
| N/A | 127.0.0.1:52672 | tcp | |
| N/A | 127.0.0.1:52674 | tcp | |
| US | 8.8.8.8:53 | guru.smp.belajar.id | udp |
| US | 8.8.8.8:53 | guru.smp.belajar.id | udp |
| US | 8.8.8.8:53 | stablepizza.com | udp |
| US | 8.8.8.8:53 | xbananaw.xyz | udp |
| US | 8.8.8.8:53 | 32.38.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ftp.scoala3.ro | udp |
| US | 8.8.8.8:53 | ftp.aieseccolombia.org | udp |
| US | 8.8.8.8:53 | ftp.makingmommys.com | udp |
| US | 8.8.8.8:53 | qv.bg | udp |
| US | 8.8.8.8:53 | howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | mail.makingmommys.com | udp |
| US | 8.8.8.8:53 | ssh.gmaandex.by | udp |
| US | 8.8.8.8:53 | ftp.bigpoint.acc | udp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | mail.bigpoint.acc | udp |
| US | 8.8.8.8:53 | ssh.qv.bg | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| US | 8.8.8.8:53 | mail.qv.bg | udp |
| US | 8.8.8.8:53 | ftp.gmaandex.by | udp |
| FR | 193.37.145.65:443 | ahmi.fr | tcp |
| US | 8.8.8.8:53 | gmail.cooolsite.net | udp |
| US | 44.239.178.18:443 | aieseccolombia.org | tcp |
| US | 8.8.8.8:53 | cravetta.edu.it | udp |
| US | 8.8.8.8:53 | yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | sadunco21.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | fallbackmx.spamexperts.eu | udp |
| BR | 187.45.195.26:443 | liveonetrade.com.br | tcp |
| US | 8.8.8.8:53 | hotmai.cocl | udp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| AR | 200.58.105.230:80 | fie.undef.edu.ar | tcp |
| DE | 23.88.84.200:80 | dafnis.com | tcp |
| US | 8.8.8.8:53 | ssh.bigpoint.acc | udp |
| US | 8.8.8.8:53 | lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | ssh.yahooxample.com | udp |
| US | 8.8.8.8:53 | xsvfj.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | makingmommys.com | udp |
| US | 8.8.8.8:53 | mail.gmaandex.by | udp |
| US | 8.8.8.8:53 | mail.yahooxample.com | udp |
| US | 8.8.8.8:53 | yahooxample.com | udp |
| US | 8.8.8.8:53 | gmail.coco.uk | udp |
| TH | 202.28.68.76:80 | mail.wu.ac.th | tcp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| US | 8.8.8.8:53 | xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ftp.kingstonk12.org | udp |
| US | 8.8.8.8:53 | eriglobal-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | liveonetrade-com-br.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | cravetta.edu.it | udp |
| US | 8.8.8.8:53 | gmonline.org.br | udp |
| CA | 23.227.38.32:80 | essencedripscents.com | tcp |
| US | 141.193.213.11:443 | ebpearls.com.au | tcp |
| US | 8.8.8.8:53 | xbananaw.xyz | udp |
| US | 8.8.8.8:53 | SadunCo21.mail.protection.outlook.com | udp |
| US | 34.238.178.141:80 | ftp.kingstonk12.org | tcp |
| US | 8.8.8.8:53 | pop.yahooxample.com | udp |
| US | 8.8.8.8:53 | ftp.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | mail.qv.bg | udp |
| US | 8.8.8.8:53 | ssh.makingmommys.com | udp |
| US | 8.8.8.8:53 | ftp.gmaimsalud.gov.co | udp |
| N/A | 127.0.0.1:52679 | tcp | |
| N/A | 127.0.0.1:52685 | tcp | |
| N/A | 127.0.0.1:52689 | tcp | |
| N/A | 127.0.0.1:52691 | tcp | |
| N/A | 127.0.0.1:52693 | tcp | |
| N/A | 127.0.0.1:52695 | tcp | |
| N/A | 127.0.0.1:52702 | tcp | |
| N/A | 127.0.0.1:52706 | tcp | |
| N/A | 127.0.0.1:52709 | tcp | |
| N/A | 127.0.0.1:52711 | tcp | |
| N/A | 127.0.0.1:52721 | tcp | |
| N/A | 127.0.0.1:52728 | tcp | |
| N/A | 127.0.0.1:52730 | tcp | |
| N/A | 127.0.0.1:52732 | tcp | |
| N/A | 127.0.0.1:52734 | tcp | |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| US | 8.8.8.8:53 | hotmai.cocl | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| GB | 35.214.50.167:443 | stablepizza.com | tcp |
| US | 8.8.8.8:53 | gmonline.org.br | udp |
| US | 8.8.8.8:53 | iainpurwokerto.ac.id | udp |
| US | 8.8.8.8:53 | yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | sadunco21.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | mail.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | ftp.ballyroe.com | udp |
| US | 8.8.8.8:53 | gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | essencedripscents-com.mail.protection.outlook.com | udp |
| BR | 187.45.195.26:80 | liveonetrade.com.br | tcp |
| US | 65.181.111.130:80 | ingegroup.cl | tcp |
| LT | 84.32.84.32:80 | chei.uno | tcp |
| LT | 84.32.84.32:80 | chei.uno | tcp |
| N/A | 127.0.0.1:52738 | tcp | |
| BR | 187.45.195.26:443 | liveonetrade.com.br | tcp |
| US | 198.12.247.192:80 | eriglobal.com | tcp |
| N/A | 127.0.0.1:52752 | tcp | |
| US | 8.8.8.8:53 | ftp.ahmi.fr | udp |
| US | 8.8.8.8:53 | gmail.coco.uk | udp |
| US | 8.8.8.8:53 | ftp.howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | mail.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | mail.gmaandex.by | udp |
| US | 8.8.8.8:53 | xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ftp.mail.wu.ac.th | udp |
| US | 8.8.8.8:53 | ssh.xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ftp.lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | lexbentleyllc.com | udp |
| FI | 65.21.238.170:80 | valgrantt.com | tcp |
| US | 8.8.8.8:53 | iainpurwokerto.ac.id | udp |
| US | 8.8.8.8:53 | hotmail.cois-molinari.eu | udp |
| N/A | 127.0.0.1:52756 | tcp | |
| CA | 67.205.121.216:80 | highlandmultimedia.com | tcp |
| US | 8.8.8.8:53 | ftp.fie.undef.edu.ar | udp |
| US | 8.8.8.8:53 | stablepizza-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | guru.smp.belajar.id | udp |
| US | 8.8.8.8:53 | xbananaw.xyz | udp |
| US | 8.8.8.8:53 | ftp.aieseccolombia.org | udp |
| US | 8.8.8.8:53 | ftp.makingmommys.com | udp |
| US | 8.8.8.8:53 | gmaandex.by | udp |
| US | 8.8.8.8:53 | qv.bg | udp |
| US | 8.8.8.8:53 | gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | mail.makingmommys.com | udp |
| US | 8.8.8.8:53 | 167.50.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ftp.gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | aieseccolombia.org | udp |
| US | 8.8.8.8:53 | ssh.qv.bg | udp |
| US | 8.8.8.8:53 | ftp.gmaandex.by | udp |
| US | 8.8.8.8:53 | pop.qv.bg | udp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| US | 8.8.8.8:53 | ssh.gmaandex.by | udp |
| US | 8.8.8.8:53 | mail.bigpoint.acc | udp |
| US | 8.8.8.8:53 | gmonline.org.br | udp |
| US | 8.8.8.8:53 | hotmail.cois-molinari.eu | udp |
| US | 8.8.8.8:53 | glaucuslogistics.com | udp |
| FR | 193.37.145.65:443 | ftp.ahmi.fr | tcp |
| CA | 67.205.121.216:80 | highlandmultimedia.com | tcp |
| US | 44.239.178.18:443 | aieseccolombia.org | tcp |
| US | 8.8.8.8:53 | sadunco21.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | mail.lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | hotmai.cocl | udp |
| US | 8.8.8.8:53 | ftp.valgrantt.com | udp |
| DE | 23.88.84.200:443 | dafnis.com | tcp |
| US | 8.8.8.8:53 | ssh.bigpoint.acc | udp |
| US | 8.8.8.8:53 | xsvfj.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.yahooxample.com | udp |
| US | 8.8.8.8:53 | yahooxample.com | udp |
| US | 8.8.8.8:53 | mail.gmaandex.by | udp |
| US | 8.8.8.8:53 | ssh.yahooxample.com | udp |
| US | 8.8.8.8:53 | gmail.coco.uk | udp |
| US | 8.8.8.8:53 | ALT2.ASPMX.L.GOOGLE.COM | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| US | 8.8.8.8:53 | navaldc.com | udp |
| US | 8.8.8.8:53 | glaucuslogistics.com | udp |
| US | 8.8.8.8:53 | liveonetrade-com-br.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | guru.smp.belajar.id | udp |
| US | 8.8.8.8:53 | eriglobal-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | xbananaw.xyz | udp |
| US | 8.8.8.8:53 | gmonline.org.br | udp |
| US | 8.8.8.8:53 | SadunCo21.mail.protection.outlook.com | udp |
| PL | 86.105.187.128:80 | ftp.scoala3.ro | tcp |
| US | 8.8.8.8:53 | ftp.liveonetrade.com.br | udp |
| US | 8.8.8.8:53 | makingmommys.com | udp |
| US | 8.8.8.8:53 | ftp.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | mail.qv.bg | udp |
| US | 8.8.8.8:53 | pop.yahooxample.com | udp |
| US | 8.8.8.8:53 | ssh.makingmommys.com | udp |
| US | 8.8.8.8:53 | ftp.dafnis.com | udp |
| US | 8.8.8.8:53 | navaldc.com | udp |
| US | 8.8.8.8:53 | hotmail.cois-molinari.eu | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| US | 8.8.8.8:53 | mail.ballyroe.com | udp |
| US | 8.8.8.8:53 | hotmai.cocl | udp |
| CA | 23.227.38.32:80 | essencedripscents.com | tcp |
| N/A | 127.0.0.1:52758 | tcp | |
| N/A | 127.0.0.1:52769 | tcp | |
| N/A | 127.0.0.1:52773 | tcp | |
| N/A | 127.0.0.1:52779 | tcp | |
| N/A | 127.0.0.1:52781 | tcp | |
| N/A | 127.0.0.1:52783 | tcp | |
| N/A | 127.0.0.1:52785 | tcp | |
| N/A | 127.0.0.1:52787 | tcp | |
| N/A | 127.0.0.1:52792 | tcp | |
| N/A | 127.0.0.1:52796 | tcp | |
| N/A | 127.0.0.1:52809 | tcp | |
| N/A | 127.0.0.1:52812 | tcp | |
| N/A | 127.0.0.1:52814 | tcp | |
| N/A | 127.0.0.1:52817 | tcp | |
| N/A | 127.0.0.1:52820 | tcp | |
| N/A | 127.0.0.1:52823 | tcp | |
| N/A | 127.0.0.1:52825 | tcp | |
| N/A | 127.0.0.1:52827 | tcp | |
| N/A | 127.0.0.1:52829 | tcp | |
| N/A | 127.0.0.1:52831 | tcp | |
| N/A | 127.0.0.1:52834 | tcp | |
| N/A | 127.0.0.1:52837 | tcp | |
| N/A | 127.0.0.1:52841 | tcp | |
| N/A | 127.0.0.1:52851 | tcp | |
| N/A | 127.0.0.1:52857 | tcp | |
| N/A | 127.0.0.1:52859 | tcp | |
| N/A | 127.0.0.1:52862 | tcp | |
| N/A | 127.0.0.1:52865 | tcp | |
| N/A | 127.0.0.1:52867 | tcp | |
| N/A | 127.0.0.1:52872 | tcp | |
| N/A | 127.0.0.1:52883 | tcp | |
| N/A | 127.0.0.1:52885 | tcp | |
| N/A | 127.0.0.1:52887 | tcp | |
| N/A | 127.0.0.1:52895 | tcp | |
| N/A | 127.0.0.1:52897 | tcp | |
| N/A | 127.0.0.1:52900 | tcp | |
| N/A | 127.0.0.1:52904 | tcp | |
| N/A | 127.0.0.1:52909 | tcp | |
| N/A | 127.0.0.1:52917 | tcp | |
| N/A | 127.0.0.1:52923 | tcp | |
| N/A | 127.0.0.1:52925 | tcp | |
| N/A | 127.0.0.1:52928 | tcp | |
| N/A | 127.0.0.1:52931 | tcp | |
| N/A | 127.0.0.1:52935 | tcp | |
| N/A | 127.0.0.1:52938 | tcp | |
| N/A | 127.0.0.1:52941 | tcp | |
| N/A | 127.0.0.1:52943 | tcp | |
| N/A | 127.0.0.1:52950 | tcp | |
| N/A | 127.0.0.1:52961 | tcp | |
| N/A | 127.0.0.1:52967 | tcp | |
| N/A | 127.0.0.1:52971 | tcp | |
| N/A | 127.0.0.1:52973 | tcp | |
| N/A | 127.0.0.1:52976 | tcp | |
| N/A | 127.0.0.1:52978 | tcp | |
| US | 8.8.8.8:53 | stablepizza-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | sadunco21.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | mail.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | ftp.ballyroe.com | udp |
| US | 8.8.8.8:53 | gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | gmail.cooolsite.net | udp |
| AR | 200.58.105.230:80 | fie.undef.edu.ar | tcp |
| LT | 84.32.84.32:80 | chei.uno | tcp |
| US | 107.162.228.20:443 | www.kingstonk12.org | tcp |
| BR | 187.45.195.26:80 | liveonetrade.com.br | tcp |
| TH | 202.28.68.76:80 | mail.wu.ac.th | tcp |
| FI | 65.21.238.170:80 | ftp.valgrantt.com | tcp |
| US | 8.8.8.8:53 | mail.valgrantt.com | udp |
| US | 8.8.8.8:53 | ftp.howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | mail.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | gmail.coco.uk | udp |
| US | 8.8.8.8:53 | ssh.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | ssh.ingegroup.cl | udp |
| US | 8.8.8.8:53 | ftp.lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | ssh.lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | gmonline.org.br | udp |
| US | 8.8.8.8:53 | digiteo.fr | udp |
| US | 8.8.8.8:53 | digiteo.fr | udp |
| US | 8.8.8.8:53 | com.dmu.edu.eg | udp |
| US | 8.8.8.8:53 | ssh.gmaimsalud.gov.co | udp |
| GB | 35.214.50.167:80 | stablepizza.com | tcp |
| IT | 195.110.124.133:80 | cravetta.edu.it | tcp |
| IT | 195.110.124.133:80 | cravetta.edu.it | tcp |
| US | 141.193.213.11:80 | ebpearls.com.au | tcp |
| US | 8.8.8.8:53 | mail.gmaandex.by | udp |
| US | 8.8.8.8:53 | ssh.xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | essencedripscents-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | guru.smp.belajar.id | udp |
| US | 8.8.8.8:53 | ftp.eriglobal.com | udp |
| US | 8.8.8.8:53 | ftp.mail.wu.ac.th | udp |
| US | 8.8.8.8:53 | lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | xbananaw.xyz | udp |
| US | 8.8.8.8:53 | ftp.aieseccolombia.org | udp |
| US | 8.8.8.8:53 | ftp.makingmommys.com | udp |
| US | 8.8.8.8:53 | gmaandex.by | udp |
| US | 8.8.8.8:53 | qv.bg | udp |
| US | 8.8.8.8:53 | gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | ftp.gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | mail.howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | mail.makingmommys.com | udp |
| US | 8.8.8.8:53 | ftp.gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | ssh.qv.bg | udp |
| US | 8.8.8.8:53 | pop.qv.bg | udp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | mail.bigpoint.acc | udp |
| US | 8.8.8.8:53 | com.dmu.edu.eg | udp |
| US | 8.8.8.8:53 | login-freiburg.de | udp |
| US | 8.8.8.8:53 | ftp.fie.undef.edu.ar | udp |
| US | 8.8.8.8:53 | yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | sadunco21.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | mail.lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | ftp.ebpearls.com.au | udp |
| US | 8.8.8.8:53 | ssh.scoala3.ro | udp |
| US | 8.8.8.8:53 | ftp.highlandmultimedia.com | udp |
| US | 8.8.8.8:53 | hotmai.cocl | udp |
| FR | 193.37.145.65:443 | ftp.ahmi.fr | tcp |
| US | 44.239.178.18:443 | aieseccolombia.org | tcp |
| DE | 23.88.84.200:80 | dafnis.com | tcp |
| US | 8.8.8.8:53 | ssh.liveonetrade.com.br | udp |
| US | 8.8.8.8:53 | pop.bigpoint.acc | udp |
| US | 8.8.8.8:53 | ssh.bigpoint.acc | udp |
| US | 8.8.8.8:53 | mail.gmaandex.by | udp |
| US | 8.8.8.8:53 | ssh.yahooxample.com | udp |
| US | 8.8.8.8:53 | mail.yahooxample.com | udp |
| US | 8.8.8.8:53 | xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | xsvfj.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | yahooxample.com | udp |
| US | 8.8.8.8:53 | mail.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | login-freiburg.de | udp |
| US | 8.8.8.8:53 | tercommunity.one | udp |
| US | 8.8.8.8:53 | hotmail.cois-molinari.eu | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| US | 8.8.8.8:53 | eriglobal-com.mail.protection.outlook.com | udp |
| US | 104.21.12.219:80 | iainpurwokerto.ac.id | tcp |
| CA | 67.205.121.216:80 | ftp.highlandmultimedia.com | tcp |
| US | 8.8.8.8:53 | guru.smp.belajar.id | udp |
| US | 8.8.8.8:53 | stablepizza-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | xbananaw.xyz | udp |
| US | 8.8.8.8:53 | gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | ssh.kingstonk12.org | udp |
| US | 8.8.8.8:53 | SadunCo21.mail.protection.outlook.com | udp |
| FR | 15.236.61.92:993 | mx2.improvmx.com | tcp |
| US | 8.8.8.8:53 | gmonline.org.br | udp |
| US | 8.8.8.8:53 | gmail.coco.uk | udp |
| US | 8.8.8.8:53 | makingmommys.com | udp |
| US | 8.8.8.8:53 | ftp.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | ssh.makingmommys.com | udp |
| US | 8.8.8.8:53 | mail.qv.bg | udp |
| US | 8.8.8.8:53 | pop.yahooxample.com | udp |
| US | 8.8.8.8:53 | dafnis.com | udp |
| US | 8.8.8.8:53 | ftp.ingegroup.cl | udp |
| US | 8.8.8.8:53 | ftp.liveonetrade.com.br | udp |
| US | 8.8.8.8:53 | ftp.dafnis.com | udp |
| US | 8.8.8.8:53 | digiteo.fr | udp |
| US | 8.8.8.8:53 | tercommunity.one | udp |
| US | 8.8.8.8:53 | mx2.mijndomein.nl | udp |
| US | 8.8.8.8:53 | ssh.ballyroe.com | udp |
| CA | 23.227.38.32:80 | essencedripscents.com | tcp |
| US | 8.8.8.8:53 | mail.ballyroe.com | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| US | 8.8.8.8:53 | ftp.chei.uno | udp |
| US | 8.8.8.8:53 | chei.uno | udp |
| US | 8.8.8.8:53 | yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | sadunco21.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | mail.gmaimsalud.gov.co | udp |
| LT | 84.32.84.32:80 | chei.uno | tcp |
| FI | 65.21.238.170:80 | mail.valgrantt.com | tcp |
| US | 34.238.178.141:80 | ftp.kingstonk12.org | tcp |
| US | 8.8.8.8:53 | liveonetrade-com-br.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | ftp.ballyroe.com | udp |
| US | 8.8.8.8:53 | ssh.howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | pop.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | ssh.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | ftp.howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | mail.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | ssh.ingegroup.cl | udp |
| US | 8.8.8.8:53 | ftp.lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | ssh.lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | 219.12.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mailzm.com | udp |
| US | 8.8.8.8:53 | gmonline.org.br | udp |
| US | 8.8.8.8:53 | ftp.hotmai.cocl | udp |
| US | 8.8.8.8:53 | hotmai.cocl | udp |
| GB | 35.214.50.167:80 | stablepizza.com | tcp |
| IT | 195.110.124.133:80 | cravetta.edu.it | tcp |
| IT | 195.110.124.133:80 | cravetta.edu.it | tcp |
| US | 8.8.8.8:53 | mailer1.campus-paris-saclay.fr | udp |
| US | 8.8.8.8:53 | ssh.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | com-dmu-edu-eg.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | hotmail.cois-molinari.eu | udp |
| US | 8.8.8.8:53 | essencedripscents-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ssh.xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | mail.gmaandex.by | udp |
| US | 8.8.8.8:53 | guru.smp.belajar.id | udp |
| US | 8.8.8.8:53 | ftp.eriglobal.com | udp |
| US | 8.8.8.8:53 | ftp.mail.wu.ac.th | udp |
| US | 8.8.8.8:53 | lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | mail.lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | ftp.aieseccolombia.org | udp |
| US | 8.8.8.8:53 | gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | ssh.gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | qv.bg | udp |
| US | 8.8.8.8:53 | ftp.gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | gmaandex.by | udp |
| US | 8.8.8.8:53 | mail.howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | mail.makingmommys.com | udp |
| US | 8.8.8.8:53 | ftp.gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | ssh.qv.bg | udp |
| US | 8.8.8.8:53 | pop.qv.bg | udp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | mail.bigpoint.acc | udp |
| US | 8.8.8.8:53 | ssh.gmaandex.by | udp |
| US | 8.8.8.8:53 | mailzm.com | udp |
| US | 8.8.8.8:53 | gmcom.br | udp |
| SG | 68.178.224.133:80 | glaucuslogistics.com | tcp |
| US | 8.8.8.8:53 | loginfreiburg-de01c.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | digiteo.fr | udp |
| US | 141.193.213.11:443 | ebpearls.com.au | tcp |
| BR | 187.45.195.26:80 | liveonetrade.com.br | tcp |
| US | 8.8.8.8:53 | com.dmu.edu.eg | udp |
| US | 8.8.8.8:53 | yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | ftp.essencedripscents.com | udp |
| US | 8.8.8.8:53 | mail.gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | sadunco21.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ftp.ebpearls.com.au | udp |
| US | 8.8.8.8:53 | ftp.fie.undef.edu.ar | udp |
| US | 8.8.8.8:53 | ssh.valgrantt.com | udp |
| AR | 200.58.105.230:80 | fie.undef.edu.ar | tcp |
| TH | 202.28.68.76:80 | mail.wu.ac.th | tcp |
| DE | 23.88.84.200:443 | dafnis.com | tcp |
| US | 8.8.8.8:53 | ssh.scoala3.ro | udp |
| US | 8.8.8.8:53 | hotmai.cocl | udp |
| US | 8.8.8.8:53 | ssh.bigpoint.acc | udp |
| US | 8.8.8.8:53 | pop.bigpoint.acc | udp |
| US | 8.8.8.8:53 | xsvfj.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.yahooxample.com | udp |
| US | 8.8.8.8:53 | xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | yahooxample.com | udp |
| US | 8.8.8.8:53 | ftp.xbananaw.xyz | udp |
| US | 8.8.8.8:53 | pop.gmaandex.by | udp |
| US | 8.8.8.8:53 | ssh.liveonetrade.com.br | udp |
| US | 8.8.8.8:53 | mail.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | gmcom.br | udp |
| US | 8.8.8.8:53 | jcasolicitors.co.uk | udp |
| US | 8.8.8.8:53 | mail.tercommunity.one | udp |
| FR | 193.37.145.65:443 | ftp.ahmi.fr | tcp |
| US | 44.239.178.18:443 | aieseccolombia.org | tcp |
| IE | 34.249.138.199:80 | navaldc.com | tcp |
| IE | 34.249.138.199:80 | navaldc.com | tcp |
| US | 8.8.8.8:53 | mail.ballyroe.com | udp |
| US | 8.8.8.8:53 | hotmail.cois-molinari.eu | udp |
| US | 8.8.8.8:53 | SadunCo21.mail.protection.outlook.com | udp |
| US | 104.21.12.219:443 | iainpurwokerto.ac.id | tcp |
| US | 8.8.8.8:53 | eriglobal-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | bfe09c.myshopify.com | udp |
| US | 8.8.8.8:53 | guru.smp.belajar.id | udp |
| US | 8.8.8.8:53 | stablepizza-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | xbananaw.xyz | udp |
| US | 8.8.8.8:53 | mx1.improvmx.com | udp |
| US | 8.8.8.8:53 | ssh.kingstonk12.org | udp |
| US | 8.8.8.8:53 | gmail.choo.co.uk | udp |
| PL | 86.105.187.128:80 | ftp.scoala3.ro | tcp |
| US | 8.8.8.8:53 | gmonline.org.br | udp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | jcasolicitors.co.uk | udp |
| US | 8.8.8.8:53 | gmit.edu | udp |
| US | 8.8.8.8:53 | gmail.coco.uk | udp |
| US | 8.8.8.8:53 | makingmommys.com | udp |
| US | 8.8.8.8:53 | ssh.dafnis.com | udp |
| US | 8.8.8.8:53 | ssh.makingmommys.com | udp |
| US | 8.8.8.8:53 | pop.yahooxample.com | udp |
| US | 8.8.8.8:53 | ftp.dafnis.com | udp |
| US | 8.8.8.8:53 | mail.qv.bg | udp |
| US | 8.8.8.8:53 | com.dmu.edu.eg | udp |
| US | 8.8.8.8:53 | digiteo.fr | udp |
| US | 8.8.8.8:53 | ftp.liveonetrade.com.br | udp |
| CA | 67.205.121.216:80 | ftp.highlandmultimedia.com | tcp |
| US | 8.8.8.8:53 | ssh.ballyroe.com | udp |
| US | 8.8.8.8:53 | mail.ballyroe.com | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| US | 8.8.8.8:53 | ssh.eriglobal.com | udp |
| US | 8.8.8.8:53 | ftp.chei.uno | udp |
| US | 8.8.8.8:53 | sadunco21.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | mail.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | mail.howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | liveonetrade-com-br.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | ftp.ballyroe.com | udp |
| US | 8.8.8.8:53 | www.kingstonk12.org | udp |
| US | 8.8.8.8:53 | ftp.howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | ssh.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | mail.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | pop.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | ssh.lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | ssh.ingegroup.cl | udp |
| US | 198.12.247.192:80 | eriglobal.com | tcp |
| LT | 84.32.84.32:80 | chei.uno | tcp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | gmit.edu | udp |
| US | 8.8.8.8:53 | 199.138.249.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gmcom.br | udp |
| US | 8.8.8.8:53 | ssh.fie.undef.edu.ar | udp |
| US | 23.236.62.147:80 | login-freiburg.de | tcp |
| US | 8.8.8.8:53 | ssh.mail.wu.ac.th | udp |
| CA | 23.227.38.74:80 | bfe09c.myshopify.com | tcp |
| GB | 35.214.50.167:80 | stablepizza.com | tcp |
| IT | 195.110.124.133:80 | cravetta.edu.it | tcp |
| US | 8.8.8.8:53 | mail.hotmai.cocl | udp |
| US | 8.8.8.8:53 | mailer1.campus-paris-saclay.fr | udp |
| US | 8.8.8.8:53 | ftp.yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | com-dmu-edu-eg.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ftp.sadunco21.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ssh.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | hotmail.cois-molinari.eu | udp |
| US | 8.8.8.8:53 | ssh.xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ssh.ebpearls.com.au | udp |
| US | 8.8.8.8:53 | mail.gmaandex.by | udp |
| US | 8.8.8.8:53 | guru.smp.belajar.id | udp |
| US | 8.8.8.8:53 | ftp.eriglobal.com | udp |
| US | 8.8.8.8:53 | ssh.gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | xbananaw.xyz | udp |
| US | 8.8.8.8:53 | mail.lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | ssh.gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | qv.bg | udp |
| US | 8.8.8.8:53 | gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | ftp.gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | gmaandex.by | udp |
| US | 8.8.8.8:53 | ftp.stablepizza.com | udp |
| US | 8.8.8.8:53 | pop.qv.bg | udp |
| US | 8.8.8.8:53 | mail.bigpoint.acc | udp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | pop.makingmommys.com | udp |
| US | 8.8.8.8:53 | ftp.gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | jcasolicitors.co.uk | udp |
| US | 8.8.8.8:53 | marlestonsa.com.au | udp |
| US | 8.8.8.8:53 | ftp.mail.wu.ac.th | udp |
| US | 8.8.8.8:53 | gmonline.org.br | udp |
| US | 8.8.8.8:53 | mailgw.ns36.de | udp |
| DE | 92.222.212.92:80 | mail.tercommunity.one | tcp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | ftp.hotmai.cocl | udp |
| US | 8.8.8.8:53 | digiteo.fr | udp |
| US | 8.8.8.8:53 | loginfreiburg-de01c.mail.protection.outlook.com | udp |
| US | 107.162.228.20:443 | www.kingstonk12.org | tcp |
| US | 8.8.8.8:53 | lastmx.spamexperts.net | udp |
| US | 8.8.8.8:53 | ssh.highlandmultimedia.com | udp |
| US | 8.8.8.8:53 | com.dmu.edu.eg | udp |
| US | 8.8.8.8:53 | ftp.essencedripscents.com | udp |
| US | 8.8.8.8:53 | mail.gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | sadunco21.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | ssh.valgrantt.com | udp |
| US | 8.8.8.8:53 | ssh.gmaandex.by | udp |
| US | 8.8.8.8:53 | ssh.scoala3.ro | udp |
| US | 8.8.8.8:53 | gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | hotmai.cocl | udp |
| US | 8.8.8.8:53 | mail.makingmommys.com | udp |
| US | 8.8.8.8:53 | ssh.bigpoint.acc | udp |
| US | 8.8.8.8:53 | pop.bigpoint.acc | udp |
| US | 8.8.8.8:53 | xsvfj.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ftp.xbananaw.xyz | udp |
| US | 8.8.8.8:53 | pop.gmaandex.by | udp |
| US | 8.8.8.8:53 | mail.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | mail.xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | mail.yahooxample.com | udp |
| US | 8.8.8.8:53 | imap.yahooxample.com | udp |
| US | 8.8.8.8:53 | gmit.edu | udp |
| US | 8.8.8.8:53 | marlestonsa.com.au | udp |
| US | 8.8.8.8:53 | cooperflack.net | udp |
| US | 8.8.8.8:53 | seharris.co | udp |
| US | 8.8.8.8:53 | gmcom.br | udp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | 147.62.236.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.38.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jcasolicitors-co-uk.mail.protection.outlook.com | udp |
| IE | 34.249.138.199:80 | navaldc.com | tcp |
| IE | 34.249.138.199:80 | navaldc.com | tcp |
| US | 44.239.178.18:443 | aieseccolombia.org | tcp |
| FR | 193.37.145.65:443 | ftp.ahmi.fr | tcp |
| US | 141.193.213.11:443 | ebpearls.com.au | tcp |
| US | 8.8.8.8:53 | mail.ballyroe.com | udp |
| US | 8.8.8.8:53 | SadunCo21.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mailer1.campus-paris-saclay.fr | udp |
| US | 8.8.8.8:53 | ssh.chei.uno | udp |
| US | 8.8.8.8:53 | ftp.guru.smp.belajar.id | udp |
| US | 8.8.8.8:53 | ssh.hotmai.cocl | udp |
| US | 8.8.8.8:53 | ssh.kingstonk12.org | udp |
| US | 8.8.8.8:53 | xbananaw.xyz | udp |
| US | 8.8.8.8:53 | ftp.ebpearls.com.au | udp |
| US | 8.8.8.8:53 | mail.xbananaw.xyz | udp |
| US | 8.8.8.8:53 | ssh.liveonetrade.com.br | udp |
| DE | 23.88.84.200:80 | dafnis.com | tcp |
| US | 8.8.8.8:53 | cooperflack.net | udp |
| US | 8.8.8.8:53 | seharris.co | udp |
| US | 8.8.8.8:53 | yahoo.co.jpl.com | udp |
| US | 8.8.8.8:53 | jcasolicitors.co.uk | udp |
| US | 8.8.8.8:53 | gmail.coco.uk | udp |
| US | 8.8.8.8:53 | ftp.dafnis.com | udp |
| US | 8.8.8.8:53 | ssh.makingmommys.com | udp |
| US | 8.8.8.8:53 | makingmommys.com | udp |
| US | 8.8.8.8:53 | pop3.yahooxample.com | udp |
| US | 8.8.8.8:53 | imap.qv.bg | udp |
| US | 8.8.8.8:53 | com.dmu.edu.eg | udp |
| US | 8.8.8.8:53 | ssh.dafnis.com | udp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | hotmail.cois-molinari.eu | udp |
| US | 8.8.8.8:53 | guru.smp.belajar.id | udp |
| US | 8.8.8.8:53 | www.login-freiburg.de | udp |
| US | 8.8.8.8:53 | 92.212.222.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ftp.cravetta.edu.it | udp |
| US | 8.8.8.8:53 | digiteo.fr | udp |
| US | 8.8.8.8:53 | stablepizza-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gmonline.org.br | udp |
| BR | 187.45.195.26:443 | liveonetrade.com.br | tcp |
| TH | 202.28.68.76:80 | mail.wu.ac.th | tcp |
| US | 104.21.12.219:80 | iainpurwokerto.ac.id | tcp |
| US | 8.8.8.8:53 | ssh.ballyroe.com | udp |
| US | 8.8.8.8:53 | mail.ballyroe.com | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| US | 8.8.8.8:53 | mail.liveonetrade.com.br | udp |
| US | 8.8.8.8:53 | ssh.eriglobal.com | udp |
| US | 8.8.8.8:53 | ftp.chei.uno | udp |
| US | 8.8.8.8:53 | sadunco21.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | mail.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | liveonetrade-com-br.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | mail.gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | mail.howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | ssh.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | pop.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | pop.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | ssh.howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | ssh.lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | yahoo.co.jpl.com | udp |
| US | 8.8.8.8:53 | live.shu.edu.tw | udp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | gmit.edu | udp |
| LT | 84.32.84.32:80 | chei.uno | tcp |
| SG | 68.178.224.133:80 | glaucuslogistics.com | tcp |
| DE | 91.195.240.13:80 | mailzm.com | tcp |
| US | 8.8.8.8:53 | ssh.fie.undef.edu.ar | udp |
| US | 8.8.8.8:53 | ssh.mail.wu.ac.th | udp |
| CA | 67.205.121.216:80 | ftp.highlandmultimedia.com | tcp |
| GB | 35.214.50.167:80 | stablepizza.com | tcp |
| IT | 195.110.124.133:80 | cravetta.edu.it | tcp |
| US | 8.8.8.8:53 | ftp.gmonline.org.br | udp |
| US | 8.8.8.8:53 | ssh.ingegroup.cl | udp |
| US | 8.8.8.8:53 | mail.yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | mail.hotmai.cocl | udp |
| US | 8.8.8.8:53 | mailer1.campus-paris-saclay.fr | udp |
| US | 8.8.8.8:53 | ftp.yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | com-dmu-edu-eg.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | ftp.sadunco21.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ssh.essencedripscents.com | udp |
| US | 8.8.8.8:53 | ssh.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | essencedripscents-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | hotmail.cois-molinari.eu | udp |
| US | 8.8.8.8:53 | ssh.ebpearls.com.au | udp |
| US | 8.8.8.8:53 | ftp.eriglobal.com | udp |
| US | 8.8.8.8:53 | mail.gmaandex.by | udp |
| US | 8.8.8.8:53 | ssh.gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | ssh.aieseccolombia.org | udp |
| US | 8.8.8.8:53 | eriglobal-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ftp.iainpurwokerto.ac.id | udp |
| US | 8.8.8.8:53 | mail.lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | ftp.gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | ssh.gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | mail.qv.bg | udp |
| US | 8.8.8.8:53 | xbananaw.xyz | udp |
| US | 8.8.8.8:53 | lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | ftp.stablepizza.com | udp |
| US | 8.8.8.8:53 | gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | gmaandex.by | udp |
| US | 8.8.8.8:53 | pop3.qv.bg | udp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | pop.makingmommys.com | udp |
| US | 8.8.8.8:53 | mail.bigpoint.acc | udp |
| US | 8.8.8.8:53 | live.shu.edu.tw | udp |
| US | 8.8.8.8:53 | jcasolicitors.co.uk | udp |
| DE | 92.222.212.92:80 | mail.tercommunity.one | tcp |
| US | 8.8.8.8:53 | gmonline.org.br | udp |
| US | 8.8.8.8:53 | ssh.xbananaw.xyz | udp |
| US | 8.8.8.8:53 | ftp.hotmai.cocl | udp |
| US | 8.8.8.8:53 | loginfreiburg-de01c.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | digiteo.fr | udp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | guru.smp.belajar.id | udp |
| US | 8.8.8.8:53 | pop.lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | ssh.highlandmultimedia.com | udp |
| US | 8.8.8.8:53 | com.dmu.edu.eg | udp |
| US | 8.8.8.8:53 | ftp.essencedripscents.com | udp |
| US | 8.8.8.8:53 | mail.gmail.cooolsite.net | udp |
| US | 34.149.87.45:443 | www.login-freiburg.de | tcp |
| US | 8.8.8.8:53 | ssh.valgrantt.com | udp |
| US | 8.8.8.8:53 | tussahsilk.com | udp |
| US | 8.8.8.8:53 | femailtor.com | udp |
| US | 8.8.8.8:53 | gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | mail.hotmai.cocl | udp |
| US | 8.8.8.8:53 | ssh.scoala3.ro | udp |
| US | 8.8.8.8:53 | pop.ahmi.fr | udp |
| US | 8.8.8.8:53 | ftp.xbananaw.xyz | udp |
| US | 8.8.8.8:53 | mail.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | gmit.edu | udp |
| US | 8.8.8.8:53 | pop.gmaandex.by | udp |
| US | 8.8.8.8:53 | mail.yahooxample.com | udp |
| US | 8.8.8.8:53 | seharris-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | imap.yahooxample.com | udp |
| US | 8.8.8.8:53 | mail.xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | gmcom.br | udp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | jcasolicitors-co-uk.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| IE | 34.249.138.199:80 | navaldc.com | tcp |
| US | 8.8.8.8:53 | 13.240.195.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.makingmommys.com | udp |
| US | 8.8.8.8:53 | xsvfj.mail.protection.outlook.com | udp |
| US | 198.12.247.192:80 | eriglobal.com | tcp |
| US | 8.8.8.8:53 | SadunCo21.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.ballyroe.com | udp |
| US | 8.8.8.8:53 | hotmai.cocl | udp |
| US | 8.8.8.8:53 | mailer1.campus-paris-saclay.fr | udp |
| US | 8.8.8.8:53 | yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | ssh.chei.uno | udp |
| US | 8.8.8.8:53 | ftp.guru.smp.belajar.id | udp |
| US | 8.8.8.8:53 | ssh.kingstonk12.org | udp |
| US | 8.8.8.8:53 | ssh.hotmai.cocl | udp |
| US | 8.8.8.8:53 | mail.xbananaw.xyz | udp |
| US | 8.8.8.8:53 | xbananaw.xyz | udp |
| US | 8.8.8.8:53 | ftp.ebpearls.com.au | udp |
| US | 8.8.8.8:53 | tussahsilk.com | udp |
| US | 8.8.8.8:53 | alumno.unsm.edu.pe | udp |
| US | 8.8.8.8:53 | femailtor.com | udp |
| US | 8.8.8.8:53 | ssh.gmaandex.by | udp |
| DE | 23.88.84.200:443 | dafnis.com | tcp |
| US | 141.193.213.11:443 | ebpearls.com.au | tcp |
| US | 8.8.8.8:53 | yahoo.co.jpl.com | udp |
| US | 8.8.8.8:53 | ssh.liveonetrade.com.br | udp |
| US | 8.8.8.8:53 | ftp.glaucuslogistics.com | udp |
| US | 8.8.8.8:53 | gmail.coco.uk | udp |
| US | 8.8.8.8:53 | ssh.makingmommys.com | udp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | imap.qv.bg | udp |
| US | 34.238.178.141:80 | ftp.kingstonk12.org | tcp |
| US | 8.8.8.8:53 | com.dmu.edu.eg | udp |
| US | 8.8.8.8:53 | ssh.dafnis.com | udp |
| US | 8.8.8.8:53 | pop3.yahooxample.com | udp |
| US | 8.8.8.8:53 | makingmommys.com | udp |
| US | 8.8.8.8:53 | pop.bigpoint.acc | udp |
| US | 8.8.8.8:53 | ftp.hotmail.cois-molinari.eu | udp |
| US | 8.8.8.8:53 | hotmail.cois-molinari.eu | udp |
| US | 8.8.8.8:53 | 45.87.149.34.in-addr.arpa | udp |
| FR | 193.37.145.65:443 | ftp.ahmi.fr | tcp |
| US | 8.8.8.8:53 | gmonline.org.br | udp |
| US | 8.8.8.8:53 | ftp.cravetta.edu.it | udp |
| US | 8.8.8.8:53 | stablepizza-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | digiteo.fr | udp |
| US | 8.8.8.8:53 | ssh.ballyroe.com | udp |
| US | 8.8.8.8:53 | mx0.lcn.com | udp |
| US | 8.8.8.8:53 | pop.ballyroe.com | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| US | 8.8.8.8:53 | ssh.eriglobal.com | udp |
| US | 8.8.8.8:53 | pop.valgrantt.com | udp |
| US | 8.8.8.8:53 | mail.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | ssh.sadunco21.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | sadunco21.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | mail.liveonetrade.com.br | udp |
| US | 8.8.8.8:53 | ftp.chei.uno | udp |
| US | 8.8.8.8:53 | gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | mail.gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | mail.howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | ssh.yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | liveonetrade-com-br.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ssh.ahmi.fr | udp |
| US | 8.8.8.8:53 | ftp.navaldc.com | udp |
| US | 8.8.8.8:53 | pop.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | ssh.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | ssh.lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | ssh.howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | jcasolicitors.co.uk | udp |
| US | 8.8.8.8:53 | alumno.unsm.edu.pe | udp |
| US | 8.8.8.8:53 | femailtor.com | udp |
| US | 8.8.8.8:53 | student.prasetiyamulya.ac.id | udp |
| DE | 91.195.240.13:80 | mailzm.com | tcp |
| US | 8.8.8.8:53 | yahoo.co.jpl.com | udp |
| US | 8.8.8.8:53 | 16014780.mail.outlook.com | udp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | gmit.edu | udp |
| US | 8.8.8.8:53 | gmcom.br | udp |
| BR | 187.45.195.26:80 | liveonetrade.com.br | tcp |
| GB | 35.214.50.167:80 | stablepizza.com | tcp |
| IT | 195.110.124.133:80 | cravetta.edu.it | tcp |
| US | 104.21.12.219:443 | ftp.iainpurwokerto.ac.id | tcp |
| US | 8.8.8.8:53 | ssh.mail.wu.ac.th | udp |
| US | 8.8.8.8:53 | ssh.fie.undef.edu.ar | udp |
| US | 8.8.8.8:53 | student.prasetiyamulya.ac.id | udp |
| US | 8.8.8.8:53 | pop.makingmommys.com | udp |
| US | 8.8.8.8:53 | pop.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | pop3.qv.bg | udp |
| US | 8.8.8.8:53 | mail.bigpoint.acc | udp |
| PL | 86.105.187.128:80 | ftp.scoala3.ro | tcp |
| DE | 92.222.212.92:80 | mail.tercommunity.one | tcp |
| CA | 23.227.38.32:80 | essencedripscents.com | tcp |
| US | 8.8.8.8:53 | mailer1.campus-paris-saclay.fr | udp |
| US | 8.8.8.8:53 | ssh.xbananaw.xyz | udp |
| US | 8.8.8.8:53 | ftp.hotmai.cocl | udp |
| US | 8.8.8.8:53 | mail.gmonline.org.br | udp |
| US | 8.8.8.8:53 | ssh.stablepizza.com | udp |
| US | 8.8.8.8:53 | ssh.ingegroup.cl | udp |
| US | 8.8.8.8:53 | mail.yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | ftp.yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | com-dmu-edu-eg.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.hotmai.cocl | udp |
| US | 8.8.8.8:53 | essencedripscents-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ftp.gmonline.org.br | udp |
| US | 8.8.8.8:53 | gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | ftp.sadunco21.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | hotmail.cois-molinari.eu | udp |
| US | 8.8.8.8:53 | ssh.guru.smp.belajar.id | udp |
| US | 8.8.8.8:53 | ssh.essencedripscents.com | udp |
| US | 8.8.8.8:53 | ssh.ebpearls.com.au | udp |
| US | 8.8.8.8:53 | ssh.gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | mail.gmaandex.by | udp |
| US | 8.8.8.8:53 | pop.howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | ssh.aieseccolombia.org | udp |
| US | 8.8.8.8:53 | mail.lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | ftp.stablepizza.com | udp |
| US | 8.8.8.8:53 | ssh.gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | gmaandex.by | udp |
| US | 8.8.8.8:53 | mail.xbananaw.xyz | udp |
| US | 8.8.8.8:53 | eriglobal-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.qv.bg | udp |
| CA | 67.205.121.216:80 | ftp.highlandmultimedia.com | tcp |
| US | 8.8.8.8:53 | ftp.digiteo.fr | udp |
| US | 8.8.8.8:53 | digiteo.fr | udp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | guru.smp.belajar.id | udp |
| US | 8.8.8.8:53 | pop.lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | xbananaw.xyz | udp |
| US | 8.8.8.8:53 | ssh.highlandmultimedia.com | udp |
| US | 8.8.8.8:53 | pop.dafnis.com | udp |
| US | 8.8.8.8:53 | com.dmu.edu.eg | udp |
| US | 8.8.8.8:53 | ftp.essencedripscents.com | udp |
| US | 8.8.8.8:53 | mail.gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | yahoo.co.jpl.com | udp |
| US | 8.8.8.8:53 | alumno.unsm.edu.pe | udp |
| US | 8.8.8.8:53 | landtecna.com | udp |
| AU | 27.50.67.241:80 | marlestonsa.com.au | tcp |
| US | 23.236.62.147:80 | login-freiburg.de | tcp |
| US | 192.64.119.124:80 | seharris.co | tcp |
| US | 8.8.8.8:53 | seharris-co.mail.protection.outlook.com | udp |
| US | 104.21.12.219:443 | ftp.iainpurwokerto.ac.id | tcp |
| US | 8.8.8.8:53 | route1.mx.cloudflare.net | udp |
| US | 8.8.8.8:53 | jcasolicitors.co.uk | udp |
| US | 8.8.8.8:53 | ftp.com.dmu.edu.eg | udp |
| US | 8.8.8.8:53 | ssh.scoala3.ro | udp |
| US | 8.8.8.8:53 | xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | mail.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | imap.yahooxample.com | udp |
| US | 8.8.8.8:53 | gmit.edu | udp |
| US | 8.8.8.8:53 | mail.yahooxample.com | udp |
| US | 8.8.8.8:53 | mail.xsvfj.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | gmcom.br | udp |
| US | 8.8.8.8:53 | ftp.xbananaw.xyz | udp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | ssh.cravetta.edu.it | udp |
| US | 8.8.8.8:53 | jcasolicitors-co-uk.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | imap.bigpoint.acc | udp |
| US | 8.8.8.8:53 | mail.iainpurwokerto.ac.id | udp |
| IE | 34.249.138.199:80 | ftp.navaldc.com | tcp |
| GB | 85.233.160.184:80 | cooperflack.net | tcp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | xsvfj.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.makingmommys.com | udp |
| US | 8.8.8.8:53 | ssh.valgrantt.com | udp |
| US | 8.8.8.8:53 | SadunCo21.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.ballyroe.com | udp |
| US | 8.8.8.8:53 | mailer1.campus-paris-saclay.fr | udp |
| US | 8.8.8.8:53 | mail.gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | ssh.chei.uno | udp |
| US | 8.8.8.8:53 | mail.yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | ftp.guru.smp.belajar.id | udp |
| US | 8.8.8.8:53 | ssh.kingstonk12.org | udp |
| US | 8.8.8.8:53 | ssh.hotmai.cocl | udp |
| US | 8.8.8.8:53 | mail.xbananaw.xyz | udp |
| US | 8.8.8.8:53 | femailtor.com | udp |
| US | 8.8.8.8:53 | tussahsilk.com | udp |
| TW | 192.192.150.231:80 | live.shu.edu.tw | tcp |
| DE | 23.88.84.200:80 | dafnis.com | tcp |
| US | 8.8.8.8:53 | sadunco21.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ssh.liveonetrade.com.br | udp |
| US | 8.8.8.8:53 | dafnis.com | udp |
| US | 8.8.8.8:53 | ftp.login-freiburg.de | udp |
| US | 8.8.8.8:53 | gmail.coco.uk | udp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | imap.qv.bg | udp |
| US | 8.8.8.8:53 | ssh.dafnis.com | udp |
| US | 8.8.8.8:53 | makingmommys.com | udp |
| US | 8.8.8.8:53 | pop3.bigpoint.acc | udp |
| US | 8.8.8.8:53 | com.dmu.edu.eg | udp |
| US | 8.8.8.8:53 | pop3.yahooxample.com | udp |
| US | 8.8.8.8:53 | mail.hotmail.cois-molinari.eu | udp |
| US | 8.8.8.8:53 | ftp.hotmail.cois-molinari.eu | udp |
| US | 8.8.8.8:53 | hotmail.cois-molinari.eu | udp |
| US | 8.8.8.8:53 | folex.fr | udp |
| US | 8.8.8.8:53 | 241.67.50.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.119.64.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | alumno.unsm.edu.pe | udp |
| US | 8.8.8.8:53 | stablepizza-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | digiteo.fr | udp |
| US | 8.8.8.8:53 | ssh.ballyroe.com | udp |
| US | 8.8.8.8:53 | gmonline.org.br | udp |
| US | 8.8.8.8:53 | ssh.gmonline.org.br | udp |
| US | 8.8.8.8:53 | mail.eriglobal.com | udp |
| US | 8.8.8.8:53 | pop.ballyroe.com | udp |
| US | 8.8.8.8:53 | ballyroe.com | udp |
| US | 8.8.8.8:53 | imap.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | pop.valgrantt.com | udp |
| US | 8.8.8.8:53 | mail.liveonetrade.com.br | udp |
| US | 8.8.8.8:53 | ssh.sadunco21.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ftp.tercommunity.one | udp |
| US | 8.8.8.8:53 | liveonetrade-com-br.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | ssh.yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | mail.howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | ssh.ahmi.fr | udp |
| US | 8.8.8.8:53 | howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | pop.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | ssh.lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | ssh.gmail.coco.uk | udp |
| US | 8.8.8.8:53 | jcasolicitors.co.uk | udp |
| US | 8.8.8.8:53 | ssh.howtogetafreeiphone.infoco.th | udp |
| FR | 193.37.145.65:443 | ftp.ahmi.fr | tcp |
| DE | 91.195.240.13:80 | mailzm.com | tcp |
| US | 8.8.8.8:53 | student-prasetiyamulya-ac-id.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | yahoo.co.jpl.com | udp |
| US | 8.8.8.8:53 | gmit.edu | udp |
| US | 8.8.8.8:53 | gmcom.br | udp |
| US | 8.8.8.8:53 | 16014780.mail.outlook.com | udp |
| US | 141.193.213.11:443 | ebpearls.com.au | tcp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | sadunco21.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ssh.fie.undef.edu.ar | udp |
| GB | 35.214.50.167:80 | stablepizza.com | tcp |
| US | 8.8.8.8:53 | 231.150.192.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.160.233.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | liteyca.pe | udp |
| US | 8.8.8.8:53 | mail2.graco.com | udp |
| US | 3.18.7.81:80 | tussahsilk.com | tcp |
| US | 8.8.8.8:53 | mail.bigpoint.acc | udp |
| US | 8.8.8.8:53 | pop3.qv.bg | udp |
| US | 107.162.228.20:443 | www.kingstonk12.org | tcp |
| DE | 92.222.212.92:80 | mail.tercommunity.one | tcp |
| IT | 195.110.124.133:80 | cravetta.edu.it | tcp |
| US | 8.8.8.8:53 | mx1.mijndomein.nl | udp |
| US | 8.8.8.8:53 | pop3.gmaimsalud.gov.co | udp |
| US | 8.8.8.8:53 | ssh.xbananaw.xyz | udp |
| US | 8.8.8.8:53 | mailer1.campus-paris-saclay.fr | udp |
| US | 8.8.8.8:53 | ssh.ingegroup.cl | udp |
| US | 8.8.8.8:53 | ftp.yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | ssh.stablepizza.com | udp |
| US | 8.8.8.8:53 | mail.hotmai.cocl | udp |
| US | 8.8.8.8:53 | com-dmu-edu-eg.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.gmonline.org.br | udp |
| US | 8.8.8.8:53 | ssh.essencedripscents.com | udp |
| US | 8.8.8.8:53 | essencedripscents-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | hotmail.cois-molinari.eu | udp |
| US | 8.8.8.8:53 | ftp.sadunco21.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ssh.guru.smp.belajar.id | udp |
| US | 8.8.8.8:53 | ssh.ebpearls.com.au | udp |
| US | 8.8.8.8:53 | ssh.gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | imap.gmaandex.by | udp |
| US | 8.8.8.8:53 | ssh.aieseccolombia.org | udp |
| US | 8.8.8.8:53 | pop.howtogetafreeiphone.infoco.th | udp |
| US | 8.8.8.8:53 | ftp.gmonline.org.br | udp |
| US | 8.8.8.8:53 | mail.yahoo.com.ta.ua | udp |
| US | 8.8.8.8:53 | folex.fr | udp |
| US | 8.8.8.8:53 | eriglobal-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.xbananaw.xyz | udp |
| US | 8.8.8.8:53 | mail.qv.bg | udp |
| US | 8.8.8.8:53 | mail.gmaandex.by | udp |
| US | 8.8.8.8:53 | ssh.gmail.choo.co.uk | udp |
| US | 8.8.8.8:53 | ftp.stablepizza.com | udp |
| US | 8.8.8.8:53 | ftp.digiteo.fr | udp |
| US | 8.8.8.8:53 | lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | digiteo.fr | udp |
| US | 8.8.8.8:53 | my-chainmail.com | udp |
| US | 8.8.8.8:53 | guru.smp.belajar.id | udp |
| US | 8.8.8.8:53 | pop.lexbentleyllc.com | udp |
| US | 8.8.8.8:53 | com.dmu.edu.eg | udp |
| US | 8.8.8.8:53 | xbananaw.xyz | udp |
| US | 8.8.8.8:53 | ssh.highlandmultimedia.com | udp |
| US | 8.8.8.8:53 | pop.dafnis.com | udp |
| US | 8.8.8.8:53 | pop.gmail.cooolsite.net | udp |
| US | 8.8.8.8:53 | yahoo.co.jpl.com | udp |
| US | 8.8.8.8:53 | liteyca.pe | udp |
| US | 8.8.8.8:53 | femailtor.com | udp |
| US | 8.8.8.8:53 | seharris-co.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | jcasolicitors.co.uk | udp |
Files
memory/3660-1-0x0000000002350000-0x0000000002450000-memory.dmp
memory/3660-2-0x0000000002340000-0x000000000234B000-memory.dmp
memory/3660-3-0x0000000000400000-0x00000000022D1000-memory.dmp
memory/3348-4-0x0000000001130000-0x0000000001146000-memory.dmp
memory/3660-5-0x0000000000400000-0x00000000022D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C68C.exe
| MD5 | 398ab69b1cdc624298fbc00526ea8aca |
| SHA1 | b2c76463ae08bb3a08accfcbf609ec4c2a9c0821 |
| SHA256 | ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be |
| SHA512 | 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739 |
memory/1008-16-0x00000000037D0000-0x0000000003994000-memory.dmp
memory/220-20-0x0000000000400000-0x0000000000848000-memory.dmp
memory/220-17-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1008-18-0x00000000039A0000-0x0000000003B57000-memory.dmp
memory/220-21-0x0000000000400000-0x0000000000848000-memory.dmp
memory/220-22-0x0000000000400000-0x0000000000848000-memory.dmp
memory/220-23-0x0000000000400000-0x0000000000848000-memory.dmp
memory/220-24-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CB7F.dll
| MD5 | 9b1697d40dfd386fdd7e9327844f301a |
| SHA1 | e75defb119e2c7b7d3f75ab70a100ec504af5ebf |
| SHA256 | 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d |
| SHA512 | 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69 |
memory/3388-32-0x0000000010000000-0x0000000010202000-memory.dmp
memory/3388-33-0x0000000000B90000-0x0000000000B96000-memory.dmp
memory/3388-35-0x00000000049C0000-0x0000000004AE8000-memory.dmp
memory/3388-36-0x0000000004AF0000-0x0000000004BFD000-memory.dmp
memory/3388-39-0x0000000004AF0000-0x0000000004BFD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\D93B.exe
| MD5 | 31927d08cd85af37486cc94c379e5d0e |
| SHA1 | 35bd580cc32cd6631eaea2f19544767afb5768cd |
| SHA256 | f162381d5787b41619742b2b29a62054c2b19f169d428623f62e675aa6a1fb9d |
| SHA512 | 53d9656274a34164e9c47e5ddd0febb282dc3e6411cd5523e257f7eeab0141335b302e5824f7f90e86ab6b0842eb21cffaa2be50a1966a6e14e638ceeeb46bb3 |
C:\Users\Admin\AppData\Local\Temp\D93B.exe
| MD5 | c1632125cae71de59525abad4ca1abbb |
| SHA1 | 758b38d9a3bc6a335b791818ad96b74cc62571e6 |
| SHA256 | f1c5fa9a5d52b3dcdf3cd999e9f74bdf5398f63fca173aa3589b0b3761f90882 |
| SHA512 | 48813edd4fdcadec81b0f26bbd23e0b7f23e180f940c0f4a686914104af147c2df86bee5812fb4959869a1d4ce930ac5daf18fe945d7a33d436e927280d42b4a |
memory/1736-45-0x0000000001100000-0x00000000019F1000-memory.dmp
memory/1736-44-0x0000000001D40000-0x0000000001D41000-memory.dmp
memory/1736-47-0x0000000001100000-0x00000000019F1000-memory.dmp
memory/1736-49-0x0000000001100000-0x00000000019F1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DDB1.exe
| MD5 | a1b5ee1b9649ab629a7ac257e2392f8d |
| SHA1 | dc1b14b6d57589440fb3021c9e06a3e3191968dc |
| SHA256 | 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65 |
| SHA512 | 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b |
memory/1736-55-0x0000000001100000-0x00000000019F1000-memory.dmp
memory/1424-57-0x00000000036E0000-0x000000000374B000-memory.dmp
memory/1424-56-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/1736-59-0x0000000001D50000-0x0000000001D51000-memory.dmp
memory/1424-60-0x0000000001D10000-0x0000000001E10000-memory.dmp
memory/1736-58-0x0000000000400000-0x0000000001A77000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EA73.exe
| MD5 | 8dc3b992bc2d48e2e16673cbfe322fba |
| SHA1 | 054afccbdd951b9787da7d8558fdb6ed245953a3 |
| SHA256 | 5c08e4fe2c79c73f2c810ddf8fbe87f837bcc290a1125716bd59ad2363c6522f |
| SHA512 | 98794944811b708a512d2aecfe2840719eafbe61e9f4bdd9301430d513a647f8344114ff263058e5bd0c168c520f05891e08d02f0a233d4b9abb3b3b91dcbf00 |
C:\Users\Admin\AppData\Local\Temp\EA73.exe
| MD5 | 21fde1c217a564638af28d4cd32c4d02 |
| SHA1 | a76212a459f3a97beba38d4d32ad37affc8486e2 |
| SHA256 | d9d9b42f63b00064a1f79096a60e61ac12037e373dffa28697bab6fd768d9fca |
| SHA512 | 0df248216a5d3da1a945f8b2b4c50539178c7b8083a467450da53a48516236f0c54ec95a42caa52fab41b6eea88add132d2a611aa8a225d49011f91f59408fbc |
memory/2032-66-0x0000000073270000-0x000000007395E000-memory.dmp
memory/2032-65-0x0000000000510000-0x000000000099C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
| MD5 | 0564a9bf638169a89ccb3820a6b9a58e |
| SHA1 | 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb |
| SHA256 | 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058 |
| SHA512 | 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6 |
memory/220-74-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 0c7b8daa9b09bcdf947a020bf28c2f19 |
| SHA1 | 738f89f4da5256d14fe11394cf79e42060a7e98b |
| SHA256 | ff0c709f06a8850794f2501c7dc9ce4ffc75f1ab3039218952cd87a067d3d3ff |
| SHA512 | b069ef6d30a5afafc4b4e2632cb4f9da65e58dcedb66706921d85a6be97a024c1e786ec51299ba52668a65fe948d499609aa2b4978fb20738dd0b643d84cbcf6 |
memory/4476-79-0x0000000001BC0000-0x0000000001C27000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | b139e13afb2bd44f57532ce440870051 |
| SHA1 | 205b9bce1952a67588dd088141ef461c73c58331 |
| SHA256 | f50a19f60113e41b917dd57a2ed0a524e731c1eab45ca3a5a7a966edb5cf08c6 |
| SHA512 | 4d92e01b0e315e9768b54ad3f1243047c6ec535658fc3dc15ede8b3723fd14c3e3bdcd68dcbcc3dbd9f815739e7f16018f66b52afe6f34e8b0b1001479c9a9e3 |
memory/2032-81-0x0000000073270000-0x000000007395E000-memory.dmp
memory/4476-77-0x0000000001C60000-0x0000000001D60000-memory.dmp
memory/4476-84-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/3388-85-0x0000000010000000-0x0000000010202000-memory.dmp
memory/3108-86-0x0000000003B80000-0x0000000003F7B000-memory.dmp
memory/3108-87-0x0000000003F80000-0x000000000486B000-memory.dmp
memory/220-88-0x0000000000400000-0x0000000000848000-memory.dmp
memory/3108-94-0x0000000000400000-0x0000000001E0F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\F7D2.exe
| MD5 | 38617539f3925b6017474f088cc3769a |
| SHA1 | c689b57ab62eac790a204c8231b02bfe0bc243a6 |
| SHA256 | defe2d4c932a7ef607e8ef1a643fb57b9c69cbc53b52bf802f9471aae5caef49 |
| SHA512 | 15d87c6231a8f2115ae3f0f021949d175d3f36735637c7b508a229af5b2a93f70f32e19d9b8e3d1e0fa41bd21ee46ab5d9c6ef630c826afe2210a789e5da53e7 |
C:\Users\Admin\AppData\Local\Temp\u3gc.0.exe
| MD5 | 5c47e4602163dd29a39294b7192f0658 |
| SHA1 | 268d1bf1f4c8c8b696298f802b95af8bd3891c10 |
| SHA256 | 5c0b29d51d9b148c8c19ce0efca365ccb1bbe720f634a15897684abbd1dc5d76 |
| SHA512 | 7baa0359781ba21c378a0fbd37dfcde2d1b0c5a9ce3afcf8db0617f91a49dd552416c90963731798669002eda0a15f2296120cb9307c8cafef18dfdb4a52ad91 |
memory/220-113-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\u3gc.1.exe
| MD5 | 96226e504f02fee5f939af14318f3b96 |
| SHA1 | 6439795b61c9f081bab232b942fb62c88ada2ba8 |
| SHA256 | 7e40358e0d287824edc1b7e1493af588da0c2d060a49c61ed419694a6d11bcd3 |
| SHA512 | 8a851ea4b888fffd6eb572b71b81d7e46c5098226cfb27ea5ae90e8e02cd041db0fcc284946314f303eeea6ef76468c0e2da879af4bc3d670406e5def5a8197c |
memory/2952-114-0x0000000000400000-0x0000000000930000-memory.dmp
memory/4476-111-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/2952-115-0x0000000000BA0000-0x0000000000BA1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | 41c4cef45b1224ea56767053aa15e6ea |
| SHA1 | 55b7144d8965367272c02dc283409771cfed60a9 |
| SHA256 | 70039f87e6060f5d3a0a2b34f7c1dce5120efe33b274c8cb2ecca06f011e196f |
| SHA512 | 89e965a0f2c7e630a8eec28294bf6d1b6438dd3cd868c118a7482a621c8a0916df17732a8b8b8fa3866cf641b211cf198b78600b272f61b83eace5cecaba4d74 |
memory/1424-127-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/4768-128-0x0000000002440000-0x0000000002540000-memory.dmp
memory/4768-130-0x00000000001E0000-0x00000000001EB000-memory.dmp
memory/4768-132-0x0000000000400000-0x00000000022D3000-memory.dmp
memory/1380-135-0x0000000003DE0000-0x0000000003E07000-memory.dmp
memory/220-134-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
memory/1380-139-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/3108-141-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/1380-146-0x0000000002320000-0x0000000002420000-memory.dmp
memory/3348-147-0x0000000002A90000-0x0000000002AA6000-memory.dmp
memory/4768-149-0x0000000000400000-0x00000000022D3000-memory.dmp
memory/1380-151-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/1380-184-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/2952-188-0x0000000000400000-0x0000000000930000-memory.dmp
\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/220-218-0x0000000000400000-0x0000000000848000-memory.dmp
memory/3108-220-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/1380-221-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/1736-223-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/1424-224-0x0000000001D10000-0x0000000001E10000-memory.dmp
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
memory/2036-235-0x0000000071BA0000-0x000000007228E000-memory.dmp
memory/3108-239-0x0000000003B80000-0x0000000003F7B000-memory.dmp
memory/2036-238-0x0000000005280000-0x00000000052B6000-memory.dmp
memory/2036-240-0x0000000007410000-0x0000000007420000-memory.dmp
memory/2036-241-0x0000000007A50000-0x0000000008078000-memory.dmp
memory/2036-242-0x0000000007410000-0x0000000007420000-memory.dmp
memory/2036-243-0x00000000079B0000-0x00000000079D2000-memory.dmp
memory/2036-244-0x00000000080F0000-0x0000000008156000-memory.dmp
memory/2036-246-0x0000000008300000-0x0000000008650000-memory.dmp
memory/2036-245-0x0000000008290000-0x00000000082F6000-memory.dmp
memory/1380-247-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/2036-248-0x0000000008740000-0x000000000875C000-memory.dmp
memory/2036-249-0x00000000088A0000-0x00000000088EB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ku2vlokz.zbw.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/1736-263-0x0000000001100000-0x00000000019F1000-memory.dmp
memory/2036-269-0x0000000008BE0000-0x0000000008C1C000-memory.dmp
memory/2036-300-0x0000000009950000-0x00000000099C6000-memory.dmp
memory/220-303-0x0000000000400000-0x0000000000848000-memory.dmp
memory/3108-307-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/3108-312-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/2036-315-0x00000000732F0000-0x000000007333B000-memory.dmp
memory/2036-314-0x000000007F100000-0x000000007F110000-memory.dmp
memory/2036-313-0x000000000A700000-0x000000000A733000-memory.dmp
memory/2036-316-0x000000006E990000-0x000000006ECE0000-memory.dmp
memory/2036-317-0x0000000008C80000-0x0000000008C9E000-memory.dmp
memory/2036-322-0x000000000A740000-0x000000000A7E5000-memory.dmp
memory/2952-323-0x0000000000BA0000-0x0000000000BA1000-memory.dmp
memory/2036-324-0x000000000A940000-0x000000000A9D4000-memory.dmp
memory/2036-325-0x0000000007410000-0x0000000007420000-memory.dmp
memory/2036-529-0x000000000A7F0000-0x000000000A80A000-memory.dmp
memory/2036-538-0x000000000A6E0000-0x000000000A6E8000-memory.dmp
memory/2036-564-0x0000000071BA0000-0x000000007228E000-memory.dmp
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | db01a2c1c7e70b2b038edf8ad5ad9826 |
| SHA1 | 540217c647a73bad8d8a79e3a0f3998b5abd199b |
| SHA256 | 413da361d77055dae7007f82b58b366c8783aa72e0b8fbe41519b940c253b38d |
| SHA512 | c76ff57fcee5cdf9fdf3116d4e1dc0cf106867bf19ab474b763e242acf5dca9a7509cb837c35e130c3e056636b4e8a4e135512a978bcd3dd641e20f5bf76c3d6 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | aab98d21c7654490a7d4886d27dcf86e |
| SHA1 | 5300fa0e2fc91aa7d4373755183601c52cdbf5f6 |
| SHA256 | f16471b28154bf302a59af66f777bfe9a2fdd65f06eb98890fa6408453d35384 |
| SHA512 | 57a7b80995c6a16a04b02644588291eec3dcb4b9c7324e96ab88be3dacc88680256848489152a1afc4bf9277a95464684b802f51f5efba24953de0cc2435b535 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 9388d50b2f5404e5255206fc150f8eea |
| SHA1 | f8f5a6505d5b177b5dedbff59363fd6111fbb866 |
| SHA256 | 314a1de525c793e44c0fa54eaae880b6cae728576e3d3e11d64263d8adc66a07 |
| SHA512 | b930090937141efaeea21c15800555cea7f92d3bc514ce024d42ea6c0f857b1c8bdd8d268059009fa47bc0284e8f2eb7f169ebb16939aad96527abe5cd04b735 |
C:\Windows\rss\csrss.exe
| MD5 | f4f8e3346c5b34b4a3de3876602daaf8 |
| SHA1 | 4c931f244aec1951ae1c10cda638df89f6e18998 |
| SHA256 | dc0bfccec0849e545842dc58e20867c05471e73e8c7c6c6aa415b464d69d573e |
| SHA512 | 434124b98ba1e1e40594307f94f6c449d90a3749529a0d455eb20e0a63e6451e18b5311a9c825c0237334b2cb3484f5729e75fa23d55c2ad4d9c12c29d040fe6 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | fe34ed14b1e9d7a4388738aaea207cc0 |
| SHA1 | 1aeff8c876b7cdfef3a7e92d77a3e603713b18a7 |
| SHA256 | 25376c77d27714de49acfc6c26380963275ae4e3ce336218b46347d1599adc8f |
| SHA512 | 6d7c1c5c0a414266bb9b44a5d82d5099f7f81767012906479d39ce20b8ceb2c1309215770d3baefd7e45cf663d5fe1debe99eaa8de244ad0c39a6c0065fcc8de |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 957b1133e36f6feb38cd68bfcf3db9d7 |
| SHA1 | ec0211b637541d826a7be797c92c8b14d67bd533 |
| SHA256 | a8872a328763ea72a8b21a1342e1c56833d373b83bd540b2783fcc2b25217fa5 |
| SHA512 | 66953e2001689347faee3c1f1d3616eba7b6801cd0db67b3a7feb0e66e7a2f08101d994a89282f00ab7dd378197ab967b066a6c4196b2e226487eaf6530ef194 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | a0ab1efe2185ef8338d4ea3c31240628 |
| SHA1 | 52c4c6219d4f9d85c263aee6d1c4dba0f69640ff |
| SHA256 | 6af2686ba7957e5d60b29f77562c377a0f84d3da82b62d69d016b0d48dbe8e29 |
| SHA512 | 0d4dba11326e387fd5b0c03e234f1535dc6eb43d7f8a16483caf0a2e821e88bb256f2f5f0e2a9bac29275e9d4138575eec0e10fa26bf1a90da8eb434030eb9c6 |
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
| MD5 | d98e33b66343e7c96158444127a117f6 |
| SHA1 | bb716c5509a2bf345c6c1152f6e3e1452d39d50d |
| SHA256 | 5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1 |
| SHA512 | 705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5 |
C:\Windows\windefender.exe
| MD5 | 8e67f58837092385dcf01e8a2b4f5783 |
| SHA1 | 012c49cfd8c5d06795a6f67ea2baf2a082cf8625 |
| SHA256 | 166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa |
| SHA512 | 40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec |
C:\Users\Admin\AppData\Roaming\wbgavdc
| MD5 | 5cddaacf9782c030db128e3ebfd8f301 |
| SHA1 | 71bae291b66ecfad6ee79ab150c9b4bdc676f06c |
| SHA256 | 6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23 |
| SHA512 | bee3cbdeac5a317f58ebb2d621740f8b7e81e47db236327cb0e908bc49886e320e30a95191470953177740f702adfe704a626325ddd2a33f10c8ec3060059797 |