Malware Analysis Report

2024-11-30 05:02

Sample ID 240229-fkfspsdh3x
Target 6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23
SHA256 6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23
Tags
glupteba smokeloader pub1 backdoor bootkit dropper loader persistence trojan upx dcrat lumma discovery evasion infostealer rat rootkit spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23

Threat Level: Known bad

The file 6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23 was found to be: Known bad.

Malicious Activity Summary

glupteba smokeloader pub1 backdoor bootkit dropper loader persistence trojan upx dcrat lumma discovery evasion infostealer rat rootkit spyware stealer

SmokeLoader

Pitou

Lumma Stealer

Glupteba payload

DcRat

Glupteba

Windows security bypass

Modifies Windows Firewall

Downloads MZ/PE file

Loads dropped DLL

Reads data files stored by FTP clients

UPX packed file

Deletes itself

Windows security modification

Executes dropped EXE

Reads user/profile data of web browsers

Checks installed software on the system

Adds Run key to start application

Writes to the Master Boot Record (MBR)

Manipulates WinMonFS driver.

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

Drops file in System32 directory

Checks for VirtualBox DLLs, possible anti-VM trick

Drops file in Windows directory

Launches sc.exe

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious behavior: GetForegroundWindowSpam

Uses Task Scheduler COM API

Checks SCSI registry key(s)

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Creates scheduled task(s)

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-29 04:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-29 04:55

Reported

2024-02-29 05:00

Platform

win7-20240220-en

Max time kernel

38s

Max time network

302s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe"

Signatures

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Pitou

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Downloads MZ/PE file

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6C2B.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\6C2B.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\AppData\Local\Temp\8C2C.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2544 set thread context of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6C2B.exe C:\Users\Admin\AppData\Local\Temp\6C2B.exe

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\850A.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1196 wrote to memory of 2544 N/A N/A C:\Users\Admin\AppData\Local\Temp\6C2B.exe
PID 1196 wrote to memory of 2544 N/A N/A C:\Users\Admin\AppData\Local\Temp\6C2B.exe
PID 1196 wrote to memory of 2544 N/A N/A C:\Users\Admin\AppData\Local\Temp\6C2B.exe
PID 1196 wrote to memory of 2544 N/A N/A C:\Users\Admin\AppData\Local\Temp\6C2B.exe
PID 2544 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6C2B.exe C:\Users\Admin\AppData\Local\Temp\6C2B.exe
PID 2544 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6C2B.exe C:\Users\Admin\AppData\Local\Temp\6C2B.exe
PID 2544 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6C2B.exe C:\Users\Admin\AppData\Local\Temp\6C2B.exe
PID 2544 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6C2B.exe C:\Users\Admin\AppData\Local\Temp\6C2B.exe
PID 2544 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6C2B.exe C:\Users\Admin\AppData\Local\Temp\6C2B.exe
PID 2544 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6C2B.exe C:\Users\Admin\AppData\Local\Temp\6C2B.exe
PID 2544 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6C2B.exe C:\Users\Admin\AppData\Local\Temp\6C2B.exe
PID 2544 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6C2B.exe C:\Users\Admin\AppData\Local\Temp\6C2B.exe
PID 2544 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6C2B.exe C:\Users\Admin\AppData\Local\Temp\6C2B.exe
PID 1196 wrote to memory of 2420 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1196 wrote to memory of 2420 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1196 wrote to memory of 2420 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1196 wrote to memory of 2420 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1196 wrote to memory of 2420 N/A N/A C:\Windows\system32\regsvr32.exe
PID 2420 wrote to memory of 2432 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2420 wrote to memory of 2432 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2420 wrote to memory of 2432 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2420 wrote to memory of 2432 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2420 wrote to memory of 2432 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2420 wrote to memory of 2432 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2420 wrote to memory of 2432 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1196 wrote to memory of 1592 N/A N/A C:\Users\Admin\AppData\Local\Temp\850A.exe
PID 1196 wrote to memory of 1592 N/A N/A C:\Users\Admin\AppData\Local\Temp\850A.exe
PID 1196 wrote to memory of 1592 N/A N/A C:\Users\Admin\AppData\Local\Temp\850A.exe
PID 1196 wrote to memory of 1592 N/A N/A C:\Users\Admin\AppData\Local\Temp\850A.exe
PID 1196 wrote to memory of 1260 N/A N/A C:\Users\Admin\AppData\Local\Temp\8C2C.exe
PID 1196 wrote to memory of 1260 N/A N/A C:\Users\Admin\AppData\Local\Temp\8C2C.exe
PID 1196 wrote to memory of 1260 N/A N/A C:\Users\Admin\AppData\Local\Temp\8C2C.exe
PID 1196 wrote to memory of 1260 N/A N/A C:\Users\Admin\AppData\Local\Temp\8C2C.exe
PID 1592 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\850A.exe C:\Windows\SysWOW64\WerFault.exe
PID 1592 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\850A.exe C:\Windows\SysWOW64\WerFault.exe
PID 1592 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\850A.exe C:\Windows\SysWOW64\WerFault.exe
PID 1592 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\850A.exe C:\Windows\SysWOW64\WerFault.exe
PID 1196 wrote to memory of 1760 N/A N/A C:\Users\Admin\AppData\Local\Temp\9FBD.exe
PID 1196 wrote to memory of 1760 N/A N/A C:\Users\Admin\AppData\Local\Temp\9FBD.exe
PID 1196 wrote to memory of 1760 N/A N/A C:\Users\Admin\AppData\Local\Temp\9FBD.exe
PID 1196 wrote to memory of 1760 N/A N/A C:\Users\Admin\AppData\Local\Temp\9FBD.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe

"C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe"

C:\Users\Admin\AppData\Local\Temp\6C2B.exe

C:\Users\Admin\AppData\Local\Temp\6C2B.exe

C:\Users\Admin\AppData\Local\Temp\6C2B.exe

C:\Users\Admin\AppData\Local\Temp\6C2B.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\72C1.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\72C1.dll

C:\Users\Admin\AppData\Local\Temp\850A.exe

C:\Users\Admin\AppData\Local\Temp\850A.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 124

C:\Users\Admin\AppData\Local\Temp\8C2C.exe

C:\Users\Admin\AppData\Local\Temp\8C2C.exe

C:\Users\Admin\AppData\Local\Temp\9FBD.exe

C:\Users\Admin\AppData\Local\Temp\9FBD.exe

C:\Users\Admin\AppData\Local\Temp\B2E0.exe

C:\Users\Admin\AppData\Local\Temp\B2E0.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Users\Admin\AppData\Local\Temp\ux0.0.exe

"C:\Users\Admin\AppData\Local\Temp\ux0.0.exe"

C:\Users\Admin\AppData\Local\Temp\ux0.1.exe

"C:\Users\Admin\AppData\Local\Temp\ux0.1.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F

Network

Country Destination Domain Proto
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
GB 139.162.210.252:443 tcp
N/A 127.0.0.1:49223 tcp
DE 185.250.36.209:9001 tcp
US 207.148.26.28:9001 tcp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 trmpc.com udp
MX 187.156.75.116:80 trmpc.com tcp
US 8.8.8.8:53 joly.bestsup.su udp
US 172.67.171.112:80 joly.bestsup.su tcp
DE 185.172.128.90:80 185.172.128.90 tcp
DE 185.172.128.127:80 185.172.128.127 tcp
DE 185.172.128.127:80 185.172.128.127 tcp
DE 185.172.128.109:80 185.172.128.109 tcp
US 207.148.26.28:9001 tcp
DE 185.250.36.209:9001 tcp
DE 185.172.128.145:80 185.172.128.145 tcp
US 8.8.8.8:53 alliance-enterprise.com udp
US 8.8.8.8:53 regipa.com udp
US 8.8.8.8:53 swoi.co.uk udp
US 8.8.8.8:53 alliance-enterprise.com udp
US 8.8.8.8:53 swoi.co.uk udp
US 8.8.8.8:53 quint.ag udp
US 8.8.8.8:53 regipa.com udp
US 8.8.8.8:53 superiorpmw.com udp
US 8.8.8.8:53 gufum.com udp
US 8.8.8.8:53 parteecogrup.ro udp
US 8.8.8.8:53 innovativecontrolsys.com udp
US 8.8.8.8:53 regalcredit.com udp
US 8.8.8.8:53 maxwellcasting.com udp
US 8.8.8.8:53 innovativecontrolsys.com udp
US 8.8.8.8:53 quint.ag udp
US 8.8.8.8:53 quint.ag udp
US 8.8.8.8:53 quint.ag udp
US 8.8.8.8:53 parteecogrup.ro udp
US 8.8.8.8:53 superiorpmw.com udp
US 8.8.8.8:53 parteecogrup.ro udp
US 8.8.8.8:53 mx00.ionos.com udp
US 8.8.8.8:53 mx01.ionos.fr udp
US 8.8.8.8:53 mx01.ionos.fr udp
US 8.8.8.8:53 gufum.com udp
US 8.8.8.8:53 gufum.com udp
US 8.8.8.8:53 regalcredit.com udp
US 8.8.8.8:53 maxwellcasting.com udp
US 8.8.8.8:53 maxwellcasting.com udp
US 8.8.8.8:53 pianofutures.com udp
US 8.8.8.8:53 ou.pt udp
US 8.8.8.8:53 jtbank.ch udp
US 8.8.8.8:53 glaucuslogistics.com udp
US 8.8.8.8:53 pianofutures.com udp
US 216.69.141.67:22 pianofutures.com tcp
US 8.8.8.8:53 berrystreetproperties.com udp
US 8.8.8.8:53 ou.pt udp
US 23.236.62.72:443 regalcredit.com tcp
US 8.8.8.8:53 jtbank.ch udp
US 8.8.8.8:53 mail.gufum.com udp
US 8.8.8.8:53 superiorpmw-com.mail.protection.outlook.com udp
DE 64.190.63.222:21 ou.pt tcp
US 23.236.62.72:21 regalcredit.com tcp
US 52.101.10.10:143 superiorpmw-com.mail.protection.outlook.com tcp
US 173.230.139.246:143 mail.gufum.com tcp
DE 64.190.63.222:22 ou.pt tcp
CH 91.208.173.130:22 jtbank.ch tcp
US 8.8.8.8:53 glaucuslogistics.com udp
US 216.69.141.67:21 pianofutures.com tcp
SG 68.178.224.133:22 glaucuslogistics.com tcp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 regalcredit-com.mail.protection.outlook.com udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 innovativecontrolsys-com.mail.protection.outlook.com udp
US 8.8.8.8:53 innovativecontrolsys-com.mail.protection.outlook.com udp
US 8.8.8.8:53 regalcredit-com.mail.protection.outlook.com udp
US 8.8.8.8:53 berrystreetproperties.com udp
US 8.8.8.8:53 pianofutures-com.mail.protection.outlook.com udp
US 8.8.8.8:53 pianofutures-com.mail.protection.outlook.com udp
US 8.8.8.8:53 mail.jtbank.ch udp
US 172.67.195.176:80 gufum.com tcp
US 52.101.10.5:143 pianofutures-com.mail.protection.outlook.com tcp
US 3.33.130.190:80 superiorpmw.com tcp
DE 64.190.63.222:443 ou.pt tcp
RO 81.196.191.10:143 parteecogrup.ro tcp
CH 91.208.173.130:21 jtbank.ch tcp
US 104.21.37.114:80 innovativecontrolsys.com tcp
RO 81.196.191.10:80 parteecogrup.ro tcp
BE 66.102.1.26:465 aspmx.l.google.com tcp
SG 68.178.224.133:21 glaucuslogistics.com tcp
US 52.101.9.0:995 pianofutures-com.mail.protection.outlook.com tcp
US 173.230.139.246:995 mail.gufum.com tcp
RO 81.196.191.10:995 parteecogrup.ro tcp
CH 91.208.173.130:443 jtbank.ch tcp
RO 81.196.191.10:465 parteecogrup.ro tcp
US 52.101.9.0:465 pianofutures-com.mail.protection.outlook.com tcp
US 52.101.10.5:995 pianofutures-com.mail.protection.outlook.com tcp
US 104.47.66.10:465 innovativecontrolsys-com.mail.protection.outlook.com tcp
US 216.69.141.67:80 pianofutures.com tcp
DE 64.190.63.222:80 ou.pt tcp
CH 91.208.173.142:143 mail.jtbank.ch tcp
CH 91.208.173.142:465 mail.jtbank.ch tcp
US 52.101.10.10:995 pianofutures-com.mail.protection.outlook.com tcp
US 23.236.62.72:80 regalcredit.com tcp
US 52.101.41.4:465 pianofutures-com.mail.protection.outlook.com tcp
FI 65.109.115.152:80 maxwellcasting.com tcp
BE 66.102.1.26:995 aspmx.l.google.com tcp
US 52.101.41.0:995 regalcredit-com.mail.protection.outlook.com tcp
SG 68.178.224.133:443 glaucuslogistics.com tcp
US 52.101.11.7:143 pianofutures-com.mail.protection.outlook.com tcp
DE 217.160.0.143:21 alliance-enterprise.com tcp
US 52.101.41.4:995 pianofutures-com.mail.protection.outlook.com tcp
US 104.47.59.138:995 innovativecontrolsys-com.mail.protection.outlook.com tcp
US 52.101.194.0:465 pianofutures-com.mail.protection.outlook.com tcp
GB 109.203.109.104:22 swoi.co.uk tcp
US 52.101.194.0:995 pianofutures-com.mail.protection.outlook.com tcp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
DE 217.160.0.143:22 alliance-enterprise.com tcp
US 23.236.62.72:80 regalcredit.com tcp
US 173.230.139.246:143 mail.gufum.com tcp
CH 91.208.173.130:80 jtbank.ch tcp
US 104.47.66.10:143 innovativecontrolsys-com.mail.protection.outlook.com tcp
DE 64.190.63.222:22 ou.pt tcp
CH 91.208.173.130:22 jtbank.ch tcp
US 216.69.141.67:22 pianofutures.com tcp
US 172.67.195.176:80 gufum.com tcp
US 23.236.62.72:21 regalcredit.com tcp
US 52.101.10.10:143 pianofutures-com.mail.protection.outlook.com tcp
FI 142.250.150.26:143 alt3.aspmx.l.google.com tcp
US 216.69.141.67:80 pianofutures.com tcp
US 8.8.8.8:53 superiorpmw-com.mail.protection.outlook.com udp
US 216.69.141.67:21 pianofutures.com tcp
US 173.230.139.246:465 mail.gufum.com tcp
DE 64.190.63.222:21 ou.pt tcp
US 52.101.41.4:143 pianofutures-com.mail.protection.outlook.com tcp
US 52.101.8.46:995 superiorpmw-com.mail.protection.outlook.com tcp
SG 68.178.224.133:80 glaucuslogistics.com tcp
DE 64.190.63.222:80 ou.pt tcp
CH 91.208.173.130:21 jtbank.ch tcp
CH 91.208.173.130:80 jtbank.ch tcp
US 104.21.37.114:443 innovativecontrolsys.com tcp
SG 68.178.224.133:21 glaucuslogistics.com tcp
US 173.230.139.246:995 mail.gufum.com tcp
RO 81.196.191.10:465 parteecogrup.ro tcp
US 52.101.9.0:143 superiorpmw-com.mail.protection.outlook.com tcp
US 104.47.66.10:465 innovativecontrolsys-com.mail.protection.outlook.com tcp
US 52.101.10.10:465 pianofutures-com.mail.protection.outlook.com tcp
DE 64.190.63.222:80 ou.pt tcp
US 52.101.9.0:465 superiorpmw-com.mail.protection.outlook.com tcp
SG 68.178.224.133:22 glaucuslogistics.com tcp
US 8.8.8.8:53 innovativecontrolsys-com.mail.protection.outlook.com udp
BE 66.102.1.26:143 aspmx.l.google.com tcp
US 23.236.62.72:443 regalcredit.com tcp
FI 142.250.150.26:465 alt3.aspmx.l.google.com tcp
RO 81.196.191.10:995 parteecogrup.ro tcp
US 52.101.41.4:465 pianofutures-com.mail.protection.outlook.com tcp
CH 91.208.173.142:995 mail.jtbank.ch tcp
RO 81.196.191.10:143 parteecogrup.ro tcp
BE 66.102.1.26:465 aspmx.l.google.com tcp
US 8.8.8.8:53 pianofutures-com.mail.protection.outlook.com udp
DE 217.160.0.143:80 alliance-enterprise.com tcp
US 52.101.9.0:995 pianofutures-com.mail.protection.outlook.com tcp
US 52.101.10.5:143 innovativecontrolsys-com.mail.protection.outlook.com tcp
US 3.33.130.190:443 superiorpmw.com tcp
US 52.101.10.5:995 innovativecontrolsys-com.mail.protection.outlook.com tcp
SG 68.178.224.133:80 glaucuslogistics.com tcp
FI 65.109.115.152:80 maxwellcasting.com tcp
CH 91.208.173.142:465 mail.jtbank.ch tcp
US 104.47.55.138:143 innovativecontrolsys-com.mail.protection.outlook.com tcp
DE 64.190.63.222:995 ou.pt tcp
FI 142.250.150.26:995 alt3.aspmx.l.google.com tcp
CH 91.208.173.142:143 mail.jtbank.ch tcp
US 172.67.195.176:80 gufum.com tcp
BE 66.102.1.26:995 aspmx.l.google.com tcp
US 52.101.9.0:995 pianofutures-com.mail.protection.outlook.com tcp
US 173.230.139.246:993 mail.gufum.com tcp
DE 64.190.63.222:143 ou.pt tcp
DE 217.160.0.2:21 regipa.com tcp
US 52.101.41.0:143 regalcredit-com.mail.protection.outlook.com tcp
CH 91.208.173.130:80 jtbank.ch tcp
US 52.101.41.0:143 regalcredit-com.mail.protection.outlook.com tcp
US 52.101.10.5:465 innovativecontrolsys-com.mail.protection.outlook.com tcp
US 52.101.41.0:465 regalcredit-com.mail.protection.outlook.com tcp
US 23.236.62.72:80 regalcredit.com tcp
US 104.47.55.138:465 innovativecontrolsys-com.mail.protection.outlook.com tcp
US 52.101.41.0:995 regalcredit-com.mail.protection.outlook.com tcp
US 52.101.10.2:995 superiorpmw-com.mail.protection.outlook.com tcp
US 52.101.194.0:143 pianofutures-com.mail.protection.outlook.com tcp
US 52.101.194.0:465 pianofutures-com.mail.protection.outlook.com tcp
DE 64.190.63.222:80 ou.pt tcp
US 52.101.41.0:465 regalcredit-com.mail.protection.outlook.com tcp
US 173.230.139.246:587 mail.gufum.com tcp
US 52.101.9.5:143 pianofutures-com.mail.protection.outlook.com tcp
CH 91.208.173.130:80 jtbank.ch tcp
US 52.101.9.5:465 pianofutures-com.mail.protection.outlook.com tcp
US 104.47.59.138:995 innovativecontrolsys-com.mail.protection.outlook.com tcp
US 23.236.62.72:990 regalcredit.com tcp
DE 217.160.0.143:990 alliance-enterprise.com tcp
US 173.230.139.246:110 mail.gufum.com tcp
GB 109.203.109.104:222 swoi.co.uk tcp
US 52.101.8.32:995 pianofutures-com.mail.protection.outlook.com tcp
DE 64.190.63.222:80 ou.pt tcp
US 52.101.9.5:995 pianofutures-com.mail.protection.outlook.com tcp
DE 217.160.0.143:222 alliance-enterprise.com tcp
US 52.101.11.10:995 superiorpmw-com.mail.protection.outlook.com tcp
US 52.101.10.10:143 pianofutures-com.mail.protection.outlook.com tcp
DE 217.160.0.2:22 regipa.com tcp
US 52.101.10.10:465 pianofutures-com.mail.protection.outlook.com tcp
DE 217.160.0.143:80 alliance-enterprise.com tcp
US 104.47.66.10:995 innovativecontrolsys-com.mail.protection.outlook.com tcp
US 3.33.130.190:80 superiorpmw.com tcp
US 23.236.62.72:80 regalcredit.com tcp
US 104.21.37.114:80 innovativecontrolsys.com tcp
US 52.101.8.32:465 pianofutures-com.mail.protection.outlook.com tcp
US 216.69.141.67:222 pianofutures.com tcp
FI 65.109.115.152:443 maxwellcasting.com tcp
US 172.67.195.176:80 gufum.com tcp
US 8.8.8.8:53 innovativecontrolsys-com.mail.protection.outlook.com udp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
US 8.8.8.8:53 regalcredit-com.mail.protection.outlook.com udp
US 52.101.10.6:995 regalcredit-com.mail.protection.outlook.com tcp
DE 64.190.63.222:222 ou.pt tcp
CH 91.208.173.130:222 jtbank.ch tcp
US 104.47.66.10:993 innovativecontrolsys-com.mail.protection.outlook.com tcp
US 216.69.141.67:990 pianofutures.com tcp
DE 64.190.63.222:80 ou.pt tcp
CH 91.208.173.130:80 jtbank.ch tcp
US 216.69.141.67:80 pianofutures.com tcp
CH 91.208.173.142:995 mail.jtbank.ch tcp
CH 91.208.173.130:80 jtbank.ch tcp
DE 64.190.63.222:990 ou.pt tcp
BE 66.102.1.26:587 aspmx.l.google.com tcp
FI 142.250.150.27:143 alt3.aspmx.l.google.com tcp
US 52.101.8.46:993 superiorpmw-com.mail.protection.outlook.com tcp
SG 68.178.224.133:222 glaucuslogistics.com tcp
BE 66.102.1.26:993 aspmx.l.google.com tcp
US 104.47.66.10:587 innovativecontrolsys-com.mail.protection.outlook.com tcp
US 52.101.11.3:993 regalcredit-com.mail.protection.outlook.com tcp
US 52.101.8.46:587 superiorpmw-com.mail.protection.outlook.com tcp
US 8.8.8.8:53 superiorpmw-com.mail.protection.outlook.com udp
RO 81.196.191.10:993 parteecogrup.ro tcp
CH 91.208.173.130:990 jtbank.ch tcp
US 52.101.11.3:110 regalcredit-com.mail.protection.outlook.com tcp
DE 217.160.0.143:80 alliance-enterprise.com tcp
SG 68.178.224.133:990 glaucuslogistics.com tcp
DE 64.190.63.222:995 ou.pt tcp
DE 64.190.63.222:80 ou.pt tcp
US 52.101.11.3:587 regalcredit-com.mail.protection.outlook.com tcp
RO 81.196.191.10:587 parteecogrup.ro tcp
US 8.8.8.8:53 pianofutures-com.mail.protection.outlook.com udp
US 8.8.8.8:53 ftp.berrystreetproperties.com udp
US 52.101.9.0:110 pianofutures-com.mail.protection.outlook.com tcp
US 52.101.9.0:993 pianofutures-com.mail.protection.outlook.com tcp
US 172.67.195.176:80 gufum.com tcp
US 173.230.139.246:993 mail.gufum.com tcp
US 52.101.9.0:587 pianofutures-com.mail.protection.outlook.com tcp
US 173.230.139.246:587 mail.gufum.com tcp
US 104.47.55.138:993 innovativecontrolsys-com.mail.protection.outlook.com tcp
RO 81.196.191.10:110 parteecogrup.ro tcp
US 23.236.62.72:443 regalcredit.com tcp
FI 142.250.150.27:465 alt3.aspmx.l.google.com tcp
FI 65.109.115.152:443 maxwellcasting.com tcp
US 52.101.10.2:993 superiorpmw-com.mail.protection.outlook.com tcp
US 104.47.66.10:110 innovativecontrolsys-com.mail.protection.outlook.com tcp
CH 91.208.173.142:993 mail.jtbank.ch tcp
CH 91.208.173.142:587 mail.jtbank.ch tcp
US 8.8.8.8:53 mail.berrystreetproperties.com udp
SG 68.178.224.133:80 glaucuslogistics.com tcp
US 52.101.9.0:110 pianofutures-com.mail.protection.outlook.com tcp
US 23.236.62.72:80 regalcredit.com tcp
BE 66.102.1.26:110 aspmx.l.google.com tcp
FI 142.250.150.27:995 alt3.aspmx.l.google.com tcp
US 3.33.130.190:443 superiorpmw.com tcp
DE 217.160.0.2:990 regipa.com tcp
GB 109.203.109.104:21 swoi.co.uk tcp
US 52.101.10.2:587 superiorpmw-com.mail.protection.outlook.com tcp
US 104.47.55.138:587 innovativecontrolsys-com.mail.protection.outlook.com tcp
US 52.101.8.34:993 superiorpmw-com.mail.protection.outlook.com tcp
US 104.21.37.114:443 innovativecontrolsys.com tcp
US 8.8.8.8:53 ftp.quint.ag udp
DE 64.190.63.222:80 ou.pt tcp
US 52.101.8.34:587 superiorpmw-com.mail.protection.outlook.com tcp
US 52.101.11.10:993 superiorpmw-com.mail.protection.outlook.com tcp
DE 217.160.0.143:222 alliance-enterprise.com tcp
CH 91.208.173.130:80 jtbank.ch tcp
US 52.101.8.34:110 superiorpmw-com.mail.protection.outlook.com tcp
CH 91.208.173.130:80 jtbank.ch tcp
DE 217.160.0.143:80 alliance-enterprise.com tcp
DE 217.160.0.143:990 alliance-enterprise.com tcp
DE 64.190.63.222:143 ou.pt tcp
US 172.67.195.176:80 gufum.com tcp
DE 64.190.63.222:80 ou.pt tcp
US 52.101.8.34:110 superiorpmw-com.mail.protection.outlook.com tcp
US 52.101.8.32:993 pianofutures-com.mail.protection.outlook.com tcp
US 23.236.62.72:990 regalcredit.com tcp
US 52.101.11.10:587 superiorpmw-com.mail.protection.outlook.com tcp
US 52.101.8.32:587 pianofutures-com.mail.protection.outlook.com tcp
US 52.101.10.6:993 pianofutures-com.mail.protection.outlook.com tcp
US 52.101.10.6:110 pianofutures-com.mail.protection.outlook.com tcp
US 52.101.10.6:587 pianofutures-com.mail.protection.outlook.com tcp
US 52.101.8.32:110 pianofutures-com.mail.protection.outlook.com tcp
US 104.47.55.138:110 innovativecontrolsys-com.mail.protection.outlook.com tcp
RO 81.196.191.10:80 parteecogrup.ro tcp
US 52.101.10.6:110 pianofutures-com.mail.protection.outlook.com tcp
DE 64.190.63.222:465 ou.pt tcp
US 173.230.139.246:110 mail.gufum.com tcp
GB 109.203.109.104:222 swoi.co.uk tcp
US 216.69.141.67:80 pianofutures.com tcp
GB 109.203.109.104:990 swoi.co.uk tcp
US 52.101.10.6:587 pianofutures-com.mail.protection.outlook.com tcp
US 104.47.66.10:993 innovativecontrolsys-com.mail.protection.outlook.com tcp
US 23.236.62.72:443 regalcredit.com tcp
US 52.101.10.6:110 pianofutures-com.mail.protection.outlook.com tcp
DE 64.190.63.222:80 ou.pt tcp
US 104.21.37.114:22 innovativecontrolsys.com tcp
US 216.69.141.67:222 pianofutures.com tcp
DE 64.190.63.222:222 ou.pt tcp
US 173.230.139.246:25 mail.gufum.com tcp
FI 65.109.115.152:443 maxwellcasting.com tcp
US 8.8.8.8:53 innovativecontrolsys-com.mail.protection.outlook.com udp
DE 217.160.0.2:222 regipa.com tcp
US 8.8.8.8:53 regalcredit-com.mail.protection.outlook.com udp
US 173.230.139.246:220 mail.gufum.com tcp
CH 91.208.173.130:80 jtbank.ch tcp
US 216.69.141.67:990 pianofutures.com tcp
US 216.69.141.67:80 pianofutures.com tcp
US 104.21.37.114:80 innovativecontrolsys.com tcp
US 23.236.62.72:80 regalcredit.com tcp
CH 91.208.173.130:990 jtbank.ch tcp
CH 91.208.173.142:110 mail.jtbank.ch tcp
US 52.101.9.0:993 pianofutures-com.mail.protection.outlook.com tcp
US 52.101.9.0:993 pianofutures-com.mail.protection.outlook.com tcp
US 8.8.8.8:53 mail.quint.ag udp
US 8.8.8.8:53 superiorpmw-com.mail.protection.outlook.com udp
BE 66.102.1.26:587 aspmx.l.google.com tcp
US 52.101.41.4:110 regalcredit-com.mail.protection.outlook.com tcp
DE 64.190.63.222:990 ou.pt tcp
FI 142.250.150.27:993 alt3.aspmx.l.google.com tcp
SG 68.178.224.133:222 glaucuslogistics.com tcp
BE 66.102.1.26:993 aspmx.l.google.com tcp
US 52.101.9.0:587 pianofutures-com.mail.protection.outlook.com tcp
US 104.47.66.10:587 innovativecontrolsys-com.mail.protection.outlook.com tcp
US 3.33.130.190:80 superiorpmw.com tcp
US 172.67.207.211:22 innovativecontrolsys.com tcp
US 104.47.55.138:993 innovativecontrolsys-com.mail.protection.outlook.com tcp
US 8.8.8.8:53 pianofutures-com.mail.protection.outlook.com udp
US 8.8.8.8:53 pianofutures-com.mail.protection.outlook.com udp
SG 68.178.224.133:990 glaucuslogistics.com tcp
RO 81.196.191.10:110 parteecogrup.ro tcp
US 52.101.41.4:993 pianofutures-com.mail.protection.outlook.com tcp
CH 91.208.173.130:222 jtbank.ch tcp
FI 142.250.150.27:587 alt3.aspmx.l.google.com tcp
US 172.67.195.176:995 gufum.com tcp
DE 64.190.63.222:110 ou.pt tcp
US 52.101.9.17:110 superiorpmw-com.mail.protection.outlook.com tcp
RO 81.196.191.10:587 parteecogrup.ro tcp
US 52.101.9.11:587 pianofutures-com.mail.protection.outlook.com tcp
DE 217.160.0.2:80 regipa.com tcp
US 52.101.41.4:587 pianofutures-com.mail.protection.outlook.com tcp
BE 66.102.1.26:110 aspmx.l.google.com tcp
SG 68.178.224.133:80 glaucuslogistics.com tcp
US 104.47.66.10:110 innovativecontrolsys-com.mail.protection.outlook.com tcp
RO 81.196.191.10:993 parteecogrup.ro tcp
FI 65.109.115.152:443 maxwellcasting.com tcp
US 23.236.62.72:80 regalcredit.com tcp
US 52.101.9.5:110 pianofutures-com.mail.protection.outlook.com tcp
CH 91.208.173.142:993 mail.jtbank.ch tcp
SG 68.178.224.133:80 glaucuslogistics.com tcp
US 52.101.8.34:993 superiorpmw-com.mail.protection.outlook.com tcp
US 52.101.10.5:587 pianofutures-com.mail.protection.outlook.com tcp
US 8.8.8.8:53 ssh.berrystreetproperties.com udp
US 52.101.41.0:110 superiorpmw-com.mail.protection.outlook.com tcp
US 52.101.8.32:993 pianofutures-com.mail.protection.outlook.com tcp
US 52.101.8.34:587 superiorpmw-com.mail.protection.outlook.com tcp
US 52.101.10.6:993 pianofutures-com.mail.protection.outlook.com tcp
US 104.47.59.138:587 innovativecontrolsys-com.mail.protection.outlook.com tcp
US 52.101.41.0:993 superiorpmw-com.mail.protection.outlook.com tcp
DE 217.160.0.2:990 regipa.com tcp
US 104.21.92.162:995 gufum.com tcp
US 8.8.8.8:53 ftp.regalcredit.com udp
US 8.8.8.8:53 ftp.alliance-enterprise.com udp
CH 91.208.173.142:587 mail.jtbank.ch tcp
US 52.101.9.0:587 pianofutures-com.mail.protection.outlook.com tcp
US 104.21.37.114:443 innovativecontrolsys.com tcp
US 52.101.41.0:587 superiorpmw-com.mail.protection.outlook.com tcp
US 52.101.40.4:110 superiorpmw-com.mail.protection.outlook.com tcp
US 52.101.10.6:587 pianofutures-com.mail.protection.outlook.com tcp
FI 142.250.150.27:110 alt3.aspmx.l.google.com tcp
US 3.33.130.190:443 superiorpmw.com tcp
CH 91.208.173.130:80 jtbank.ch tcp
DE 217.160.0.2:80 regipa.com tcp
US 52.101.10.5:110 pianofutures-com.mail.protection.outlook.com tcp
US 52.101.10.2:110 regalcredit-com.mail.protection.outlook.com tcp
US 104.21.37.114:222 innovativecontrolsys.com tcp
DE 64.190.63.222:465 ou.pt tcp
US 52.101.10.6:993 pianofutures-com.mail.protection.outlook.com tcp
US 104.47.66.10:220 innovativecontrolsys-com.mail.protection.outlook.com tcp
RO 81.196.191.10:21 parteecogrup.ro tcp
FI 65.109.115.152:443 maxwellcasting.com tcp
US 23.236.62.72:443 ftp.regalcredit.com tcp
DE 64.190.63.222:993 ou.pt tcp
DE 217.160.0.143:2222 alliance-enterprise.com tcp
US 52.101.10.2:993 regalcredit-com.mail.protection.outlook.com tcp
US 52.101.10.5:110 pianofutures-com.mail.protection.outlook.com tcp
US 52.101.40.0:587 pianofutures-com.mail.protection.outlook.com tcp
US 173.230.139.246:220 mail.gufum.com tcp
GB 109.203.109.104:80 swoi.co.uk tcp
DE 217.160.0.2:222 regipa.com tcp
GB 109.203.109.104:2222 swoi.co.uk tcp
US 52.101.42.9:110 superiorpmw-com.mail.protection.outlook.com tcp
GB 109.203.109.104:990 swoi.co.uk tcp
US 104.47.59.138:110 innovativecontrolsys-com.mail.protection.outlook.com tcp
US 52.101.41.4:110 pianofutures-com.mail.protection.outlook.com tcp
US 8.8.8.8:53 ftp.pianofutures.com udp
US 8.8.8.8:53 ssh.quint.ag udp
US 8.8.8.8:53 innovativecontrolsys-com.mail.protection.outlook.com udp
US 8.8.8.8:53 ftp.ou.pt udp
US 8.8.8.8:53 pop.berrystreetproperties.com udp
US 23.236.62.72:21 ftp.regalcredit.com tcp
RO 81.196.191.10:22 parteecogrup.ro tcp
CH 91.208.173.130:2222 jtbank.ch tcp
US 172.67.207.211:222 innovativecontrolsys.com tcp
DE 64.190.63.222:2222 ftp.ou.pt tcp
US 52.101.10.5:220 pianofutures-com.mail.protection.outlook.com tcp
US 173.230.139.246:25 mail.gufum.com tcp
US 216.69.141.67:2222 ftp.pianofutures.com tcp
US 216.69.141.67:80 ftp.pianofutures.com tcp
US 104.21.37.114:80 innovativecontrolsys.com tcp
US 3.33.130.190:80 superiorpmw.com tcp
US 52.101.9.17:220 superiorpmw-com.mail.protection.outlook.com tcp
BE 66.102.1.26:220 aspmx.l.google.com tcp
US 8.8.8.8:53 parclan.com udp
US 8.8.8.8:53 superiorpmw-com.mail.protection.outlook.com udp
US 8.8.8.8:53 regalcredit-com.mail.protection.outlook.com udp
US 8.8.8.8:53 ftp.jtbank.ch udp
US 8.8.8.8:53 pianofutures-com.mail.protection.outlook.com udp
US 8.8.8.8:53 mail.parteecogrup.ro udp
US 8.8.8.8:53 parclan.com udp
FI 142.250.150.27:993 alt3.aspmx.l.google.com tcp
GB 109.203.109.104:143 swoi.co.uk tcp
SG 68.178.224.133:2222 glaucuslogistics.com tcp
US 104.47.55.138:25 innovativecontrolsys-com.mail.protection.outlook.com tcp
DE 64.190.63.222:21 ftp.ou.pt tcp
FI 65.109.115.152:443 maxwellcasting.com tcp
RO 81.196.191.10:220 mail.parteecogrup.ro tcp
DE 217.160.0.2:80 regipa.com tcp
US 104.47.59.138:220 innovativecontrolsys-com.mail.protection.outlook.com tcp
US 216.69.141.67:21 ftp.pianofutures.com tcp
US 172.67.195.176:995 gufum.com tcp
US 23.236.62.72:995 ftp.regalcredit.com tcp
CH 91.208.173.142:110 mail.jtbank.ch tcp
GB 109.203.109.104:80 swoi.co.uk tcp
FI 142.250.150.27:587 alt3.aspmx.l.google.com tcp
US 52.101.9.0:25 superiorpmw-com.mail.protection.outlook.com tcp
US 8.8.8.8:53 ftp.glaucuslogistics.com udp
US 8.8.8.8:53 ftp.regipa.com udp
US 8.8.8.8:53 outlook.co.tcom udp
RO 81.196.191.10:995 mail.parteecogrup.ro tcp
US 52.101.42.10:25 pianofutures-com.mail.protection.outlook.com tcp
US 3.33.130.190:21 superiorpmw.com tcp
US 3.33.130.190:22 superiorpmw.com tcp
US 52.101.42.10:220 pianofutures-com.mail.protection.outlook.com tcp
CH 91.208.173.130:21 ftp.jtbank.ch tcp
US 23.236.62.72:80 ftp.regalcredit.com tcp
BE 66.102.1.26:25 aspmx.l.google.com tcp
FI 142.250.150.27:995 alt3.aspmx.l.google.com tcp
US 52.101.40.4:220 pianofutures-com.mail.protection.outlook.com tcp
US 52.101.40.1:25 pianofutures-com.mail.protection.outlook.com tcp
RO 81.196.191.10:25 mail.parteecogrup.ro tcp
US 3.33.130.190:995 superiorpmw.com tcp
US 52.101.9.2:25 regalcredit-com.mail.protection.outlook.com tcp
SG 68.178.224.133:21 ftp.glaucuslogistics.com tcp
US 52.101.40.1:220 pianofutures-com.mail.protection.outlook.com tcp
US 104.21.92.162:995 gufum.com tcp
DE 64.190.63.222:110 ftp.ou.pt tcp
SG 68.178.224.133:80 ftp.glaucuslogistics.com tcp
US 104.21.37.114:995 innovativecontrolsys.com tcp
ES 82.165.2.242:21 ftp.regipa.com tcp
FI 142.250.150.27:110 alt3.aspmx.l.google.com tcp
US 216.69.141.67:995 ftp.pianofutures.com tcp
US 52.101.42.13:25 superiorpmw-com.mail.protection.outlook.com tcp
US 8.8.8.8:53 outlook.co.tcom udp
US 8.8.8.8:53 vfe.waom udp
US 8.8.8.8:53 stc.net.sa udp
US 8.8.8.8:53 fast-technologies.com udp
US 8.8.8.8:53 alliedprintgroup.com udp
US 8.8.8.8:53 vfe.waom udp
US 8.8.8.8:53 alliedprintgroup.com udp
US 8.8.8.8:53 outlook.co.tcom udp
US 8.8.8.8:53 stc.net.sa udp
US 8.8.8.8:53 mail.parclan.com udp
US 8.8.8.8:53 ftp.swoi.co.uk udp
US 52.101.194.3:25 pianofutures-com.mail.protection.outlook.com tcp
US 15.197.148.33:21 superiorpmw.com tcp
US 52.101.10.8:220 regalcredit-com.mail.protection.outlook.com tcp
US 15.197.148.33:22 superiorpmw.com tcp
US 52.101.194.3:220 pianofutures-com.mail.protection.outlook.com tcp
US 172.67.207.211:995 innovativecontrolsys.com tcp
US 15.197.148.33:995 superiorpmw.com tcp
CH 91.208.173.142:220 mail.jtbank.ch tcp
US 8.8.8.8:53 fast-technologies.com udp
DE 217.160.0.2:80 regipa.com tcp
US 104.21.37.114:443 innovativecontrolsys.com tcp
US 104.47.55.138:220 innovativecontrolsys-com.mail.protection.outlook.com tcp
RO 81.196.191.10:990 mail.parteecogrup.ro tcp
GB 109.203.109.104:993 ftp.swoi.co.uk tcp
FI 65.109.115.152:443 maxwellcasting.com tcp
US 23.236.62.72:21 ftp.regalcredit.com tcp
US 104.21.37.114:222 innovativecontrolsys.com tcp
US 172.67.195.176:143 gufum.com tcp
DE 217.160.0.2:2222 regipa.com tcp
US 74.208.5.3:143 mx00.ionos.com tcp
US 216.69.141.67:2222 ftp.pianofutures.com tcp
US 157.230.203.88:143 mail.parclan.com tcp
US 52.101.9.2:220 regalcredit-com.mail.protection.outlook.com tcp
US 104.21.92.162:143 gufum.com tcp
DE 64.190.63.222:587 ftp.ou.pt tcp
US 173.231.192.44:21 alliedprintgroup.com tcp
US 173.230.139.246:2525 mail.gufum.com tcp
US 216.69.141.67:21 ftp.pianofutures.com tcp
GB 109.203.109.104:2222 ftp.swoi.co.uk tcp
RO 81.196.191.10:222 mail.parteecogrup.ro tcp
DE 64.190.63.222:2222 ftp.ou.pt tcp
US 8.8.8.8:53 khanhhoa.edu.om udp
US 8.8.8.8:53 dsplus.co udp
US 8.8.8.8:53 haebom.ga udp
US 8.8.8.8:53 haebom.ga udp
US 8.8.8.8:53 dan.ul.com udp
US 8.8.8.8:53 regalcredit.com udp
US 8.8.8.8:53 superiorpmw-com.mail.protection.outlook.com udp
US 8.8.8.8:53 innovativecontrolsys-com.mail.protection.outlook.com udp
US 8.8.8.8:53 regalcredit-com.mail.protection.outlook.com udp
US 8.8.8.8:53 khanhhoa.edu.om udp
US 8.8.8.8:53 aspmx2.googlemail.com udp
US 3.33.130.190:443 superiorpmw.com tcp
US 157.230.203.88:465 mail.parclan.com tcp
US 162.255.119.53:22 fast-technologies.com tcp
CH 91.208.173.130:2222 ftp.jtbank.ch tcp
US 23.236.62.72:443 regalcredit.com tcp
RO 81.196.191.10:25 mail.parteecogrup.ro tcp
US 8.8.8.8:53 haebom.ga udp
US 8.8.8.8:53 idfc-ag.com udp
US 8.8.8.8:53 realia.co udp
US 8.8.8.8:53 pianofutures-com.mail.protection.outlook.com udp
US 8.8.8.8:53 alt4.aspmx.l.google.com udp
US 8.8.8.8:53 dsplus.co udp
US 8.8.8.8:53 ssh.alliance-enterprise.com udp
US 8.8.8.8:53 dan.ul.com udp
US 8.8.8.8:53 dan.ul.com udp
US 8.8.8.8:53 mail.ou.pt udp
US 8.8.8.8:53 stcimss1.stc.com.sa udp
US 216.69.141.67:80 ftp.pianofutures.com tcp
US 104.21.37.114:80 innovativecontrolsys.com tcp
US 8.8.8.8:53 standard-logistic.rs udp
US 8.8.8.8:53 ssh.pianofutures.com udp
US 8.8.8.8:53 idfc-ag.com udp
US 8.8.8.8:53 idfc-ag.com udp
US 8.8.8.8:53 ssh.swoi.co.uk udp
RO 81.196.191.10:80 mail.parteecogrup.ro tcp
CH 91.208.173.142:25 mail.jtbank.ch tcp
US 162.255.119.53:80 fast-technologies.com tcp
US 8.8.8.8:53 realia.co udp
US 8.8.8.8:53 ssh.ou.pt udp
US 8.8.8.8:53 ssh.jtbank.ch udp
US 8.8.8.8:53 dsplus-co.mail.protection.outlook.com udp
US 3.33.130.190:80 superiorpmw.com tcp
GB 109.203.109.104:80 ftp.swoi.co.uk tcp
US 8.8.8.8:53 dollve.fr udp
US 8.8.8.8:53 earncashie.ml udp
US 8.8.8.8:53 gmail.c.th udp
US 8.8.8.8:53 superiorpmw-com.mail.protection.outlook.com udp
US 8.8.8.8:53 standard-logistic.rs udp
US 8.8.8.8:53 regalcredit-com.mail.protection.outlook.com udp
US 8.8.8.8:53 dollve.fr udp
US 8.8.8.8:53 standard-logistic.rs udp
US 8.8.8.8:53 standard-logistic.rs udp
US 8.8.8.8:53 pianofutures-com.mail.protection.outlook.com udp
US 8.8.8.8:53 innovativecontrolsys-com.mail.protection.outlook.com udp
US 8.8.8.8:53 realia-co.mail.protection.outlook.com udp
US 8.8.8.8:53 earncashie.ml udp
US 8.8.8.8:53 realia-co.mail.protection.outlook.com udp
US 8.8.8.8:53 earncashie.ml udp
US 8.8.8.8:53 midplainspower.com udp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
US 8.8.8.8:53 www.fast-technologies.com udp
US 8.8.8.8:53 gmail.c.th udp
US 8.8.8.8:53 ftp.parteecogrup.ro udp
US 8.8.8.8:53 midplainspower.com udp
US 8.8.8.8:53 pop.quint.ag udp
US 8.8.8.8:53 ssh.regipa.com udp
SG 68.178.224.133:80 ftp.glaucuslogistics.com tcp
US 23.236.62.72:80 regalcredit.com tcp
US 173.231.192.44:80 alliedprintgroup.com tcp
US 104.21.37.114:443 innovativecontrolsys.com tcp
US 20.49.97.15:80 dsplus.co tcp
DE 217.160.0.143:80 alliance-enterprise.com tcp
US 15.197.142.173:80 realia.co tcp
DE 217.160.0.2:80 regipa.com tcp
US 3.33.130.190:443 superiorpmw.com tcp
US 162.255.119.53:80 fast-technologies.com tcp
RO 81.196.191.10:80 ftp.parteecogrup.ro tcp
RS 194.106.182.2:80 standard-logistic.rs tcp
US 216.69.141.67:80 ftp.pianofutures.com tcp
US 8.8.8.8:53 vervel.eu udp
US 8.8.8.8:53 velammalnexus.com udp
US 8.8.8.8:53 astroquick.fr udp
US 8.8.8.8:53 dsplus-co.mail.protection.outlook.com udp
US 8.8.8.8:53 gmaqq.com udp
US 8.8.8.8:53 velammalnexus.com udp
US 8.8.8.8:53 vervel.eu udp
US 8.8.8.8:53 astroquick.fr udp
US 8.8.8.8:53 vervel.eu udp
US 8.8.8.8:53 innovativecontrolsys-com.mail.protection.outlook.com udp
US 8.8.8.8:53 realia-co.mail.protection.outlook.com udp
US 8.8.8.8:53 pop3.berrystreetproperties.com udp
US 8.8.8.8:53 realia-co.mail.protection.outlook.com udp
US 8.8.8.8:53 pianofutures-com.mail.protection.outlook.com udp
US 8.8.8.8:53 regalcredit-com.mail.protection.outlook.com udp
US 8.8.8.8:53 gmaqq.com udp
US 8.8.8.8:53 pop.gufum.com udp
US 8.8.8.8:53 ftp.superiorpmw.com udp
US 8.8.8.8:53 superiorpmw-com.mail.protection.outlook.com udp
US 8.8.8.8:53 office365.ail.com udp
GB 109.203.109.104:80 ftp.swoi.co.uk tcp
GB 109.203.109.104:80 ftp.swoi.co.uk tcp
US 20.49.97.15:443 dsplus.co tcp
SG 68.178.224.133:80 ftp.glaucuslogistics.com tcp
DE 217.160.0.143:80 alliance-enterprise.com tcp
US 15.197.142.173:80 realia.co tcp
DE 217.160.0.2:80 regipa.com tcp
US 173.231.192.44:80 alliedprintgroup.com tcp
US 20.49.97.15:443 dsplus.co tcp
US 104.21.37.114:80 innovativecontrolsys.com tcp
US 8.8.8.8:53 brizy.io udp
US 8.8.8.8:53 gmail.cl.rr.com udp
US 8.8.8.8:53 ssh.innovativecontrolsys.com udp
US 8.8.8.8:53 imap.berrystreetproperties.com udp
US 8.8.8.8:53 mx1.forwardemail.net udp
US 8.8.8.8:53 office365.ail.com udp
US 8.8.8.8:53 brizy.io udp
US 8.8.8.8:53 ovooovo.com udp
US 8.8.8.8:53 bylup.com udp
US 8.8.8.8:53 gmail.cl.rr.com udp
US 8.8.8.8:53 velammalnexus.com udp
US 8.8.8.8:53 mail.swoi.co.uk udp
US 8.8.8.8:53 ftp.alliedprintgroup.com udp
US 8.8.8.8:53 realia-co.mail.protection.outlook.com udp
RS 194.106.182.2:80 standard-logistic.rs tcp
US 8.8.8.8:53 regalcredit-com.mail.protection.outlook.com udp
US 8.8.8.8:53 mxb.ovh.net udp
US 8.8.8.8:53 mx1.ovh.net udp
US 8.8.8.8:53 dsplus-co.mail.protection.outlook.com udp
US 8.8.8.8:53 dsplus-co.mail.protection.outlook.com udp
US 8.8.8.8:53 mail.regalcredit.com udp
US 8.8.8.8:53 pop.parteecogrup.ro udp
US 8.8.8.8:53 mail.innovativecontrolsys.com udp
US 8.8.8.8:53 velammalnexus.com udp
US 8.8.8.8:53 pianofutures-com.mail.protection.outlook.com udp
US 8.8.8.8:53 innovativecontrolsys-com.mail.protection.outlook.com udp
US 8.8.8.8:53 ftp.parclan.com udp
US 8.8.8.8:53 bylup.com udp
US 8.8.8.8:53 superiorpmw-com.mail.protection.outlook.com udp
US 8.8.8.8:53 mail.superiorpmw.com udp
US 8.8.8.8:53 velammalnexus.com udp
US 3.33.130.190:80 ftp.superiorpmw.com tcp
US 8.8.8.8:53 gmkgroup.co.za udp
US 8.8.8.8:53 emdeteceirl.com udp
US 8.8.8.8:53 dsplus-co.mail.protection.outlook.com udp
US 8.8.8.8:53 velammalnexus.com udp
US 8.8.8.8:53 ftp.outlook.co.tcom udp
US 8.8.8.8:53 ovooovo.com udp
US 8.8.8.8:53 mail.pianofutures.com udp
US 8.8.8.8:53 gmkgroup.co.za udp
DE 217.160.0.143:80 alliance-enterprise.com tcp
US 15.197.142.173:80 realia.co tcp
DE 217.160.0.2:80 regipa.com tcp
IN 65.2.105.240:80 velammalnexus.com tcp
US 173.231.192.44:80 ftp.alliedprintgroup.com tcp
US 8.8.8.8:53 gopek.us udp
US 8.8.8.8:53 emdeteceirl.com udp
US 23.236.62.72:80 mail.regalcredit.com tcp
FR 213.186.33.87:80 vervel.eu tcp
FR 213.186.33.2:80 astroquick.fr tcp
GB 109.203.109.104:80 mail.swoi.co.uk tcp
US 8.8.8.8:53 velammalnexus.com udp
US 8.8.8.8:53 ambientesconfortables.com udp
US 8.8.8.8:53 gmaihotmail.co.uk udp
US 8.8.8.8:53 mx.mail-data.net udp
US 8.8.8.8:53 dsplus-co.mail.protection.outlook.com udp
US 8.8.8.8:53 innovativecontrolsys-com.mail.protection.outlook.com udp
US 8.8.8.8:53 pop.jtbank.ch udp
US 8.8.8.8:53 ssh.parteecogrup.ro udp
US 8.8.8.8:53 ssh.superiorpmw.com udp
US 8.8.8.8:53 aspmx3.googlemail.com udp
US 8.8.8.8:53 realia-co.mail.protection.outlook.com udp
US 8.8.8.8:53 ftp.haebom.ga udp
US 8.8.8.8:53 gopek.us udp
US 8.8.8.8:53 ftp.vfe.waom udp
US 8.8.8.8:53 ftp.fast-technologies.com udp
US 8.8.8.8:53 ftp.dsplus.co udp
US 8.8.8.8:53 regalcredit.com udp
US 8.8.8.8:53 superiorpmw-com.mail.protection.outlook.com udp
US 8.8.8.8:53 usw4.bumpemail.com udp
US 8.8.8.8:53 ambientesconfortables.com udp
US 8.8.8.8:53 pianofutures-com.mail.protection.outlook.com udp
US 20.49.97.15:80 dsplus.co tcp
US 8.8.8.8:53 proton.me udp
DE 217.160.0.143:80 alliance-enterprise.com tcp
US 216.69.141.67:80 ftp.pianofutures.com tcp
US 192.124.249.103:80 brizy.io tcp
RO 81.196.191.10:80 ftp.parteecogrup.ro tcp
US 162.255.119.53:80 fast-technologies.com tcp
US 15.197.142.173:80 realia.co tcp
US 8.8.8.8:53 regalcredit-com.mail.protection.outlook.com udp
US 8.8.8.8:53 lahoku.com udp
US 8.8.8.8:53 alunos.estacio.br udp
US 8.8.8.8:53 velammalnexus.com udp
US 8.8.8.8:53 pop.ou.pt udp
US 8.8.8.8:53 realia-co.mail.protection.outlook.com udp
US 8.8.8.8:53 www.astroquick.fr udp
US 8.8.8.8:53 ftp.stc.net.sa udp
US 8.8.8.8:53 ftp.dan.ul.com udp
US 8.8.8.8:53 gmaihotmail.co.uk udp
US 8.8.8.8:53 ftp.khanhhoa.edu.om udp
US 8.8.8.8:53 aorjesuits.org udp
US 8.8.8.8:53 imap.quint.ag udp
US 8.8.8.8:53 lahoku.com udp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
US 8.8.8.8:53 proton.me udp
US 8.8.8.8:53 dsplus-co.mail.protection.outlook.com udp
US 8.8.8.8:53 dsplus-co.mail.protection.outlook.com udp
US 8.8.8.8:53 domains.33mail.com udp
US 173.231.192.44:80 ftp.alliedprintgroup.com tcp
IN 65.2.105.240:80 velammalnexus.com tcp
FR 213.186.33.87:80 vervel.eu tcp
SG 68.178.224.133:80 ftp.glaucuslogistics.com tcp
US 8.8.8.8:53 ftp.idfc-ag.com udp
FR 213.186.33.2:80 www.astroquick.fr tcp
DE 217.160.0.2:80 regipa.com tcp
US 3.33.130.190:80 emdeteceirl.com tcp
ZA 164.160.91.20:80 gmkgroup.co.za tcp
ZA 164.160.91.20:80 gmkgroup.co.za tcp
GB 109.203.109.104:80 mail.swoi.co.uk tcp
US 8.8.8.8:53 superiorpmw-com.mail.protection.outlook.com udp
US 8.8.8.8:53 ftp.standard-logistic.rs udp
US 8.8.8.8:53 ftp.innovativecontrolsys.com udp
US 8.8.8.8:53 dsplus-co.mail.protection.outlook.com udp
US 8.8.8.8:53 innovativecontrolsys-com.mail.protection.outlook.com udp
US 8.8.8.8:53 alunos.estacio.br udp
US 8.8.8.8:53 realia-co.mail.protection.outlook.com udp
US 8.8.8.8:53 mail.vfe.waom udp
US 8.8.8.8:53 velammalnexus.com udp
US 8.8.8.8:53 aorjesuits.org udp
US 8.8.8.8:53 ftp.dollve.fr udp
US 8.8.8.8:53 mail.outlook.co.tcom udp
US 8.8.8.8:53 aluno.ce.gov.br udp
US 8.8.8.8:53 mvmsz.hu udp
US 8.8.8.8:53 gmai.jp udp
US 8.8.8.8:53 x365g.onmicrosoft.com udp
US 8.8.8.8:53 pixnplay.com udp
US 8.8.8.8:53 usbc.be udp
US 8.8.8.8:53 gmail.ps udp
US 8.8.8.8:53 ftp.gufum.com udp
US 8.8.8.8:53 imap.gufum.com udp
US 8.8.8.8:53 mvmsz.hu udp
US 8.8.8.8:53 pianofutures-com.mail.protection.outlook.com udp
US 8.8.8.8:53 ftp.earncashie.ml udp
US 8.8.8.8:53 mail.protonmail.ch udp
US 8.8.8.8:53 mail.haebom.ga udp
US 8.8.8.8:53 gmai.jp udp
US 8.8.8.8:53 mail.dan.ul.com udp
US 8.8.8.8:53 aluno.ce.gov.br udp
US 8.8.8.8:53 mx1-us1.ppe-hosted.com udp
US 8.8.8.8:53 aluno.ce.gov.br udp
US 8.8.8.8:53 velammalnexus.com udp
US 8.8.8.8:53 mail.regalcredit.com udp
US 8.8.8.8:53 regalcredit-com.mail.protection.outlook.com udp
US 8.8.8.8:53 stcimss2.stc.com.sa udp
US 8.8.8.8:53 velammalnexus.com udp
US 8.8.8.8:53 x365g.onmicrosoft.com udp
US 8.8.8.8:53 ssh.parclan.com udp
US 8.8.8.8:53 mail.idfc-ag.com udp
US 8.8.8.8:53 velammalnexus.com udp
US 8.8.8.8:53 ftp.realia.co udp
US 8.8.8.8:53 ssh.outlook.co.tcom udp
US 15.197.142.173:80 realia.co tcp
US 65.99.205.146:80 ambientesconfortables.com tcp
IN 65.2.105.240:443 velammalnexus.com tcp
US 20.49.97.15:443 dsplus.co tcp
FR 213.186.33.87:80 vervel.eu tcp
DE 185.70.42.45:80 proton.me tcp
US 162.255.119.53:80 fast-technologies.com tcp
US 216.69.141.67:80 ftp.pianofutures.com tcp
RO 81.196.191.10:80 ftp.parteecogrup.ro tcp
DE 217.160.0.2:80 regipa.com tcp
US 162.255.119.108:80 gopek.us tcp
US 173.231.192.44:80 ftp.alliedprintgroup.com tcp
US 65.99.205.146:80 ambientesconfortables.com tcp
US 8.8.8.8:53 ssh.fast-technologies.com udp
US 8.8.8.8:53 alunos-estacio-br.mail.protection.outlook.com udp
US 8.8.8.8:53 pixnplay.com udp
US 8.8.8.8:53 usw4.bumpemail.com udp
US 8.8.8.8:53 gmail.ps udp
US 8.8.8.8:53 ftp.vervel.eu udp
US 8.8.8.8:53 ssh.vfe.waom udp
US 8.8.8.8:53 mail.khanhhoa.edu.om udp
US 8.8.8.8:53 regalcredit.com udp
US 8.8.8.8:53 dns-computer.net udp
US 8.8.8.8:53 usbc.be udp
US 8.8.8.8:53 ftp.astroquick.fr udp
US 8.8.8.8:53 dns-computer.net udp
US 8.8.8.8:53 superiorpmw-com.mail.protection.outlook.com udp
US 8.8.8.8:53 pop3.quint.ag udp
US 8.8.8.8:53 srivango.com udp
US 8.8.8.8:53 ftp.gmail.c.th udp
US 8.8.8.8:53 innovativecontrolsys-com.mail.protection.outlook.com udp
US 8.8.8.8:53 realia-co.mail.protection.outlook.com udp
US 8.8.8.8:53 fregmail.com udp
FR 213.186.33.2:80 www.astroquick.fr tcp
US 8.8.8.8:53 srivango.com udp
US 8.8.8.8:53 centeronline.edu.vn udp
US 8.8.8.8:53 velammalnexus.com udp
US 8.8.8.8:53 dsplus-co.mail.protection.outlook.com udp
US 8.8.8.8:53 kamsmad.com udp
US 8.8.8.8:53 ftp.midplainspower.com udp
SG 68.178.224.133:80 ftp.glaucuslogistics.com tcp
GB 109.203.109.104:80 mail.swoi.co.uk tcp
US 8.8.8.8:53 icl.co.uk udp
US 50.87.147.129:80 aorjesuits.org tcp
ZA 164.160.91.20:80 gmkgroup.co.za tcp
US 192.124.249.103:443 brizy.io tcp
DE 217.160.0.143:80 alliance-enterprise.com tcp

Files

memory/2916-2-0x0000000000220000-0x000000000022B000-memory.dmp

memory/2916-1-0x0000000002390000-0x0000000002490000-memory.dmp

memory/2916-3-0x0000000000400000-0x00000000022D1000-memory.dmp

memory/1196-4-0x0000000002E30000-0x0000000002E46000-memory.dmp

memory/2916-5-0x0000000000400000-0x00000000022D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\6C2B.exe

MD5 398ab69b1cdc624298fbc00526ea8aca
SHA1 b2c76463ae08bb3a08accfcbf609ec4c2a9c0821
SHA256 ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be
SHA512 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739

memory/2544-17-0x0000000003600000-0x00000000037B8000-memory.dmp

memory/2544-22-0x00000000037C0000-0x0000000003977000-memory.dmp

memory/2544-21-0x0000000003600000-0x00000000037B8000-memory.dmp

memory/2700-20-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2700-24-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2700-27-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2700-28-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2700-29-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2700-30-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2700-31-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\72C1.dll

MD5 9b1697d40dfd386fdd7e9327844f301a
SHA1 e75defb119e2c7b7d3f75ab70a100ec504af5ebf
SHA256 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d
SHA512 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69

memory/2432-39-0x0000000010000000-0x0000000010202000-memory.dmp

memory/2432-41-0x0000000000110000-0x0000000000116000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 46b1068f4a605358281eafb05bf4f7ce
SHA1 acdaf418f82cb4fdaa43c5e41c3c1381b14faa23
SHA256 df3c7e15390ddbf8b5a191788af6a5e3adaa25915deeecc34b664cc7b2f061ba
SHA512 3a1df0477ab7bfd322a2e382aa85c385017c7bf5435847344dd6a811f32d6a503da326453b89b81613ffa34257a7f765c71a2202bba89252f22e0b66d4bbbadb

memory/2432-50-0x0000000002530000-0x0000000002658000-memory.dmp

memory/2432-51-0x0000000002660000-0x000000000276D000-memory.dmp

memory/2432-54-0x0000000002660000-0x000000000276D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\850A.exe

MD5 5a95b79f59a43fe99cc66e1b1f28b295
SHA1 fdedd488be6d3153439b8da1932216c71e279504
SHA256 a4c663eeb5fdaf71b6c5c04c0817ee83b268e202b053c3eba23754d3c47c2fdd
SHA512 1c7748c2bcf806c16cb3c23eb1cf68099c7119b4a80ef76d102fdceab36805d2542f2d667a948d78a202d2b3ce272a57743b9d6bdf06d071c45288998ae82b73

C:\Users\Admin\AppData\Local\Temp\850A.exe

MD5 4e66ddefa200a2799b61642f2ce006ea
SHA1 52a8da4f9dfa61def238158a4b694582ceb8acc4
SHA256 7eae467f9395b017dde39767470c47b9b8027df75bc5cb72435799c2c256a6b9
SHA512 a07522ed184a930fbc6b04727309a704cfe004a71479a59ea71ff562ec509460ae5a770ab088fca9840a3ab515b6d976ab0eb93a9a5e3af7f1e813244322c730

memory/1592-61-0x00000000000F0000-0x00000000000F1000-memory.dmp

memory/1592-64-0x00000000000F0000-0x00000000000F1000-memory.dmp

memory/1592-63-0x0000000001080000-0x0000000001971000-memory.dmp

memory/1592-66-0x00000000000F0000-0x00000000000F1000-memory.dmp

memory/1592-67-0x0000000077AA0000-0x0000000077AA1000-memory.dmp

memory/1592-70-0x0000000000100000-0x0000000000101000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 c7eddb792c8cf67534a9e7b578fd626c
SHA1 6262e7282cafdab451a7d2d510813802731578b0
SHA256 f3e3a2c6ace6bc4a7e0f832289b204197718443880e07a273ef6a6fead72e9b2
SHA512 70d061039d57d33f42d34fd09524e66f7c210de0685f6b6d7db1e00b51e059337bac8bb0b68922c1c4e17e29b30ec3a473e6c2dc1f6b1b73f054951eab3acc30

C:\Users\Admin\AppData\Local\Temp\8C2C.exe

MD5 938a4855471e0480aa40d77f313a3edc
SHA1 18918b6771d11b102553b585f0423b961c331949
SHA256 4876077475e867e7264eaa2da1e9a581cd705c892a044f60ebb8e14e59ae26c7
SHA512 738408b6f2d957d69506af10a912c0e9033447f52c818e07b30df7c60ec6b711a815f2ec35dffd5a1de485da5fa7832f69dedca216d3458ede716cab0ccefff2

C:\Users\Admin\AppData\Local\Temp\8C2C.exe

MD5 b8eab14d87bc6067e0a49d259a3426e2
SHA1 e1ceb7f0342ed7b009da6458138ef611619b1b1c
SHA256 5a887427d2ae4accab46b9171ffe1c8b09a6c73e5af9f55946d39564ac27636e
SHA512 1f2f73a606d6d54293857a4f3d1953164849a6f23020d30f3c6a0d5c148695d1b70700fd10fc5547a2496ce13f06900b1d84ab97cfc85085e71370f16185896a

memory/1260-86-0x0000000000250000-0x0000000000350000-memory.dmp

memory/1260-87-0x0000000001A80000-0x0000000001AEB000-memory.dmp

memory/1260-89-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/1260-88-0x0000000000400000-0x0000000001A77000-memory.dmp

\Users\Admin\AppData\Local\Temp\850A.exe

MD5 0544b3f80b1559c9cebc13147477068c
SHA1 e12844adca336d48ffe29ae7a6a3e92b627b5f24
SHA256 af8df3be307e55d6102571ed74b7ace02e9647b6c445cf17be5804decc331229
SHA512 c3676856b10e6c0a970f6f4f23137f2b23cdddb160d695600958dc24d31f7e5ee13a9c94e721ac77caa21f14fe817174ad14942e1c796c875277ed70957b1561

\Users\Admin\AppData\Local\Temp\850A.exe

MD5 8d23a5fb5f808cb422a03d7288ff4b78
SHA1 bc7e3f98fc05ac71bd01b2a37671f533f6c59d42
SHA256 4bf0bf489991516faff3c2b1d38bb98ff1c9bdc1cfea66f4aaa8dd3bb780d82d
SHA512 18dc5701d4d146373f974dab401e93fb8406b168e632b3db82cf9953cfea8b6b35ac3a88a3af44accb3c27258afbc816d2056e5e3c17a36436ca511c9a947d1a

memory/2700-97-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1760-98-0x00000000012C0000-0x000000000174C000-memory.dmp

memory/2432-99-0x0000000010000000-0x0000000010202000-memory.dmp

memory/2700-100-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\9FBD.exe

MD5 f18882fa8d65eb81df3c7396e7abbaa5
SHA1 f5a4d66dd32aa6496c925b4ba6f0e8d05d57a93e
SHA256 ff468bac112d6ea8461894069c19a66e27de7b7fc6227d9a60967bda33dcc16a
SHA512 608ec121e063aa8cce55903a5235e8037a0d631858d14952119ca68bbf3681e2dfbb5e5f092f3b868e74990d2db6741d9ac576943320f16e07f0d03a3fd35ef6

C:\Users\Admin\AppData\Local\Temp\9FBD.exe

MD5 2c7078b90caee9d791dd338c2441ca32
SHA1 56901d99127fd701353ab7c68e66c94c49eb507c
SHA256 8ad20c4b4c312feb468a58d1748c0d7abba3dd2d0fb8e6bfbee837c47a0e8c5a
SHA512 000d81908bc2df1f09fcbf0ac50c72079064923f23fbea2ee0868590eaf693dff4246bb0090083aaec6f031b11353147393b710f72cd1e3630c2ecd071401ef6

\Users\Admin\AppData\Local\Temp\850A.exe

MD5 ea446e36071029f84b871f4ade6eb3bf
SHA1 1eb4be5b2321d2cc78e8e5b6fa0c55625fc6a612
SHA256 225a8f771eea223e9fc913d6dcbb32c93625192a82dc5671e58b16861d300568
SHA512 e356e8e4d08914658d027f2fe346143a9eaba327c02ac3093e1a4aaef7472795d098889df422d693a8914da0248f4cc7a00d335dbbd4356b886a8bd561a9268e

C:\Users\Admin\AppData\Local\Temp\B2E0.exe

MD5 38617539f3925b6017474f088cc3769a
SHA1 c689b57ab62eac790a204c8231b02bfe0bc243a6
SHA256 defe2d4c932a7ef607e8ef1a643fb57b9c69cbc53b52bf802f9471aae5caef49
SHA512 15d87c6231a8f2115ae3f0f021949d175d3f36735637c7b508a229af5b2a93f70f32e19d9b8e3d1e0fa41bd21ee46ab5d9c6ef630c826afe2210a789e5da53e7

\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

MD5 0564a9bf638169a89ccb3820a6b9a58e
SHA1 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb
SHA256 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058
SHA512 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6

memory/1760-118-0x00000000737A0000-0x0000000073E8E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1760-130-0x00000000737A0000-0x0000000073E8E000-memory.dmp

memory/1260-127-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/1188-131-0x0000000000280000-0x00000000002E7000-memory.dmp

memory/2236-129-0x0000000003660000-0x0000000003A58000-memory.dmp

memory/1188-132-0x0000000000400000-0x0000000001A4B000-memory.dmp

memory/1360-133-0x00000000023E0000-0x00000000024E0000-memory.dmp

memory/1360-134-0x0000000000220000-0x000000000022B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 0f31a6f4237fde56bde9a78573f243b6
SHA1 825c062cb3dd23aaf8e92edf374c1d4964e215a2
SHA256 5c6c2d56e5face6fa505cb52126735dd529a0a9d1601c50554b4bc5d5ea9557f
SHA512 2b546d8eb2fe937a0e401f8609d4acf745ee56062d9ed7c29effc2fd20081ecbdc4c61fd227c91081b48bc3d1c7459e3c36ca30ec47eb66dddab0a3982066706

\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 f67434fd2833efcf9ddc85aa3fcf2982
SHA1 524624bf0e6cbb26b536b04c008157e41f95dc60
SHA256 d1329c79666d11d8439c46de6a1ecfff9996a32fe52f614b0d1551bd3d267c15
SHA512 982712084ba7f87e3150767d3a669b653f4d6fa76497ee87a425efb41f3629ea2bf7aa398de9d1b91ceb3ab12c7b4d049b66cc2d9b09ee538381925179ba74b5

\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 f948e50fa1bdf826734f8cdb474beebd
SHA1 db6420f950de5fa06636c3b82b0e1dda914b5754
SHA256 8b4b335b853f2571b7868257b659023bf2bb1c53d197eab384c05a916b7281e9
SHA512 cd2c28a32746508b6234298963f3a5dcdb17567ab493897e012920b7fbd3fb4f2650685de64c32850c50079169f8e648458176db4ff61451fb22db1aaf752332

memory/1360-135-0x0000000000400000-0x00000000022D3000-memory.dmp

memory/2700-119-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2236-136-0x0000000003A60000-0x000000000434B000-memory.dmp

memory/2700-137-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1188-138-0x0000000001E70000-0x0000000001F70000-memory.dmp

memory/2236-140-0x0000000003660000-0x0000000003A58000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ux0.0.exe

MD5 5c47e4602163dd29a39294b7192f0658
SHA1 268d1bf1f4c8c8b696298f802b95af8bd3891c10
SHA256 5c0b29d51d9b148c8c19ce0efca365ccb1bbe720f634a15897684abbd1dc5d76
SHA512 7baa0359781ba21c378a0fbd37dfcde2d1b0c5a9ce3afcf8db0617f91a49dd552416c90963731798669002eda0a15f2296120cb9307c8cafef18dfdb4a52ad91

memory/2236-141-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/1196-158-0x0000000003F00000-0x0000000003F16000-memory.dmp

memory/1360-159-0x0000000000400000-0x00000000022D3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ux0.1.exe

MD5 5b87828ea000c7111084d8beed17175e
SHA1 e8aa3848e39c449051702a333e608fafd2e5330f
SHA256 1a557fae2d39d06392f4bea760fb72c87f0959a7c3ac66865e36f316866f57d3
SHA512 56b0d0e5422b89a4659969f59570962dbb267fde913ed051fbedf3d66653c9c23d15c945a6ae8ce5570af010b3671eb0be085e8afb44c3088def9f423290f385

memory/1188-176-0x0000000004C10000-0x0000000005140000-memory.dmp

memory/1188-182-0x0000000004C10000-0x0000000005140000-memory.dmp

memory/1188-177-0x0000000000400000-0x0000000001A4B000-memory.dmp

\Users\Admin\AppData\Local\Temp\ux0.1.exe

MD5 c96b4b71ab6516064923076e785865b9
SHA1 6a0b0580ef79932b00b812132b63ad147fe9adda
SHA256 f91cd76986c56d480677420a1ecc573a2e9b4406b2df3d7791bc820ec223849f
SHA512 5feba92f769e9a00d240189f843fcdeba2818cef31b1098ac6d5f5ad1a57328e949220e334db8d13b45d4008bb320ac850104096b049a72f8591d23d433fcee3

\Users\Admin\AppData\Local\Temp\ux0.1.exe

MD5 b7fbce03ceacd0d35d59fc883b7f2bc4
SHA1 115e9b6364eadb72b86b5231adf3f7645235940c
SHA256 6bd05d8d4869eda9fc07967310ebf5adbd489cf4499b45f4933fb24eea234f30
SHA512 64194db39a571f0bc657eb8faadea943728af4170a2599ad40b9e2752872fc0d0c34cc817e1bf760e1ee114fd50aeb13d58bb92cae0a5620c329470ecd0406b9

memory/1188-183-0x0000000004C10000-0x0000000005140000-memory.dmp

\Users\Admin\AppData\Local\Temp\ux0.1.exe

MD5 5c6832ee6f4401aa64ba55041a2e55b9
SHA1 4238c51b1de8c673e8da8404ea81560092036f7a
SHA256 ec63ea6421ccdba657515e55a4af428619b13996425aba0f29e147dd8ea5a9da
SHA512 c9bde035ea0c8a1883771f4c042ea4abf0bf619e739427c658e0640e3c54a9d58353d76fb748be7a696e251ac2f3bb1bee5ce8f246a356d350104b8047c56893

memory/1920-184-0x0000000000230000-0x0000000000231000-memory.dmp

memory/1920-186-0x0000000000400000-0x0000000000930000-memory.dmp

memory/2700-191-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1592-192-0x0000000001080000-0x0000000001971000-memory.dmp

memory/692-193-0x0000000002720000-0x0000000002820000-memory.dmp

memory/692-194-0x00000000003C0000-0x00000000003E7000-memory.dmp

memory/692-195-0x0000000000400000-0x00000000022DA000-memory.dmp

memory/2236-201-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/692-202-0x0000000000400000-0x00000000022DA000-memory.dmp

memory/1920-203-0x0000000000400000-0x0000000000930000-memory.dmp

memory/2700-207-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2700-210-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2236-209-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/2700-212-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2700-213-0x0000000000400000-0x0000000000848000-memory.dmp

memory/692-211-0x0000000000400000-0x00000000022DA000-memory.dmp

memory/2700-215-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2700-216-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2700-217-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2700-219-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2700-218-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2700-220-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2700-222-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2700-221-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2700-214-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2700-224-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2700-225-0x0000000000400000-0x0000000000848000-memory.dmp

\ProgramData\mozglue.dll

MD5 d59c557dbf26c0d10b81c8ed2a83919b
SHA1 a4b24205b2f6b775453d42934bfddb3ec0325cef
SHA256 947b04110fc584fc7cf02f993cdef8509dd617dd648ec51deec2a97be6ea1a18
SHA512 8a2a89a45058fdebede4649843b547721b22eb733ddbfe9dc55b57e2d3d64c444d613fe724bb54199aef11c3be5640e92bf55d696f0f95054dafd2d7022820ed

\ProgramData\nss3.dll

MD5 acfdbd77ed9a514fe9f0a5dade4a7073
SHA1 79a06e99af3774ef3f9a21011e2f440f41a05962
SHA256 bb372fbb1f556be3a864a6642be80f429fa22bda4150f7ffb64c2cddcc721dc1
SHA512 d224722e9f4cb2052d6110d80878d028e90958a374f24efd8b56fdd933f59d5e324532c020232f471d8fd0c0009c021bbb0ce76946e25b418a7f94c672d92b58

C:\Users\Admin\AppData\Roaming\Temp\Task.bat

MD5 11bb3db51f701d4e42d3287f71a6a43e
SHA1 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86
SHA256 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331
SHA512 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 44ff2ed7f28622afe0e5ba7c1cd702a7
SHA1 5aec4a3f1f3a57a7cd8a366c736e2e932f529ed8
SHA256 7d16cc26a07cc79b96c5ee6512102dae8ae526c4ae529380c412b0d45bc8351a
SHA512 c0b766f1f8a4977fdc47adbcd10dbfabc0996a9421cab4d98ded773ddcefbb101d3137beb9e2ff4ea2b5d66849875e754bcbe0486396ce6a43b15262ccf82266

memory/692-4034-0x0000000000400000-0x00000000022DA000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-29 04:55

Reported

2024-02-29 05:00

Platform

win10-20240221-en

Max time kernel

155s

Max time network

301s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe"

Signatures

DcRat

rat infostealer dcrat
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\C68C.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

Pitou

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Windows security bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\u3gc.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\u3gc.0.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Windows security modification

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\C68C.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" C:\Windows\rss\csrss.exe N/A

Checks installed software on the system

discovery

Manipulates WinMonFS driver.

rootkit evasion
Description Indicator Process Target
File opened for modification \??\WinMonFS C:\Windows\rss\csrss.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\AppData\Local\Temp\DDB1.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1008 set thread context of 220 N/A C:\Users\Admin\AppData\Local\Temp\C68C.exe C:\Users\Admin\AppData\Local\Temp\C68C.exe

Checks for VirtualBox DLLs, possible anti-VM trick

Description Indicator Process Target
File opened (read-only) \??\VBoxMiniRdrDN C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\rss C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
File created C:\Windows\rss\csrss.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
File created C:\Windows\windefender.exe C:\Windows\rss\csrss.exe N/A
File opened for modification C:\Windows\windefender.exe C:\Windows\rss\csrss.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\F7D2.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\F7D2.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\F7D2.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\u3gc.0.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\u3gc.0.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-732 = "Fiji Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1802 = "Line Islands Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-512 = "Central Asia Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-512 = "Central Asia Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-982 = "Kamchatka Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-451 = "Caucasus Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1841 = "Russia TZ 4 Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1861 = "Russia TZ 6 Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1502 = "Turkey Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1971 = "Belarus Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2002 = "Cabo Verde Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1872 = "Russia TZ 7 Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-11 = "Azores Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1021 = "Bangladesh Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-661 = "Cen. Australia Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-162 = "Central Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-232 = "Hawaiian Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-632 = "Tokyo Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-282 = "Central Europe Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-251 = "Dateline Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2512 = "Lord Howe Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1871 = "Russia TZ 7 Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2322 = "Sakhalin Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-291 = "Central European Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-122 = "SA Pacific Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-361 = "GTB Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-242 = "Samoa Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-42 = "E. South America Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-381 = "South Africa Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-105 = "Central Brazilian Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-671 = "AUS Eastern Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-11 = "Azores Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-731 = "Fiji Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-831 = "SA Eastern Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2751 = "Tomsk Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\rss\csrss.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\sc.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\sc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\u3gc.1.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3348 wrote to memory of 1008 N/A N/A C:\Users\Admin\AppData\Local\Temp\C68C.exe
PID 3348 wrote to memory of 1008 N/A N/A C:\Users\Admin\AppData\Local\Temp\C68C.exe
PID 3348 wrote to memory of 1008 N/A N/A C:\Users\Admin\AppData\Local\Temp\C68C.exe
PID 1008 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\C68C.exe C:\Users\Admin\AppData\Local\Temp\C68C.exe
PID 1008 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\C68C.exe C:\Users\Admin\AppData\Local\Temp\C68C.exe
PID 1008 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\C68C.exe C:\Users\Admin\AppData\Local\Temp\C68C.exe
PID 1008 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\C68C.exe C:\Users\Admin\AppData\Local\Temp\C68C.exe
PID 1008 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\C68C.exe C:\Users\Admin\AppData\Local\Temp\C68C.exe
PID 1008 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\C68C.exe C:\Users\Admin\AppData\Local\Temp\C68C.exe
PID 1008 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\C68C.exe C:\Users\Admin\AppData\Local\Temp\C68C.exe
PID 1008 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\C68C.exe C:\Users\Admin\AppData\Local\Temp\C68C.exe
PID 3348 wrote to memory of 3544 N/A N/A C:\Windows\system32\regsvr32.exe
PID 3348 wrote to memory of 3544 N/A N/A C:\Windows\system32\regsvr32.exe
PID 3544 wrote to memory of 3388 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3544 wrote to memory of 3388 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3544 wrote to memory of 3388 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3348 wrote to memory of 1736 N/A N/A C:\Users\Admin\AppData\Local\Temp\D93B.exe
PID 3348 wrote to memory of 1736 N/A N/A C:\Users\Admin\AppData\Local\Temp\D93B.exe
PID 3348 wrote to memory of 1736 N/A N/A C:\Users\Admin\AppData\Local\Temp\D93B.exe
PID 3348 wrote to memory of 1424 N/A N/A C:\Users\Admin\AppData\Local\Temp\DDB1.exe
PID 3348 wrote to memory of 1424 N/A N/A C:\Users\Admin\AppData\Local\Temp\DDB1.exe
PID 3348 wrote to memory of 1424 N/A N/A C:\Users\Admin\AppData\Local\Temp\DDB1.exe
PID 3348 wrote to memory of 2032 N/A N/A C:\Users\Admin\AppData\Local\Temp\EA73.exe
PID 3348 wrote to memory of 2032 N/A N/A C:\Users\Admin\AppData\Local\Temp\EA73.exe
PID 3348 wrote to memory of 2032 N/A N/A C:\Users\Admin\AppData\Local\Temp\EA73.exe
PID 2032 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\EA73.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 2032 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\EA73.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 2032 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\EA73.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 2032 wrote to memory of 3108 N/A C:\Users\Admin\AppData\Local\Temp\EA73.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 2032 wrote to memory of 3108 N/A C:\Users\Admin\AppData\Local\Temp\EA73.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 2032 wrote to memory of 3108 N/A C:\Users\Admin\AppData\Local\Temp\EA73.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 4476 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u3gc.0.exe
PID 4476 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u3gc.0.exe
PID 4476 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u3gc.0.exe
PID 3348 wrote to memory of 4768 N/A N/A C:\Users\Admin\AppData\Local\Temp\F7D2.exe
PID 3348 wrote to memory of 4768 N/A N/A C:\Users\Admin\AppData\Local\Temp\F7D2.exe
PID 3348 wrote to memory of 4768 N/A N/A C:\Users\Admin\AppData\Local\Temp\F7D2.exe
PID 4476 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u3gc.1.exe
PID 4476 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u3gc.1.exe
PID 4476 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u3gc.1.exe
PID 2952 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\u3gc.1.exe C:\Windows\SysWOW64\cmd.exe
PID 2952 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\u3gc.1.exe C:\Windows\SysWOW64\cmd.exe
PID 2952 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\u3gc.1.exe C:\Windows\SysWOW64\cmd.exe
PID 2448 wrote to memory of 924 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 2448 wrote to memory of 924 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 2448 wrote to memory of 924 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 2448 wrote to memory of 2556 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2448 wrote to memory of 2556 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2448 wrote to memory of 2556 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3108 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3108 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3108 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4924 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4924 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4924 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4924 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\System32\cmd.exe
PID 4924 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\System32\cmd.exe
PID 1848 wrote to memory of 1160 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\netsh.exe
PID 1848 wrote to memory of 1160 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\netsh.exe
PID 4924 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4924 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4924 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4924 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4924 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe

"C:\Users\Admin\AppData\Local\Temp\6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23.exe"

C:\Users\Admin\AppData\Local\Temp\C68C.exe

C:\Users\Admin\AppData\Local\Temp\C68C.exe

C:\Users\Admin\AppData\Local\Temp\C68C.exe

C:\Users\Admin\AppData\Local\Temp\C68C.exe

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\CB7F.dll

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\CB7F.dll

C:\Users\Admin\AppData\Local\Temp\D93B.exe

C:\Users\Admin\AppData\Local\Temp\D93B.exe

C:\Users\Admin\AppData\Local\Temp\DDB1.exe

C:\Users\Admin\AppData\Local\Temp\DDB1.exe

C:\Users\Admin\AppData\Local\Temp\EA73.exe

C:\Users\Admin\AppData\Local\Temp\EA73.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Users\Admin\AppData\Local\Temp\F7D2.exe

C:\Users\Admin\AppData\Local\Temp\F7D2.exe

C:\Users\Admin\AppData\Local\Temp\u3gc.0.exe

"C:\Users\Admin\AppData\Local\Temp\u3gc.0.exe"

C:\Users\Admin\AppData\Local\Temp\u3gc.1.exe

"C:\Users\Admin\AppData\Local\Temp\u3gc.1.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\rss\csrss.exe

C:\Windows\rss\csrss.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SYSTEM32\schtasks.exe

schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F

C:\Windows\SYSTEM32\schtasks.exe

schtasks /delete /tn ScheduledUpdate /f

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll

C:\Windows\SYSTEM32\schtasks.exe

schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F

C:\Windows\windefender.exe

"C:\Windows\windefender.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Windows\SysWOW64\sc.exe

sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Windows\windefender.exe

C:\Windows\windefender.exe

C:\Users\Admin\AppData\Roaming\wbgavdc

C:\Users\Admin\AppData\Roaming\wbgavdc

C:\Users\Admin\AppData\Roaming\tagavdc

C:\Users\Admin\AppData\Roaming\tagavdc

Network

Country Destination Domain Proto
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
US 8.8.8.8:53 120.85.215.91.in-addr.arpa udp
US 199.249.230.174:443 tcp
N/A 127.0.0.1:49805 tcp
US 71.200.64.77:9001 tcp
NL 51.158.147.25:443 tcp
US 8.8.8.8:53 25.147.158.51.in-addr.arpa udp
US 8.8.8.8:53 resergvearyinitiani.shop udp
US 172.67.217.100:443 resergvearyinitiani.shop tcp
DE 185.172.128.19:80 185.172.128.19 tcp
DE 93.186.202.32:9001 tcp
SE 171.25.193.9:80 tcp
US 8.8.8.8:53 100.217.67.172.in-addr.arpa udp
US 8.8.8.8:53 9.193.25.171.in-addr.arpa udp
US 8.8.8.8:53 19.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 trmpc.com udp
DE 185.172.128.90:80 185.172.128.90 tcp
MX 187.156.75.116:80 trmpc.com tcp
US 8.8.8.8:53 90.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 116.75.156.187.in-addr.arpa udp
DE 185.172.128.127:80 185.172.128.127 tcp
NL 51.15.150.228:443 tcp
NL 45.139.163.75:9300 tcp
US 8.8.8.8:53 127.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 228.150.15.51.in-addr.arpa udp
US 8.8.8.8:53 75.163.139.45.in-addr.arpa udp
DE 185.172.128.127:80 185.172.128.127 tcp
DE 185.172.128.109:80 185.172.128.109 tcp
US 8.8.8.8:53 joly.bestsup.su udp
US 104.21.29.103:80 joly.bestsup.su tcp
US 8.8.8.8:53 109.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 103.29.21.104.in-addr.arpa udp
NL 51.15.150.228:443 tcp
DE 185.172.128.145:80 185.172.128.145 tcp
NL 45.139.163.75:9300 tcp
US 8.8.8.8:53 145.128.172.185.in-addr.arpa udp
SE 193.11.114.45:9002 tcp
US 8.8.8.8:53 45.114.11.193.in-addr.arpa udp
N/A 127.0.0.1:60601 tcp
US 8.8.8.8:53 technologyenterdo.shop udp
US 172.67.180.132:443 technologyenterdo.shop tcp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 132.180.67.172.in-addr.arpa udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 detectordiscusser.shop udp
US 104.21.60.92:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 92.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 104.21.76.253:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 associationokeo.shop udp
US 104.21.10.242:443 associationokeo.shop tcp
US 8.8.8.8:53 253.76.21.104.in-addr.arpa udp
US 8.8.8.8:53 242.10.21.104.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 kamsmad.com udp
KR 210.182.29.70:80 kamsmad.com tcp
US 8.8.8.8:53 70.29.182.210.in-addr.arpa udp
KR 210.182.29.70:80 kamsmad.com tcp
KR 210.182.29.70:80 kamsmad.com tcp
KR 210.182.29.70:80 kamsmad.com tcp
KR 210.182.29.70:80 kamsmad.com tcp
KR 210.182.29.70:80 kamsmad.com tcp
KR 210.182.29.70:80 kamsmad.com tcp
KR 210.182.29.70:80 kamsmad.com tcp
US 8.8.8.8:53 c37efade-f9f8-40e6-9906-608a48be0e9b.uuid.localstats.org udp
KR 210.182.29.70:80 kamsmad.com tcp
US 8.8.8.8:53 server4.localstats.org udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 stun.ipfire.org udp
US 162.159.133.233:443 cdn.discordapp.com tcp
DE 81.3.27.44:3478 stun.ipfire.org udp
BG 185.82.216.111:443 server4.localstats.org tcp
US 8.8.8.8:53 carsalessystem.com udp
US 104.21.94.82:443 carsalessystem.com tcp
US 8.8.8.8:53 44.27.3.81.in-addr.arpa udp
US 8.8.8.8:53 233.133.159.162.in-addr.arpa udp
US 8.8.8.8:53 111.216.82.185.in-addr.arpa udp
US 8.8.8.8:53 82.94.21.104.in-addr.arpa udp
BG 185.82.216.111:443 server4.localstats.org tcp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
N/A 127.0.0.1:60601 tcp
N/A 127.0.0.1:60601 tcp
N/A 127.0.0.1:60601 tcp
US 8.8.8.8:53 yahooxample.com udp
US 8.8.8.8:53 yahooxample.com udp
US 8.8.8.8:53 qv.bg udp
US 8.8.8.8:53 qv.bg udp
US 8.8.8.8:53 ingegroup.cl udp
US 8.8.8.8:53 scoala3.ro udp
US 8.8.8.8:53 ingegroup.cl udp
N/A 127.0.0.1:60601 tcp
N/A 127.0.0.1:51908 tcp
N/A 127.0.0.1:51914 tcp
N/A 127.0.0.1:51917 tcp
US 8.8.8.8:53 scoala3.ro udp
US 8.8.8.8:53 aieseccolombia.org udp
US 8.8.8.8:53 aieseccolombia.org udp
US 8.8.8.8:53 xsvfj.onmicrosoft.com udp
N/A 127.0.0.1:51924 tcp
N/A 127.0.0.1:51926 tcp
N/A 127.0.0.1:51932 tcp
N/A 127.0.0.1:51938 tcp
N/A 127.0.0.1:51940 tcp
N/A 127.0.0.1:51943 tcp
N/A 127.0.0.1:51947 tcp
N/A 127.0.0.1:51950 tcp
N/A 127.0.0.1:51958 tcp
N/A 127.0.0.1:51962 tcp
N/A 127.0.0.1:51966 tcp
N/A 127.0.0.1:51968 tcp
N/A 127.0.0.1:51973 tcp
N/A 127.0.0.1:51978 tcp
N/A 127.0.0.1:51982 tcp
N/A 127.0.0.1:51984 tcp
N/A 127.0.0.1:51988 tcp
N/A 127.0.0.1:51992 tcp
N/A 127.0.0.1:51995 tcp
N/A 127.0.0.1:52003 tcp
N/A 127.0.0.1:52005 tcp
N/A 127.0.0.1:52010 tcp
N/A 127.0.0.1:52015 tcp
N/A 127.0.0.1:52021 tcp
N/A 127.0.0.1:52024 tcp
N/A 127.0.0.1:52029 tcp
N/A 127.0.0.1:52031 tcp
N/A 127.0.0.1:52037 tcp
N/A 127.0.0.1:52039 tcp
N/A 127.0.0.1:52042 tcp
N/A 127.0.0.1:52046 tcp
N/A 127.0.0.1:52051 tcp
N/A 127.0.0.1:52053 tcp
US 8.8.8.8:53 xsvfj.onmicrosoft.com udp
N/A 127.0.0.1:52058 tcp
N/A 127.0.0.1:52060 tcp
US 8.8.8.8:53 bigpoint.acc udp
N/A 127.0.0.1:52064 tcp
US 65.181.111.130:22 ingegroup.cl tcp
PL 86.105.187.128:22 scoala3.ro tcp
PL 86.105.187.128:21 scoala3.ro tcp
US 65.181.111.130:443 ingegroup.cl tcp
US 8.8.8.8:53 bigpoint.acc udp
US 65.181.111.130:21 ingegroup.cl tcp
US 8.8.8.8:53 mx.spamexperts.com udp
PL 86.105.187.128:443 scoala3.ro tcp
US 44.239.178.18:22 aieseccolombia.org tcp
US 44.239.178.18:21 aieseccolombia.org tcp
US 8.8.8.8:53 alt4.aspmx.l.google.com udp
US 8.8.8.8:53 liveonetrade.com.br udp
US 8.8.8.8:53 liveonetrade.com.br udp
US 8.8.8.8:53 gmaimsalud.gov.co udp
US 8.8.8.8:53 gmaimsalud.gov.co udp
US 8.8.8.8:53 130.111.181.65.in-addr.arpa udp
US 8.8.8.8:53 kingstonk12.org udp
US 8.8.8.8:53 yahooxample.com udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 xsvfj.mail.protection.outlook.com udp
US 44.239.178.18:443 aieseccolombia.org tcp
SG 74.125.200.26:143 alt4.aspmx.l.google.com tcp
GB 193.200.214.101:143 mx.spamexperts.com tcp
GB 193.200.214.101:465 mx.spamexperts.com tcp
US 65.181.111.130:80 ingegroup.cl tcp
US 8.8.8.8:53 gmaandex.by udp
US 8.8.8.8:53 qv.bg udp
PL 86.105.187.128:80 scoala3.ro tcp
US 8.8.8.8:53 18.178.239.44.in-addr.arpa udp
GB 193.200.214.101:995 mx.spamexperts.com tcp
US 65.181.111.130:80 ingegroup.cl tcp
US 8.8.8.8:53 fie.undef.edu.ar udp
US 8.8.8.8:53 gmaandex.by udp
SG 74.125.200.26:465 alt4.aspmx.l.google.com tcp
SG 74.125.200.26:995 alt4.aspmx.l.google.com tcp
BR 187.45.195.26:22 liveonetrade.com.br tcp
BR 187.45.195.26:21 liveonetrade.com.br tcp
BE 64.233.167.27:143 aspmx.l.google.com tcp
US 8.8.8.8:53 fie.undef.edu.ar udp
US 8.8.8.8:53 makingmommys.com udp
US 65.181.111.130:80 ingegroup.cl tcp
HK 52.101.132.28:143 xsvfj.mail.protection.outlook.com tcp
BE 64.233.167.27:465 aspmx.l.google.com tcp
US 44.239.178.18:80 aieseccolombia.org tcp
HK 52.101.132.28:465 xsvfj.mail.protection.outlook.com tcp
US 8.8.8.8:53 liveonetrade-com-br.mail.protection.outlook.com udp
US 8.8.8.8:53 xsvfj.onmicrosoft.com udp
US 34.238.178.141:22 kingstonk12.org tcp
BR 187.45.195.26:443 liveonetrade.com.br tcp
US 34.238.178.141:21 kingstonk12.org tcp
US 8.8.8.8:53 makingmommys.com udp
BE 64.233.167.27:995 aspmx.l.google.com tcp
US 8.8.8.8:53 aspmx3.googlemail.com udp
HK 52.101.132.28:995 xsvfj.mail.protection.outlook.com tcp
US 34.238.178.141:443 kingstonk12.org tcp
N/A 127.0.0.1:52070 tcp
US 8.8.8.8:53 yahooxample.com udp
AR 200.58.105.230:22 fie.undef.edu.ar tcp
N/A 127.0.0.1:52074 tcp
N/A 127.0.0.1:52084 tcp
N/A 127.0.0.1:52086 tcp
N/A 127.0.0.1:52090 tcp
N/A 127.0.0.1:52103 tcp
N/A 127.0.0.1:52107 tcp
N/A 127.0.0.1:52111 tcp
N/A 127.0.0.1:52114 tcp
N/A 127.0.0.1:52124 tcp
N/A 127.0.0.1:52125 tcp
N/A 127.0.0.1:52128 tcp
N/A 127.0.0.1:52132 tcp
N/A 127.0.0.1:52135 tcp
N/A 127.0.0.1:52139 tcp
N/A 127.0.0.1:52145 tcp
N/A 127.0.0.1:52151 tcp
N/A 127.0.0.1:52156 tcp
N/A 127.0.0.1:52161 tcp
N/A 127.0.0.1:52166 tcp
N/A 127.0.0.1:52168 tcp
N/A 127.0.0.1:52170 tcp
N/A 127.0.0.1:52178 tcp
N/A 127.0.0.1:52180 tcp
N/A 127.0.0.1:52182 tcp
N/A 127.0.0.1:52186 tcp
N/A 127.0.0.1:52190 tcp
N/A 127.0.0.1:52195 tcp
US 8.8.8.8:53 bigpoint.acc udp
US 8.8.8.8:53 gmaimsalud.gov.co udp
AR 200.58.105.230:21 fie.undef.edu.ar tcp
US 44.239.178.18:22 aieseccolombia.org tcp
US 8.8.8.8:53 mail.wu.ac.th udp
US 8.8.8.8:53 gmail.coco.uk udp
US 8.8.8.8:53 mail.wu.ac.th udp
US 44.239.178.18:80 aieseccolombia.org tcp
GB 193.200.214.101:465 mx.spamexperts.com tcp
NL 142.251.9.27:143 aspmx3.googlemail.com tcp
US 52.101.194.4:143 liveonetrade-com-br.mail.protection.outlook.com tcp
US 8.8.8.8:53 aspmx4.googlemail.com udp
BR 187.45.195.26:80 liveonetrade.com.br tcp
SG 52.101.137.2:143 xsvfj.mail.protection.outlook.com tcp
SG 52.101.137.2:465 xsvfj.mail.protection.outlook.com tcp
AR 200.58.105.230:443 fie.undef.edu.ar tcp
US 52.101.194.4:465 liveonetrade-com-br.mail.protection.outlook.com tcp
NL 142.251.9.27:465 aspmx3.googlemail.com tcp
US 65.181.111.130:80 ingegroup.cl tcp
US 34.238.178.141:80 kingstonk12.org tcp
US 52.101.194.4:995 liveonetrade-com-br.mail.protection.outlook.com tcp
N/A 127.0.0.1:52199 tcp
US 8.8.8.8:53 gmail.coco.uk udp
US 8.8.8.8:53 ahmi.fr udp
SG 52.101.137.2:995 xsvfj.mail.protection.outlook.com tcp
US 8.8.8.8:53 xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 141.178.238.34.in-addr.arpa udp
US 8.8.8.8:53 26.195.45.187.in-addr.arpa udp
US 8.8.8.8:53 230.105.58.200.in-addr.arpa udp
US 8.8.8.8:53 gmaandex.by udp
US 44.239.178.18:443 aieseccolombia.org tcp
US 8.8.8.8:53 ahmi.fr udp
NL 142.251.9.27:995 aspmx3.googlemail.com tcp
TH 202.28.68.76:22 mail.wu.ac.th tcp
US 65.181.111.130:80 ingegroup.cl tcp
FI 142.250.150.26:143 aspmx4.googlemail.com tcp
US 65.181.111.130:80 ingegroup.cl tcp
N/A 127.0.0.1:52203 tcp
HK 52.101.132.30:143 xsvfj.mail.protection.outlook.com tcp
HK 52.101.132.30:465 xsvfj.mail.protection.outlook.com tcp
US 8.8.8.8:53 www.kingstonk12.org udp
US 8.8.8.8:53 qv.bg udp
US 8.8.8.8:53 lexbentleyllc.com udp
US 44.239.178.18:80 aieseccolombia.org tcp
N/A 127.0.0.1:52205 tcp
US 8.8.8.8:53 lexbentleyllc.com udp
N/A 127.0.0.1:52207 tcp
N/A 127.0.0.1:52213 tcp
N/A 127.0.0.1:52217 tcp
N/A 127.0.0.1:52222 tcp
N/A 127.0.0.1:52224 tcp
N/A 127.0.0.1:52226 tcp
N/A 127.0.0.1:52235 tcp
N/A 127.0.0.1:52239 tcp
N/A 127.0.0.1:52241 tcp
N/A 127.0.0.1:52244 tcp
N/A 127.0.0.1:52247 tcp
N/A 127.0.0.1:52250 tcp
N/A 127.0.0.1:52254 tcp
US 52.101.40.6:143 liveonetrade-com-br.mail.protection.outlook.com tcp
US 65.181.111.130:21 ingegroup.cl tcp
TH 202.28.68.76:21 mail.wu.ac.th tcp
FI 142.250.150.26:465 aspmx4.googlemail.com tcp
AR 200.58.105.230:80 fie.undef.edu.ar tcp
HK 52.101.132.30:995 xsvfj.mail.protection.outlook.com tcp
US 8.8.8.8:53 makingmommys.com udp
US 52.101.40.6:465 liveonetrade-com-br.mail.protection.outlook.com tcp
US 8.8.8.8:53 ftp.yahooxample.com udp
US 8.8.8.8:53 yahooxample.com udp
US 8.8.8.8:53 valgrantt.com udp
FI 142.250.150.26:995 aspmx4.googlemail.com tcp
US 52.101.40.6:995 liveonetrade-com-br.mail.protection.outlook.com tcp
FR 193.37.145.65:22 ahmi.fr tcp
US 65.181.111.130:22 ingegroup.cl tcp
US 44.239.178.18:443 aieseccolombia.org tcp
PL 86.105.187.128:22 scoala3.ro tcp
US 8.8.8.8:53 ALT1.ASPMX.L.GOOGLE.COM udp
US 8.8.8.8:53 ftp.qv.bg udp
US 8.8.8.8:53 bigpoint.acc udp
US 8.8.8.8:53 valgrantt.com udp
FR 193.37.145.65:21 ahmi.fr tcp
PL 86.105.187.128:21 scoala3.ro tcp
US 8.8.8.8:53 ballyroe.com udp
TH 202.28.68.76:443 mail.wu.ac.th tcp
US 44.239.178.18:21 aieseccolombia.org tcp
PL 86.105.187.128:80 scoala3.ro tcp
GB 193.200.214.101:143 mx.spamexperts.com tcp
GB 193.200.214.101:587 mx.spamexperts.com tcp
AR 200.58.105.230:80 fie.undef.edu.ar tcp
US 52.101.10.1:995 liveonetrade-com-br.mail.protection.outlook.com tcp
AR 200.58.105.230:21 fie.undef.edu.ar tcp
US 8.8.8.8:53 gmaandex.by udp
US 8.8.8.8:53 gmail.coco.uk udp
US 8.8.8.8:53 mail.ahmi.fr udp
US 8.8.8.8:53 xsvfj.mail.protection.outlook.com udp
US 8.8.8.8:53 ballyroe.com udp
N/A 127.0.0.1:52257 tcp
FR 193.37.145.65:443 ahmi.fr tcp
US 8.8.8.8:53 howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 65.145.37.193.in-addr.arpa udp
US 8.8.8.8:53 dafnis.com udp
US 107.162.228.20:443 www.kingstonk12.org tcp
NL 142.250.153.26:143 ALT1.ASPMX.L.GOOGLE.COM tcp
BR 187.45.195.26:22 liveonetrade.com.br tcp
SG 74.125.200.26:143 alt4.aspmx.l.google.com tcp
GB 193.200.214.101:995 mx.spamexperts.com tcp
SG 74.125.200.26:465 alt4.aspmx.l.google.com tcp
US 8.8.8.8:53 mail.yahooxample.com udp
US 8.8.8.8:53 qv.bg udp
US 8.8.8.8:53 gmaimsalud.gov.co udp
US 8.8.8.8:53 xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 liveonetrade-com-br.mail.protection.outlook.com udp
US 8.8.8.8:53 ballyroe.com udp
BR 187.45.195.26:21 liveonetrade.com.br tcp
US 8.8.8.8:53 howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 dafnis.com udp
US 8.8.8.8:53 gmail.choo.co.uk udp
BE 64.233.167.27:143 aspmx.l.google.com tcp
BR 187.45.195.26:80 liveonetrade.com.br tcp
NL 142.250.153.26:465 ALT1.ASPMX.L.GOOGLE.COM tcp
TH 202.28.68.76:80 mail.wu.ac.th tcp
US 65.181.111.130:80 ingegroup.cl tcp
US 65.181.111.130:80 ingegroup.cl tcp
FR 185.98.131.25:143 mail.ahmi.fr tcp
US 44.239.178.18:22 aieseccolombia.org tcp
AR 200.58.105.230:80 fie.undef.edu.ar tcp
SG 52.101.137.2:143 xsvfj.mail.protection.outlook.com tcp
SG 52.101.137.2:465 xsvfj.mail.protection.outlook.com tcp
US 34.238.178.141:22 kingstonk12.org tcp
N/A 127.0.0.1:52271 tcp
US 8.8.8.8:53 lexbentleyllc.com udp
US 8.8.8.8:53 ftp.xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 101.214.200.193.in-addr.arpa udp
N/A 127.0.0.1:52273 tcp
FI 65.21.238.170:21 valgrantt.com tcp
FI 65.21.238.170:22 valgrantt.com tcp
US 8.8.8.8:53 ballyroe.com udp
N/A 127.0.0.1:52277 tcp
US 8.8.8.8:53 eriglobal.com udp
US 8.8.8.8:53 gmail.choo.co.uk udp
SG 74.125.200.26:995 alt4.aspmx.l.google.com tcp
N/A 127.0.0.1:52284 tcp
N/A 127.0.0.1:52304 tcp
N/A 127.0.0.1:52307 tcp
N/A 127.0.0.1:52310 tcp
N/A 127.0.0.1:52312 tcp
N/A 127.0.0.1:52316 tcp
BE 64.233.167.27:465 aspmx.l.google.com tcp
NL 142.250.153.26:995 ALT1.ASPMX.L.GOOGLE.COM tcp
FR 193.37.145.65:80 ahmi.fr tcp
FR 185.98.131.25:465 mail.ahmi.fr tcp
US 44.239.178.18:80 aieseccolombia.org tcp
US 34.238.178.141:21 kingstonk12.org tcp
US 34.238.178.141:80 kingstonk12.org tcp
BR 187.45.195.26:443 liveonetrade.com.br tcp
SG 52.101.137.2:995 xsvfj.mail.protection.outlook.com tcp
BE 64.233.167.27:995 aspmx.l.google.com tcp
FI 65.21.238.170:443 valgrantt.com tcp
US 52.101.42.6:143 liveonetrade-com-br.mail.protection.outlook.com tcp
US 8.8.8.8:53 gmaandex.by udp
TH 202.28.68.76:80 mail.wu.ac.th tcp
US 8.8.8.8:53 ftp.yahooxample.com udp
US 8.8.8.8:53 mail.qv.bg udp
US 8.8.8.8:53 bigpoint.acc udp
US 8.8.8.8:53 ftp.qv.bg udp
US 8.8.8.8:53 ftp.bigpoint.acc udp
US 8.8.8.8:53 makingmommys.com udp
US 8.8.8.8:53 20.228.162.107.in-addr.arpa udp
US 8.8.8.8:53 yahooxample.com udp
US 8.8.8.8:53 ssh.yahooxample.com udp
US 8.8.8.8:53 ballyroe.com udp
US 8.8.8.8:53 eriglobal.com udp
US 8.8.8.8:53 ebpearls.com.au udp
NL 142.251.9.27:143 aspmx3.googlemail.com tcp
US 44.239.178.18:80 aieseccolombia.org tcp
FR 185.98.131.25:995 mail.ahmi.fr tcp
HK 52.101.132.30:143 xsvfj.mail.protection.outlook.com tcp
AR 200.58.105.230:22 fie.undef.edu.ar tcp
DE 23.88.84.200:22 dafnis.com tcp
HK 52.101.132.30:995 xsvfj.mail.protection.outlook.com tcp
HK 52.101.132.30:465 xsvfj.mail.protection.outlook.com tcp
FR 193.37.145.65:22 ahmi.fr tcp
US 52.101.42.6:465 liveonetrade-com-br.mail.protection.outlook.com tcp
AR 200.58.105.230:80 fie.undef.edu.ar tcp
US 52.101.9.14:143 liveonetrade-com-br.mail.protection.outlook.com tcp
US 8.8.8.8:53 gmail.coco.uk udp
US 8.8.8.8:53 25.131.98.185.in-addr.arpa udp
US 8.8.8.8:53 170.238.21.65.in-addr.arpa udp
DE 23.88.84.200:21 dafnis.com tcp
US 8.8.8.8:53 ballyroe.com udp
US 8.8.8.8:53 ebpearls.com.au udp
FI 65.21.238.170:143 valgrantt.com tcp
TH 202.28.68.76:80 mail.wu.ac.th tcp
US 52.101.9.14:465 liveonetrade-com-br.mail.protection.outlook.com tcp
NL 142.251.9.27:465 aspmx3.googlemail.com tcp
GB 193.200.214.101:587 mx.spamexperts.com tcp
US 52.101.42.6:995 liveonetrade-com-br.mail.protection.outlook.com tcp
NL 142.251.9.27:995 aspmx3.googlemail.com tcp
FR 193.37.145.65:80 ahmi.fr tcp
TH 202.28.68.76:22 mail.wu.ac.th tcp
FI 142.250.150.26:143 aspmx4.googlemail.com tcp
US 65.181.111.130:21 ingegroup.cl tcp
US 8.8.8.8:53 mail.dafnis.com udp
US 8.8.8.8:53 howtogetafreeiphone.infoco.th udp
BR 187.45.195.26:80 liveonetrade.com.br tcp
US 8.8.8.8:53 mail.yahooxample.com udp
US 8.8.8.8:53 gmaimsalud.gov.co udp
US 8.8.8.8:53 ftp.gmaimsalud.gov.co udp
US 8.8.8.8:53 xsvfj.onmicrosoft.com udp
BR 187.45.195.26:443 liveonetrade.com.br tcp
DE 23.88.84.200:443 dafnis.com tcp
N/A 127.0.0.1:52322 tcp
N/A 127.0.0.1:52325 tcp
N/A 127.0.0.1:52328 tcp
N/A 127.0.0.1:52330 tcp
N/A 127.0.0.1:52337 tcp
US 8.8.8.8:53 highlandmultimedia.com udp
US 8.8.8.8:53 highlandmultimedia.com udp
US 8.8.8.8:53 makingmommys.com udp
US 8.8.8.8:53 ballyroe.com udp
US 8.8.8.8:53 gmail.cooolsite.net udp
US 52.101.9.14:995 liveonetrade-com-br.mail.protection.outlook.com tcp
AR 200.58.105.230:80 fie.undef.edu.ar tcp
FI 65.21.238.170:465 valgrantt.com tcp
US 8.8.8.8:53 mail.choo.co.uk udp
US 8.8.8.8:53 gmaandex.by udp
US 8.8.8.8:53 lexbentleyllc.com udp
US 8.8.8.8:53 ftp.xsvfj.onmicrosoft.com udp
FI 65.21.238.170:80 valgrantt.com tcp
FI 142.250.150.26:465 aspmx4.googlemail.com tcp
TH 202.28.68.76:21 mail.wu.ac.th tcp
AR 200.58.105.230:990 fie.undef.edu.ar tcp
US 65.181.111.130:222 ingegroup.cl tcp
FI 142.250.150.26:995 aspmx4.googlemail.com tcp
US 198.12.247.192:21 eriglobal.com tcp
FI 65.21.238.170:995 valgrantt.com tcp
US 8.8.8.8:53 gmail.cooolsite.net udp
US 8.8.8.8:53 gmail.choo.co.uk udp
US 8.8.8.8:53 chei.uno udp
PL 86.105.187.128:80 scoala3.ro tcp
US 65.181.111.130:80 ingegroup.cl tcp
US 34.238.178.141:80 kingstonk12.org tcp
PL 86.105.187.128:222 scoala3.ro tcp
US 65.181.111.130:80 ingegroup.cl tcp
DE 5.9.155.27:143 mail.dafnis.com tcp
FR 193.37.145.65:443 ahmi.fr tcp
PL 86.105.187.128:990 scoala3.ro tcp
FR 193.37.145.65:21 ahmi.fr tcp
US 44.239.178.18:443 aieseccolombia.org tcp
PL 86.105.187.128:80 scoala3.ro tcp
US 44.239.178.18:990 aieseccolombia.org tcp
FI 65.21.238.170:80 valgrantt.com tcp
US 8.8.8.8:53 xsvfj.mail.protection.outlook.com udp
US 8.8.8.8:53 ssh.qv.bg udp
US 8.8.8.8:53 bigpoint.acc udp
US 8.8.8.8:53 ftp.gmaandex.by udp
US 8.8.8.8:53 mail.qv.bg udp
US 8.8.8.8:53 ftp.bigpoint.acc udp
US 8.8.8.8:53 ftp.qv.bg udp
US 8.8.8.8:53 ballyroe.com udp
NL 142.250.153.26:143 ALT1.ASPMX.L.GOOGLE.COM tcp
SG 74.125.200.26:993 alt4.aspmx.l.google.com tcp
US 198.12.247.192:443 eriglobal.com tcp
US 8.8.8.8:53 eriglobal-com.mail.protection.outlook.com udp
US 8.8.8.8:53 liveonetrade-com-br.mail.protection.outlook.com udp
US 8.8.8.8:53 ballyroe.com udp
US 8.8.8.8:53 howtogetafreeiphone.infoco.th udp
GB 193.200.214.101:110 mx.spamexperts.com tcp
US 8.8.8.8:53 200.84.88.23.in-addr.arpa udp
CA 67.205.121.216:22 highlandmultimedia.com tcp
US 141.193.213.11:21 ebpearls.com.au tcp
SG 74.125.200.26:587 alt4.aspmx.l.google.com tcp
SG 74.125.200.26:110 alt4.aspmx.l.google.com tcp
US 8.8.8.8:53 chei.uno udp
US 8.8.8.8:53 hotmai.cocl udp
BR 187.45.195.26:80 liveonetrade.com.br tcp
DE 5.9.155.27:465 mail.dafnis.com tcp
DE 23.88.84.200:80 dafnis.com tcp
BR 187.45.195.26:222 liveonetrade.com.br tcp
GB 79.170.40.74:143 mail.choo.co.uk tcp
BE 64.233.167.27:993 aspmx.l.google.com tcp
NL 142.250.153.26:465 ALT1.ASPMX.L.GOOGLE.COM tcp
FR 185.98.131.25:143 mail.ahmi.fr tcp
FR 193.37.145.65:22 ahmi.fr tcp
US 8.8.8.8:53 ssh.yahooxample.com udp
US 8.8.8.8:53 mail.yahooxample.com udp
US 8.8.8.8:53 yahooxample.com udp
FI 65.21.238.170:22 valgrantt.com tcp
TH 202.28.68.76:80 mail.wu.ac.th tcp
US 8.8.8.8:53 gmaandex.by udp
US 8.8.8.8:53 mail.bigpoint.acc udp
US 8.8.8.8:53 gmail.coco.uk udp
US 8.8.8.8:53 lexbentleyllc.com udp
N/A 127.0.0.1:52340 tcp
US 8.8.8.8:53 27.155.9.5.in-addr.arpa udp
US 141.193.213.11:443 ebpearls.com.au tcp
US 8.8.8.8:53 hotmai.cocl udp
CA 67.205.121.216:21 highlandmultimedia.com tcp
US 34.238.178.141:222 kingstonk12.org tcp
FI 65.21.238.170:21 valgrantt.com tcp
US 8.8.8.8:53 essencedripscents.com udp
N/A 127.0.0.1:52342 tcp
US 44.239.178.18:22 aieseccolombia.org tcp
AR 200.58.105.230:80 fie.undef.edu.ar tcp
GB 79.170.40.74:465 mail.choo.co.uk tcp
SG 52.101.137.2:993 xsvfj.mail.protection.outlook.com tcp
SG 52.101.137.2:587 xsvfj.mail.protection.outlook.com tcp
N/A 127.0.0.1:52344 tcp
N/A 127.0.0.1:52346 tcp
N/A 127.0.0.1:52349 tcp
N/A 127.0.0.1:52351 tcp
N/A 127.0.0.1:52367 tcp
N/A 127.0.0.1:52371 tcp
N/A 127.0.0.1:52374 tcp
N/A 127.0.0.1:52377 tcp
N/A 127.0.0.1:52379 tcp
N/A 127.0.0.1:52382 tcp
N/A 127.0.0.1:52393 tcp
N/A 127.0.0.1:52397 tcp
N/A 127.0.0.1:52402 tcp
N/A 127.0.0.1:52410 tcp
BE 64.233.167.27:587 aspmx.l.google.com tcp
US 8.8.8.8:53 mail.qv.bg udp
US 8.8.8.8:53 qv.bg udp
US 8.8.8.8:53 gmaimsalud.gov.co udp
US 8.8.8.8:53 ftp.gmaimsalud.gov.co udp
US 8.8.8.8:53 makingmommys.com udp
NL 142.250.153.26:995 ALT1.ASPMX.L.GOOGLE.COM tcp
FR 185.98.131.25:465 mail.ahmi.fr tcp
SG 52.101.137.2:110 xsvfj.mail.protection.outlook.com tcp
US 34.238.178.141:990 kingstonk12.org tcp
US 52.101.10.2:993 liveonetrade-com-br.mail.protection.outlook.com tcp
US 52.101.10.1:143 eriglobal-com.mail.protection.outlook.com tcp
BE 64.233.167.27:110 aspmx.l.google.com tcp
US 8.8.8.8:53 ballyroe.com udp
BR 187.45.195.26:80 liveonetrade.com.br tcp
DE 23.88.84.200:80 dafnis.com tcp
LT 84.32.84.32:22 chei.uno tcp
GB 79.170.40.74:995 mail.choo.co.uk tcp
US 8.8.8.8:53 essencedripscents.com udp
US 8.8.8.8:53 ballyroe.com udp
US 8.8.8.8:53 gmail.cooolsite.net udp
NL 142.251.9.27:993 aspmx3.googlemail.com tcp
DE 23.88.84.200:22 dafnis.com tcp
TH 202.28.68.76:80 mail.wu.ac.th tcp
FR 185.98.131.25:995 mail.ahmi.fr tcp
AR 200.58.105.230:222 fie.undef.edu.ar tcp
US 52.101.10.2:587 liveonetrade-com-br.mail.protection.outlook.com tcp
GB 193.200.214.101:587 mx.spamexperts.com tcp
AR 200.58.105.230:80 fie.undef.edu.ar tcp
N/A 127.0.0.1:52414 tcp
N/A 127.0.0.1:52417 tcp
US 8.8.8.8:53 216.121.205.67.in-addr.arpa udp
US 8.8.8.8:53 11.213.193.141.in-addr.arpa udp
US 8.8.8.8:53 ssh.xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 mail.gmaimsalud.gov.co udp
US 8.8.8.8:53 xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 ftp.xsvfj.onmicrosoft.com udp
FI 65.21.238.170:80 valgrantt.com tcp
TH 202.28.68.76:80 mail.wu.ac.th tcp
US 65.181.111.130:21 ingegroup.cl tcp
US 52.101.10.1:465 eriglobal-com.mail.protection.outlook.com tcp
US 198.12.247.192:80 eriglobal.com tcp
CA 67.205.121.216:443 highlandmultimedia.com tcp
DE 23.88.84.200:21 dafnis.com tcp
LT 84.32.84.32:21 chei.uno tcp
BE 64.233.167.27:143 aspmx.l.google.com tcp
US 198.12.247.192:22 eriglobal.com tcp
US 8.8.8.8:53 xbananaw.xyz udp
US 8.8.8.8:53 lexbentleyllc.com udp
US 8.8.8.8:53 ftp.makingmommys.com udp
US 52.101.10.2:110 liveonetrade-com-br.mail.protection.outlook.com tcp
NL 142.251.9.27:587 aspmx3.googlemail.com tcp
NL 142.251.9.27:110 aspmx3.googlemail.com tcp
FR 193.37.145.65:990 ahmi.fr tcp
TH 202.28.68.76:222 mail.wu.ac.th tcp
FI 142.250.150.26:993 aspmx4.googlemail.com tcp
FI 65.21.238.170:80 valgrantt.com tcp
FI 65.21.238.170:465 valgrantt.com tcp
N/A 127.0.0.1:52419 tcp
N/A 127.0.0.1:52424 tcp
N/A 127.0.0.1:52427 tcp
US 44.239.178.18:443 aieseccolombia.org tcp
TH 202.28.68.76:990 mail.wu.ac.th tcp
US 8.8.8.8:53 mx2.improvmx.com udp
US 8.8.8.8:53 gmail.choo.co.uk udp
US 8.8.8.8:53 howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 gmaandex.by udp
US 8.8.8.8:53 ftp.yahooxample.com udp
US 8.8.8.8:53 ftp.gmaandex.by udp
US 8.8.8.8:53 ssh.qv.bg udp
US 8.8.8.8:53 ssh.bigpoint.acc udp
US 8.8.8.8:53 bigpoint.acc udp
US 8.8.8.8:53 ftp.qv.bg udp
US 8.8.8.8:53 ballyroe.com udp
US 8.8.8.8:53 mail.qv.bg udp
US 8.8.8.8:53 ftp.bigpoint.acc udp
FI 142.250.150.26:587 aspmx4.googlemail.com tcp
AR 200.58.105.230:990 fie.undef.edu.ar tcp
US 65.181.111.130:222 ingegroup.cl tcp
DE 5.9.155.27:143 mail.dafnis.com tcp
US 8.8.8.8:53 ballyroe.com udp
FR 193.37.145.65:80 ahmi.fr tcp
FI 142.250.150.26:110 aspmx4.googlemail.com tcp
N/A 127.0.0.1:52441 tcp
LT 84.32.84.32:443 chei.uno tcp
BE 64.233.167.27:465 aspmx.l.google.com tcp
US 141.193.213.11:80 ebpearls.com.au tcp
SG 74.125.200.26:143 alt4.aspmx.l.google.com tcp
US 141.193.213.11:22 ebpearls.com.au tcp
US 198.12.247.192:21 eriglobal.com tcp
CA 23.227.38.32:22 essencedripscents.com tcp
FI 65.21.238.170:995 valgrantt.com tcp
US 8.8.8.8:53 xbananaw.xyz udp
US 8.8.8.8:53 gmail.cooolsite.net udp
US 8.8.8.8:53 hotmai.cocl udp
N/A 127.0.0.1:52446 tcp
N/A 127.0.0.1:52450 tcp
N/A 127.0.0.1:52453 tcp
N/A 127.0.0.1:52456 tcp
N/A 127.0.0.1:52461 tcp
N/A 127.0.0.1:52467 tcp
N/A 127.0.0.1:52470 tcp
N/A 127.0.0.1:52474 tcp
N/A 127.0.0.1:52478 tcp
N/A 127.0.0.1:52484 tcp
N/A 127.0.0.1:52487 tcp
N/A 127.0.0.1:52491 tcp
N/A 127.0.0.1:52494 tcp
N/A 127.0.0.1:52501 tcp
N/A 127.0.0.1:52503 tcp
N/A 127.0.0.1:52505 tcp
US 107.162.228.20:443 www.kingstonk12.org tcp
PL 86.105.187.128:222 scoala3.ro tcp
US 44.239.178.18:80 aieseccolombia.org tcp
PL 86.105.187.128:990 scoala3.ro tcp
US 34.238.178.141:80 kingstonk12.org tcp
DE 23.88.84.200:443 dafnis.com tcp
PL 86.105.187.128:80 scoala3.ro tcp
US 44.239.178.18:990 aieseccolombia.org tcp
N/A 127.0.0.1:52507 tcp
GB 193.200.214.101:993 mx.spamexperts.com tcp
FR 185.98.131.25:993 mail.ahmi.fr tcp
NL 142.250.153.26:993 ALT1.ASPMX.L.GOOGLE.COM tcp
N/A 127.0.0.1:52509 tcp
N/A 127.0.0.1:52511 tcp
FR 193.37.145.65:22 ahmi.fr tcp
US 8.8.8.8:53 xsvfj.mail.protection.outlook.com udp
US 8.8.8.8:53 makingmommys.com udp
US 8.8.8.8:53 ssh.yahooxample.com udp
N/A 127.0.0.1:52513 tcp
US 8.8.8.8:53 yahooxample.com udp
US 8.8.8.8:53 mail.yahooxample.com udp
US 8.8.8.8:53 mail.bigpoint.acc udp
US 8.8.8.8:53 gmail.coco.uk udp
US 8.8.8.8:53 ftp.gmail.coco.uk udp
US 8.8.8.8:53 liveonetrade-com-br.mail.protection.outlook.com udp
US 8.8.8.8:53 eriglobal-com.mail.protection.outlook.com udp
SG 74.125.200.26:993 alt4.aspmx.l.google.com tcp
N/A 127.0.0.1:52516 tcp
N/A 127.0.0.1:52525 tcp
N/A 127.0.0.1:52527 tcp
N/A 127.0.0.1:52532 tcp
N/A 127.0.0.1:52538 tcp
N/A 127.0.0.1:52541 tcp
GB 193.200.214.101:110 mx.spamexperts.com tcp
BE 64.233.167.27:995 aspmx.l.google.com tcp
SG 74.125.200.26:465 alt4.aspmx.l.google.com tcp
CA 23.227.38.32:21 essencedripscents.com tcp
CA 67.205.121.216:80 highlandmultimedia.com tcp
SG 74.125.200.26:587 alt4.aspmx.l.google.com tcp
FI 65.21.238.170:990 valgrantt.com tcp
US 8.8.8.8:53 yahoo.com.ta.ua udp
US 8.8.8.8:53 sadunco21.onmicrosoft.com udp
US 107.162.228.20:443 www.kingstonk12.org tcp
BR 187.45.195.26:80 liveonetrade.com.br tcp
US 65.181.111.130:80 ingegroup.cl tcp
FI 65.21.238.170:222 valgrantt.com tcp
DE 5.9.155.27:465 mail.dafnis.com tcp
BR 187.45.195.26:222 liveonetrade.com.br tcp
GB 79.170.40.74:143 mail.choo.co.uk tcp
FR 15.236.61.92:143 mx2.improvmx.com tcp
BE 64.233.167.27:993 aspmx.l.google.com tcp
FR 193.37.145.65:80 ahmi.fr tcp
NL 142.250.153.26:587 ALT1.ASPMX.L.GOOGLE.COM tcp
US 44.239.178.18:22 aieseccolombia.org tcp
US 8.8.8.8:53 howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 qv.bg udp
US 8.8.8.8:53 ftp.gmaimsalud.gov.co udp
US 8.8.8.8:53 ssh.gmaimsalud.gov.co udp
US 8.8.8.8:53 gmaimsalud.gov.co udp
US 8.8.8.8:53 ballyroe.com udp
CA 23.227.38.32:443 essencedripscents.com tcp
US 8.8.8.8:53 yahoo.com.ta.ua udp
US 8.8.8.8:53 stablepizza.com udp
US 8.8.8.8:53 sadunco21.onmicrosoft.com udp
SG 74.125.200.26:995 alt4.aspmx.l.google.com tcp
BR 187.45.195.26:990 liveonetrade.com.br tcp
US 141.193.213.11:80 ebpearls.com.au tcp
CA 67.205.121.216:80 highlandmultimedia.com tcp
CA 67.205.121.216:21 highlandmultimedia.com tcp
US 34.238.178.141:222 kingstonk12.org tcp
DE 5.9.155.27:995 mail.dafnis.com tcp
FR 185.98.131.25:587 mail.ahmi.fr tcp
US 8.8.8.8:53 hotmai.cocl udp
US 8.8.8.8:53 essencedripscents-com.mail.protection.outlook.com udp
US 8.8.8.8:53 ballyroe.com udp
US 8.8.8.8:53 gmail.cooolsite.net udp
US 8.8.8.8:53 32.84.32.84.in-addr.arpa udp
LT 84.32.84.32:80 chei.uno tcp
LT 84.32.84.32:80 chei.uno tcp
FR 185.98.131.25:110 mail.ahmi.fr tcp
BE 64.233.167.27:587 aspmx.l.google.com tcp
N/A 127.0.0.1:52547 tcp
N/A 127.0.0.1:52550 tcp
N/A 127.0.0.1:52553 tcp
N/A 127.0.0.1:52563 tcp
N/A 127.0.0.1:52566 tcp
N/A 127.0.0.1:52570 tcp
N/A 127.0.0.1:52572 tcp
N/A 127.0.0.1:52588 tcp
N/A 127.0.0.1:52592 tcp
N/A 127.0.0.1:52597 tcp
N/A 127.0.0.1:52603 tcp
N/A 127.0.0.1:52610 tcp
US 8.8.8.8:53 gmail.coco.uk udp
US 8.8.8.8:53 gmaandex.by udp
US 8.8.8.8:53 xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 ssh.xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 mail.gmaimsalud.gov.co udp
US 8.8.8.8:53 lexbentleyllc.com udp
US 8.8.8.8:53 ftp.lexbentleyllc.com udp
US 8.8.8.8:53 ftp.xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 ftp.fie.undef.edu.ar udp
FI 65.21.238.170:80 valgrantt.com tcp
BE 64.233.167.27:110 aspmx.l.google.com tcp
N/A 127.0.0.1:52613 tcp
N/A 127.0.0.1:52616 tcp
N/A 127.0.0.1:52624 tcp
N/A 127.0.0.1:52630 tcp
N/A 127.0.0.1:52634 tcp
N/A 127.0.0.1:52637 tcp
N/A 127.0.0.1:52639 tcp
N/A 127.0.0.1:52642 tcp
N/A 127.0.0.1:52645 tcp
N/A 127.0.0.1:52654 tcp
N/A 127.0.0.1:52660 tcp
N/A 127.0.0.1:52667 tcp
N/A 127.0.0.1:52670 tcp
N/A 127.0.0.1:52672 tcp
N/A 127.0.0.1:52674 tcp
US 8.8.8.8:53 guru.smp.belajar.id udp
US 8.8.8.8:53 guru.smp.belajar.id udp
US 8.8.8.8:53 stablepizza.com udp
US 8.8.8.8:53 xbananaw.xyz udp
US 8.8.8.8:53 32.38.227.23.in-addr.arpa udp
US 8.8.8.8:53 ftp.scoala3.ro udp
US 8.8.8.8:53 ftp.aieseccolombia.org udp
US 8.8.8.8:53 ftp.makingmommys.com udp
US 8.8.8.8:53 qv.bg udp
US 8.8.8.8:53 howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 gmail.choo.co.uk udp
US 8.8.8.8:53 mail.makingmommys.com udp
US 8.8.8.8:53 ssh.gmaandex.by udp
US 8.8.8.8:53 ftp.bigpoint.acc udp
US 8.8.8.8:53 bigpoint.acc udp
US 8.8.8.8:53 mail.bigpoint.acc udp
US 8.8.8.8:53 ssh.qv.bg udp
US 8.8.8.8:53 ballyroe.com udp
US 8.8.8.8:53 mail.qv.bg udp
US 8.8.8.8:53 ftp.gmaandex.by udp
FR 193.37.145.65:443 ahmi.fr tcp
US 8.8.8.8:53 gmail.cooolsite.net udp
US 44.239.178.18:443 aieseccolombia.org tcp
US 8.8.8.8:53 cravetta.edu.it udp
US 8.8.8.8:53 yahoo.com.ta.ua udp
US 8.8.8.8:53 sadunco21.onmicrosoft.com udp
US 8.8.8.8:53 fallbackmx.spamexperts.eu udp
BR 187.45.195.26:443 liveonetrade.com.br tcp
US 8.8.8.8:53 hotmai.cocl udp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
AR 200.58.105.230:80 fie.undef.edu.ar tcp
DE 23.88.84.200:80 dafnis.com tcp
US 8.8.8.8:53 ssh.bigpoint.acc udp
US 8.8.8.8:53 lexbentleyllc.com udp
US 8.8.8.8:53 ssh.yahooxample.com udp
US 8.8.8.8:53 xsvfj.mail.protection.outlook.com udp
US 8.8.8.8:53 makingmommys.com udp
US 8.8.8.8:53 mail.gmaandex.by udp
US 8.8.8.8:53 mail.yahooxample.com udp
US 8.8.8.8:53 yahooxample.com udp
US 8.8.8.8:53 gmail.coco.uk udp
TH 202.28.68.76:80 mail.wu.ac.th tcp
US 8.8.8.8:53 ballyroe.com udp
US 8.8.8.8:53 xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 ftp.kingstonk12.org udp
US 8.8.8.8:53 eriglobal-com.mail.protection.outlook.com udp
US 8.8.8.8:53 liveonetrade-com-br.mail.protection.outlook.com udp
US 8.8.8.8:53 cravetta.edu.it udp
US 8.8.8.8:53 gmonline.org.br udp
CA 23.227.38.32:80 essencedripscents.com tcp
US 141.193.213.11:443 ebpearls.com.au tcp
US 8.8.8.8:53 xbananaw.xyz udp
US 8.8.8.8:53 SadunCo21.mail.protection.outlook.com udp
US 34.238.178.141:80 ftp.kingstonk12.org tcp
US 8.8.8.8:53 pop.yahooxample.com udp
US 8.8.8.8:53 ftp.gmail.coco.uk udp
US 8.8.8.8:53 howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 mail.qv.bg udp
US 8.8.8.8:53 ssh.makingmommys.com udp
US 8.8.8.8:53 ftp.gmaimsalud.gov.co udp
N/A 127.0.0.1:52679 tcp
N/A 127.0.0.1:52685 tcp
N/A 127.0.0.1:52689 tcp
N/A 127.0.0.1:52691 tcp
N/A 127.0.0.1:52693 tcp
N/A 127.0.0.1:52695 tcp
N/A 127.0.0.1:52702 tcp
N/A 127.0.0.1:52706 tcp
N/A 127.0.0.1:52709 tcp
N/A 127.0.0.1:52711 tcp
N/A 127.0.0.1:52721 tcp
N/A 127.0.0.1:52728 tcp
N/A 127.0.0.1:52730 tcp
N/A 127.0.0.1:52732 tcp
N/A 127.0.0.1:52734 tcp
US 8.8.8.8:53 aspmx2.googlemail.com udp
US 8.8.8.8:53 hotmai.cocl udp
US 8.8.8.8:53 ballyroe.com udp
GB 35.214.50.167:443 stablepizza.com tcp
US 8.8.8.8:53 gmonline.org.br udp
US 8.8.8.8:53 iainpurwokerto.ac.id udp
US 8.8.8.8:53 yahoo.com.ta.ua udp
US 8.8.8.8:53 sadunco21.onmicrosoft.com udp
US 8.8.8.8:53 mail.gmaimsalud.gov.co udp
US 8.8.8.8:53 gmaimsalud.gov.co udp
US 8.8.8.8:53 ftp.ballyroe.com udp
US 8.8.8.8:53 gmail.cooolsite.net udp
US 8.8.8.8:53 essencedripscents-com.mail.protection.outlook.com udp
BR 187.45.195.26:80 liveonetrade.com.br tcp
US 65.181.111.130:80 ingegroup.cl tcp
LT 84.32.84.32:80 chei.uno tcp
LT 84.32.84.32:80 chei.uno tcp
N/A 127.0.0.1:52738 tcp
BR 187.45.195.26:443 liveonetrade.com.br tcp
US 198.12.247.192:80 eriglobal.com tcp
N/A 127.0.0.1:52752 tcp
US 8.8.8.8:53 ftp.ahmi.fr udp
US 8.8.8.8:53 gmail.coco.uk udp
US 8.8.8.8:53 ftp.howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 mail.gmail.coco.uk udp
US 8.8.8.8:53 mail.gmaandex.by udp
US 8.8.8.8:53 xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 ftp.mail.wu.ac.th udp
US 8.8.8.8:53 ssh.xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 ftp.lexbentleyllc.com udp
US 8.8.8.8:53 lexbentleyllc.com udp
FI 65.21.238.170:80 valgrantt.com tcp
US 8.8.8.8:53 iainpurwokerto.ac.id udp
US 8.8.8.8:53 hotmail.cois-molinari.eu udp
N/A 127.0.0.1:52756 tcp
CA 67.205.121.216:80 highlandmultimedia.com tcp
US 8.8.8.8:53 ftp.fie.undef.edu.ar udp
US 8.8.8.8:53 stablepizza-com.mail.protection.outlook.com udp
US 8.8.8.8:53 guru.smp.belajar.id udp
US 8.8.8.8:53 xbananaw.xyz udp
US 8.8.8.8:53 ftp.aieseccolombia.org udp
US 8.8.8.8:53 ftp.makingmommys.com udp
US 8.8.8.8:53 gmaandex.by udp
US 8.8.8.8:53 qv.bg udp
US 8.8.8.8:53 gmail.choo.co.uk udp
US 8.8.8.8:53 howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 mail.makingmommys.com udp
US 8.8.8.8:53 167.50.214.35.in-addr.arpa udp
US 8.8.8.8:53 ftp.gmail.choo.co.uk udp
US 8.8.8.8:53 aieseccolombia.org udp
US 8.8.8.8:53 ssh.qv.bg udp
US 8.8.8.8:53 ftp.gmaandex.by udp
US 8.8.8.8:53 pop.qv.bg udp
US 8.8.8.8:53 bigpoint.acc udp
US 8.8.8.8:53 ballyroe.com udp
US 8.8.8.8:53 ssh.gmaandex.by udp
US 8.8.8.8:53 mail.bigpoint.acc udp
US 8.8.8.8:53 gmonline.org.br udp
US 8.8.8.8:53 hotmail.cois-molinari.eu udp
US 8.8.8.8:53 glaucuslogistics.com udp
FR 193.37.145.65:443 ftp.ahmi.fr tcp
CA 67.205.121.216:80 highlandmultimedia.com tcp
US 44.239.178.18:443 aieseccolombia.org tcp
US 8.8.8.8:53 sadunco21.onmicrosoft.com udp
US 8.8.8.8:53 yahoo.com.ta.ua udp
US 8.8.8.8:53 mail.lexbentleyllc.com udp
US 8.8.8.8:53 hotmai.cocl udp
US 8.8.8.8:53 ftp.valgrantt.com udp
DE 23.88.84.200:443 dafnis.com tcp
US 8.8.8.8:53 ssh.bigpoint.acc udp
US 8.8.8.8:53 xsvfj.mail.protection.outlook.com udp
US 8.8.8.8:53 mail.yahooxample.com udp
US 8.8.8.8:53 yahooxample.com udp
US 8.8.8.8:53 mail.gmaandex.by udp
US 8.8.8.8:53 ssh.yahooxample.com udp
US 8.8.8.8:53 gmail.coco.uk udp
US 8.8.8.8:53 ALT2.ASPMX.L.GOOGLE.COM udp
US 8.8.8.8:53 ballyroe.com udp
US 8.8.8.8:53 navaldc.com udp
US 8.8.8.8:53 glaucuslogistics.com udp
US 8.8.8.8:53 liveonetrade-com-br.mail.protection.outlook.com udp
US 8.8.8.8:53 guru.smp.belajar.id udp
US 8.8.8.8:53 eriglobal-com.mail.protection.outlook.com udp
US 8.8.8.8:53 xbananaw.xyz udp
US 8.8.8.8:53 gmonline.org.br udp
US 8.8.8.8:53 SadunCo21.mail.protection.outlook.com udp
PL 86.105.187.128:80 ftp.scoala3.ro tcp
US 8.8.8.8:53 ftp.liveonetrade.com.br udp
US 8.8.8.8:53 makingmommys.com udp
US 8.8.8.8:53 ftp.gmail.coco.uk udp
US 8.8.8.8:53 howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 mail.qv.bg udp
US 8.8.8.8:53 pop.yahooxample.com udp
US 8.8.8.8:53 ssh.makingmommys.com udp
US 8.8.8.8:53 ftp.dafnis.com udp
US 8.8.8.8:53 navaldc.com udp
US 8.8.8.8:53 hotmail.cois-molinari.eu udp
US 8.8.8.8:53 ballyroe.com udp
US 8.8.8.8:53 ballyroe.com udp
US 8.8.8.8:53 mail.ballyroe.com udp
US 8.8.8.8:53 hotmai.cocl udp
CA 23.227.38.32:80 essencedripscents.com tcp
N/A 127.0.0.1:52758 tcp
N/A 127.0.0.1:52769 tcp
N/A 127.0.0.1:52773 tcp
N/A 127.0.0.1:52779 tcp
N/A 127.0.0.1:52781 tcp
N/A 127.0.0.1:52783 tcp
N/A 127.0.0.1:52785 tcp
N/A 127.0.0.1:52787 tcp
N/A 127.0.0.1:52792 tcp
N/A 127.0.0.1:52796 tcp
N/A 127.0.0.1:52809 tcp
N/A 127.0.0.1:52812 tcp
N/A 127.0.0.1:52814 tcp
N/A 127.0.0.1:52817 tcp
N/A 127.0.0.1:52820 tcp
N/A 127.0.0.1:52823 tcp
N/A 127.0.0.1:52825 tcp
N/A 127.0.0.1:52827 tcp
N/A 127.0.0.1:52829 tcp
N/A 127.0.0.1:52831 tcp
N/A 127.0.0.1:52834 tcp
N/A 127.0.0.1:52837 tcp
N/A 127.0.0.1:52841 tcp
N/A 127.0.0.1:52851 tcp
N/A 127.0.0.1:52857 tcp
N/A 127.0.0.1:52859 tcp
N/A 127.0.0.1:52862 tcp
N/A 127.0.0.1:52865 tcp
N/A 127.0.0.1:52867 tcp
N/A 127.0.0.1:52872 tcp
N/A 127.0.0.1:52883 tcp
N/A 127.0.0.1:52885 tcp
N/A 127.0.0.1:52887 tcp
N/A 127.0.0.1:52895 tcp
N/A 127.0.0.1:52897 tcp
N/A 127.0.0.1:52900 tcp
N/A 127.0.0.1:52904 tcp
N/A 127.0.0.1:52909 tcp
N/A 127.0.0.1:52917 tcp
N/A 127.0.0.1:52923 tcp
N/A 127.0.0.1:52925 tcp
N/A 127.0.0.1:52928 tcp
N/A 127.0.0.1:52931 tcp
N/A 127.0.0.1:52935 tcp
N/A 127.0.0.1:52938 tcp
N/A 127.0.0.1:52941 tcp
N/A 127.0.0.1:52943 tcp
N/A 127.0.0.1:52950 tcp
N/A 127.0.0.1:52961 tcp
N/A 127.0.0.1:52967 tcp
N/A 127.0.0.1:52971 tcp
N/A 127.0.0.1:52973 tcp
N/A 127.0.0.1:52976 tcp
N/A 127.0.0.1:52978 tcp
US 8.8.8.8:53 stablepizza-com.mail.protection.outlook.com udp
US 8.8.8.8:53 sadunco21.onmicrosoft.com udp
US 8.8.8.8:53 yahoo.com.ta.ua udp
US 8.8.8.8:53 mail.gmaimsalud.gov.co udp
US 8.8.8.8:53 ftp.ballyroe.com udp
US 8.8.8.8:53 gmaimsalud.gov.co udp
US 8.8.8.8:53 gmail.cooolsite.net udp
AR 200.58.105.230:80 fie.undef.edu.ar tcp
LT 84.32.84.32:80 chei.uno tcp
US 107.162.228.20:443 www.kingstonk12.org tcp
BR 187.45.195.26:80 liveonetrade.com.br tcp
TH 202.28.68.76:80 mail.wu.ac.th tcp
FI 65.21.238.170:80 ftp.valgrantt.com tcp
US 8.8.8.8:53 mail.valgrantt.com udp
US 8.8.8.8:53 ftp.howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 mail.gmail.coco.uk udp
US 8.8.8.8:53 gmail.coco.uk udp
US 8.8.8.8:53 ssh.gmail.coco.uk udp
US 8.8.8.8:53 ssh.ingegroup.cl udp
US 8.8.8.8:53 ftp.lexbentleyllc.com udp
US 8.8.8.8:53 ssh.lexbentleyllc.com udp
US 8.8.8.8:53 gmonline.org.br udp
US 8.8.8.8:53 digiteo.fr udp
US 8.8.8.8:53 digiteo.fr udp
US 8.8.8.8:53 com.dmu.edu.eg udp
US 8.8.8.8:53 ssh.gmaimsalud.gov.co udp
GB 35.214.50.167:80 stablepizza.com tcp
IT 195.110.124.133:80 cravetta.edu.it tcp
IT 195.110.124.133:80 cravetta.edu.it tcp
US 141.193.213.11:80 ebpearls.com.au tcp
US 8.8.8.8:53 mail.gmaandex.by udp
US 8.8.8.8:53 ssh.xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 essencedripscents-com.mail.protection.outlook.com udp
US 8.8.8.8:53 guru.smp.belajar.id udp
US 8.8.8.8:53 ftp.eriglobal.com udp
US 8.8.8.8:53 ftp.mail.wu.ac.th udp
US 8.8.8.8:53 lexbentleyllc.com udp
US 8.8.8.8:53 xbananaw.xyz udp
US 8.8.8.8:53 ftp.aieseccolombia.org udp
US 8.8.8.8:53 ftp.makingmommys.com udp
US 8.8.8.8:53 gmaandex.by udp
US 8.8.8.8:53 qv.bg udp
US 8.8.8.8:53 gmail.choo.co.uk udp
US 8.8.8.8:53 ftp.gmail.cooolsite.net udp
US 8.8.8.8:53 mail.howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 mail.makingmommys.com udp
US 8.8.8.8:53 ftp.gmail.choo.co.uk udp
US 8.8.8.8:53 ssh.qv.bg udp
US 8.8.8.8:53 pop.qv.bg udp
US 8.8.8.8:53 bigpoint.acc udp
US 8.8.8.8:53 mail.bigpoint.acc udp
US 8.8.8.8:53 com.dmu.edu.eg udp
US 8.8.8.8:53 login-freiburg.de udp
US 8.8.8.8:53 ftp.fie.undef.edu.ar udp
US 8.8.8.8:53 yahoo.com.ta.ua udp
US 8.8.8.8:53 sadunco21.onmicrosoft.com udp
US 8.8.8.8:53 mail.lexbentleyllc.com udp
US 8.8.8.8:53 gmail.cooolsite.net udp
US 8.8.8.8:53 ftp.ebpearls.com.au udp
US 8.8.8.8:53 ssh.scoala3.ro udp
US 8.8.8.8:53 ftp.highlandmultimedia.com udp
US 8.8.8.8:53 hotmai.cocl udp
FR 193.37.145.65:443 ftp.ahmi.fr tcp
US 44.239.178.18:443 aieseccolombia.org tcp
DE 23.88.84.200:80 dafnis.com tcp
US 8.8.8.8:53 ssh.liveonetrade.com.br udp
US 8.8.8.8:53 pop.bigpoint.acc udp
US 8.8.8.8:53 ssh.bigpoint.acc udp
US 8.8.8.8:53 mail.gmaandex.by udp
US 8.8.8.8:53 ssh.yahooxample.com udp
US 8.8.8.8:53 mail.yahooxample.com udp
US 8.8.8.8:53 xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 xsvfj.mail.protection.outlook.com udp
US 8.8.8.8:53 yahooxample.com udp
US 8.8.8.8:53 mail.gmail.coco.uk udp
US 8.8.8.8:53 login-freiburg.de udp
US 8.8.8.8:53 tercommunity.one udp
US 8.8.8.8:53 hotmail.cois-molinari.eu udp
US 8.8.8.8:53 ballyroe.com udp
US 8.8.8.8:53 eriglobal-com.mail.protection.outlook.com udp
US 104.21.12.219:80 iainpurwokerto.ac.id tcp
CA 67.205.121.216:80 ftp.highlandmultimedia.com tcp
US 8.8.8.8:53 guru.smp.belajar.id udp
US 8.8.8.8:53 stablepizza-com.mail.protection.outlook.com udp
US 8.8.8.8:53 xbananaw.xyz udp
US 8.8.8.8:53 gmail.choo.co.uk udp
US 8.8.8.8:53 ssh.kingstonk12.org udp
US 8.8.8.8:53 SadunCo21.mail.protection.outlook.com udp
FR 15.236.61.92:993 mx2.improvmx.com tcp
US 8.8.8.8:53 gmonline.org.br udp
US 8.8.8.8:53 gmail.coco.uk udp
US 8.8.8.8:53 makingmommys.com udp
US 8.8.8.8:53 ftp.gmail.coco.uk udp
US 8.8.8.8:53 ssh.makingmommys.com udp
US 8.8.8.8:53 mail.qv.bg udp
US 8.8.8.8:53 pop.yahooxample.com udp
US 8.8.8.8:53 dafnis.com udp
US 8.8.8.8:53 ftp.ingegroup.cl udp
US 8.8.8.8:53 ftp.liveonetrade.com.br udp
US 8.8.8.8:53 ftp.dafnis.com udp
US 8.8.8.8:53 digiteo.fr udp
US 8.8.8.8:53 tercommunity.one udp
US 8.8.8.8:53 mx2.mijndomein.nl udp
US 8.8.8.8:53 ssh.ballyroe.com udp
CA 23.227.38.32:80 essencedripscents.com tcp
US 8.8.8.8:53 mail.ballyroe.com udp
US 8.8.8.8:53 ballyroe.com udp
US 8.8.8.8:53 ftp.chei.uno udp
US 8.8.8.8:53 chei.uno udp
US 8.8.8.8:53 yahoo.com.ta.ua udp
US 8.8.8.8:53 sadunco21.onmicrosoft.com udp
US 8.8.8.8:53 mail.gmaimsalud.gov.co udp
LT 84.32.84.32:80 chei.uno tcp
FI 65.21.238.170:80 mail.valgrantt.com tcp
US 34.238.178.141:80 ftp.kingstonk12.org tcp
US 8.8.8.8:53 liveonetrade-com-br.mail.protection.outlook.com udp
US 8.8.8.8:53 howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 gmail.cooolsite.net udp
US 8.8.8.8:53 gmaimsalud.gov.co udp
US 8.8.8.8:53 ftp.ballyroe.com udp
US 8.8.8.8:53 ssh.howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 pop.gmaimsalud.gov.co udp
US 8.8.8.8:53 ssh.gmail.coco.uk udp
US 8.8.8.8:53 ftp.howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 mail.gmail.coco.uk udp
US 8.8.8.8:53 ssh.ingegroup.cl udp
US 8.8.8.8:53 ftp.lexbentleyllc.com udp
US 8.8.8.8:53 ssh.lexbentleyllc.com udp
US 8.8.8.8:53 219.12.21.104.in-addr.arpa udp
US 8.8.8.8:53 mailzm.com udp
US 8.8.8.8:53 gmonline.org.br udp
US 8.8.8.8:53 ftp.hotmai.cocl udp
US 8.8.8.8:53 hotmai.cocl udp
GB 35.214.50.167:80 stablepizza.com tcp
IT 195.110.124.133:80 cravetta.edu.it tcp
IT 195.110.124.133:80 cravetta.edu.it tcp
US 8.8.8.8:53 mailer1.campus-paris-saclay.fr udp
US 8.8.8.8:53 ssh.gmaimsalud.gov.co udp
US 8.8.8.8:53 com-dmu-edu-eg.mail.protection.outlook.com udp
US 8.8.8.8:53 hotmail.cois-molinari.eu udp
US 8.8.8.8:53 essencedripscents-com.mail.protection.outlook.com udp
US 8.8.8.8:53 ssh.xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 mail.gmaandex.by udp
US 8.8.8.8:53 guru.smp.belajar.id udp
US 8.8.8.8:53 ftp.eriglobal.com udp
US 8.8.8.8:53 ftp.mail.wu.ac.th udp
US 8.8.8.8:53 lexbentleyllc.com udp
US 8.8.8.8:53 mail.lexbentleyllc.com udp
US 8.8.8.8:53 ftp.aieseccolombia.org udp
US 8.8.8.8:53 gmail.choo.co.uk udp
US 8.8.8.8:53 ssh.gmail.choo.co.uk udp
US 8.8.8.8:53 qv.bg udp
US 8.8.8.8:53 ftp.gmail.cooolsite.net udp
US 8.8.8.8:53 gmaandex.by udp
US 8.8.8.8:53 mail.howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 mail.makingmommys.com udp
US 8.8.8.8:53 ftp.gmail.choo.co.uk udp
US 8.8.8.8:53 ssh.qv.bg udp
US 8.8.8.8:53 pop.qv.bg udp
US 8.8.8.8:53 bigpoint.acc udp
US 8.8.8.8:53 mail.bigpoint.acc udp
US 8.8.8.8:53 ssh.gmaandex.by udp
US 8.8.8.8:53 mailzm.com udp
US 8.8.8.8:53 gmcom.br udp
SG 68.178.224.133:80 glaucuslogistics.com tcp
US 8.8.8.8:53 loginfreiburg-de01c.mail.protection.outlook.com udp
US 8.8.8.8:53 digiteo.fr udp
US 141.193.213.11:443 ebpearls.com.au tcp
BR 187.45.195.26:80 liveonetrade.com.br tcp
US 8.8.8.8:53 com.dmu.edu.eg udp
US 8.8.8.8:53 yahoo.com.ta.ua udp
US 8.8.8.8:53 ftp.essencedripscents.com udp
US 8.8.8.8:53 mail.gmail.cooolsite.net udp
US 8.8.8.8:53 gmail.cooolsite.net udp
US 8.8.8.8:53 sadunco21.onmicrosoft.com udp
US 8.8.8.8:53 ftp.ebpearls.com.au udp
US 8.8.8.8:53 ftp.fie.undef.edu.ar udp
US 8.8.8.8:53 ssh.valgrantt.com udp
AR 200.58.105.230:80 fie.undef.edu.ar tcp
TH 202.28.68.76:80 mail.wu.ac.th tcp
DE 23.88.84.200:443 dafnis.com tcp
US 8.8.8.8:53 ssh.scoala3.ro udp
US 8.8.8.8:53 hotmai.cocl udp
US 8.8.8.8:53 ssh.bigpoint.acc udp
US 8.8.8.8:53 pop.bigpoint.acc udp
US 8.8.8.8:53 xsvfj.mail.protection.outlook.com udp
US 8.8.8.8:53 mail.yahooxample.com udp
US 8.8.8.8:53 xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 yahooxample.com udp
US 8.8.8.8:53 ftp.xbananaw.xyz udp
US 8.8.8.8:53 pop.gmaandex.by udp
US 8.8.8.8:53 ssh.liveonetrade.com.br udp
US 8.8.8.8:53 mail.gmail.coco.uk udp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 gmcom.br udp
US 8.8.8.8:53 jcasolicitors.co.uk udp
US 8.8.8.8:53 mail.tercommunity.one udp
FR 193.37.145.65:443 ftp.ahmi.fr tcp
US 44.239.178.18:443 aieseccolombia.org tcp
IE 34.249.138.199:80 navaldc.com tcp
IE 34.249.138.199:80 navaldc.com tcp
US 8.8.8.8:53 mail.ballyroe.com udp
US 8.8.8.8:53 hotmail.cois-molinari.eu udp
US 8.8.8.8:53 SadunCo21.mail.protection.outlook.com udp
US 104.21.12.219:443 iainpurwokerto.ac.id tcp
US 8.8.8.8:53 eriglobal-com.mail.protection.outlook.com udp
US 8.8.8.8:53 bfe09c.myshopify.com udp
US 8.8.8.8:53 guru.smp.belajar.id udp
US 8.8.8.8:53 stablepizza-com.mail.protection.outlook.com udp
US 8.8.8.8:53 xbananaw.xyz udp
US 8.8.8.8:53 mx1.improvmx.com udp
US 8.8.8.8:53 ssh.kingstonk12.org udp
US 8.8.8.8:53 gmail.choo.co.uk udp
PL 86.105.187.128:80 ftp.scoala3.ro tcp
US 8.8.8.8:53 gmonline.org.br udp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 jcasolicitors.co.uk udp
US 8.8.8.8:53 gmit.edu udp
US 8.8.8.8:53 gmail.coco.uk udp
US 8.8.8.8:53 makingmommys.com udp
US 8.8.8.8:53 ssh.dafnis.com udp
US 8.8.8.8:53 ssh.makingmommys.com udp
US 8.8.8.8:53 pop.yahooxample.com udp
US 8.8.8.8:53 ftp.dafnis.com udp
US 8.8.8.8:53 mail.qv.bg udp
US 8.8.8.8:53 com.dmu.edu.eg udp
US 8.8.8.8:53 digiteo.fr udp
US 8.8.8.8:53 ftp.liveonetrade.com.br udp
CA 67.205.121.216:80 ftp.highlandmultimedia.com tcp
US 8.8.8.8:53 ssh.ballyroe.com udp
US 8.8.8.8:53 mail.ballyroe.com udp
US 8.8.8.8:53 ballyroe.com udp
US 8.8.8.8:53 ssh.eriglobal.com udp
US 8.8.8.8:53 ftp.chei.uno udp
US 8.8.8.8:53 sadunco21.onmicrosoft.com udp
US 8.8.8.8:53 yahoo.com.ta.ua udp
US 8.8.8.8:53 mail.gmaimsalud.gov.co udp
US 8.8.8.8:53 mail.howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 liveonetrade-com-br.mail.protection.outlook.com udp
US 8.8.8.8:53 gmail.cooolsite.net udp
US 8.8.8.8:53 gmaimsalud.gov.co udp
US 8.8.8.8:53 ftp.ballyroe.com udp
US 8.8.8.8:53 www.kingstonk12.org udp
US 8.8.8.8:53 ftp.howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 ssh.gmail.coco.uk udp
US 8.8.8.8:53 mail.gmail.coco.uk udp
US 8.8.8.8:53 pop.gmaimsalud.gov.co udp
US 8.8.8.8:53 ssh.lexbentleyllc.com udp
US 8.8.8.8:53 ssh.ingegroup.cl udp
US 198.12.247.192:80 eriglobal.com tcp
LT 84.32.84.32:80 chei.uno tcp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 gmit.edu udp
US 8.8.8.8:53 199.138.249.34.in-addr.arpa udp
US 8.8.8.8:53 gmcom.br udp
US 8.8.8.8:53 ssh.fie.undef.edu.ar udp
US 23.236.62.147:80 login-freiburg.de tcp
US 8.8.8.8:53 ssh.mail.wu.ac.th udp
CA 23.227.38.74:80 bfe09c.myshopify.com tcp
GB 35.214.50.167:80 stablepizza.com tcp
IT 195.110.124.133:80 cravetta.edu.it tcp
US 8.8.8.8:53 mail.hotmai.cocl udp
US 8.8.8.8:53 mailer1.campus-paris-saclay.fr udp
US 8.8.8.8:53 ftp.yahoo.com.ta.ua udp
US 8.8.8.8:53 com-dmu-edu-eg.mail.protection.outlook.com udp
US 8.8.8.8:53 ftp.sadunco21.onmicrosoft.com udp
US 8.8.8.8:53 ssh.gmaimsalud.gov.co udp
US 8.8.8.8:53 hotmail.cois-molinari.eu udp
US 8.8.8.8:53 ssh.xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 ssh.ebpearls.com.au udp
US 8.8.8.8:53 mail.gmaandex.by udp
US 8.8.8.8:53 guru.smp.belajar.id udp
US 8.8.8.8:53 ftp.eriglobal.com udp
US 8.8.8.8:53 ssh.gmail.cooolsite.net udp
US 8.8.8.8:53 xbananaw.xyz udp
US 8.8.8.8:53 mail.lexbentleyllc.com udp
US 8.8.8.8:53 lexbentleyllc.com udp
US 8.8.8.8:53 ssh.gmail.choo.co.uk udp
US 8.8.8.8:53 qv.bg udp
US 8.8.8.8:53 gmail.choo.co.uk udp
US 8.8.8.8:53 ftp.gmail.cooolsite.net udp
US 8.8.8.8:53 gmaandex.by udp
US 8.8.8.8:53 ftp.stablepizza.com udp
US 8.8.8.8:53 pop.qv.bg udp
US 8.8.8.8:53 mail.bigpoint.acc udp
US 8.8.8.8:53 bigpoint.acc udp
US 8.8.8.8:53 pop.makingmommys.com udp
US 8.8.8.8:53 ftp.gmail.choo.co.uk udp
US 8.8.8.8:53 jcasolicitors.co.uk udp
US 8.8.8.8:53 marlestonsa.com.au udp
US 8.8.8.8:53 ftp.mail.wu.ac.th udp
US 8.8.8.8:53 gmonline.org.br udp
US 8.8.8.8:53 mailgw.ns36.de udp
DE 92.222.212.92:80 mail.tercommunity.one tcp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 ftp.hotmai.cocl udp
US 8.8.8.8:53 digiteo.fr udp
US 8.8.8.8:53 loginfreiburg-de01c.mail.protection.outlook.com udp
US 107.162.228.20:443 www.kingstonk12.org tcp
US 8.8.8.8:53 lastmx.spamexperts.net udp
US 8.8.8.8:53 ssh.highlandmultimedia.com udp
US 8.8.8.8:53 com.dmu.edu.eg udp
US 8.8.8.8:53 ftp.essencedripscents.com udp
US 8.8.8.8:53 mail.gmail.cooolsite.net udp
US 8.8.8.8:53 yahoo.com.ta.ua udp
US 8.8.8.8:53 sadunco21.onmicrosoft.com udp
US 8.8.8.8:53 gmail.cooolsite.net udp
US 8.8.8.8:53 ssh.valgrantt.com udp
US 8.8.8.8:53 ssh.gmaandex.by udp
US 8.8.8.8:53 ssh.scoala3.ro udp
US 8.8.8.8:53 gmail.choo.co.uk udp
US 8.8.8.8:53 hotmai.cocl udp
US 8.8.8.8:53 mail.makingmommys.com udp
US 8.8.8.8:53 ssh.bigpoint.acc udp
US 8.8.8.8:53 pop.bigpoint.acc udp
US 8.8.8.8:53 xsvfj.mail.protection.outlook.com udp
US 8.8.8.8:53 ftp.xbananaw.xyz udp
US 8.8.8.8:53 pop.gmaandex.by udp
US 8.8.8.8:53 mail.gmail.coco.uk udp
US 8.8.8.8:53 xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 mail.xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 mail.yahooxample.com udp
US 8.8.8.8:53 imap.yahooxample.com udp
US 8.8.8.8:53 gmit.edu udp
US 8.8.8.8:53 marlestonsa.com.au udp
US 8.8.8.8:53 cooperflack.net udp
US 8.8.8.8:53 seharris.co udp
US 8.8.8.8:53 gmcom.br udp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 147.62.236.23.in-addr.arpa udp
US 8.8.8.8:53 74.38.227.23.in-addr.arpa udp
US 8.8.8.8:53 jcasolicitors-co-uk.mail.protection.outlook.com udp
IE 34.249.138.199:80 navaldc.com tcp
IE 34.249.138.199:80 navaldc.com tcp
US 44.239.178.18:443 aieseccolombia.org tcp
FR 193.37.145.65:443 ftp.ahmi.fr tcp
US 141.193.213.11:443 ebpearls.com.au tcp
US 8.8.8.8:53 mail.ballyroe.com udp
US 8.8.8.8:53 SadunCo21.mail.protection.outlook.com udp
US 8.8.8.8:53 mailer1.campus-paris-saclay.fr udp
US 8.8.8.8:53 ssh.chei.uno udp
US 8.8.8.8:53 ftp.guru.smp.belajar.id udp
US 8.8.8.8:53 ssh.hotmai.cocl udp
US 8.8.8.8:53 ssh.kingstonk12.org udp
US 8.8.8.8:53 xbananaw.xyz udp
US 8.8.8.8:53 ftp.ebpearls.com.au udp
US 8.8.8.8:53 mail.xbananaw.xyz udp
US 8.8.8.8:53 ssh.liveonetrade.com.br udp
DE 23.88.84.200:80 dafnis.com tcp
US 8.8.8.8:53 cooperflack.net udp
US 8.8.8.8:53 seharris.co udp
US 8.8.8.8:53 yahoo.co.jpl.com udp
US 8.8.8.8:53 jcasolicitors.co.uk udp
US 8.8.8.8:53 gmail.coco.uk udp
US 8.8.8.8:53 ftp.dafnis.com udp
US 8.8.8.8:53 ssh.makingmommys.com udp
US 8.8.8.8:53 makingmommys.com udp
US 8.8.8.8:53 pop3.yahooxample.com udp
US 8.8.8.8:53 imap.qv.bg udp
US 8.8.8.8:53 com.dmu.edu.eg udp
US 8.8.8.8:53 ssh.dafnis.com udp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 hotmail.cois-molinari.eu udp
US 8.8.8.8:53 guru.smp.belajar.id udp
US 8.8.8.8:53 www.login-freiburg.de udp
US 8.8.8.8:53 92.212.222.92.in-addr.arpa udp
US 8.8.8.8:53 ftp.cravetta.edu.it udp
US 8.8.8.8:53 digiteo.fr udp
US 8.8.8.8:53 stablepizza-com.mail.protection.outlook.com udp
US 8.8.8.8:53 gmonline.org.br udp
BR 187.45.195.26:443 liveonetrade.com.br tcp
TH 202.28.68.76:80 mail.wu.ac.th tcp
US 104.21.12.219:80 iainpurwokerto.ac.id tcp
US 8.8.8.8:53 ssh.ballyroe.com udp
US 8.8.8.8:53 mail.ballyroe.com udp
US 8.8.8.8:53 ballyroe.com udp
US 8.8.8.8:53 mail.liveonetrade.com.br udp
US 8.8.8.8:53 ssh.eriglobal.com udp
US 8.8.8.8:53 ftp.chei.uno udp
US 8.8.8.8:53 sadunco21.onmicrosoft.com udp
US 8.8.8.8:53 mail.gmaimsalud.gov.co udp
US 8.8.8.8:53 liveonetrade-com-br.mail.protection.outlook.com udp
US 8.8.8.8:53 gmaimsalud.gov.co udp
US 8.8.8.8:53 howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 mail.gmail.cooolsite.net udp
US 8.8.8.8:53 mail.howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 ssh.gmail.coco.uk udp
US 8.8.8.8:53 pop.gmail.coco.uk udp
US 8.8.8.8:53 pop.gmaimsalud.gov.co udp
US 8.8.8.8:53 ssh.howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 ssh.lexbentleyllc.com udp
US 8.8.8.8:53 yahoo.co.jpl.com udp
US 8.8.8.8:53 live.shu.edu.tw udp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 gmit.edu udp
LT 84.32.84.32:80 chei.uno tcp
SG 68.178.224.133:80 glaucuslogistics.com tcp
DE 91.195.240.13:80 mailzm.com tcp
US 8.8.8.8:53 ssh.fie.undef.edu.ar udp
US 8.8.8.8:53 ssh.mail.wu.ac.th udp
CA 67.205.121.216:80 ftp.highlandmultimedia.com tcp
GB 35.214.50.167:80 stablepizza.com tcp
IT 195.110.124.133:80 cravetta.edu.it tcp
US 8.8.8.8:53 ftp.gmonline.org.br udp
US 8.8.8.8:53 ssh.ingegroup.cl udp
US 8.8.8.8:53 mail.yahoo.com.ta.ua udp
US 8.8.8.8:53 mail.hotmai.cocl udp
US 8.8.8.8:53 mailer1.campus-paris-saclay.fr udp
US 8.8.8.8:53 ftp.yahoo.com.ta.ua udp
US 8.8.8.8:53 com-dmu-edu-eg.mail.protection.outlook.com udp
US 8.8.8.8:53 gmail.cooolsite.net udp
US 8.8.8.8:53 ftp.sadunco21.onmicrosoft.com udp
US 8.8.8.8:53 ssh.essencedripscents.com udp
US 8.8.8.8:53 ssh.gmaimsalud.gov.co udp
US 8.8.8.8:53 essencedripscents-com.mail.protection.outlook.com udp
US 8.8.8.8:53 hotmail.cois-molinari.eu udp
US 8.8.8.8:53 ssh.ebpearls.com.au udp
US 8.8.8.8:53 ftp.eriglobal.com udp
US 8.8.8.8:53 mail.gmaandex.by udp
US 8.8.8.8:53 ssh.gmail.cooolsite.net udp
US 8.8.8.8:53 ssh.aieseccolombia.org udp
US 8.8.8.8:53 eriglobal-com.mail.protection.outlook.com udp
US 8.8.8.8:53 ftp.iainpurwokerto.ac.id udp
US 8.8.8.8:53 mail.lexbentleyllc.com udp
US 8.8.8.8:53 ftp.gmail.cooolsite.net udp
US 8.8.8.8:53 ssh.gmail.choo.co.uk udp
US 8.8.8.8:53 mail.qv.bg udp
US 8.8.8.8:53 xbananaw.xyz udp
US 8.8.8.8:53 lexbentleyllc.com udp
US 8.8.8.8:53 ftp.stablepizza.com udp
US 8.8.8.8:53 gmail.choo.co.uk udp
US 8.8.8.8:53 gmaandex.by udp
US 8.8.8.8:53 pop3.qv.bg udp
US 8.8.8.8:53 bigpoint.acc udp
US 8.8.8.8:53 pop.makingmommys.com udp
US 8.8.8.8:53 mail.bigpoint.acc udp
US 8.8.8.8:53 live.shu.edu.tw udp
US 8.8.8.8:53 jcasolicitors.co.uk udp
DE 92.222.212.92:80 mail.tercommunity.one tcp
US 8.8.8.8:53 gmonline.org.br udp
US 8.8.8.8:53 ssh.xbananaw.xyz udp
US 8.8.8.8:53 ftp.hotmai.cocl udp
US 8.8.8.8:53 loginfreiburg-de01c.mail.protection.outlook.com udp
US 8.8.8.8:53 digiteo.fr udp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 guru.smp.belajar.id udp
US 8.8.8.8:53 pop.lexbentleyllc.com udp
US 8.8.8.8:53 ssh.highlandmultimedia.com udp
US 8.8.8.8:53 com.dmu.edu.eg udp
US 8.8.8.8:53 ftp.essencedripscents.com udp
US 8.8.8.8:53 mail.gmail.cooolsite.net udp
US 34.149.87.45:443 www.login-freiburg.de tcp
US 8.8.8.8:53 ssh.valgrantt.com udp
US 8.8.8.8:53 tussahsilk.com udp
US 8.8.8.8:53 femailtor.com udp
US 8.8.8.8:53 gmail.choo.co.uk udp
US 8.8.8.8:53 mail.hotmai.cocl udp
US 8.8.8.8:53 ssh.scoala3.ro udp
US 8.8.8.8:53 pop.ahmi.fr udp
US 8.8.8.8:53 ftp.xbananaw.xyz udp
US 8.8.8.8:53 mail.gmail.coco.uk udp
US 8.8.8.8:53 xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 gmit.edu udp
US 8.8.8.8:53 pop.gmaandex.by udp
US 8.8.8.8:53 mail.yahooxample.com udp
US 8.8.8.8:53 seharris-co.mail.protection.outlook.com udp
US 8.8.8.8:53 imap.yahooxample.com udp
US 8.8.8.8:53 mail.xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 gmcom.br udp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 jcasolicitors-co-uk.mail.protection.outlook.com udp
US 8.8.8.8:53 my-chainmail.com udp
IE 34.249.138.199:80 navaldc.com tcp
US 8.8.8.8:53 13.240.195.91.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 mail.makingmommys.com udp
US 8.8.8.8:53 xsvfj.mail.protection.outlook.com udp
US 198.12.247.192:80 eriglobal.com tcp
US 8.8.8.8:53 SadunCo21.mail.protection.outlook.com udp
US 8.8.8.8:53 mail.ballyroe.com udp
US 8.8.8.8:53 hotmai.cocl udp
US 8.8.8.8:53 mailer1.campus-paris-saclay.fr udp
US 8.8.8.8:53 yahoo.com.ta.ua udp
US 8.8.8.8:53 ssh.chei.uno udp
US 8.8.8.8:53 ftp.guru.smp.belajar.id udp
US 8.8.8.8:53 ssh.kingstonk12.org udp
US 8.8.8.8:53 ssh.hotmai.cocl udp
US 8.8.8.8:53 mail.xbananaw.xyz udp
US 8.8.8.8:53 xbananaw.xyz udp
US 8.8.8.8:53 ftp.ebpearls.com.au udp
US 8.8.8.8:53 tussahsilk.com udp
US 8.8.8.8:53 alumno.unsm.edu.pe udp
US 8.8.8.8:53 femailtor.com udp
US 8.8.8.8:53 ssh.gmaandex.by udp
DE 23.88.84.200:443 dafnis.com tcp
US 141.193.213.11:443 ebpearls.com.au tcp
US 8.8.8.8:53 yahoo.co.jpl.com udp
US 8.8.8.8:53 ssh.liveonetrade.com.br udp
US 8.8.8.8:53 ftp.glaucuslogistics.com udp
US 8.8.8.8:53 gmail.coco.uk udp
US 8.8.8.8:53 ssh.makingmommys.com udp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 imap.qv.bg udp
US 34.238.178.141:80 ftp.kingstonk12.org tcp
US 8.8.8.8:53 com.dmu.edu.eg udp
US 8.8.8.8:53 ssh.dafnis.com udp
US 8.8.8.8:53 pop3.yahooxample.com udp
US 8.8.8.8:53 makingmommys.com udp
US 8.8.8.8:53 pop.bigpoint.acc udp
US 8.8.8.8:53 ftp.hotmail.cois-molinari.eu udp
US 8.8.8.8:53 hotmail.cois-molinari.eu udp
US 8.8.8.8:53 45.87.149.34.in-addr.arpa udp
FR 193.37.145.65:443 ftp.ahmi.fr tcp
US 8.8.8.8:53 gmonline.org.br udp
US 8.8.8.8:53 ftp.cravetta.edu.it udp
US 8.8.8.8:53 stablepizza-com.mail.protection.outlook.com udp
US 8.8.8.8:53 digiteo.fr udp
US 8.8.8.8:53 ssh.ballyroe.com udp
US 8.8.8.8:53 mx0.lcn.com udp
US 8.8.8.8:53 pop.ballyroe.com udp
US 8.8.8.8:53 ballyroe.com udp
US 8.8.8.8:53 ssh.eriglobal.com udp
US 8.8.8.8:53 pop.valgrantt.com udp
US 8.8.8.8:53 mail.gmaimsalud.gov.co udp
US 8.8.8.8:53 ssh.sadunco21.onmicrosoft.com udp
US 8.8.8.8:53 sadunco21.onmicrosoft.com udp
US 8.8.8.8:53 mail.liveonetrade.com.br udp
US 8.8.8.8:53 ftp.chei.uno udp
US 8.8.8.8:53 gmaimsalud.gov.co udp
US 8.8.8.8:53 mail.gmail.cooolsite.net udp
US 8.8.8.8:53 mail.howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 ssh.yahoo.com.ta.ua udp
US 8.8.8.8:53 yahoo.com.ta.ua udp
US 8.8.8.8:53 liveonetrade-com-br.mail.protection.outlook.com udp
US 8.8.8.8:53 ssh.ahmi.fr udp
US 8.8.8.8:53 ftp.navaldc.com udp
US 8.8.8.8:53 pop.gmail.coco.uk udp
US 8.8.8.8:53 ssh.gmail.coco.uk udp
US 8.8.8.8:53 ssh.lexbentleyllc.com udp
US 8.8.8.8:53 ssh.howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 jcasolicitors.co.uk udp
US 8.8.8.8:53 alumno.unsm.edu.pe udp
US 8.8.8.8:53 femailtor.com udp
US 8.8.8.8:53 student.prasetiyamulya.ac.id udp
DE 91.195.240.13:80 mailzm.com tcp
US 8.8.8.8:53 yahoo.co.jpl.com udp
US 8.8.8.8:53 16014780.mail.outlook.com udp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 gmit.edu udp
US 8.8.8.8:53 gmcom.br udp
BR 187.45.195.26:80 liveonetrade.com.br tcp
GB 35.214.50.167:80 stablepizza.com tcp
IT 195.110.124.133:80 cravetta.edu.it tcp
US 104.21.12.219:443 ftp.iainpurwokerto.ac.id tcp
US 8.8.8.8:53 ssh.mail.wu.ac.th udp
US 8.8.8.8:53 ssh.fie.undef.edu.ar udp
US 8.8.8.8:53 student.prasetiyamulya.ac.id udp
US 8.8.8.8:53 pop.makingmommys.com udp
US 8.8.8.8:53 pop.gmaimsalud.gov.co udp
US 8.8.8.8:53 pop3.qv.bg udp
US 8.8.8.8:53 mail.bigpoint.acc udp
PL 86.105.187.128:80 ftp.scoala3.ro tcp
DE 92.222.212.92:80 mail.tercommunity.one tcp
CA 23.227.38.32:80 essencedripscents.com tcp
US 8.8.8.8:53 mailer1.campus-paris-saclay.fr udp
US 8.8.8.8:53 ssh.xbananaw.xyz udp
US 8.8.8.8:53 ftp.hotmai.cocl udp
US 8.8.8.8:53 mail.gmonline.org.br udp
US 8.8.8.8:53 ssh.stablepizza.com udp
US 8.8.8.8:53 ssh.ingegroup.cl udp
US 8.8.8.8:53 mail.yahoo.com.ta.ua udp
US 8.8.8.8:53 ftp.yahoo.com.ta.ua udp
US 8.8.8.8:53 com-dmu-edu-eg.mail.protection.outlook.com udp
US 8.8.8.8:53 mail.hotmai.cocl udp
US 8.8.8.8:53 essencedripscents-com.mail.protection.outlook.com udp
US 8.8.8.8:53 ftp.gmonline.org.br udp
US 8.8.8.8:53 gmail.cooolsite.net udp
US 8.8.8.8:53 ftp.sadunco21.onmicrosoft.com udp
US 8.8.8.8:53 hotmail.cois-molinari.eu udp
US 8.8.8.8:53 ssh.guru.smp.belajar.id udp
US 8.8.8.8:53 ssh.essencedripscents.com udp
US 8.8.8.8:53 ssh.ebpearls.com.au udp
US 8.8.8.8:53 ssh.gmail.cooolsite.net udp
US 8.8.8.8:53 mail.gmaandex.by udp
US 8.8.8.8:53 pop.howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 ssh.aieseccolombia.org udp
US 8.8.8.8:53 mail.lexbentleyllc.com udp
US 8.8.8.8:53 lexbentleyllc.com udp
US 8.8.8.8:53 ftp.stablepizza.com udp
US 8.8.8.8:53 ssh.gmail.choo.co.uk udp
US 8.8.8.8:53 gmaandex.by udp
US 8.8.8.8:53 mail.xbananaw.xyz udp
US 8.8.8.8:53 eriglobal-com.mail.protection.outlook.com udp
US 8.8.8.8:53 mail.qv.bg udp
CA 67.205.121.216:80 ftp.highlandmultimedia.com tcp
US 8.8.8.8:53 ftp.digiteo.fr udp
US 8.8.8.8:53 digiteo.fr udp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 guru.smp.belajar.id udp
US 8.8.8.8:53 pop.lexbentleyllc.com udp
US 8.8.8.8:53 xbananaw.xyz udp
US 8.8.8.8:53 ssh.highlandmultimedia.com udp
US 8.8.8.8:53 pop.dafnis.com udp
US 8.8.8.8:53 com.dmu.edu.eg udp
US 8.8.8.8:53 ftp.essencedripscents.com udp
US 8.8.8.8:53 mail.gmail.cooolsite.net udp
US 8.8.8.8:53 yahoo.co.jpl.com udp
US 8.8.8.8:53 alumno.unsm.edu.pe udp
US 8.8.8.8:53 landtecna.com udp
AU 27.50.67.241:80 marlestonsa.com.au tcp
US 23.236.62.147:80 login-freiburg.de tcp
US 192.64.119.124:80 seharris.co tcp
US 8.8.8.8:53 seharris-co.mail.protection.outlook.com udp
US 104.21.12.219:443 ftp.iainpurwokerto.ac.id tcp
US 8.8.8.8:53 route1.mx.cloudflare.net udp
US 8.8.8.8:53 jcasolicitors.co.uk udp
US 8.8.8.8:53 ftp.com.dmu.edu.eg udp
US 8.8.8.8:53 ssh.scoala3.ro udp
US 8.8.8.8:53 xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 mail.gmail.coco.uk udp
US 8.8.8.8:53 imap.yahooxample.com udp
US 8.8.8.8:53 gmit.edu udp
US 8.8.8.8:53 mail.yahooxample.com udp
US 8.8.8.8:53 mail.xsvfj.onmicrosoft.com udp
US 8.8.8.8:53 gmcom.br udp
US 8.8.8.8:53 ftp.xbananaw.xyz udp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 ssh.cravetta.edu.it udp
US 8.8.8.8:53 jcasolicitors-co-uk.mail.protection.outlook.com udp
US 8.8.8.8:53 imap.bigpoint.acc udp
US 8.8.8.8:53 mail.iainpurwokerto.ac.id udp
IE 34.249.138.199:80 ftp.navaldc.com tcp
GB 85.233.160.184:80 cooperflack.net tcp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 xsvfj.mail.protection.outlook.com udp
US 8.8.8.8:53 mail.makingmommys.com udp
US 8.8.8.8:53 ssh.valgrantt.com udp
US 8.8.8.8:53 SadunCo21.mail.protection.outlook.com udp
US 8.8.8.8:53 mail.ballyroe.com udp
US 8.8.8.8:53 mailer1.campus-paris-saclay.fr udp
US 8.8.8.8:53 mail.gmail.choo.co.uk udp
US 8.8.8.8:53 ssh.chei.uno udp
US 8.8.8.8:53 mail.yahoo.com.ta.ua udp
US 8.8.8.8:53 ftp.guru.smp.belajar.id udp
US 8.8.8.8:53 ssh.kingstonk12.org udp
US 8.8.8.8:53 ssh.hotmai.cocl udp
US 8.8.8.8:53 mail.xbananaw.xyz udp
US 8.8.8.8:53 femailtor.com udp
US 8.8.8.8:53 tussahsilk.com udp
TW 192.192.150.231:80 live.shu.edu.tw tcp
DE 23.88.84.200:80 dafnis.com tcp
US 8.8.8.8:53 sadunco21.onmicrosoft.com udp
US 8.8.8.8:53 ssh.liveonetrade.com.br udp
US 8.8.8.8:53 dafnis.com udp
US 8.8.8.8:53 ftp.login-freiburg.de udp
US 8.8.8.8:53 gmail.coco.uk udp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 imap.qv.bg udp
US 8.8.8.8:53 ssh.dafnis.com udp
US 8.8.8.8:53 makingmommys.com udp
US 8.8.8.8:53 pop3.bigpoint.acc udp
US 8.8.8.8:53 com.dmu.edu.eg udp
US 8.8.8.8:53 pop3.yahooxample.com udp
US 8.8.8.8:53 mail.hotmail.cois-molinari.eu udp
US 8.8.8.8:53 ftp.hotmail.cois-molinari.eu udp
US 8.8.8.8:53 hotmail.cois-molinari.eu udp
US 8.8.8.8:53 folex.fr udp
US 8.8.8.8:53 241.67.50.27.in-addr.arpa udp
US 8.8.8.8:53 124.119.64.192.in-addr.arpa udp
US 8.8.8.8:53 alumno.unsm.edu.pe udp
US 8.8.8.8:53 stablepizza-com.mail.protection.outlook.com udp
US 8.8.8.8:53 digiteo.fr udp
US 8.8.8.8:53 ssh.ballyroe.com udp
US 8.8.8.8:53 gmonline.org.br udp
US 8.8.8.8:53 ssh.gmonline.org.br udp
US 8.8.8.8:53 mail.eriglobal.com udp
US 8.8.8.8:53 pop.ballyroe.com udp
US 8.8.8.8:53 ballyroe.com udp
US 8.8.8.8:53 imap.gmaimsalud.gov.co udp
US 8.8.8.8:53 pop.valgrantt.com udp
US 8.8.8.8:53 mail.liveonetrade.com.br udp
US 8.8.8.8:53 ssh.sadunco21.onmicrosoft.com udp
US 8.8.8.8:53 ftp.tercommunity.one udp
US 8.8.8.8:53 liveonetrade-com-br.mail.protection.outlook.com udp
US 8.8.8.8:53 mail.gmail.cooolsite.net udp
US 8.8.8.8:53 ssh.yahoo.com.ta.ua udp
US 8.8.8.8:53 mail.howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 ssh.ahmi.fr udp
US 8.8.8.8:53 howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 yahoo.com.ta.ua udp
US 8.8.8.8:53 pop.gmail.coco.uk udp
US 8.8.8.8:53 ssh.lexbentleyllc.com udp
US 8.8.8.8:53 ssh.gmail.coco.uk udp
US 8.8.8.8:53 jcasolicitors.co.uk udp
US 8.8.8.8:53 ssh.howtogetafreeiphone.infoco.th udp
FR 193.37.145.65:443 ftp.ahmi.fr tcp
DE 91.195.240.13:80 mailzm.com tcp
US 8.8.8.8:53 student-prasetiyamulya-ac-id.mail.protection.outlook.com udp
US 8.8.8.8:53 yahoo.co.jpl.com udp
US 8.8.8.8:53 gmit.edu udp
US 8.8.8.8:53 gmcom.br udp
US 8.8.8.8:53 16014780.mail.outlook.com udp
US 141.193.213.11:443 ebpearls.com.au tcp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 sadunco21.onmicrosoft.com udp
US 8.8.8.8:53 ssh.fie.undef.edu.ar udp
GB 35.214.50.167:80 stablepizza.com tcp
US 8.8.8.8:53 231.150.192.192.in-addr.arpa udp
US 8.8.8.8:53 184.160.233.85.in-addr.arpa udp
US 8.8.8.8:53 liteyca.pe udp
US 8.8.8.8:53 mail2.graco.com udp
US 3.18.7.81:80 tussahsilk.com tcp
US 8.8.8.8:53 mail.bigpoint.acc udp
US 8.8.8.8:53 pop3.qv.bg udp
US 107.162.228.20:443 www.kingstonk12.org tcp
DE 92.222.212.92:80 mail.tercommunity.one tcp
IT 195.110.124.133:80 cravetta.edu.it tcp
US 8.8.8.8:53 mx1.mijndomein.nl udp
US 8.8.8.8:53 pop3.gmaimsalud.gov.co udp
US 8.8.8.8:53 ssh.xbananaw.xyz udp
US 8.8.8.8:53 mailer1.campus-paris-saclay.fr udp
US 8.8.8.8:53 ssh.ingegroup.cl udp
US 8.8.8.8:53 ftp.yahoo.com.ta.ua udp
US 8.8.8.8:53 ssh.stablepizza.com udp
US 8.8.8.8:53 mail.hotmai.cocl udp
US 8.8.8.8:53 com-dmu-edu-eg.mail.protection.outlook.com udp
US 8.8.8.8:53 mail.gmonline.org.br udp
US 8.8.8.8:53 ssh.essencedripscents.com udp
US 8.8.8.8:53 essencedripscents-com.mail.protection.outlook.com udp
US 8.8.8.8:53 gmail.cooolsite.net udp
US 8.8.8.8:53 hotmail.cois-molinari.eu udp
US 8.8.8.8:53 ftp.sadunco21.onmicrosoft.com udp
US 8.8.8.8:53 ssh.guru.smp.belajar.id udp
US 8.8.8.8:53 ssh.ebpearls.com.au udp
US 8.8.8.8:53 ssh.gmail.cooolsite.net udp
US 8.8.8.8:53 imap.gmaandex.by udp
US 8.8.8.8:53 ssh.aieseccolombia.org udp
US 8.8.8.8:53 pop.howtogetafreeiphone.infoco.th udp
US 8.8.8.8:53 ftp.gmonline.org.br udp
US 8.8.8.8:53 mail.yahoo.com.ta.ua udp
US 8.8.8.8:53 folex.fr udp
US 8.8.8.8:53 eriglobal-com.mail.protection.outlook.com udp
US 8.8.8.8:53 mail.xbananaw.xyz udp
US 8.8.8.8:53 mail.qv.bg udp
US 8.8.8.8:53 mail.gmaandex.by udp
US 8.8.8.8:53 ssh.gmail.choo.co.uk udp
US 8.8.8.8:53 ftp.stablepizza.com udp
US 8.8.8.8:53 ftp.digiteo.fr udp
US 8.8.8.8:53 lexbentleyllc.com udp
US 8.8.8.8:53 digiteo.fr udp
US 8.8.8.8:53 my-chainmail.com udp
US 8.8.8.8:53 guru.smp.belajar.id udp
US 8.8.8.8:53 pop.lexbentleyllc.com udp
US 8.8.8.8:53 com.dmu.edu.eg udp
US 8.8.8.8:53 xbananaw.xyz udp
US 8.8.8.8:53 ssh.highlandmultimedia.com udp
US 8.8.8.8:53 pop.dafnis.com udp
US 8.8.8.8:53 pop.gmail.cooolsite.net udp
US 8.8.8.8:53 yahoo.co.jpl.com udp
US 8.8.8.8:53 liteyca.pe udp
US 8.8.8.8:53 femailtor.com udp
US 8.8.8.8:53 seharris-co.mail.protection.outlook.com udp
US 8.8.8.8:53 jcasolicitors.co.uk udp

Files

memory/3660-1-0x0000000002350000-0x0000000002450000-memory.dmp

memory/3660-2-0x0000000002340000-0x000000000234B000-memory.dmp

memory/3660-3-0x0000000000400000-0x00000000022D1000-memory.dmp

memory/3348-4-0x0000000001130000-0x0000000001146000-memory.dmp

memory/3660-5-0x0000000000400000-0x00000000022D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\C68C.exe

MD5 398ab69b1cdc624298fbc00526ea8aca
SHA1 b2c76463ae08bb3a08accfcbf609ec4c2a9c0821
SHA256 ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be
SHA512 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739

memory/1008-16-0x00000000037D0000-0x0000000003994000-memory.dmp

memory/220-20-0x0000000000400000-0x0000000000848000-memory.dmp

memory/220-17-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1008-18-0x00000000039A0000-0x0000000003B57000-memory.dmp

memory/220-21-0x0000000000400000-0x0000000000848000-memory.dmp

memory/220-22-0x0000000000400000-0x0000000000848000-memory.dmp

memory/220-23-0x0000000000400000-0x0000000000848000-memory.dmp

memory/220-24-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CB7F.dll

MD5 9b1697d40dfd386fdd7e9327844f301a
SHA1 e75defb119e2c7b7d3f75ab70a100ec504af5ebf
SHA256 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d
SHA512 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69

memory/3388-32-0x0000000010000000-0x0000000010202000-memory.dmp

memory/3388-33-0x0000000000B90000-0x0000000000B96000-memory.dmp

memory/3388-35-0x00000000049C0000-0x0000000004AE8000-memory.dmp

memory/3388-36-0x0000000004AF0000-0x0000000004BFD000-memory.dmp

memory/3388-39-0x0000000004AF0000-0x0000000004BFD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D93B.exe

MD5 31927d08cd85af37486cc94c379e5d0e
SHA1 35bd580cc32cd6631eaea2f19544767afb5768cd
SHA256 f162381d5787b41619742b2b29a62054c2b19f169d428623f62e675aa6a1fb9d
SHA512 53d9656274a34164e9c47e5ddd0febb282dc3e6411cd5523e257f7eeab0141335b302e5824f7f90e86ab6b0842eb21cffaa2be50a1966a6e14e638ceeeb46bb3

C:\Users\Admin\AppData\Local\Temp\D93B.exe

MD5 c1632125cae71de59525abad4ca1abbb
SHA1 758b38d9a3bc6a335b791818ad96b74cc62571e6
SHA256 f1c5fa9a5d52b3dcdf3cd999e9f74bdf5398f63fca173aa3589b0b3761f90882
SHA512 48813edd4fdcadec81b0f26bbd23e0b7f23e180f940c0f4a686914104af147c2df86bee5812fb4959869a1d4ce930ac5daf18fe945d7a33d436e927280d42b4a

memory/1736-45-0x0000000001100000-0x00000000019F1000-memory.dmp

memory/1736-44-0x0000000001D40000-0x0000000001D41000-memory.dmp

memory/1736-47-0x0000000001100000-0x00000000019F1000-memory.dmp

memory/1736-49-0x0000000001100000-0x00000000019F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DDB1.exe

MD5 a1b5ee1b9649ab629a7ac257e2392f8d
SHA1 dc1b14b6d57589440fb3021c9e06a3e3191968dc
SHA256 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65
SHA512 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b

memory/1736-55-0x0000000001100000-0x00000000019F1000-memory.dmp

memory/1424-57-0x00000000036E0000-0x000000000374B000-memory.dmp

memory/1424-56-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/1736-59-0x0000000001D50000-0x0000000001D51000-memory.dmp

memory/1424-60-0x0000000001D10000-0x0000000001E10000-memory.dmp

memory/1736-58-0x0000000000400000-0x0000000001A77000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\EA73.exe

MD5 8dc3b992bc2d48e2e16673cbfe322fba
SHA1 054afccbdd951b9787da7d8558fdb6ed245953a3
SHA256 5c08e4fe2c79c73f2c810ddf8fbe87f837bcc290a1125716bd59ad2363c6522f
SHA512 98794944811b708a512d2aecfe2840719eafbe61e9f4bdd9301430d513a647f8344114ff263058e5bd0c168c520f05891e08d02f0a233d4b9abb3b3b91dcbf00

C:\Users\Admin\AppData\Local\Temp\EA73.exe

MD5 21fde1c217a564638af28d4cd32c4d02
SHA1 a76212a459f3a97beba38d4d32ad37affc8486e2
SHA256 d9d9b42f63b00064a1f79096a60e61ac12037e373dffa28697bab6fd768d9fca
SHA512 0df248216a5d3da1a945f8b2b4c50539178c7b8083a467450da53a48516236f0c54ec95a42caa52fab41b6eea88add132d2a611aa8a225d49011f91f59408fbc

memory/2032-66-0x0000000073270000-0x000000007395E000-memory.dmp

memory/2032-65-0x0000000000510000-0x000000000099C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

MD5 0564a9bf638169a89ccb3820a6b9a58e
SHA1 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb
SHA256 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058
SHA512 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6

memory/220-74-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 0c7b8daa9b09bcdf947a020bf28c2f19
SHA1 738f89f4da5256d14fe11394cf79e42060a7e98b
SHA256 ff0c709f06a8850794f2501c7dc9ce4ffc75f1ab3039218952cd87a067d3d3ff
SHA512 b069ef6d30a5afafc4b4e2632cb4f9da65e58dcedb66706921d85a6be97a024c1e786ec51299ba52668a65fe948d499609aa2b4978fb20738dd0b643d84cbcf6

memory/4476-79-0x0000000001BC0000-0x0000000001C27000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 b139e13afb2bd44f57532ce440870051
SHA1 205b9bce1952a67588dd088141ef461c73c58331
SHA256 f50a19f60113e41b917dd57a2ed0a524e731c1eab45ca3a5a7a966edb5cf08c6
SHA512 4d92e01b0e315e9768b54ad3f1243047c6ec535658fc3dc15ede8b3723fd14c3e3bdcd68dcbcc3dbd9f815739e7f16018f66b52afe6f34e8b0b1001479c9a9e3

memory/2032-81-0x0000000073270000-0x000000007395E000-memory.dmp

memory/4476-77-0x0000000001C60000-0x0000000001D60000-memory.dmp

memory/4476-84-0x0000000000400000-0x0000000001A4B000-memory.dmp

memory/3388-85-0x0000000010000000-0x0000000010202000-memory.dmp

memory/3108-86-0x0000000003B80000-0x0000000003F7B000-memory.dmp

memory/3108-87-0x0000000003F80000-0x000000000486B000-memory.dmp

memory/220-88-0x0000000000400000-0x0000000000848000-memory.dmp

memory/3108-94-0x0000000000400000-0x0000000001E0F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\F7D2.exe

MD5 38617539f3925b6017474f088cc3769a
SHA1 c689b57ab62eac790a204c8231b02bfe0bc243a6
SHA256 defe2d4c932a7ef607e8ef1a643fb57b9c69cbc53b52bf802f9471aae5caef49
SHA512 15d87c6231a8f2115ae3f0f021949d175d3f36735637c7b508a229af5b2a93f70f32e19d9b8e3d1e0fa41bd21ee46ab5d9c6ef630c826afe2210a789e5da53e7

C:\Users\Admin\AppData\Local\Temp\u3gc.0.exe

MD5 5c47e4602163dd29a39294b7192f0658
SHA1 268d1bf1f4c8c8b696298f802b95af8bd3891c10
SHA256 5c0b29d51d9b148c8c19ce0efca365ccb1bbe720f634a15897684abbd1dc5d76
SHA512 7baa0359781ba21c378a0fbd37dfcde2d1b0c5a9ce3afcf8db0617f91a49dd552416c90963731798669002eda0a15f2296120cb9307c8cafef18dfdb4a52ad91

memory/220-113-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\u3gc.1.exe

MD5 96226e504f02fee5f939af14318f3b96
SHA1 6439795b61c9f081bab232b942fb62c88ada2ba8
SHA256 7e40358e0d287824edc1b7e1493af588da0c2d060a49c61ed419694a6d11bcd3
SHA512 8a851ea4b888fffd6eb572b71b81d7e46c5098226cfb27ea5ae90e8e02cd041db0fcc284946314f303eeea6ef76468c0e2da879af4bc3d670406e5def5a8197c

memory/2952-114-0x0000000000400000-0x0000000000930000-memory.dmp

memory/4476-111-0x0000000000400000-0x0000000001A4B000-memory.dmp

memory/2952-115-0x0000000000BA0000-0x0000000000BA1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 41c4cef45b1224ea56767053aa15e6ea
SHA1 55b7144d8965367272c02dc283409771cfed60a9
SHA256 70039f87e6060f5d3a0a2b34f7c1dce5120efe33b274c8cb2ecca06f011e196f
SHA512 89e965a0f2c7e630a8eec28294bf6d1b6438dd3cd868c118a7482a621c8a0916df17732a8b8b8fa3866cf641b211cf198b78600b272f61b83eace5cecaba4d74

memory/1424-127-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/4768-128-0x0000000002440000-0x0000000002540000-memory.dmp

memory/4768-130-0x00000000001E0000-0x00000000001EB000-memory.dmp

memory/4768-132-0x0000000000400000-0x00000000022D3000-memory.dmp

memory/1380-135-0x0000000003DE0000-0x0000000003E07000-memory.dmp

memory/220-134-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Roaming\Temp\Task.bat

MD5 11bb3db51f701d4e42d3287f71a6a43e
SHA1 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86
SHA256 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331
SHA512 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2

memory/1380-139-0x0000000000400000-0x00000000022DA000-memory.dmp

memory/3108-141-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/1380-146-0x0000000002320000-0x0000000002420000-memory.dmp

memory/3348-147-0x0000000002A90000-0x0000000002AA6000-memory.dmp

memory/4768-149-0x0000000000400000-0x00000000022D3000-memory.dmp

memory/1380-151-0x0000000061E00000-0x0000000061EF3000-memory.dmp

memory/1380-184-0x0000000000400000-0x00000000022DA000-memory.dmp

memory/2952-188-0x0000000000400000-0x0000000000930000-memory.dmp

\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/220-218-0x0000000000400000-0x0000000000848000-memory.dmp

memory/3108-220-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/1380-221-0x0000000000400000-0x00000000022DA000-memory.dmp

memory/1736-223-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/1424-224-0x0000000001D10000-0x0000000001E10000-memory.dmp

C:\ProgramData\Are.docx

MD5 a33e5b189842c5867f46566bdbf7a095
SHA1 e1c06359f6a76da90d19e8fd95e79c832edb3196
SHA256 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454
SHA512 f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

memory/2036-235-0x0000000071BA0000-0x000000007228E000-memory.dmp

memory/3108-239-0x0000000003B80000-0x0000000003F7B000-memory.dmp

memory/2036-238-0x0000000005280000-0x00000000052B6000-memory.dmp

memory/2036-240-0x0000000007410000-0x0000000007420000-memory.dmp

memory/2036-241-0x0000000007A50000-0x0000000008078000-memory.dmp

memory/2036-242-0x0000000007410000-0x0000000007420000-memory.dmp

memory/2036-243-0x00000000079B0000-0x00000000079D2000-memory.dmp

memory/2036-244-0x00000000080F0000-0x0000000008156000-memory.dmp

memory/2036-246-0x0000000008300000-0x0000000008650000-memory.dmp

memory/2036-245-0x0000000008290000-0x00000000082F6000-memory.dmp

memory/1380-247-0x0000000000400000-0x00000000022DA000-memory.dmp

memory/2036-248-0x0000000008740000-0x000000000875C000-memory.dmp

memory/2036-249-0x00000000088A0000-0x00000000088EB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ku2vlokz.zbw.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/1736-263-0x0000000001100000-0x00000000019F1000-memory.dmp

memory/2036-269-0x0000000008BE0000-0x0000000008C1C000-memory.dmp

memory/2036-300-0x0000000009950000-0x00000000099C6000-memory.dmp

memory/220-303-0x0000000000400000-0x0000000000848000-memory.dmp

memory/3108-307-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/3108-312-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/2036-315-0x00000000732F0000-0x000000007333B000-memory.dmp

memory/2036-314-0x000000007F100000-0x000000007F110000-memory.dmp

memory/2036-313-0x000000000A700000-0x000000000A733000-memory.dmp

memory/2036-316-0x000000006E990000-0x000000006ECE0000-memory.dmp

memory/2036-317-0x0000000008C80000-0x0000000008C9E000-memory.dmp

memory/2036-322-0x000000000A740000-0x000000000A7E5000-memory.dmp

memory/2952-323-0x0000000000BA0000-0x0000000000BA1000-memory.dmp

memory/2036-324-0x000000000A940000-0x000000000A9D4000-memory.dmp

memory/2036-325-0x0000000007410000-0x0000000007420000-memory.dmp

memory/2036-529-0x000000000A7F0000-0x000000000A80A000-memory.dmp

memory/2036-538-0x000000000A6E0000-0x000000000A6E8000-memory.dmp

memory/2036-564-0x0000000071BA0000-0x000000007228E000-memory.dmp

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 db01a2c1c7e70b2b038edf8ad5ad9826
SHA1 540217c647a73bad8d8a79e3a0f3998b5abd199b
SHA256 413da361d77055dae7007f82b58b366c8783aa72e0b8fbe41519b940c253b38d
SHA512 c76ff57fcee5cdf9fdf3116d4e1dc0cf106867bf19ab474b763e242acf5dca9a7509cb837c35e130c3e056636b4e8a4e135512a978bcd3dd641e20f5bf76c3d6

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 aab98d21c7654490a7d4886d27dcf86e
SHA1 5300fa0e2fc91aa7d4373755183601c52cdbf5f6
SHA256 f16471b28154bf302a59af66f777bfe9a2fdd65f06eb98890fa6408453d35384
SHA512 57a7b80995c6a16a04b02644588291eec3dcb4b9c7324e96ab88be3dacc88680256848489152a1afc4bf9277a95464684b802f51f5efba24953de0cc2435b535

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 9388d50b2f5404e5255206fc150f8eea
SHA1 f8f5a6505d5b177b5dedbff59363fd6111fbb866
SHA256 314a1de525c793e44c0fa54eaae880b6cae728576e3d3e11d64263d8adc66a07
SHA512 b930090937141efaeea21c15800555cea7f92d3bc514ce024d42ea6c0f857b1c8bdd8d268059009fa47bc0284e8f2eb7f169ebb16939aad96527abe5cd04b735

C:\Windows\rss\csrss.exe

MD5 f4f8e3346c5b34b4a3de3876602daaf8
SHA1 4c931f244aec1951ae1c10cda638df89f6e18998
SHA256 dc0bfccec0849e545842dc58e20867c05471e73e8c7c6c6aa415b464d69d573e
SHA512 434124b98ba1e1e40594307f94f6c449d90a3749529a0d455eb20e0a63e6451e18b5311a9c825c0237334b2cb3484f5729e75fa23d55c2ad4d9c12c29d040fe6

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 fe34ed14b1e9d7a4388738aaea207cc0
SHA1 1aeff8c876b7cdfef3a7e92d77a3e603713b18a7
SHA256 25376c77d27714de49acfc6c26380963275ae4e3ce336218b46347d1599adc8f
SHA512 6d7c1c5c0a414266bb9b44a5d82d5099f7f81767012906479d39ce20b8ceb2c1309215770d3baefd7e45cf663d5fe1debe99eaa8de244ad0c39a6c0065fcc8de

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 957b1133e36f6feb38cd68bfcf3db9d7
SHA1 ec0211b637541d826a7be797c92c8b14d67bd533
SHA256 a8872a328763ea72a8b21a1342e1c56833d373b83bd540b2783fcc2b25217fa5
SHA512 66953e2001689347faee3c1f1d3616eba7b6801cd0db67b3a7feb0e66e7a2f08101d994a89282f00ab7dd378197ab967b066a6c4196b2e226487eaf6530ef194

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 a0ab1efe2185ef8338d4ea3c31240628
SHA1 52c4c6219d4f9d85c263aee6d1c4dba0f69640ff
SHA256 6af2686ba7957e5d60b29f77562c377a0f84d3da82b62d69d016b0d48dbe8e29
SHA512 0d4dba11326e387fd5b0c03e234f1535dc6eb43d7f8a16483caf0a2e821e88bb256f2f5f0e2a9bac29275e9d4138575eec0e10fa26bf1a90da8eb434030eb9c6

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

MD5 d98e33b66343e7c96158444127a117f6
SHA1 bb716c5509a2bf345c6c1152f6e3e1452d39d50d
SHA256 5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1
SHA512 705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

C:\Windows\windefender.exe

MD5 8e67f58837092385dcf01e8a2b4f5783
SHA1 012c49cfd8c5d06795a6f67ea2baf2a082cf8625
SHA256 166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa
SHA512 40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

C:\Users\Admin\AppData\Roaming\wbgavdc

MD5 5cddaacf9782c030db128e3ebfd8f301
SHA1 71bae291b66ecfad6ee79ab150c9b4bdc676f06c
SHA256 6d533c8a98cee42c8f797a0b982a0be0da8d7503da8c42e8da10a88bfee9bf23
SHA512 bee3cbdeac5a317f58ebb2d621740f8b7e81e47db236327cb0e908bc49886e320e30a95191470953177740f702adfe704a626325ddd2a33f10c8ec3060059797