Analysis Overview
SHA256
8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c
Threat Level: Known bad
The file 8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c was found to be: Known bad.
Malicious Activity Summary
Glupteba
Pitou
DcRat
Lumma Stealer
Glupteba payload
SmokeLoader
Windows security bypass
Downloads MZ/PE file
Modifies Windows Firewall
Executes dropped EXE
UPX packed file
Windows security modification
Reads data files stored by FTP clients
Deletes itself
Loads dropped DLL
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Adds Run key to start application
Writes to the Master Boot Record (MBR)
Manipulates WinMonFS driver.
Drops file in System32 directory
Suspicious use of SetThreadContext
Launches sc.exe
Drops file in Windows directory
Checks for VirtualBox DLLs, possible anti-VM trick
Program crash
Enumerates physical storage devices
Unsigned PE
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Suspicious behavior: MapViewOfSection
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-29 04:57
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-29 04:57
Reported
2024-02-29 05:02
Platform
win7-20240221-en
Max time kernel
51s
Max time network
300s
Command Line
Signatures
Pitou
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
SmokeLoader
Downloads MZ/PE file
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8269.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8269.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A009.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AC88.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BEF0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\D81C.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8269.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BEF0.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\8269.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\AC88.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2668 set thread context of 2832 | N/A | C:\Users\Admin\AppData\Local\Temp\8269.exe | C:\Users\Admin\AppData\Local\Temp\8269.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\A009.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c.exe
"C:\Users\Admin\AppData\Local\Temp\8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c.exe"
C:\Users\Admin\AppData\Local\Temp\8269.exe
C:\Users\Admin\AppData\Local\Temp\8269.exe
C:\Users\Admin\AppData\Local\Temp\8269.exe
C:\Users\Admin\AppData\Local\Temp\8269.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\89D9.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\89D9.dll
C:\Users\Admin\AppData\Local\Temp\A009.exe
C:\Users\Admin\AppData\Local\Temp\A009.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 124
C:\Users\Admin\AppData\Local\Temp\AC88.exe
C:\Users\Admin\AppData\Local\Temp\AC88.exe
C:\Users\Admin\AppData\Local\Temp\BEF0.exe
C:\Users\Admin\AppData\Local\Temp\BEF0.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"
C:\Users\Admin\AppData\Local\Temp\D81C.exe
C:\Users\Admin\AppData\Local\Temp\D81C.exe
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\u17s.0.exe
"C:\Users\Admin\AppData\Local\Temp\u17s.0.exe"
C:\Users\Admin\AppData\Local\Temp\u17s.1.exe
"C:\Users\Admin\AppData\Local\Temp\u17s.1.exe"
C:\Windows\system32\taskeng.exe
taskeng.exe {17C28E6D-0496-4F03-9F56-30C0FE23E11E} S-1-5-21-1298544033-3225604241-2703760938-1000:IZKCKOTP\Admin:Interactive:[1]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| AT | 192.36.38.33:443 | tcp | |
| AT | 193.219.97.25:9001 | tcp | |
| FR | 188.165.136.205:9001 | tcp | |
| N/A | 127.0.0.1:49225 | tcp | |
| FR | 188.165.136.205:9001 | tcp | |
| N/A | 127.0.0.1:35452 | tcp | |
| AT | 193.219.97.25:9001 | tcp | |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| N/A | 127.0.0.1:35452 | tcp | |
| US | 8.8.8.8:53 | trmpc.com | udp |
| KR | 211.171.233.129:80 | trmpc.com | tcp |
| N/A | 127.0.0.1:35452 | tcp | |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 8.8.8.8:53 | 365ppj.shep | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | bjlbs.cz | udp |
| US | 8.8.8.8:53 | yepmbol.cem | udp |
| US | 8.8.8.8:53 | 365ppj.shep | udp |
| US | 8.8.8.8:53 | bjlbs.cz | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | bjlbs.cz | udp |
| US | 8.8.8.8:53 | yepmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.ce.jh | udp |
| US | 8.8.8.8:53 | ybhee.ce.od | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.ce.od | udp |
| US | 8.8.8.8:53 | ybhee.ce.jh | udp |
| US | 8.8.8.8:53 | ybhee.ce.jh | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | mbole.ocu | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | mbole.ocu | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | joly.bestsup.su | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 172.67.171.112:80 | joly.bestsup.su | tcp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | qezb3.mee.edu.eg | udp |
| US | 8.8.8.8:53 | qezb3.mee.edu.eg | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| N/A | 127.0.0.1:35452 | tcp | |
| US | 8.8.8.8:53 | gmbol.mbs | udp |
| US | 8.8.8.8:53 | gmol.cem | udp |
| US | 8.8.8.8:53 | g.cefc.edu | udp |
| US | 8.8.8.8:53 | hejmbol.fj | udp |
| US | 8.8.8.8:53 | gmbol.mbs | udp |
| US | 8.8.8.8:53 | gmol.cem | udp |
| US | 8.8.8.8:53 | g.cefc.edu | udp |
| US | 8.8.8.8:53 | gmol.cem | udp |
| US | 8.8.8.8:53 | gmol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.fj | udp |
| US | 8.8.8.8:53 | mbolozbjer.zej | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | hbzmbol.zej | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | hejmbol.em | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | hbzmbol.zej | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 8.8.8.8:53 | mbolozbjer.zej | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | lobere.oj | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.em | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | lobere.oj | udp |
| US | 8.8.8.8:53 | lobere.oj | udp |
| US | 8.8.8.8:53 | lobere.oj | udp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | vzpj.vz | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | vzpj.vz | udp |
| US | 8.8.8.8:53 | ftp.bjlbs.cz | udp |
| US | 8.8.8.8:53 | ftp.hejmbol.cem | udp |
| US | 8.8.8.8:53 | ftp.365ppj.shep | udp |
| US | 8.8.8.8:53 | ftp.yepmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | gmbol.hu | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.ce | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | gmbol.hu | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | mail.bjlbs.cz | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | mail.hejmbol.cem | udp |
| US | 8.8.8.8:53 | ftp.mbole.ocu | udp |
| US | 8.8.8.8:53 | mail.yepmbol.cem | udp |
| US | 8.8.8.8:53 | mail.ybhee.ce.od | udp |
| US | 8.8.8.8:53 | mail.365ppj.shep | udp |
| US | 8.8.8.8:53 | ftp.ybhee.cem | udp |
| US | 8.8.8.8:53 | hejmbol.fr | udp |
| US | 8.8.8.8:53 | ftp.ybhee.ce.jh | udp |
| US | 8.8.8.8:53 | ybhee.ce | udp |
| US | 8.8.8.8:53 | ftp.ybhee.ce.od | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | 948gmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | hejmbol.fr | udp |
| US | 8.8.8.8:53 | hejmbol.fr | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | 948gmbol.cem | udp |
| US | 8.8.8.8:53 | 948gmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | bbbbyfbrm.cem | udp |
| US | 8.8.8.8:53 | kamsmad.com | udp |
| US | 8.8.8.8:53 | ftp.qezb3.mee.edu.eg | udp |
| US | 8.8.8.8:53 | mail.ybhee.ce.jh | udp |
| US | 8.8.8.8:53 | ftp.hejmbol.fj | udp |
| US | 8.8.8.8:53 | ssh.hejmbol.cem | udp |
| US | 8.8.8.8:53 | mail.eujleek.cem | udp |
| US | 8.8.8.8:53 | bbbbyfbrm.cem | udp |
| US | 8.8.8.8:53 | mail.ybhee.cem | udp |
| KR | 211.53.230.67:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| KR | 211.53.230.67:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | ftp.eujleek.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ftp.gmol.cem | udp |
| US | 8.8.8.8:53 | ssh.365ppj.shep | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| KR | 211.53.230.67:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | mail.mbole.ocu | udp |
| US | 8.8.8.8:53 | ftp.mbolozbjer.zej | udp |
| US | 8.8.8.8:53 | mail.hejmbol.fj | udp |
| US | 8.8.8.8:53 | ssh.ybhee.ce.od | udp |
| US | 8.8.8.8:53 | mail.gmbol.mbs | udp |
| US | 8.8.8.8:53 | hejmbol.oj | udp |
| N/A | 127.0.0.1:35452 | tcp | |
| US | 8.8.8.8:53 | mail.mbolozbjer.zej | udp |
| US | 8.8.8.8:53 | ssh.yepmbol.cem | udp |
| US | 8.8.8.8:53 | ssh.qezb3.mee.edu.eg | udp |
| US | 8.8.8.8:53 | hejmbol.oj | udp |
| US | 8.8.8.8:53 | ftp.lobere.oj | udp |
| US | 8.8.8.8:53 | ssh.mbole.ocu | udp |
| US | 8.8.8.8:53 | ssh.ybhee.cem | udp |
| US | 8.8.8.8:53 | ftp.hbzmbol.zej | udp |
| US | 8.8.8.8:53 | ftp.g.cefc.edu | udp |
| US | 8.8.8.8:53 | ftp.gmbol.mbs | udp |
| US | 8.8.8.8:53 | mail.hejmbol.em | udp |
| US | 8.8.8.8:53 | ftp.hejmbol.em | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | mail.qezb3.mee.edu.eg | udp |
| US | 8.8.8.8:53 | ssh.gmbol.mbs | udp |
| US | 8.8.8.8:53 | ssh.bjlbs.cz | udp |
| US | 8.8.8.8:53 | ssh.ybhee.ce.jh | udp |
| US | 8.8.8.8:53 | mail.gmol.cem | udp |
| US | 8.8.8.8:53 | ftp.vzpj.vz | udp |
| N/A | 127.0.0.1:49337 | tcp | |
| N/A | 127.0.0.1:49341 | tcp | |
| N/A | 127.0.0.1:49345 | tcp | |
| US | 8.8.8.8:53 | sbfewby.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ssh.g.cefc.edu | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| N/A | 127.0.0.1:49350 | tcp | |
| N/A | 127.0.0.1:49352 | tcp | |
| US | 8.8.8.8:53 | ssh.eujleek.cem | udp |
| US | 8.8.8.8:53 | mail.hbzmbol.zej | udp |
| US | 8.8.8.8:53 | shbrkob6.mee.edu.eg | udp |
| US | 8.8.8.8:53 | sbfewby.cem | udp |
| US | 8.8.8.8:53 | pop.ybhee.ce.od | udp |
| US | 8.8.8.8:53 | mail.lobere.oj | udp |
| US | 8.8.8.8:53 | pop.hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.fr | udp |
| US | 8.8.8.8:53 | ssh.lobere.oj | udp |
| N/A | 127.0.0.1:49357 | tcp | |
| N/A | 127.0.0.1:49360 | tcp | |
| N/A | 127.0.0.1:49365 | tcp | |
| US | 8.8.8.8:53 | ybhee.fr | udp |
| US | 8.8.8.8:53 | pop.365ppj.shep | udp |
| US | 8.8.8.8:53 | ssh.hejmbol.em | udp |
| US | 8.8.8.8:53 | ssh.hbzmbol.zej | udp |
| US | 8.8.8.8:53 | ssh.gmol.cem | udp |
| US | 8.8.8.8:53 | shbrkob6.mee.edu.eg | udp |
| US | 8.8.8.8:53 | pop.yepmbol.cem | udp |
| KR | 211.53.230.67:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | mail.vzpj.vz | udp |
| US | 8.8.8.8:53 | ybhee.fr | udp |
| KR | 211.53.230.67:80 | kamsmad.com | tcp |
| N/A | 127.0.0.1:49371 | tcp | |
| N/A | 127.0.0.1:49375 | tcp | |
| N/A | 127.0.0.1:49380 | tcp | |
| N/A | 127.0.0.1:49386 | tcp | |
| US | 8.8.8.8:53 | ftp.gmbol.hu | udp |
| N/A | 127.0.0.1:49390 | tcp | |
| US | 8.8.8.8:53 | gmbol.em | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ssh.hejmbol.fj | udp |
| US | 8.8.8.8:53 | mail.gmbol.hu | udp |
| US | 8.8.8.8:53 | gmbol.em | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | mail.g.cefc.edu | udp |
Files
memory/2820-1-0x0000000002440000-0x0000000002540000-memory.dmp
memory/2820-2-0x0000000000220000-0x000000000022B000-memory.dmp
memory/2820-3-0x0000000000400000-0x00000000022D1000-memory.dmp
memory/1204-4-0x0000000002E20000-0x0000000002E36000-memory.dmp
memory/2820-5-0x0000000000400000-0x00000000022D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\8269.exe
| MD5 | 398ab69b1cdc624298fbc00526ea8aca |
| SHA1 | b2c76463ae08bb3a08accfcbf609ec4c2a9c0821 |
| SHA256 | ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be |
| SHA512 | 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739 |
memory/2668-17-0x0000000003490000-0x0000000003648000-memory.dmp
memory/2668-18-0x0000000003490000-0x0000000003648000-memory.dmp
memory/2668-22-0x0000000003650000-0x0000000003807000-memory.dmp
memory/2832-21-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\8269.exe
| MD5 | 0b5974be7d63fb83213b7b4d1edbf99e |
| SHA1 | f55715fa9268e574bb1d191ba3727f3d12d8fd1e |
| SHA256 | e1932ad29b772e65650707afa20688c9af09aa3e892eb49ca328ea96e0f4d5ac |
| SHA512 | 055e080d1eaa3a3bd677a4e255ed853964138440080fb62c260ad73a61b82435f2db6ea9942087d4a903e802340fc12dd4865d3a5914a9c3c4e3d2197871c1e9 |
memory/2832-27-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\8269.exe
| MD5 | d2dccea8fdaf4992234d23e837dc1b7d |
| SHA1 | 835152437cbae19d00a9e84ad7a357256af9f6e9 |
| SHA256 | e3cd1d6bdff9fb82eb919b4897e06da780f171ab071e30cd5cc1e41a60f3dca6 |
| SHA512 | 15224b952ac99839014b595a228e5593feb488a5b8edf72eff394d86e8be2b0353888268bf91ca9f50812a61e202f12c04891b175a1d8929fd13c4a49127d7c2 |
memory/2832-24-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-28-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-30-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-29-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-31-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\89D9.dll
| MD5 | 9b1697d40dfd386fdd7e9327844f301a |
| SHA1 | e75defb119e2c7b7d3f75ab70a100ec504af5ebf |
| SHA256 | 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d |
| SHA512 | 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69 |
memory/2480-39-0x0000000010000000-0x0000000010202000-memory.dmp
memory/2480-40-0x0000000000130000-0x0000000000136000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | 46b1068f4a605358281eafb05bf4f7ce |
| SHA1 | acdaf418f82cb4fdaa43c5e41c3c1381b14faa23 |
| SHA256 | df3c7e15390ddbf8b5a191788af6a5e3adaa25915deeecc34b664cc7b2f061ba |
| SHA512 | 3a1df0477ab7bfd322a2e382aa85c385017c7bf5435847344dd6a811f32d6a503da326453b89b81613ffa34257a7f765c71a2202bba89252f22e0b66d4bbbadb |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | 12219feb3d3e5a353797f5f6487e6343 |
| SHA1 | 797b3afec408ab0029c456816760e315aabfa9c7 |
| SHA256 | f63701f426859d7f26de3dd2655ba684ff170d73f110f4b4d12900f16713f521 |
| SHA512 | a806fd774260f568496dcc9f81fbabcc1cc80e65f24688a08ffa17c4c362672036428662fb7c5e17149cbd946f3f06f4040cd04b546e81810f4ae9aff66ad518 |
memory/2480-60-0x0000000002600000-0x0000000002728000-memory.dmp
memory/2480-66-0x0000000002730000-0x000000000283D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\A009.exe
| MD5 | f5f798ecba790f756b78dd89ac64e502 |
| SHA1 | 92bcc0200867e0721ad5b02dba346f21b8035664 |
| SHA256 | 200b4a840b7e8632d1f0154f4ea79ed70c1ad9f6ed28ce80d0d26923242a99cd |
| SHA512 | 7f30d3326cfba0a4fb61a522d80376dbb1d30375b4d6f97f000c90d15358814a85d48e05802421fff20c2033163ed4f36b717279ef18c5911bc2622351d97bc3 |
C:\Users\Admin\AppData\Local\Temp\A009.exe
| MD5 | 1fc50fde6b8b23d73982892e71a0f7fa |
| SHA1 | 425193fed1217c239ed224fdd26be96a184a2661 |
| SHA256 | e1d004c9a95b2cbf9c12e2c7642bad346b56921075fefaba7f9daa90e969a612 |
| SHA512 | 73db6da7ed925ef343147177eda2716732bfc5819d6828d06a1e520116197da020237b18ed417fe8cd991793e3f7d561778419bf6053916e7b8b81981f210d92 |
memory/2480-71-0x0000000002730000-0x000000000283D000-memory.dmp
memory/1940-77-0x0000000000860000-0x0000000001151000-memory.dmp
memory/1940-76-0x00000000000F0000-0x00000000000F1000-memory.dmp
memory/1940-79-0x00000000000F0000-0x00000000000F1000-memory.dmp
memory/1940-81-0x00000000000F0000-0x00000000000F1000-memory.dmp
memory/1940-83-0x0000000077B10000-0x0000000077B11000-memory.dmp
memory/1940-85-0x0000000000140000-0x0000000000141000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AC88.exe
| MD5 | 0d38933c6bb69b5881d22a7c1ac8d050 |
| SHA1 | a948ebb44b1eb140d1d4049faa39d47f8b8fbc41 |
| SHA256 | ea217833e80eb0aa45ad09f0cac40013d370ff010b9d2a77d1639ae0c005c92f |
| SHA512 | 755722ef0948cc79627ad5e0b82f879b65f112abcd75b5ad22623f1544b64e5dc6328fe8804f249d6f3f56fe6b71215870c4bc911405d56304c76e72340263be |
C:\Users\Admin\AppData\Local\Temp\AC88.exe
| MD5 | 087e955c52700e29ffdca5436535a6ab |
| SHA1 | 81602310bcc9a76102b653df38f989d5a4d7cda8 |
| SHA256 | 44bfdc01c1ed980d112c4d72bc009d6f164dc4b22ae740835b79a2541ffd0c8f |
| SHA512 | 7414675a3b497844b037ee16b3fc4d07184b82db2876b45cada38a73dffa03b5cac460a130a3cbcea3c789315b4603d3c489f48ae4bae4569a2b96938ff5457d |
memory/2832-93-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1788-94-0x0000000001B80000-0x0000000001C80000-memory.dmp
memory/1788-95-0x0000000000220000-0x000000000028B000-memory.dmp
memory/1788-97-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/1788-96-0x0000000000400000-0x0000000001A77000-memory.dmp
\Users\Admin\AppData\Local\Temp\A009.exe
| MD5 | 5a95b79f59a43fe99cc66e1b1f28b295 |
| SHA1 | fdedd488be6d3153439b8da1932216c71e279504 |
| SHA256 | a4c663eeb5fdaf71b6c5c04c0817ee83b268e202b053c3eba23754d3c47c2fdd |
| SHA512 | 1c7748c2bcf806c16cb3c23eb1cf68099c7119b4a80ef76d102fdceab36805d2542f2d667a948d78a202d2b3ce272a57743b9d6bdf06d071c45288998ae82b73 |
\Users\Admin\AppData\Local\Temp\A009.exe
| MD5 | 81673b3cea8dd96442194dfc1b595fb3 |
| SHA1 | b48c9e01563e405f347872c38700a0602b139486 |
| SHA256 | 92277e1f773c559fae887e941ebf23f377848454cb467cbf8ce238b8a0db7e4e |
| SHA512 | 671c07d24421570f06db1dc55f568fa0f2e14299813cbb13853e62fbdc406425d9edb5d7b77fef328edd7822c5fb11082227de8511831ca7484570e72619e4eb |
C:\Users\Admin\AppData\Local\Temp\BEF0.exe
| MD5 | 9f01fae5adc49a20bd063cca47b197b6 |
| SHA1 | 597f09318d605ed5559d0ecca5ce70c51147226a |
| SHA256 | 406fb88a38bb307d4d946dd60c3aeef5b9bc6d29e32d3727302d7401460c8720 |
| SHA512 | 2ecbc0316032ef0ee1323bd0fdea4bc09c490ff038f5efa00c45b4f40c83426f100a7b30a6da2237a7bb71781ad7c0acbddc9dac3d2189fd18eedd379c65fe83 |
C:\Users\Admin\AppData\Local\Temp\BEF0.exe
| MD5 | 937ac285eb7e54fd1e30b8cf8a2090f1 |
| SHA1 | e3b930c73f96051e6c5c0f678545209e8b68282f |
| SHA256 | 971b4984f92294f3cb0eb66f697a7328625175a6481ce64daaacb620d3de2bfc |
| SHA512 | f907abf6f8f8c9a310646de7513bc3328df3349999d344dd3d2921afc9479f7c178b2b5473794e4a479d2d6ca702a8d88eea461409ab2bdfee8bb6792cf062de |
memory/2480-106-0x0000000010000000-0x0000000010202000-memory.dmp
memory/308-105-0x0000000000330000-0x00000000007BC000-memory.dmp
\Users\Admin\AppData\Local\Temp\A009.exe
| MD5 | 250567b190a513c99c035b81020197e8 |
| SHA1 | 15f7a97770e2f68cb431ac6da0c3d50b47b3511b |
| SHA256 | 151d314e29bd86b11e62adad385c4bea6d3b6692d676513c94f856632a301039 |
| SHA512 | 3d06a9fd0217bfa84ba141135cd51c3a6349965c0edd45692d1a516c9a82842d1381a6999fe4e1862e890bda9232db0c5bfbd833811c11967d5bcdc4d07e647a |
\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
| MD5 | 0564a9bf638169a89ccb3820a6b9a58e |
| SHA1 | 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb |
| SHA256 | 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058 |
| SHA512 | 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6 |
C:\Users\Admin\AppData\Local\Temp\D81C.exe
| MD5 | 38617539f3925b6017474f088cc3769a |
| SHA1 | c689b57ab62eac790a204c8231b02bfe0bc243a6 |
| SHA256 | defe2d4c932a7ef607e8ef1a643fb57b9c69cbc53b52bf802f9471aae5caef49 |
| SHA512 | 15d87c6231a8f2115ae3f0f021949d175d3f36735637c7b508a229af5b2a93f70f32e19d9b8e3d1e0fa41bd21ee46ab5d9c6ef630c826afe2210a789e5da53e7 |
memory/2832-126-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-127-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-128-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-130-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-129-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-133-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-132-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-131-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-138-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-137-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-136-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-134-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-143-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-142-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-141-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-140-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-139-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-146-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-145-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-151-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-150-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-158-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-155-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-154-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-153-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-144-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-160-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2832-159-0x0000000000400000-0x0000000000848000-memory.dmp
\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 2ce2c35ccba681d1dfdb273e894f1cf2 |
| SHA1 | 32730298565385205b865aef50f7f60eb1f1ae2f |
| SHA256 | ed018a0feeacecd48c52e26c097ae7faaba6d2a206793d71759578c0555631ce |
| SHA512 | 34f4fc03f1300237ef06d361540774b42d850c3523f52b647de4680943610403f3c2034df80f1bd13b69811d8f256e119c5a9f493ca40eec04c25269e82ebf45 |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | f4f8e3346c5b34b4a3de3876602daaf8 |
| SHA1 | 4c931f244aec1951ae1c10cda638df89f6e18998 |
| SHA256 | dc0bfccec0849e545842dc58e20867c05471e73e8c7c6c6aa415b464d69d573e |
| SHA512 | 434124b98ba1e1e40594307f94f6c449d90a3749529a0d455eb20e0a63e6451e18b5311a9c825c0237334b2cb3484f5729e75fa23d55c2ad4d9c12c29d040fe6 |
memory/2276-601-0x0000000000220000-0x000000000022B000-memory.dmp
memory/2276-560-0x00000000023D5000-0x00000000023E3000-memory.dmp
memory/2276-651-0x0000000000400000-0x00000000022D3000-memory.dmp
\Users\Admin\AppData\Local\Temp\u17s.0.exe
| MD5 | 5c47e4602163dd29a39294b7192f0658 |
| SHA1 | 268d1bf1f4c8c8b696298f802b95af8bd3891c10 |
| SHA256 | 5c0b29d51d9b148c8c19ce0efca365ccb1bbe720f634a15897684abbd1dc5d76 |
| SHA512 | 7baa0359781ba21c378a0fbd37dfcde2d1b0c5a9ce3afcf8db0617f91a49dd552416c90963731798669002eda0a15f2296120cb9307c8cafef18dfdb4a52ad91 |
memory/308-1012-0x00000000738C0000-0x0000000073FAE000-memory.dmp
\Users\Admin\AppData\Local\Temp\u17s.1.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1576-2006-0x0000000000240000-0x00000000002A7000-memory.dmp
memory/1576-1909-0x0000000001B72000-0x0000000001BA7000-memory.dmp
memory/1576-2081-0x0000000000400000-0x0000000001A4B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-29 04:57
Reported
2024-02-29 05:02
Platform
win10-20240221-en
Max time kernel
228s
Max time network
301s
Command Line
Signatures
DcRat
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\B5F2.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
Pitou
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Windows security bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u1fw.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u1fw.0.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Windows security modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\B5F2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" | C:\Windows\rss\csrss.exe | N/A |
Checks installed software on the system
Manipulates WinMonFS driver.
| Description | Indicator | Process | Target |
| File opened for modification | \??\WinMonFS | C:\Windows\rss\csrss.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\D266.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3824 set thread context of 8 | N/A | C:\Users\Admin\AppData\Local\Temp\B5F2.exe | C:\Users\Admin\AppData\Local\Temp\B5F2.exe |
Checks for VirtualBox DLLs, possible anti-VM trick
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\rss | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| File created | C:\Windows\rss\csrss.exe | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| File created | C:\Windows\windefender.exe | C:\Windows\rss\csrss.exe | N/A |
| File opened for modification | C:\Windows\windefender.exe | C:\Windows\rss\csrss.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Roaming\sgiidcj |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\EE3D.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\efiidcj | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\EE3D.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\efiidcj | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\efiidcj | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\EE3D.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\u1fw.0.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\u1fw.0.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-752 = "Tonga Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2612 = "Bougainville Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-361 = "GTB Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-181 = "Mountain Daylight Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2511 = "Lord Howe Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-791 = "SA Western Daylight Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1971 = "Belarus Daylight Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-682 = "E. Australia Standard Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2591 = "Tocantins Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-151 = "Central America Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1912 = "Russia TZ 10 Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-162 = "Central Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-531 = "Sri Lanka Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1841 = "Russia TZ 4 Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-364 = "Middle East Daylight Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2791 = "Novosibirsk Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1861 = "Russia TZ 6 Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-502 = "Nepal Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-631 = "Tokyo Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-442 = "Arabian Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2061 = "North Korea Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1472 = "Magadan Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-282 = "Central Europe Standard Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SYSTEM | C:\Windows\system32\netsh.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2792 = "Novosibirsk Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2342 = "Haiti Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-662 = "Cen. Australia Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-271 = "Greenwich Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-432 = "Iran Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1892 = "Russia TZ 3 Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-105 = "Central Brazilian Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1721 = "Libya Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-449 = "Azerbaijan Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-682 = "E. Australia Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-912 = "Mauritius Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2142 = "Transbaikal Standard Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-152 = "Central America Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-104 = "Central Brazilian Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EE3D.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\efiidcj | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\rss\csrss.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u1fw.1.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c.exe
"C:\Users\Admin\AppData\Local\Temp\8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c.exe"
C:\Users\Admin\AppData\Local\Temp\B5F2.exe
C:\Users\Admin\AppData\Local\Temp\B5F2.exe
C:\Users\Admin\AppData\Local\Temp\B5F2.exe
C:\Users\Admin\AppData\Local\Temp\B5F2.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\BC9A.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\BC9A.dll
C:\Users\Admin\AppData\Local\Temp\CE2F.exe
C:\Users\Admin\AppData\Local\Temp\CE2F.exe
C:\Users\Admin\AppData\Local\Temp\D266.exe
C:\Users\Admin\AppData\Local\Temp\D266.exe
C:\Users\Admin\AppData\Local\Temp\E052.exe
C:\Users\Admin\AppData\Local\Temp\E052.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\EE3D.exe
C:\Users\Admin\AppData\Local\Temp\EE3D.exe
C:\Users\Admin\AppData\Local\Temp\u1fw.0.exe
"C:\Users\Admin\AppData\Local\Temp\u1fw.0.exe"
C:\Users\Admin\AppData\Local\Temp\u1fw.1.exe
"C:\Users\Admin\AppData\Local\Temp\u1fw.1.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\System32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
C:\Users\Admin\AppData\Roaming\efiidcj
C:\Users\Admin\AppData\Roaming\efiidcj
C:\Users\Admin\AppData\Roaming\sgiidcj
C:\Users\Admin\AppData\Roaming\sgiidcj
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\windefender.exe
"C:\Windows\windefender.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\windefender.exe
C:\Windows\windefender.exe
C:\Windows\SysWOW64\sc.exe
sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 324
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| US | 8.8.8.8:53 | 120.85.215.91.in-addr.arpa | udp |
| CH | 85.195.208.154:9001 | tcp | |
| N/A | 127.0.0.1:49795 | tcp | |
| DE | 185.244.192.247:9001 | tcp | |
| DE | 88.198.112.25:9001 | tcp | |
| US | 8.8.8.8:53 | resergvearyinitiani.shop | udp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 172.67.217.100:443 | resergvearyinitiani.shop | tcp |
| US | 8.8.8.8:53 | 100.217.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| AR | 190.224.203.37:80 | trmpc.com | tcp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| US | 8.8.8.8:53 | 90.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.203.224.190.in-addr.arpa | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 8.8.8.8:53 | 127.128.172.185.in-addr.arpa | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| US | 8.8.8.8:53 | joly.bestsup.su | udp |
| US | 172.67.171.112:80 | joly.bestsup.su | tcp |
| US | 8.8.8.8:53 | 109.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.171.67.172.in-addr.arpa | udp |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| US | 8.8.8.8:53 | 145.128.172.185.in-addr.arpa | udp |
| AT | 109.70.100.29:443 | tcp | |
| AT | 86.59.21.38:443 | tcp | |
| US | 8.8.8.8:53 | 38.21.59.86.in-addr.arpa | udp |
| DE | 188.34.185.90:9001 | tcp | |
| CA | 192.160.102.168:9001 | tcp | |
| US | 8.8.8.8:53 | 90.185.34.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.102.160.192.in-addr.arpa | udp |
| CA | 192.160.102.168:9001 | tcp | |
| DE | 188.34.185.90:9001 | tcp | |
| N/A | 127.0.0.1:18404 | tcp | |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | 132.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 253.76.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.10.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kamsmad.com | udp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | 70.29.182.210.in-addr.arpa | udp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| KR | 210.182.29.70:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | 4ba0aaab-cb1b-49ed-97a3-13216df6a62e.uuid.localstats.org | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | stun2.l.google.com | udp |
| US | 8.8.8.8:53 | server10.localstats.org | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| NL | 74.125.128.127:19302 | stun2.l.google.com | udp |
| BG | 185.82.216.111:443 | server10.localstats.org | tcp |
| US | 8.8.8.8:53 | carsalessystem.com | udp |
| US | 172.67.221.71:443 | carsalessystem.com | tcp |
| US | 8.8.8.8:53 | 127.128.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.129.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.216.82.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.221.67.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:18404 | tcp | |
| US | 8.8.8.8:53 | 26.211.222.173.in-addr.arpa | udp |
| N/A | 127.0.0.1:18404 | tcp | |
| N/A | 127.0.0.1:18404 | tcp | |
| US | 8.8.8.8:53 | 253.15.104.51.in-addr.arpa | udp |
| N/A | 127.0.0.1:18404 | tcp | |
| US | 8.8.8.8:53 | picoworkers.com | udp |
| US | 8.8.8.8:53 | picoworkers.com | udp |
| US | 8.8.8.8:53 | mail.protonmail.com | udp |
| US | 8.8.8.8:53 | mail.protonmail.com | udp |
| US | 8.8.8.8:53 | mebbisyd.meb.gov.tr | udp |
| US | 8.8.8.8:53 | mebbisyd.meb.gov.tr | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | cp1.awardspace.net | udp |
| US | 104.26.1.139:21 | picoworkers.com | tcp |
| US | 104.26.1.139:22 | picoworkers.com | tcp |
| US | 8.8.8.8:53 | minhaconta.levelupgames.com.br | udp |
| US | 104.26.1.139:443 | picoworkers.com | tcp |
| US | 8.8.8.8:53 | cp1.awardspace.net | udp |
| DE | 185.70.42.42:22 | mail.protonmail.com | tcp |
| US | 8.8.8.8:53 | minhaconta.levelupgames.com.br | udp |
| N/A | 127.0.0.1:51889 | tcp | |
| N/A | 127.0.0.1:51895 | tcp | |
| N/A | 127.0.0.1:51898 | tcp | |
| N/A | 127.0.0.1:51906 | tcp | |
| N/A | 127.0.0.1:51908 | tcp | |
| N/A | 127.0.0.1:51911 | tcp | |
| N/A | 127.0.0.1:51914 | tcp | |
| US | 8.8.8.8:53 | jrchcm2022.onlineregistrationform.org | udp |
| DE | 185.70.42.42:21 | mail.protonmail.com | tcp |
| DE | 185.70.42.42:443 | mail.protonmail.com | tcp |
| BG | 185.82.216.111:443 | server10.localstats.org | tcp |
| TR | 95.0.196.40:22 | mebbisyd.meb.gov.tr | tcp |
| BE | 64.233.167.27:143 | aspmx.l.google.com | tcp |
| BE | 64.233.167.27:465 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | jrchcm2022.onlineregistrationform.org | udp |
| US | 8.8.8.8:53 | roed25.dk | udp |
| US | 104.26.1.139:80 | picoworkers.com | tcp |
| TR | 95.0.196.40:443 | mebbisyd.meb.gov.tr | tcp |
| GB | 179.191.165.65:21 | minhaconta.levelupgames.com.br | tcp |
| US | 8.8.8.8:53 | sproutgigs.com | udp |
| US | 8.8.8.8:53 | roed25.dk | udp |
| GB | 179.191.165.65:22 | minhaconta.levelupgames.com.br | tcp |
| BG | 185.176.40.130:22 | cp1.awardspace.net | tcp |
| BE | 64.233.167.27:995 | aspmx.l.google.com | tcp |
| BG | 185.176.40.130:21 | cp1.awardspace.net | tcp |
| DE | 185.70.42.42:143 | mail.protonmail.com | tcp |
| TR | 95.0.196.40:21 | mebbisyd.meb.gov.tr | tcp |
| US | 8.8.8.8:53 | 139.1.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.42.70.185.in-addr.arpa | udp |
| BG | 185.176.40.130:443 | cp1.awardspace.net | tcp |
| DE | 185.70.42.42:465 | mail.protonmail.com | tcp |
| US | 8.8.8.8:53 | mail.proton.me | udp |
| US | 8.8.8.8:53 | sribulancer.com | udp |
| DE | 185.70.42.42:80 | mail.protonmail.com | tcp |
| US | 8.8.8.8:53 | sribulancer.com | udp |
| N/A | 127.0.0.1:51922 | tcp | |
| N/A | 127.0.0.1:51924 | tcp | |
| N/A | 127.0.0.1:51930 | tcp | |
| N/A | 127.0.0.1:51932 | tcp | |
| N/A | 127.0.0.1:51938 | tcp | |
| N/A | 127.0.0.1:51942 | tcp | |
| N/A | 127.0.0.1:51944 | tcp | |
| N/A | 127.0.0.1:51952 | tcp | |
| N/A | 127.0.0.1:51958 | tcp | |
| N/A | 127.0.0.1:51964 | tcp | |
| N/A | 127.0.0.1:51967 | tcp | |
| N/A | 127.0.0.1:51971 | tcp | |
| N/A | 127.0.0.1:51976 | tcp | |
| N/A | 127.0.0.1:51987 | tcp | |
| N/A | 127.0.0.1:51989 | tcp | |
| N/A | 127.0.0.1:51991 | tcp | |
| N/A | 127.0.0.1:51995 | tcp | |
| N/A | 127.0.0.1:51997 | tcp | |
| N/A | 127.0.0.1:52001 | tcp | |
| N/A | 127.0.0.1:52005 | tcp | |
| N/A | 127.0.0.1:52020 | tcp | |
| US | 8.8.8.8:53 | eticket.railway.gov.bd | udp |
| TR | 95.0.196.40:143 | mebbisyd.meb.gov.tr | tcp |
| SE | 185.134.15.215:22 | roed25.dk | tcp |
| N/A | 127.0.0.1:52024 | tcp | |
| DE | 185.70.42.42:995 | mail.protonmail.com | tcp |
| GB | 179.191.165.65:443 | minhaconta.levelupgames.com.br | tcp |
| US | 172.67.27.86:443 | sproutgigs.com | tcp |
| SE | 185.134.15.215:21 | roed25.dk | tcp |
| US | 8.8.8.8:53 | 40.196.0.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eticket.railway.gov.bd | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| TR | 95.0.196.40:465 | mebbisyd.meb.gov.tr | tcp |
| TR | 95.0.196.40:80 | mebbisyd.meb.gov.tr | tcp |
| DE | 185.70.42.37:443 | mail.proton.me | tcp |
| BG | 185.176.40.130:143 | cp1.awardspace.net | tcp |
| TR | 95.0.196.40:995 | mebbisyd.meb.gov.tr | tcp |
| BG | 185.176.40.130:465 | cp1.awardspace.net | tcp |
| BG | 185.176.40.130:80 | cp1.awardspace.net | tcp |
| US | 172.67.27.86:443 | sproutgigs.com | tcp |
| US | 8.8.8.8:53 | 130.40.176.185.in-addr.arpa | udp |
| SE | 185.134.15.215:443 | roed25.dk | tcp |
| US | 172.67.166.246:22 | sribulancer.com | tcp |
| US | 172.67.166.246:21 | sribulancer.com | tcp |
| N/A | 127.0.0.1:52029 | tcp | |
| N/A | 127.0.0.1:52031 | tcp | |
| N/A | 127.0.0.1:52036 | tcp | |
| N/A | 127.0.0.1:52039 | tcp | |
| N/A | 127.0.0.1:52049 | tcp | |
| N/A | 127.0.0.1:52055 | tcp | |
| N/A | 127.0.0.1:52059 | tcp | |
| N/A | 127.0.0.1:52062 | tcp | |
| N/A | 127.0.0.1:52069 | tcp | |
| N/A | 127.0.0.1:52078 | tcp | |
| N/A | 127.0.0.1:52082 | tcp | |
| N/A | 127.0.0.1:52085 | tcp | |
| US | 172.67.27.86:443 | sproutgigs.com | tcp |
| US | 104.26.0.139:22 | picoworkers.com | tcp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | pay.skrill.com | udp |
| US | 104.26.0.139:21 | picoworkers.com | tcp |
| TR | 95.0.196.40:80 | mebbisyd.meb.gov.tr | tcp |
| BG | 185.176.40.130:995 | cp1.awardspace.net | tcp |
| GB | 179.191.165.65:143 | minhaconta.levelupgames.com.br | tcp |
| US | 15.197.214.39:22 | eticket.railway.gov.bd | tcp |
| GB | 179.191.165.65:465 | minhaconta.levelupgames.com.br | tcp |
| GB | 179.191.165.65:80 | minhaconta.levelupgames.com.br | tcp |
| GB | 179.191.165.65:80 | minhaconta.levelupgames.com.br | tcp |
| BG | 185.176.40.130:80 | cp1.awardspace.net | tcp |
| US | 8.8.8.8:53 | roed25-dk.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | 65.165.191.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.27.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.42.70.185.in-addr.arpa | udp |
| US | 15.197.214.39:21 | eticket.railway.gov.bd | tcp |
| US | 8.8.8.8:53 | pay.skrill.com | udp |
| US | 8.8.8.8:53 | konto-pocztowe.interia.pl | udp |
| GB | 179.191.165.65:995 | minhaconta.levelupgames.com.br | tcp |
| BG | 185.176.40.130:22 | cp1.awardspace.net | tcp |
| US | 8.8.8.8:53 | alt4.aspmx.l.google.com | udp |
| GB | 179.191.165.65:80 | minhaconta.levelupgames.com.br | tcp |
| US | 172.67.166.246:443 | sribulancer.com | tcp |
| US | 104.26.1.139:80 | picoworkers.com | tcp |
| BG | 185.176.40.130:21 | cp1.awardspace.net | tcp |
| US | 8.8.8.8:53 | konto-pocztowe.interia.pl | udp |
| US | 8.8.8.8:53 | www.roed25.dk | udp |
| US | 8.8.8.8:53 | 215.15.134.185.in-addr.arpa | udp |
| TR | 95.0.196.40:443 | mebbisyd.meb.gov.tr | tcp |
| DE | 185.70.42.42:80 | mail.protonmail.com | tcp |
| US | 8.8.8.8:53 | jrchcm2022.onlineregistrationform.org | udp |
| US | 15.197.214.39:443 | eticket.railway.gov.bd | tcp |
| NL | 52.101.73.8:143 | roed25-dk.mail.protection.outlook.com | tcp |
| GB | 23.214.154.77:21 | help.steampowered.com | tcp |
| GB | 23.214.154.77:22 | help.steampowered.com | tcp |
| GB | 23.214.154.77:443 | help.steampowered.com | tcp |
| DE | 185.70.42.42:443 | mail.protonmail.com | tcp |
| BE | 13.225.17.38:22 | pay.skrill.com | tcp |
| US | 8.8.8.8:53 | esia.gosuslugi.ru | udp |
| US | 172.67.68.60:22 | picoworkers.com | tcp |
| US | 8.8.8.8:53 | esia.gosuslugi.ru | udp |
| US | 172.67.68.60:21 | picoworkers.com | tcp |
| BE | 64.233.167.27:143 | aspmx.l.google.com | tcp |
| SE | 185.134.15.215:80 | www.roed25.dk | tcp |
| NL | 52.101.73.8:465 | roed25-dk.mail.protection.outlook.com | tcp |
| BG | 185.176.40.130:443 | cp1.awardspace.net | tcp |
| SG | 74.125.200.26:143 | alt4.aspmx.l.google.com | tcp |
| BG | 185.176.40.130:80 | cp1.awardspace.net | tcp |
| US | 8.8.8.8:53 | www.sribu.com | udp |
| US | 104.26.1.139:80 | picoworkers.com | tcp |
| BE | 64.233.167.27:465 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | voxi.co.uk | udp |
| US | 8.8.8.8:53 | voxi.co.uk | udp |
| SE | 185.134.15.215:443 | www.roed25.dk | tcp |
| TR | 95.0.196.40:443 | mebbisyd.meb.gov.tr | tcp |
| US | 172.67.166.246:80 | sribulancer.com | tcp |
| NL | 52.101.73.8:995 | roed25-dk.mail.protection.outlook.com | tcp |
| SG | 74.125.200.26:465 | alt4.aspmx.l.google.com | tcp |
| BG | 185.176.40.130:443 | cp1.awardspace.net | tcp |
| US | 8.8.8.8:53 | 246.166.67.172.in-addr.arpa | udp |
| BE | 13.225.17.38:443 | pay.skrill.com | tcp |
| TR | 95.0.196.40:443 | mebbisyd.meb.gov.tr | tcp |
| PL | 217.74.71.152:21 | konto-pocztowe.interia.pl | tcp |
| PL | 217.74.71.152:22 | konto-pocztowe.interia.pl | tcp |
| BG | 185.176.40.130:465 | cp1.awardspace.net | tcp |
| BE | 13.225.17.38:21 | pay.skrill.com | tcp |
| GB | 23.214.154.77:143 | help.steampowered.com | tcp |
| RU | 213.59.253.8:22 | esia.gosuslugi.ru | tcp |
| US | 104.21.16.84:22 | sribulancer.com | tcp |
| US | 104.21.16.84:21 | sribulancer.com | tcp |
| BE | 64.233.167.27:995 | aspmx.l.google.com | tcp |
| US | 15.197.214.39:80 | eticket.railway.gov.bd | tcp |
| GB | 179.191.165.65:80 | minhaconta.levelupgames.com.br | tcp |
| GB | 179.191.165.65:80 | minhaconta.levelupgames.com.br | tcp |
| PL | 217.74.71.152:443 | konto-pocztowe.interia.pl | tcp |
| US | 172.67.27.86:443 | sproutgigs.com | tcp |
| BE | 13.225.17.38:143 | pay.skrill.com | tcp |
| GB | 23.214.154.77:465 | help.steampowered.com | tcp |
| GB | 23.214.154.77:80 | help.steampowered.com | tcp |
| US | 8.8.8.8:53 | 39.214.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.154.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edit.duplexplay.com | udp |
| US | 8.8.8.8:53 | edit.duplexplay.com | udp |
| US | 8.8.8.8:53 | epak.gtk.kemdikbud.go.id | udp |
| SG | 74.125.200.26:995 | alt4.aspmx.l.google.com | tcp |
| DE | 185.70.42.42:443 | mail.protonmail.com | tcp |
| BE | 13.225.17.38:465 | pay.skrill.com | tcp |
| BE | 13.225.17.38:80 | pay.skrill.com | tcp |
| GB | 23.214.154.77:995 | help.steampowered.com | tcp |
| DE | 185.70.42.37:443 | mail.proton.me | tcp |
| BG | 185.176.40.130:222 | cp1.awardspace.net | tcp |
| US | 8.8.8.8:53 | epak.gtk.kemdikbud.go.id | udp |
| IE | 52.212.148.253:22 | voxi.co.uk | tcp |
| US | 8.8.8.8:53 | gasodomesticosdelsur.com | udp |
| US | 8.8.8.8:53 | 38.17.225.13.in-addr.arpa | udp |
| BE | 13.225.17.38:995 | pay.skrill.com | tcp |
| PL | 217.74.71.152:143 | konto-pocztowe.interia.pl | tcp |
| IE | 52.101.68.39:143 | roed25-dk.mail.protection.outlook.com | tcp |
| RU | 213.59.253.8:443 | esia.gosuslugi.ru | tcp |
| IE | 52.212.148.253:21 | voxi.co.uk | tcp |
| US | 8.8.8.8:53 | momijidreamfansub.eklablog.com | udp |
| US | 8.8.8.8:53 | gasodomesticosdelsur.com | udp |
| RU | 213.59.253.8:21 | esia.gosuslugi.ru | tcp |
| IE | 52.101.68.39:465 | roed25-dk.mail.protection.outlook.com | tcp |
| US | 15.197.214.39:80 | eticket.railway.gov.bd | tcp |
| GB | 23.214.154.77:80 | help.steampowered.com | tcp |
| US | 8.8.8.8:53 | 152.71.74.217.in-addr.arpa | udp |
| PL | 217.74.71.152:465 | konto-pocztowe.interia.pl | tcp |
| PL | 217.74.71.152:80 | konto-pocztowe.interia.pl | tcp |
| US | 8.8.8.8:53 | jrchcm2022.onlineregistrationform.org | udp |
| BG | 185.176.40.130:990 | cp1.awardspace.net | tcp |
| BG | 185.176.40.130:143 | cp1.awardspace.net | tcp |
| US | 104.26.1.139:22 | picoworkers.com | tcp |
| BG | 185.176.40.130:80 | cp1.awardspace.net | tcp |
| US | 162.214.96.139:22 | edit.duplexplay.com | tcp |
| US | 162.214.96.139:21 | edit.duplexplay.com | tcp |
| US | 104.26.1.139:21 | picoworkers.com | tcp |
| BE | 13.225.17.38:80 | pay.skrill.com | tcp |
| US | 172.67.27.86:443 | sproutgigs.com | tcp |
| IE | 52.101.68.39:995 | roed25-dk.mail.protection.outlook.com | tcp |
| IE | 52.212.148.253:443 | voxi.co.uk | tcp |
| US | 8.8.8.8:53 | momijidreamfansub.eklablog.com | udp |
| ID | 118.98.166.195:22 | epak.gtk.kemdikbud.go.id | tcp |
| US | 104.26.15.158:443 | www.sribu.com | tcp |
| PL | 217.74.71.152:995 | konto-pocztowe.interia.pl | tcp |
| GB | 179.191.165.65:80 | minhaconta.levelupgames.com.br | tcp |
| US | 8.8.8.8:53 | dsmanila.aralinks.net | udp |
| US | 8.8.8.8:53 | bet25.dk | udp |
| GB | 179.191.165.65:80 | minhaconta.levelupgames.com.br | tcp |
| DE | 185.70.42.42:22 | mail.protonmail.com | tcp |
| TR | 95.0.196.40:80 | mebbisyd.meb.gov.tr | tcp |
| TR | 95.0.196.40:21 | mebbisyd.meb.gov.tr | tcp |
| ID | 118.98.166.195:21 | epak.gtk.kemdikbud.go.id | tcp |
| TR | 95.0.196.40:22 | mebbisyd.meb.gov.tr | tcp |
| DE | 185.70.42.42:21 | mail.protonmail.com | tcp |
| NL | 52.101.73.6:465 | roed25-dk.mail.protection.outlook.com | tcp |
| IE | 63.35.81.135:22 | voxi.co.uk | tcp |
| BE | 64.233.167.27:143 | aspmx.l.google.com | tcp |
| TR | 95.0.196.40:80 | mebbisyd.meb.gov.tr | tcp |
| US | 104.26.1.139:80 | picoworkers.com | tcp |
| BG | 185.176.40.130:587 | cp1.awardspace.net | tcp |
| RU | 213.59.253.8:143 | esia.gosuslugi.ru | tcp |
| IE | 52.212.148.253:143 | voxi.co.uk | tcp |
| PL | 217.74.71.152:80 | konto-pocztowe.interia.pl | tcp |
| BG | 185.176.40.130:80 | cp1.awardspace.net | tcp |
| NL | 52.101.73.6:995 | roed25-dk.mail.protection.outlook.com | tcp |
| IE | 63.35.81.135:21 | voxi.co.uk | tcp |
| US | 8.8.8.8:53 | dsmanila.aralinks.net | udp |
| US | 8.8.8.8:53 | 8.253.59.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.148.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.96.214.162.in-addr.arpa | udp |
| US | 15.197.214.39:443 | eticket.railway.gov.bd | tcp |
| BE | 64.233.167.27:465 | aspmx.l.google.com | tcp |
| BE | 13.225.17.38:443 | pay.skrill.com | tcp |
| US | 162.214.96.139:443 | edit.duplexplay.com | tcp |
| GB | 179.191.165.65:22 | minhaconta.levelupgames.com.br | tcp |
| ID | 118.98.166.195:443 | epak.gtk.kemdikbud.go.id | tcp |
| DE | 185.70.42.42:80 | mail.protonmail.com | tcp |
| FR | 212.83.152.79:22 | momijidreamfansub.eklablog.com | tcp |
| US | 172.67.166.246:22 | sribulancer.com | tcp |
| GB | 179.191.165.65:21 | minhaconta.levelupgames.com.br | tcp |
| SE | 185.134.15.215:443 | www.roed25.dk | tcp |
| PL | 217.74.71.152:21 | konto-pocztowe.interia.pl | tcp |
| DE | 185.70.42.42:143 | mail.protonmail.com | tcp |
| RU | 213.59.253.8:465 | esia.gosuslugi.ru | tcp |
| US | 172.67.166.246:21 | sribulancer.com | tcp |
| RU | 213.59.253.8:80 | esia.gosuslugi.ru | tcp |
| IE | 52.212.148.253:465 | voxi.co.uk | tcp |
| IE | 52.212.148.253:80 | voxi.co.uk | tcp |
| US | 104.26.0.139:22 | picoworkers.com | tcp |
| DE | 185.70.42.42:465 | mail.protonmail.com | tcp |
| DE | 185.70.42.42:995 | mail.protonmail.com | tcp |
| TR | 95.0.196.40:143 | mebbisyd.meb.gov.tr | tcp |
| US | 8.8.8.8:53 | www.voxi.co.uk | udp |
| US | 8.8.8.8:53 | mail.edit.duplexplay.com | udp |
| US | 8.8.8.8:53 | gasodomesticosdelsur.com | udp |
| US | 8.8.8.8:53 | ftp.jrchcm2022.onlineregistrationform.org | udp |
| SE | 185.134.15.215:22 | www.roed25.dk | tcp |
| SE | 185.134.15.215:21 | www.roed25.dk | tcp |
| US | 104.26.0.139:21 | picoworkers.com | tcp |
| US | 8.8.8.8:53 | roed25-dk.mail.protection.outlook.com | udp |
| PL | 217.74.71.152:143 | konto-pocztowe.interia.pl | tcp |
| GB | 179.191.165.65:143 | minhaconta.levelupgames.com.br | tcp |
| FR | 212.83.152.79:21 | momijidreamfansub.eklablog.com | tcp |
| TR | 95.0.196.40:465 | mebbisyd.meb.gov.tr | tcp |
| US | 8.8.8.8:53 | 158.15.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.166.98.118.in-addr.arpa | udp |
| RU | 213.59.253.8:80 | esia.gosuslugi.ru | tcp |
| US | 8.8.8.8:53 | moj.cosinus.pl | udp |
| IE | 108.128.17.167:21 | www.voxi.co.uk | tcp |
| BE | 64.233.167.27:995 | aspmx.l.google.com | tcp |
| RU | 213.59.253.8:995 | esia.gosuslugi.ru | tcp |
| JP | 140.83.39.249:22 | dsmanila.aralinks.net | tcp |
| IE | 52.212.148.253:995 | www.voxi.co.uk | tcp |
| TR | 95.0.196.40:995 | mebbisyd.meb.gov.tr | tcp |
| PL | 217.74.71.152:443 | konto-pocztowe.interia.pl | tcp |
| FR | 212.83.152.79:443 | momijidreamfansub.eklablog.com | tcp |
| US | 162.214.96.139:21 | mail.edit.duplexplay.com | tcp |
| IE | 63.35.81.135:143 | www.voxi.co.uk | tcp |
| BE | 13.225.17.38:443 | pay.skrill.com | tcp |
| US | 172.67.68.60:22 | picoworkers.com | tcp |
| BG | 185.176.40.130:443 | cp1.awardspace.net | tcp |
| BG | 185.176.40.130:222 | cp1.awardspace.net | tcp |
| US | 8.8.8.8:53 | jrchcm2022.onlineregistrationform.org | udp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| JP | 140.83.39.249:21 | dsmanila.aralinks.net | tcp |
| N/A | 127.0.0.1:52094 | tcp | |
| US | 8.8.8.8:53 | admission.punjab.gov.in | udp |
| US | 8.8.8.8:53 | campus.infossep.gob.ar | udp |
| GB | 23.214.154.77:443 | help.steampowered.com | tcp |
| US | 104.26.1.139:80 | picoworkers.com | tcp |
| US | 15.197.214.39:22 | eticket.railway.gov.bd | tcp |
| BG | 185.176.40.130:995 | cp1.awardspace.net | tcp |
| US | 162.214.96.139:143 | mail.edit.duplexplay.com | tcp |
| GB | 179.191.165.65:465 | minhaconta.levelupgames.com.br | tcp |
| GB | 179.191.165.65:80 | minhaconta.levelupgames.com.br | tcp |
| US | 8.8.8.8:53 | 79.152.83.212.in-addr.arpa | udp |
| US | 104.21.16.84:22 | sribulancer.com | tcp |
| IE | 52.101.68.21:143 | roed25-dk.mail.protection.outlook.com | tcp |
| GB | 179.191.165.65:80 | minhaconta.levelupgames.com.br | tcp |
| GB | 23.214.154.77:22 | help.steampowered.com | tcp |
| ID | 118.98.166.195:143 | epak.gtk.kemdikbud.go.id | tcp |
| GB | 23.214.154.77:21 | help.steampowered.com | tcp |
| US | 15.197.214.39:21 | eticket.railway.gov.bd | tcp |
| BE | 13.225.17.38:22 | pay.skrill.com | tcp |
| N/A | 127.0.0.1:52097 | tcp | |
| US | 104.21.16.84:21 | sribulancer.com | tcp |
| JP | 140.83.39.249:443 | dsmanila.aralinks.net | tcp |
| IE | 63.35.81.135:465 | www.voxi.co.uk | tcp |
| GB | 179.191.165.65:995 | minhaconta.levelupgames.com.br | tcp |
| US | 8.8.8.8:53 | admission.punjab.gov.in | udp |
| US | 8.8.8.8:53 | campus.infossep.gob.ar | udp |
| US | 8.8.8.8:53 | accounts.nintendo.com | udp |
| US | 162.214.96.139:465 | mail.edit.duplexplay.com | tcp |
| PL | 79.133.196.140:22 | moj.cosinus.pl | tcp |
| US | 172.67.166.246:80 | sribulancer.com | tcp |
| US | 162.214.96.139:80 | mail.edit.duplexplay.com | tcp |
| BE | 64.233.167.27:143 | aspmx.l.google.com | tcp |
| SG | 74.125.200.26:143 | alt4.aspmx.l.google.com | tcp |
| TR | 95.0.196.40:443 | mebbisyd.meb.gov.tr | tcp |
| DE | 185.70.42.42:80 | mail.protonmail.com | tcp |
| BG | 185.176.40.130:990 | cp1.awardspace.net | tcp |
| BG | 185.176.40.130:443 | cp1.awardspace.net | tcp |
| PL | 217.74.71.152:465 | konto-pocztowe.interia.pl | tcp |
| ID | 118.98.166.195:465 | epak.gtk.kemdikbud.go.id | tcp |
| US | 8.8.8.8:53 | gasodomesticosdelsur.com | udp |
| IE | 63.35.81.135:995 | www.voxi.co.uk | tcp |
| ID | 118.98.166.195:995 | epak.gtk.kemdikbud.go.id | tcp |
| ID | 118.98.166.195:80 | epak.gtk.kemdikbud.go.id | tcp |
| BG | 185.176.40.130:80 | cp1.awardspace.net | tcp |
| BE | 13.225.17.38:80 | pay.skrill.com | tcp |
| DE | 185.70.42.42:443 | mail.protonmail.com | tcp |
| IE | 52.101.68.21:465 | roed25-dk.mail.protection.outlook.com | tcp |
| NL | 142.250.153.26:143 | alt1.aspmx.l.google.com | tcp |
| PL | 79.133.196.140:21 | moj.cosinus.pl | tcp |
| BE | 64.233.167.27:465 | aspmx.l.google.com | tcp |
| N/A | 127.0.0.1:52101 | tcp | |
| N/A | 127.0.0.1:52108 | tcp | |
| N/A | 127.0.0.1:52111 | tcp | |
| N/A | 127.0.0.1:52114 | tcp | |
| N/A | 127.0.0.1:52119 | tcp | |
| N/A | 127.0.0.1:52123 | tcp | |
| N/A | 127.0.0.1:52134 | tcp | |
| N/A | 127.0.0.1:52136 | tcp | |
| N/A | 127.0.0.1:52138 | tcp | |
| N/A | 127.0.0.1:52141 | tcp | |
| N/A | 127.0.0.1:52146 | tcp | |
| N/A | 127.0.0.1:52151 | tcp | |
| N/A | 127.0.0.1:52155 | tcp | |
| N/A | 127.0.0.1:52159 | tcp | |
| N/A | 127.0.0.1:52170 | tcp | |
| N/A | 127.0.0.1:52172 | tcp | |
| N/A | 127.0.0.1:52175 | tcp | |
| N/A | 127.0.0.1:52178 | tcp | |
| N/A | 127.0.0.1:52182 | tcp | |
| N/A | 127.0.0.1:52185 | tcp | |
| N/A | 127.0.0.1:52187 | tcp | |
| N/A | 127.0.0.1:52191 | tcp | |
| N/A | 127.0.0.1:52194 | tcp | |
| N/A | 127.0.0.1:52201 | tcp | |
| N/A | 127.0.0.1:52207 | tcp | |
| N/A | 127.0.0.1:52216 | tcp | |
| N/A | 127.0.0.1:52220 | tcp | |
| US | 8.8.8.8:53 | accounts.nintendo.com | udp |
| US | 8.8.8.8:53 | auth.demre.cl | udp |
| US | 162.214.96.139:995 | mail.edit.duplexplay.com | tcp |
| PL | 217.74.71.152:22 | konto-pocztowe.interia.pl | tcp |
| JP | 140.83.39.249:143 | dsmanila.aralinks.net | tcp |
| PL | 217.74.71.152:995 | konto-pocztowe.interia.pl | tcp |
| US | 162.214.96.139:80 | mail.edit.duplexplay.com | tcp |
| GB | 23.214.154.77:143 | help.steampowered.com | tcp |
| IE | 52.101.68.21:995 | roed25-dk.mail.protection.outlook.com | tcp |
| SE | 185.134.15.215:443 | www.roed25.dk | tcp |
| IE | 52.212.148.253:443 | www.voxi.co.uk | tcp |
| FR | 212.83.152.79:22 | momijidreamfansub.eklablog.com | tcp |
| RU | 213.59.253.8:443 | esia.gosuslugi.ru | tcp |
| US | 172.67.166.246:80 | sribulancer.com | tcp |
| RU | 213.59.253.8:22 | esia.gosuslugi.ru | tcp |
| TR | 95.0.196.40:443 | mebbisyd.meb.gov.tr | tcp |
| N/A | 127.0.0.1:52230 | tcp | |
| IE | 52.212.148.253:22 | www.voxi.co.uk | tcp |
| US | 8.8.8.8:53 | jrchcm2022.onlineregistrationform.org | udp |
| US | 8.8.8.8:53 | ftp.jrchcm2022.onlineregistrationform.org | udp |
| US | 8.8.8.8:53 | minhaconta.levelupgames.com.br | udp |
| FR | 212.83.152.79:80 | momijidreamfansub.eklablog.com | tcp |
| BE | 64.233.167.27:995 | aspmx.l.google.com | tcp |
| BE | 13.225.17.38:21 | pay.skrill.com | tcp |
| GB | 23.214.154.77:465 | help.steampowered.com | tcp |
| BE | 13.225.17.38:143 | pay.skrill.com | tcp |
| PL | 79.133.196.140:443 | moj.cosinus.pl | tcp |
| IE | 52.101.68.15:143 | roed25-dk.mail.protection.outlook.com | tcp |
| IE | 52.101.68.15:465 | roed25-dk.mail.protection.outlook.com | tcp |
| N/A | 127.0.0.1:52234 | tcp | |
| N/A | 127.0.0.1:52244 | tcp | |
| N/A | 127.0.0.1:52248 | tcp | |
| N/A | 127.0.0.1:52257 | tcp | |
| N/A | 127.0.0.1:52260 | tcp | |
| N/A | 127.0.0.1:52264 | tcp | |
| N/A | 127.0.0.1:52272 | tcp | |
| N/A | 127.0.0.1:52275 | tcp | |
| N/A | 127.0.0.1:52285 | tcp | |
| N/A | 127.0.0.1:52288 | tcp | |
| N/A | 127.0.0.1:52292 | tcp | |
| N/A | 127.0.0.1:52294 | tcp | |
| N/A | 127.0.0.1:52298 | tcp | |
| N/A | 127.0.0.1:52300 | tcp | |
| N/A | 127.0.0.1:52306 | tcp | |
| N/A | 127.0.0.1:52318 | tcp | |
| N/A | 127.0.0.1:52320 | tcp | |
| N/A | 127.0.0.1:52326 | tcp | |
| N/A | 127.0.0.1:52333 | tcp | |
| N/A | 127.0.0.1:52337 | tcp | |
| N/A | 127.0.0.1:52339 | tcp | |
| N/A | 127.0.0.1:52342 | tcp | |
| N/A | 127.0.0.1:52350 | tcp | |
| N/A | 127.0.0.1:52354 | tcp | |
| N/A | 127.0.0.1:52359 | tcp | |
| N/A | 127.0.0.1:52362 | tcp | |
| US | 8.8.8.8:53 | auth.demre.cl | udp |
| US | 8.8.8.8:53 | payments.virginmedia.com | udp |
| SG | 74.125.200.26:465 | alt4.aspmx.l.google.com | tcp |
| US | 76.223.3.255:22 | campus.infossep.gob.ar | tcp |
| BG | 185.176.40.130:587 | cp1.awardspace.net | tcp |
| IE | 52.101.68.15:995 | roed25-dk.mail.protection.outlook.com | tcp |
| JP | 140.83.39.249:465 | dsmanila.aralinks.net | tcp |
| JP | 140.83.39.249:80 | dsmanila.aralinks.net | tcp |
| RU | 213.59.253.8:21 | esia.gosuslugi.ru | tcp |
| US | 15.197.214.39:80 | eticket.railway.gov.bd | tcp |
| RU | 213.59.253.8:80 | esia.gosuslugi.ru | tcp |
| GB | 23.214.154.77:995 | help.steampowered.com | tcp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| BE | 13.225.17.38:465 | pay.skrill.com | tcp |
| FR | 212.83.152.79:80 | momijidreamfansub.eklablog.com | tcp |
| NL | 142.250.153.26:465 | alt1.aspmx.l.google.com | tcp |
| NL | 142.250.153.26:995 | alt1.aspmx.l.google.com | tcp |
| BG | 185.176.40.130:143 | cp1.awardspace.net | tcp |
| BG | 185.176.40.130:80 | cp1.awardspace.net | tcp |
| BE | 13.225.17.38:80 | pay.skrill.com | tcp |
| N/A | 127.0.0.1:52366 | tcp | |
| US | 76.223.3.255:21 | campus.infossep.gob.ar | tcp |
| IN | 20.204.0.189:22 | admission.punjab.gov.in | tcp |
| IN | 20.204.0.189:21 | admission.punjab.gov.in | tcp |
| N/A | 127.0.0.1:52371 | tcp | |
| N/A | 127.0.0.1:52373 | tcp | |
| N/A | 127.0.0.1:52382 | tcp | |
| N/A | 127.0.0.1:52386 | tcp | |
| N/A | 127.0.0.1:52388 | tcp | |
| N/A | 127.0.0.1:52392 | tcp | |
| N/A | 127.0.0.1:52394 | tcp | |
| N/A | 127.0.0.1:52401 | tcp | |
| N/A | 127.0.0.1:52404 | tcp | |
| N/A | 127.0.0.1:52406 | tcp | |
| N/A | 127.0.0.1:52409 | tcp | |
| N/A | 127.0.0.1:52414 | tcp | |
| BE | 13.225.17.38:995 | pay.skrill.com | tcp |
| US | 8.8.8.8:53 | payments.virginmedia.com | udp |
| US | 8.8.8.8:53 | cafe-cp.dcfs.la.gov | udp |
| US | 13.248.136.219:22 | campus.infossep.gob.ar | tcp |
| PL | 217.74.71.152:80 | konto-pocztowe.interia.pl | tcp |
| JP | 140.83.39.249:995 | dsmanila.aralinks.net | tcp |
| PL | 217.74.71.152:990 | konto-pocztowe.interia.pl | tcp |
| IE | 52.212.148.253:21 | www.voxi.co.uk | tcp |
| US | 104.26.1.139:990 | picoworkers.com | tcp |
| IE | 52.212.148.253:80 | www.voxi.co.uk | tcp |
| PL | 79.133.196.140:143 | moj.cosinus.pl | tcp |
| IE | 63.35.81.135:22 | www.voxi.co.uk | tcp |
| US | 172.67.27.86:443 | sproutgigs.com | tcp |
| US | 162.214.96.139:22 | mail.edit.duplexplay.com | tcp |
| US | 15.197.214.39:80 | eticket.railway.gov.bd | tcp |
| ID | 118.98.166.195:80 | epak.gtk.kemdikbud.go.id | tcp |
| SG | 74.125.200.26:995 | alt4.aspmx.l.google.com | tcp |
| GB | 23.214.154.77:80 | help.steampowered.com | tcp |
| SE | 185.134.15.215:80 | www.roed25.dk | tcp |
| PL | 217.74.71.152:993 | konto-pocztowe.interia.pl | tcp |
| US | 8.8.8.8:53 | gasodomesticosdelsur.com | udp |
| US | 8.8.8.8:53 | www.voxi.co.uk | udp |
| GB | 179.191.165.65:80 | minhaconta.levelupgames.com.br | tcp |
| ID | 118.98.166.195:22 | epak.gtk.kemdikbud.go.id | tcp |
| DE | 23.197.7.84:22 | accounts.nintendo.com | tcp |
| IN | 20.204.0.189:443 | admission.punjab.gov.in | tcp |
| TR | 95.0.196.40:990 | mebbisyd.meb.gov.tr | tcp |
| DE | 185.70.42.42:222 | mail.protonmail.com | tcp |
| DE | 23.197.7.84:21 | accounts.nintendo.com | tcp |
| US | 8.8.8.8:53 | www.eklablog.com | udp |
| US | 8.8.8.8:53 | 140.196.133.79.in-addr.arpa | udp |
| ID | 118.98.166.195:21 | epak.gtk.kemdikbud.go.id | tcp |
| TR | 95.0.196.40:222 | mebbisyd.meb.gov.tr | tcp |
| US | 76.223.3.255:443 | campus.infossep.gob.ar | tcp |
| US | 8.8.8.8:53 | cafe-cp.dcfs.la.gov | udp |
| US | 8.8.8.8:53 | ows01.hireright.com | udp |
| US | 13.248.136.219:21 | campus.infossep.gob.ar | tcp |
| IE | 52.212.148.253:143 | www.voxi.co.uk | tcp |
| IE | 63.35.81.135:21 | www.voxi.co.uk | tcp |
| US | 104.26.0.139:990 | picoworkers.com | tcp |
| CL | 200.89.78.253:22 | auth.demre.cl | tcp |
| BE | 64.233.167.27:993 | aspmx.l.google.com | tcp |
| US | 162.214.96.139:143 | mail.edit.duplexplay.com | tcp |
| US | 162.214.96.139:21 | mail.edit.duplexplay.com | tcp |
| RU | 213.59.253.8:143 | esia.gosuslugi.ru | tcp |
| US | 104.26.1.139:80 | picoworkers.com | tcp |
| PL | 217.74.71.152:80 | konto-pocztowe.interia.pl | tcp |
| US | 8.8.8.8:53 | mail.jrchcm2022.onlineregistrationform.org | udp |
| US | 8.8.8.8:53 | ftp.cp1.awardspace.net | udp |
| TR | 95.0.196.40:80 | mebbisyd.meb.gov.tr | tcp |
| US | 104.26.1.139:222 | picoworkers.com | tcp |
| BG | 185.176.40.130:2222 | cp1.awardspace.net | tcp |
| BE | 64.233.167.27:110 | aspmx.l.google.com | tcp |
| US | 172.67.166.246:222 | sribulancer.com | tcp |
| BE | 64.233.167.27:587 | aspmx.l.google.com | tcp |
| JP | 140.83.39.249:22 | dsmanila.aralinks.net | tcp |
| BG | 185.176.40.130:80 | cp1.awardspace.net | tcp |
| DE | 185.70.42.37:443 | mail.proton.me | tcp |
| DE | 23.197.7.84:443 | accounts.nintendo.com | tcp |
| US | 172.67.166.246:990 | sribulancer.com | tcp |
| US | 8.8.8.8:53 | roed25-dk.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | 189.0.204.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ows01.hireright.com | udp |
| US | 8.8.8.8:53 | web.facebook.com | udp |
| DE | 185.70.42.42:990 | mail.protonmail.com | tcp |
| PL | 79.133.196.140:465 | moj.cosinus.pl | tcp |
| GB | 213.105.9.34:22 | payments.virginmedia.com | tcp |
| GB | 23.214.154.77:80 | help.steampowered.com | tcp |
| RU | 213.59.253.8:465 | esia.gosuslugi.ru | tcp |
| DE | 185.70.42.42:993 | mail.protonmail.com | tcp |
| DE | 185.70.42.42:110 | mail.protonmail.com | tcp |
| IN | 20.204.0.189:143 | admission.punjab.gov.in | tcp |
| DE | 185.70.42.42:587 | mail.protonmail.com | tcp |
| US | 76.223.3.255:143 | campus.infossep.gob.ar | tcp |
| SE | 185.134.15.215:222 | www.roed25.dk | tcp |
| US | 162.214.96.139:80 | mail.edit.duplexplay.com | tcp |
| SE | 185.134.15.215:990 | www.roed25.dk | tcp |
| TR | 95.0.196.40:993 | mebbisyd.meb.gov.tr | tcp |
| FR | 212.83.152.79:21 | www.eklablog.com | tcp |
| US | 104.26.15.158:443 | www.sribu.com | tcp |
| FR | 212.83.152.79:22 | www.eklablog.com | tcp |
| SE | 185.134.15.40:443 | bet25.dk | tcp |
| TR | 95.0.196.40:587 | mebbisyd.meb.gov.tr | tcp |
| TR | 95.0.196.40:80 | mebbisyd.meb.gov.tr | tcp |
| GB | 179.191.165.65:993 | minhaconta.levelupgames.com.br | tcp |
| US | 162.214.96.139:80 | mail.edit.duplexplay.com | tcp |
| US | 8.8.8.8:53 | jrchcm2022.onlineregistrationform.org | udp |
| US | 8.8.8.8:53 | ssh.jrchcm2022.onlineregistrationform.org | udp |
| IE | 52.212.148.253:995 | www.voxi.co.uk | tcp |
| US | 15.197.214.39:222 | eticket.railway.gov.bd | tcp |
| BG | 185.176.40.130:110 | cp1.awardspace.net | tcp |
| BE | 13.225.17.38:443 | pay.skrill.com | tcp |
| RU | 213.59.253.8:995 | esia.gosuslugi.ru | tcp |
| RU | 213.59.253.8:80 | esia.gosuslugi.ru | tcp |
| PL | 79.133.196.140:80 | moj.cosinus.pl | tcp |
| GB | 179.191.165.65:587 | minhaconta.levelupgames.com.br | tcp |
| FR | 212.83.152.79:443 | www.eklablog.com | tcp |
| GB | 213.105.9.34:21 | payments.virginmedia.com | tcp |
| US | 8.8.8.8:53 | esia.gosuslugi.ru | udp |
| CL | 200.89.78.253:443 | auth.demre.cl | tcp |
| TR | 95.0.196.40:110 | mebbisyd.meb.gov.tr | tcp |
| US | 205.172.49.230:22 | cafe-cp.dcfs.la.gov | tcp |
| IE | 52.212.148.253:443 | www.voxi.co.uk | tcp |
| N/A | 127.0.0.1:52426 | tcp | |
| US | 8.8.8.8:53 | web.facebook.com | udp |
| US | 8.8.8.8:53 | cobracolumnone.com | udp |
| PL | 79.133.196.140:995 | moj.cosinus.pl | tcp |
| IE | 52.212.148.253:443 | www.voxi.co.uk | tcp |
| PL | 79.133.196.140:80 | moj.cosinus.pl | tcp |
| US | 76.223.3.255:465 | campus.infossep.gob.ar | tcp |
| IN | 20.204.0.189:465 | admission.punjab.gov.in | tcp |
| IN | 20.204.0.189:80 | admission.punjab.gov.in | tcp |
| ID | 118.98.166.195:143 | epak.gtk.kemdikbud.go.id | tcp |
| GB | 23.214.154.77:222 | help.steampowered.com | tcp |
| IE | 52.212.148.253:443 | www.voxi.co.uk | tcp |
| GB | 23.214.154.77:990 | help.steampowered.com | tcp |
| US | 15.197.214.39:990 | eticket.railway.gov.bd | tcp |
| US | 76.223.3.255:80 | campus.infossep.gob.ar | tcp |
| JP | 140.83.39.249:21 | dsmanila.aralinks.net | tcp |
| JP | 140.83.39.249:80 | dsmanila.aralinks.net | tcp |
| DE | 23.197.7.84:143 | accounts.nintendo.com | tcp |
| PL | 217.74.71.152:587 | konto-pocztowe.interia.pl | tcp |
| GB | 179.191.165.65:110 | minhaconta.levelupgames.com.br | tcp |
| RU | 213.59.253.8:80 | esia.gosuslugi.ru | tcp |
| PL | 79.133.196.140:22 | moj.cosinus.pl | tcp |
| US | 162.214.96.139:465 | mail.edit.duplexplay.com | tcp |
| US | 8.8.8.8:53 | gasodomesticosdelsur.com | udp |
| US | 8.8.8.8:53 | 255.3.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.7.197.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | infossep.cordoba.gob.ar | udp |
| N/A | 127.0.0.1:52431 | tcp | |
| N/A | 127.0.0.1:52443 | tcp | |
| N/A | 127.0.0.1:52447 | tcp | |
| N/A | 127.0.0.1:52453 | tcp | |
| N/A | 127.0.0.1:52457 | tcp | |
| N/A | 127.0.0.1:52459 | tcp | |
| N/A | 127.0.0.1:52483 | tcp | |
| N/A | 127.0.0.1:52487 | tcp | |
| N/A | 127.0.0.1:52491 | tcp | |
| BE | 64.233.167.27:993 | aspmx.l.google.com | tcp |
| SG | 74.125.200.26:993 | alt4.aspmx.l.google.com | tcp |
| NL | 52.101.73.11:993 | roed25-dk.mail.protection.outlook.com | tcp |
| BG | 185.176.40.130:993 | cp1.awardspace.net | tcp |
| ID | 118.98.166.195:443 | epak.gtk.kemdikbud.go.id | tcp |
| ID | 118.98.166.195:465 | epak.gtk.kemdikbud.go.id | tcp |
| GB | 213.105.9.34:443 | payments.virginmedia.com | tcp |
| US | 205.172.49.230:21 | cafe-cp.dcfs.la.gov | tcp |
| US | 8.8.8.8:53 | cobracolumnone.com | udp |
| US | 8.8.8.8:53 | mysalam.com.my | udp |
| IN | 20.204.0.189:995 | admission.punjab.gov.in | tcp |
| US | 107.162.155.79:22 | ows01.hireright.com | tcp |
| NL | 52.101.73.11:587 | roed25-dk.mail.protection.outlook.com | tcp |
| US | 76.223.3.255:995 | campus.infossep.gob.ar | tcp |
| NL | 142.250.153.26:143 | alt1.aspmx.l.google.com | tcp |
| PL | 79.133.196.140:21 | moj.cosinus.pl | tcp |
| PL | 217.74.71.152:110 | konto-pocztowe.interia.pl | tcp |
| DE | 23.197.7.84:465 | accounts.nintendo.com | tcp |
| BE | 64.233.167.27:587 | aspmx.l.google.com | tcp |
| SG | 74.125.200.26:587 | alt4.aspmx.l.google.com | tcp |
| DE | 23.197.7.84:80 | accounts.nintendo.com | tcp |
| CL | 200.89.78.253:143 | auth.demre.cl | tcp |
| US | 15.197.214.39:443 | eticket.railway.gov.bd | tcp |
| NL | 52.101.73.11:110 | roed25-dk.mail.protection.outlook.com | tcp |
| US | 162.214.96.139:995 | mail.edit.duplexplay.com | tcp |
| US | 8.8.8.8:53 | ftp.jrchcm2022.onlineregistrationform.org | udp |
| US | 8.8.8.8:53 | 40.15.134.185.in-addr.arpa | udp |
| NL | 142.250.153.26:465 | alt1.aspmx.l.google.com | tcp |
| GB | 23.214.154.77:993 | help.steampowered.com | tcp |
| GB | 179.191.165.65:80 | minhaconta.levelupgames.com.br | tcp |
| JP | 140.83.39.249:143 | dsmanila.aralinks.net | tcp |
| US | 107.162.155.79:21 | ows01.hireright.com | tcp |
| RU | 213.59.254.8:222 | esia.gosuslugi.ru | tcp |
| US | 205.172.49.230:443 | cafe-cp.dcfs.la.gov | tcp |
| IN | 20.204.0.189:22 | admission.punjab.gov.in | tcp |
| US | 8.8.8.8:53 | mysalam.com.my | udp |
| US | 8.8.8.8:53 | sistemas.udo.mx | udp |
| GB | 163.70.147.22:22 | web.facebook.com | tcp |
| BE | 13.225.17.38:993 | pay.skrill.com | tcp |
| DE | 23.197.7.84:995 | accounts.nintendo.com | tcp |
| GB | 23.214.154.77:587 | help.steampowered.com | tcp |
| BE | 64.233.167.27:110 | aspmx.l.google.com | tcp |
| CL | 200.89.78.253:465 | auth.demre.cl | tcp |
| BG | 185.176.40.130:25 | cp1.awardspace.net | tcp |
| CL | 200.89.78.253:80 | auth.demre.cl | tcp |
| PL | 217.74.71.152:443 | konto-pocztowe.interia.pl | tcp |
| IE | 52.212.148.253:222 | www.voxi.co.uk | tcp |
| GB | 213.105.9.34:143 | payments.virginmedia.com | tcp |
| US | 104.26.1.139:80 | picoworkers.com | tcp |
| SG | 74.125.200.26:110 | alt4.aspmx.l.google.com | tcp |
| ID | 118.98.166.195:995 | epak.gtk.kemdikbud.go.id | tcp |
| US | 172.67.166.246:80 | sribulancer.com | tcp |
| US | 76.223.3.255:22 | campus.infossep.gob.ar | tcp |
| N/A | 127.0.0.1:52503 | tcp | |
| N/A | 127.0.0.1:52505 | tcp | |
| N/A | 127.0.0.1:52509 | tcp | |
| N/A | 127.0.0.1:52511 | tcp | |
| N/A | 127.0.0.1:52516 | tcp | |
| DE | 185.70.42.42:80 | mail.protonmail.com | tcp |
| JP | 140.83.39.249:465 | dsmanila.aralinks.net | tcp |
| RU | 213.59.254.8:990 | esia.gosuslugi.ru | tcp |
| US | 8.8.8.8:53 | 253.78.89.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.9.105.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gasodomesticosdelsur.com | udp |
| DE | 23.197.7.84:22 | accounts.nintendo.com | tcp |
| GB | 23.214.154.77:110 | help.steampowered.com | tcp |
| BG | 185.176.40.130:443 | cp1.awardspace.net | tcp |
| US | 162.214.96.139:21 | mail.edit.duplexplay.com | tcp |
| GB | 163.70.147.22:21 | web.facebook.com | tcp |
| US | 107.162.155.79:443 | ows01.hireright.com | tcp |
| DE | 185.70.42.42:80 | mail.protonmail.com | tcp |
| BE | 13.225.17.38:587 | pay.skrill.com | tcp |
| NL | 142.250.153.26:995 | alt1.aspmx.l.google.com | tcp |
| US | 162.214.96.139:143 | mail.edit.duplexplay.com | tcp |
| ID | 118.98.166.195:990 | epak.gtk.kemdikbud.go.id | tcp |
| TR | 95.0.196.40:222 | mebbisyd.meb.gov.tr | tcp |
| US | 76.223.3.255:21 | campus.infossep.gob.ar | tcp |
| CL | 200.89.78.253:995 | auth.demre.cl | tcp |
| IN | 20.204.0.189:21 | admission.punjab.gov.in | tcp |
| ID | 118.98.166.195:80 | epak.gtk.kemdikbud.go.id | tcp |
| DE | 23.197.7.84:80 | accounts.nintendo.com | tcp |
| IE | 52.212.148.253:993 | www.voxi.co.uk | tcp |
| IE | 52.212.148.253:990 | www.voxi.co.uk | tcp |
| GB | 213.105.9.34:465 | payments.virginmedia.com | tcp |
| BE | 13.225.17.38:110 | pay.skrill.com | tcp |
| US | 104.26.1.139:990 | picoworkers.com | tcp |
| GB | 213.105.9.34:80 | payments.virginmedia.com | tcp |
| CL | 200.89.78.253:22 | auth.demre.cl | tcp |
| JP | 140.83.39.249:995 | dsmanila.aralinks.net | tcp |
| PL | 217.74.71.152:990 | konto-pocztowe.interia.pl | tcp |
| RU | 213.59.254.8:993 | esia.gosuslugi.ru | tcp |
| BE | 64.233.167.27:993 | aspmx.l.google.com | tcp |
| PL | 79.133.196.140:143 | moj.cosinus.pl | tcp |
| US | 162.214.96.139:222 | mail.edit.duplexplay.com | tcp |
| PL | 217.74.71.152:993 | konto-pocztowe.interia.pl | tcp |
| TR | 95.0.196.40:443 | mebbisyd.meb.gov.tr | tcp |
| SE | 185.134.15.40:80 | bet25.dk | tcp |
| FR | 212.83.152.79:22 | www.eklablog.com | tcp |
| US | 162.214.96.139:80 | mail.edit.duplexplay.com | tcp |
| SE | 185.134.15.40:443 | bet25.dk | tcp |
| US | 104.26.1.139:222 | picoworkers.com | tcp |
| ID | 118.98.166.195:222 | epak.gtk.kemdikbud.go.id | tcp |
| IN | 20.204.0.189:80 | admission.punjab.gov.in | tcp |
| BE | 64.233.167.27:110 | aspmx.l.google.com | tcp |
| BG | 185.176.40.130:2222 | cp1.awardspace.net | tcp |
| BE | 64.233.167.27:587 | aspmx.l.google.com | tcp |
| JP | 140.83.39.249:222 | dsmanila.aralinks.net | tcp |
| US | 172.67.166.246:222 | sribulancer.com | tcp |
| US | 172.67.166.246:990 | sribulancer.com | tcp |
| GB | 179.191.165.65:222 | minhaconta.levelupgames.com.br | tcp |
| FR | 212.83.152.79:80 | www.eklablog.com | tcp |
| BE | 13.225.17.38:80 | pay.skrill.com | tcp |
| GB | 163.70.147.22:443 | web.facebook.com | tcp |
| FR | 212.83.152.79:80 | www.eklablog.com | tcp |
| SE | 185.134.15.215:80 | www.roed25.dk | tcp |
| SE | 185.134.15.215:443 | www.roed25.dk | tcp |
| TR | 95.0.196.40:990 | mebbisyd.meb.gov.tr | tcp |
| SE | 185.134.15.215:443 | www.roed25.dk | tcp |
| US | 103.224.212.212:21 | cobracolumnone.com | tcp |
| DE | 185.70.42.42:222 | mail.protonmail.com | tcp |
| IE | 52.212.148.253:587 | www.voxi.co.uk | tcp |
| DE | 23.197.7.84:21 | accounts.nintendo.com | tcp |
| GB | 179.191.165.65:990 | minhaconta.levelupgames.com.br | tcp |
| MY | 175.143.36.22:22 | mysalam.com.my | tcp |
| DE | 185.70.42.42:990 | mail.protonmail.com | tcp |
| SE | 185.134.15.40:443 | bet25.dk | tcp |
| GB | 213.105.9.34:995 | payments.virginmedia.com | tcp |
| US | 107.162.155.79:143 | ows01.hireright.com | tcp |
| PL | 79.133.196.140:465 | moj.cosinus.pl | tcp |
| GB | 213.105.9.34:22 | payments.virginmedia.com | tcp |
| US | 205.172.49.230:143 | cafe-cp.dcfs.la.gov | tcp |
| GB | 23.214.154.77:443 | help.steampowered.com | tcp |
| RU | 213.59.254.8:587 | esia.gosuslugi.ru | tcp |
| DE | 185.70.42.42:110 | mail.protonmail.com | tcp |
| PL | 79.133.196.140:80 | moj.cosinus.pl | tcp |
| DE | 185.70.42.42:587 | mail.protonmail.com | tcp |
| DE | 185.70.42.42:993 | mail.protonmail.com | tcp |
| IN | 20.204.0.189:143 | admission.punjab.gov.in | tcp |
| SE | 185.134.15.40:80 | bet25.dk | tcp |
| US | 76.223.3.255:143 | campus.infossep.gob.ar | tcp |
| IE | 52.212.148.253:80 | www.voxi.co.uk | tcp |
| SE | 185.134.15.215:222 | www.roed25.dk | tcp |
| SE | 185.134.15.215:990 | www.roed25.dk | tcp |
| FR | 212.83.152.79:990 | www.eklablog.com | tcp |
| TR | 95.0.196.40:993 | mebbisyd.meb.gov.tr | tcp |
| GB | 179.191.165.65:993 | minhaconta.levelupgames.com.br | tcp |
| US | 162.214.96.139:80 | mail.edit.duplexplay.com | tcp |
| TR | 95.0.196.40:587 | mebbisyd.meb.gov.tr | tcp |
| US | 76.223.3.255:443 | campus.infossep.gob.ar | tcp |
| RU | 213.59.254.8:443 | esia.gosuslugi.ru | tcp |
| SE | 185.134.15.40:443 | bet25.dk | tcp |
| FR | 212.83.152.79:80 | www.eklablog.com | tcp |
| RU | 213.59.253.8:80 | esia.gosuslugi.ru | tcp |
| N/A | 127.0.0.1:52531 | tcp | |
| N/A | 127.0.0.1:52534 | tcp | |
| N/A | 127.0.0.1:52538 | tcp | |
| N/A | 127.0.0.1:52541 | tcp | |
| N/A | 127.0.0.1:52554 | tcp | |
| N/A | 127.0.0.1:52558 | tcp | |
| N/A | 127.0.0.1:52565 | tcp | |
| N/A | 127.0.0.1:52568 | tcp | |
| N/A | 127.0.0.1:52572 | tcp | |
| N/A | 127.0.0.1:52574 | tcp | |
| N/A | 127.0.0.1:52578 | tcp | |
| N/A | 127.0.0.1:52586 | tcp | |
| N/A | 127.0.0.1:52589 | tcp | |
| N/A | 127.0.0.1:52592 | tcp | |
| N/A | 127.0.0.1:52594 | tcp | |
| N/A | 127.0.0.1:52596 | tcp | |
| N/A | 127.0.0.1:52603 | tcp | |
| N/A | 127.0.0.1:52606 | tcp | |
| N/A | 127.0.0.1:52613 | tcp | |
| N/A | 127.0.0.1:52621 | tcp | |
| N/A | 127.0.0.1:52623 | tcp | |
| N/A | 127.0.0.1:52626 | tcp | |
| N/A | 127.0.0.1:52630 | tcp | |
| N/A | 127.0.0.1:52634 | tcp | |
| N/A | 127.0.0.1:52637 | tcp | |
| N/A | 127.0.0.1:52641 | tcp | |
| N/A | 127.0.0.1:52643 | tcp | |
| N/A | 127.0.0.1:52647 | tcp | |
| N/A | 127.0.0.1:52649 | tcp | |
| N/A | 127.0.0.1:52652 | tcp | |
| N/A | 127.0.0.1:52655 | tcp | |
| N/A | 127.0.0.1:52657 | tcp | |
| N/A | 127.0.0.1:52660 | tcp | |
| N/A | 127.0.0.1:52662 | tcp | |
| N/A | 127.0.0.1:52664 | tcp | |
| N/A | 127.0.0.1:52675 | tcp | |
| N/A | 127.0.0.1:52681 | tcp | |
| N/A | 127.0.0.1:52686 | tcp | |
| N/A | 127.0.0.1:52692 | tcp | |
| N/A | 127.0.0.1:52696 | tcp | |
| N/A | 127.0.0.1:52700 | tcp | |
| N/A | 127.0.0.1:52704 | tcp | |
| US | 8.8.8.8:53 | minhaconta.levelupgames.com.br | udp |
| US | 172.67.166.246:80 | sribulancer.com | tcp |
| JP | 140.83.39.249:80 | dsmanila.aralinks.net | tcp |
| US | 8.8.8.8:53 | sistemas.udo.mx | udp |
| N/A | 127.0.0.1:52707 | tcp | |
| N/A | 127.0.0.1:52711 | tcp | |
| N/A | 127.0.0.1:52714 | tcp | |
| N/A | 127.0.0.1:52720 | tcp | |
| N/A | 127.0.0.1:52722 | tcp | |
| N/A | 127.0.0.1:52724 | tcp | |
| N/A | 127.0.0.1:52726 | tcp | |
| N/A | 127.0.0.1:52729 | tcp | |
| N/A | 127.0.0.1:52734 | tcp | |
| N/A | 127.0.0.1:52739 | tcp | |
| N/A | 127.0.0.1:52742 | tcp | |
| N/A | 127.0.0.1:52745 | tcp | |
| N/A | 127.0.0.1:52747 | tcp | |
| N/A | 127.0.0.1:52749 | tcp | |
| N/A | 127.0.0.1:52752 | tcp | |
| N/A | 127.0.0.1:52765 | tcp | |
| N/A | 127.0.0.1:52767 | tcp | |
| N/A | 127.0.0.1:52769 | tcp | |
| N/A | 127.0.0.1:52771 | tcp | |
| N/A | 127.0.0.1:52773 | tcp | |
| N/A | 127.0.0.1:52776 | tcp | |
| N/A | 127.0.0.1:52787 | tcp | |
| N/A | 127.0.0.1:52791 | tcp | |
| N/A | 127.0.0.1:52794 | tcp | |
| N/A | 127.0.0.1:52801 | tcp | |
| N/A | 127.0.0.1:52804 | tcp | |
| N/A | 127.0.0.1:52810 | tcp | |
| N/A | 127.0.0.1:52813 | tcp | |
| N/A | 127.0.0.1:52821 | tcp | |
| N/A | 127.0.0.1:52826 | tcp | |
| N/A | 127.0.0.1:52830 | tcp | |
| US | 8.8.8.8:53 | mdkwn.me | udp |
| N/A | 127.0.0.1:52852 | tcp | |
| N/A | 127.0.0.1:52862 | tcp | |
| N/A | 127.0.0.1:52865 | tcp | |
| N/A | 127.0.0.1:52868 | tcp | |
| N/A | 127.0.0.1:52885 | tcp | |
| N/A | 127.0.0.1:52887 | tcp | |
| N/A | 127.0.0.1:52891 | tcp | |
| N/A | 127.0.0.1:52896 | tcp | |
| N/A | 127.0.0.1:52898 | tcp | |
| N/A | 127.0.0.1:52900 | tcp | |
| N/A | 127.0.0.1:52903 | tcp | |
| N/A | 127.0.0.1:52909 | tcp | |
| N/A | 127.0.0.1:52912 | tcp | |
| N/A | 127.0.0.1:52915 | tcp | |
| N/A | 127.0.0.1:52917 | tcp | |
| N/A | 127.0.0.1:52920 | tcp | |
| N/A | 127.0.0.1:52922 | tcp | |
| N/A | 127.0.0.1:52924 | tcp | |
| US | 107.162.155.79:80 | ows01.hireright.com | tcp |
| US | 205.172.49.230:80 | cafe-cp.dcfs.la.gov | tcp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| N/A | 127.0.0.1:52928 | tcp | |
| N/A | 127.0.0.1:52933 | tcp | |
| N/A | 127.0.0.1:52937 | tcp | |
| N/A | 127.0.0.1:52941 | tcp | |
| N/A | 127.0.0.1:52945 | tcp | |
| N/A | 127.0.0.1:52949 | tcp | |
| N/A | 127.0.0.1:52951 | tcp | |
| N/A | 127.0.0.1:52963 | tcp | |
| N/A | 127.0.0.1:52965 | tcp | |
| N/A | 127.0.0.1:52967 | tcp | |
| N/A | 127.0.0.1:52969 | tcp | |
| N/A | 127.0.0.1:52975 | tcp | |
| N/A | 127.0.0.1:52977 | tcp | |
| N/A | 127.0.0.1:52979 | tcp | |
| N/A | 127.0.0.1:52990 | tcp | |
| N/A | 127.0.0.1:52992 | tcp | |
| N/A | 127.0.0.1:52997 | tcp | |
| N/A | 127.0.0.1:53007 | tcp | |
| N/A | 127.0.0.1:53010 | tcp | |
| N/A | 127.0.0.1:53016 | tcp | |
| N/A | 127.0.0.1:53020 | tcp | |
| N/A | 127.0.0.1:53024 | tcp | |
| N/A | 127.0.0.1:53030 | tcp | |
| N/A | 127.0.0.1:53038 | tcp | |
| N/A | 127.0.0.1:53044 | tcp | |
| N/A | 127.0.0.1:53050 | tcp | |
| N/A | 127.0.0.1:53052 | tcp | |
| N/A | 127.0.0.1:53054 | tcp | |
| N/A | 127.0.0.1:53071 | tcp | |
| N/A | 127.0.0.1:53076 | tcp | |
| N/A | 127.0.0.1:53078 | tcp | |
| N/A | 127.0.0.1:53085 | tcp | |
| N/A | 127.0.0.1:53089 | tcp | |
| US | 8.8.8.8:53 | accounts.nintendo.com | udp |
| US | 205.172.49.230:80 | cafe-cp.dcfs.la.gov | tcp |
| US | 8.8.8.8:53 | ftp.cp1.awardspace.net | udp |
| N/A | 127.0.0.1:53092 | tcp | |
| N/A | 127.0.0.1:53096 | tcp | |
| N/A | 127.0.0.1:53099 | tcp | |
| N/A | 127.0.0.1:53105 | tcp | |
| N/A | 127.0.0.1:53110 | tcp | |
| N/A | 127.0.0.1:53113 | tcp | |
| N/A | 127.0.0.1:53116 | tcp | |
| N/A | 127.0.0.1:53120 | tcp | |
| N/A | 127.0.0.1:53123 | tcp | |
| N/A | 127.0.0.1:53127 | tcp | |
| N/A | 127.0.0.1:53129 | tcp | |
| N/A | 127.0.0.1:53133 | tcp | |
| N/A | 127.0.0.1:53143 | tcp | |
| N/A | 127.0.0.1:53146 | tcp | |
| N/A | 127.0.0.1:53152 | tcp | |
| N/A | 127.0.0.1:53157 | tcp | |
| N/A | 127.0.0.1:53160 | tcp | |
| N/A | 127.0.0.1:53169 | tcp | |
| N/A | 127.0.0.1:53172 | tcp | |
| N/A | 127.0.0.1:18404 | tcp | |
| N/A | 127.0.0.1:53175 | tcp | |
| N/A | 127.0.0.1:53178 | tcp | |
| N/A | 127.0.0.1:53180 | tcp | |
| N/A | 127.0.0.1:53182 | tcp | |
| N/A | 127.0.0.1:53188 | tcp | |
| N/A | 127.0.0.1:53191 | tcp | |
| N/A | 127.0.0.1:53208 | tcp | |
| N/A | 127.0.0.1:53211 | tcp | |
| N/A | 127.0.0.1:53215 | tcp | |
| N/A | 127.0.0.1:53218 | tcp | |
| N/A | 127.0.0.1:53224 | tcp | |
| N/A | 127.0.0.1:53228 | tcp | |
| N/A | 127.0.0.1:53231 | tcp | |
| N/A | 127.0.0.1:53236 | tcp | |
| N/A | 127.0.0.1:53238 | tcp | |
| N/A | 127.0.0.1:53240 | tcp | |
| N/A | 127.0.0.1:53245 | tcp | |
| N/A | 127.0.0.1:53255 | tcp | |
| N/A | 127.0.0.1:53259 | tcp | |
| N/A | 127.0.0.1:53263 | tcp | |
| N/A | 127.0.0.1:53268 | tcp | |
| N/A | 127.0.0.1:53274 | tcp | |
| N/A | 127.0.0.1:53279 | tcp | |
| N/A | 127.0.0.1:53286 | tcp | |
| N/A | 127.0.0.1:53299 | tcp | |
| N/A | 127.0.0.1:53313 | tcp | |
| N/A | 127.0.0.1:53318 | tcp | |
| N/A | 127.0.0.1:53320 | tcp | |
| US | 8.8.8.8:53 | gasodomesticosdelsur.com | udp |
| US | 8.8.8.8:53 | jrchcm2022.onlineregistrationform.org | udp |
| US | 8.8.8.8:53 | mail.jrchcm2022.onlineregistrationform.org | udp |
| N/A | 127.0.0.1:53322 | tcp | |
| N/A | 127.0.0.1:53344 | tcp | |
| N/A | 127.0.0.1:53346 | tcp | |
| N/A | 127.0.0.1:53348 | tcp | |
| N/A | 127.0.0.1:53350 | tcp | |
| N/A | 127.0.0.1:53354 | tcp | |
| N/A | 127.0.0.1:53360 | tcp | |
| N/A | 127.0.0.1:53364 | tcp | |
| N/A | 127.0.0.1:53366 | tcp | |
| N/A | 127.0.0.1:53369 | tcp | |
| N/A | 127.0.0.1:53373 | tcp | |
| N/A | 127.0.0.1:53377 | tcp | |
| N/A | 127.0.0.1:53382 | tcp | |
| N/A | 127.0.0.1:53385 | tcp | |
| N/A | 127.0.0.1:53387 | tcp | |
| N/A | 127.0.0.1:53389 | tcp | |
| N/A | 127.0.0.1:53391 | tcp | |
| N/A | 127.0.0.1:53393 | tcp | |
| N/A | 127.0.0.1:53396 | tcp | |
| N/A | 127.0.0.1:53398 | tcp | |
| N/A | 127.0.0.1:53400 | tcp | |
| N/A | 127.0.0.1:53405 | tcp | |
| N/A | 127.0.0.1:53409 | tcp | |
| N/A | 127.0.0.1:53411 | tcp | |
| N/A | 127.0.0.1:53414 | tcp | |
| N/A | 127.0.0.1:53427 | tcp | |
| N/A | 127.0.0.1:53430 | tcp | |
| N/A | 127.0.0.1:53441 | tcp | |
| N/A | 127.0.0.1:53452 | tcp | |
| N/A | 127.0.0.1:53467 | tcp | |
| N/A | 127.0.0.1:53470 | tcp | |
| N/A | 127.0.0.1:53474 | tcp | |
| N/A | 127.0.0.1:53475 | tcp | |
| N/A | 127.0.0.1:53478 | tcp | |
| N/A | 127.0.0.1:53482 | tcp | |
| N/A | 127.0.0.1:53485 | tcp | |
| N/A | 127.0.0.1:53487 | tcp | |
| N/A | 127.0.0.1:53490 | tcp | |
| N/A | 127.0.0.1:53494 | tcp | |
| US | 8.8.8.8:53 | ssh.jrchcm2022.onlineregistrationform.org | udp |
| US | 8.8.8.8:53 | roed25-dk.mail.protection.outlook.com | udp |
| N/A | 127.0.0.1:53502 | tcp | |
| N/A | 127.0.0.1:53513 | tcp | |
| N/A | 127.0.0.1:53515 | tcp | |
| N/A | 127.0.0.1:53517 | tcp | |
| N/A | 127.0.0.1:53519 | tcp | |
| N/A | 127.0.0.1:53529 | tcp | |
| N/A | 127.0.0.1:53531 | tcp | |
| N/A | 127.0.0.1:53534 | tcp | |
| N/A | 127.0.0.1:53537 | tcp | |
| N/A | 127.0.0.1:53540 | tcp | |
| N/A | 127.0.0.1:53542 | tcp | |
| N/A | 127.0.0.1:53545 | tcp | |
| N/A | 127.0.0.1:53571 | tcp | |
| N/A | 127.0.0.1:53578 | tcp | |
| N/A | 127.0.0.1:53591 | tcp | |
| N/A | 127.0.0.1:53596 | tcp | |
| N/A | 127.0.0.1:53599 | tcp | |
| N/A | 127.0.0.1:53602 | tcp | |
| N/A | 127.0.0.1:53604 | tcp | |
| N/A | 127.0.0.1:53608 | tcp | |
| N/A | 127.0.0.1:53610 | tcp | |
| N/A | 127.0.0.1:53613 | tcp | |
| N/A | 127.0.0.1:53615 | tcp | |
| N/A | 127.0.0.1:53619 | tcp | |
| N/A | 127.0.0.1:53622 | tcp | |
| N/A | 127.0.0.1:53626 | tcp | |
| N/A | 127.0.0.1:53628 | tcp | |
| N/A | 127.0.0.1:53631 | tcp | |
| N/A | 127.0.0.1:53635 | tcp | |
| N/A | 127.0.0.1:53641 | tcp | |
| N/A | 127.0.0.1:53644 | tcp | |
| N/A | 127.0.0.1:53648 | tcp | |
| N/A | 127.0.0.1:53651 | tcp | |
| N/A | 127.0.0.1:53654 | tcp | |
| N/A | 127.0.0.1:53664 | tcp | |
| N/A | 127.0.0.1:53667 | tcp | |
| N/A | 127.0.0.1:53670 | tcp | |
| N/A | 127.0.0.1:53673 | tcp | |
| N/A | 127.0.0.1:53680 | tcp | |
| N/A | 127.0.0.1:53682 | tcp | |
| N/A | 127.0.0.1:53689 | tcp | |
| N/A | 127.0.0.1:53691 | tcp | |
| N/A | 127.0.0.1:53696 | tcp | |
| N/A | 127.0.0.1:53698 | tcp | |
| N/A | 127.0.0.1:53701 | tcp | |
| N/A | 127.0.0.1:53708 | tcp | |
| N/A | 127.0.0.1:53713 | tcp | |
| N/A | 127.0.0.1:53715 | tcp | |
| N/A | 127.0.0.1:53719 | tcp | |
| N/A | 127.0.0.1:53721 | tcp | |
| N/A | 127.0.0.1:53724 | tcp | |
| N/A | 127.0.0.1:53726 | tcp | |
| N/A | 127.0.0.1:53728 | tcp | |
| N/A | 127.0.0.1:53740 | tcp | |
| N/A | 127.0.0.1:53743 | tcp | |
| N/A | 127.0.0.1:53747 | tcp | |
| N/A | 127.0.0.1:53751 | tcp | |
| N/A | 127.0.0.1:53756 | tcp | |
| N/A | 127.0.0.1:53764 | tcp | |
| N/A | 127.0.0.1:53767 | tcp | |
| N/A | 127.0.0.1:53769 | tcp | |
| N/A | 127.0.0.1:53774 | tcp | |
| N/A | 127.0.0.1:53778 | tcp | |
| N/A | 127.0.0.1:53782 | tcp | |
| N/A | 127.0.0.1:53785 | tcp | |
| US | 8.8.8.8:53 | mdkwn.me | udp |
| US | 8.8.8.8:53 | escapefromtarkov.com | udp |
| US | 8.8.8.8:53 | park-mx.above.com | udp |
| US | 8.8.8.8:53 | 230.49.172.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.155.162.107.in-addr.arpa | udp |
| N/A | 127.0.0.1:53793 | tcp | |
| N/A | 127.0.0.1:53801 | tcp | |
| N/A | 127.0.0.1:53804 | tcp | |
| N/A | 127.0.0.1:53807 | tcp | |
| N/A | 127.0.0.1:53810 | tcp | |
| N/A | 127.0.0.1:53812 | tcp | |
| N/A | 127.0.0.1:53814 | tcp | |
| N/A | 127.0.0.1:53816 | tcp | |
| N/A | 127.0.0.1:53818 | tcp | |
| N/A | 127.0.0.1:53820 | tcp | |
| N/A | 127.0.0.1:53824 | tcp | |
| N/A | 127.0.0.1:53828 | tcp | |
| N/A | 127.0.0.1:53838 | tcp | |
| N/A | 127.0.0.1:53842 | tcp | |
| N/A | 127.0.0.1:53845 | tcp | |
| N/A | 127.0.0.1:53847 | tcp | |
| N/A | 127.0.0.1:53850 | tcp | |
| N/A | 127.0.0.1:53858 | tcp | |
| N/A | 127.0.0.1:53884 | tcp | |
| N/A | 127.0.0.1:53891 | tcp | |
| N/A | 127.0.0.1:53893 | tcp | |
| N/A | 127.0.0.1:53896 | tcp | |
| N/A | 127.0.0.1:53900 | tcp | |
| N/A | 127.0.0.1:53902 | tcp | |
| N/A | 127.0.0.1:53904 | tcp | |
| N/A | 127.0.0.1:53908 | tcp | |
| N/A | 127.0.0.1:53923 | tcp | |
| N/A | 127.0.0.1:53925 | tcp | |
| N/A | 127.0.0.1:53927 | tcp | |
| N/A | 127.0.0.1:53929 | tcp | |
| N/A | 127.0.0.1:53932 | tcp | |
| N/A | 127.0.0.1:53934 | tcp | |
| N/A | 127.0.0.1:53938 | tcp | |
| N/A | 127.0.0.1:53945 | tcp | |
| N/A | 127.0.0.1:53958 | tcp | |
| N/A | 127.0.0.1:53966 | tcp | |
| N/A | 127.0.0.1:53970 | tcp | |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| IN | 20.204.0.189:443 | admission.punjab.gov.in | tcp |
| US | 8.8.8.8:53 | accounts.nintendo.com | udp |
| N/A | 127.0.0.1:53973 | tcp | |
| N/A | 127.0.0.1:53975 | tcp | |
| N/A | 127.0.0.1:53977 | tcp | |
| N/A | 127.0.0.1:53980 | tcp | |
| N/A | 127.0.0.1:53983 | tcp | |
| N/A | 127.0.0.1:53985 | tcp | |
| N/A | 127.0.0.1:53990 | tcp | |
| N/A | 127.0.0.1:53993 | tcp | |
| N/A | 127.0.0.1:54009 | tcp | |
| N/A | 127.0.0.1:54014 | tcp | |
| N/A | 127.0.0.1:54016 | tcp | |
| N/A | 127.0.0.1:54018 | tcp | |
| N/A | 127.0.0.1:54022 | tcp | |
| N/A | 127.0.0.1:54025 | tcp | |
| N/A | 127.0.0.1:54030 | tcp | |
| N/A | 127.0.0.1:54047 | tcp | |
| N/A | 127.0.0.1:54050 | tcp | |
| N/A | 127.0.0.1:54054 | tcp | |
| N/A | 127.0.0.1:54068 | tcp | |
| N/A | 127.0.0.1:54073 | tcp | |
| N/A | 127.0.0.1:54075 | tcp | |
| N/A | 127.0.0.1:54077 | tcp | |
| N/A | 127.0.0.1:54081 | tcp | |
| N/A | 127.0.0.1:54091 | tcp | |
| N/A | 127.0.0.1:54095 | tcp | |
| N/A | 127.0.0.1:54098 | tcp | |
| N/A | 127.0.0.1:54110 | tcp | |
| N/A | 127.0.0.1:54118 | tcp | |
| N/A | 127.0.0.1:54123 | tcp | |
| N/A | 127.0.0.1:54126 | tcp | |
| N/A | 127.0.0.1:54128 | tcp | |
| N/A | 127.0.0.1:54130 | tcp | |
| N/A | 127.0.0.1:54132 | tcp | |
| N/A | 127.0.0.1:54136 | tcp | |
| N/A | 127.0.0.1:54144 | tcp | |
| N/A | 127.0.0.1:54146 | tcp | |
| N/A | 127.0.0.1:54150 | tcp | |
| N/A | 127.0.0.1:54153 | tcp | |
| N/A | 127.0.0.1:54156 | tcp | |
| N/A | 127.0.0.1:54158 | tcp | |
| N/A | 127.0.0.1:54160 | tcp | |
| N/A | 127.0.0.1:54162 | tcp | |
| N/A | 127.0.0.1:54169 | tcp | |
| N/A | 127.0.0.1:54171 | tcp | |
| N/A | 127.0.0.1:54173 | tcp | |
| N/A | 127.0.0.1:54175 | tcp | |
| N/A | 127.0.0.1:54178 | tcp | |
| N/A | 127.0.0.1:54180 | tcp | |
| N/A | 127.0.0.1:54186 | tcp | |
| N/A | 127.0.0.1:54188 | tcp | |
| N/A | 127.0.0.1:54195 | tcp | |
| DE | 23.197.7.84:443 | accounts.nintendo.com | tcp |
| US | 8.8.8.8:53 | gasodomesticosdelsur.com | udp |
| N/A | 127.0.0.1:54213 | tcp | |
| US | 172.67.27.86:443 | sproutgigs.com | tcp |
| N/A | 127.0.0.1:54219 | tcp | |
| N/A | 127.0.0.1:54223 | tcp | |
| N/A | 127.0.0.1:54225 | tcp | |
| N/A | 127.0.0.1:54236 | tcp | |
| N/A | 127.0.0.1:54238 | tcp | |
| N/A | 127.0.0.1:54246 | tcp | |
| N/A | 127.0.0.1:54255 | tcp | |
| N/A | 127.0.0.1:54257 | tcp | |
| N/A | 127.0.0.1:54263 | tcp | |
| N/A | 127.0.0.1:54266 | tcp | |
| N/A | 127.0.0.1:54268 | tcp | |
| N/A | 127.0.0.1:54271 | tcp | |
| N/A | 127.0.0.1:54276 | tcp | |
| N/A | 127.0.0.1:54284 | tcp | |
| N/A | 127.0.0.1:54286 | tcp | |
| N/A | 127.0.0.1:54290 | tcp | |
| N/A | 127.0.0.1:54292 | tcp | |
| N/A | 127.0.0.1:54301 | tcp | |
| N/A | 127.0.0.1:54303 | tcp | |
| N/A | 127.0.0.1:54306 | tcp | |
| N/A | 127.0.0.1:54311 | tcp | |
| N/A | 127.0.0.1:54316 | tcp | |
| N/A | 127.0.0.1:54319 | tcp | |
| N/A | 127.0.0.1:54322 | tcp | |
| N/A | 127.0.0.1:54324 | tcp | |
| N/A | 127.0.0.1:54326 | tcp | |
| N/A | 127.0.0.1:54330 | tcp | |
| N/A | 127.0.0.1:54332 | tcp | |
| N/A | 127.0.0.1:54336 | tcp | |
| N/A | 127.0.0.1:54339 | tcp | |
| N/A | 127.0.0.1:54342 | tcp | |
| N/A | 127.0.0.1:54349 | tcp | |
| N/A | 127.0.0.1:54351 | tcp | |
| N/A | 127.0.0.1:54355 | tcp | |
| N/A | 127.0.0.1:54362 | tcp | |
| N/A | 127.0.0.1:54365 | tcp | |
| N/A | 127.0.0.1:54367 | tcp | |
| N/A | 127.0.0.1:54369 | tcp | |
| N/A | 127.0.0.1:54399 | tcp | |
| N/A | 127.0.0.1:54406 | tcp | |
| N/A | 127.0.0.1:54408 | tcp | |
| N/A | 127.0.0.1:54410 | tcp | |
| N/A | 127.0.0.1:54416 | tcp | |
| N/A | 127.0.0.1:54418 | tcp | |
| N/A | 127.0.0.1:54422 | tcp | |
| N/A | 127.0.0.1:54434 | tcp | |
| N/A | 127.0.0.1:54437 | tcp | |
| N/A | 127.0.0.1:54441 | tcp | |
| N/A | 127.0.0.1:54444 | tcp | |
| N/A | 127.0.0.1:54446 | tcp | |
| N/A | 127.0.0.1:54448 | tcp | |
| N/A | 127.0.0.1:54450 | tcp | |
| N/A | 127.0.0.1:54457 | tcp | |
| N/A | 127.0.0.1:54461 | tcp | |
| N/A | 127.0.0.1:54464 | tcp | |
| N/A | 127.0.0.1:54466 | tcp | |
| N/A | 127.0.0.1:54471 | tcp | |
| N/A | 127.0.0.1:54475 | tcp | |
| N/A | 127.0.0.1:54477 | tcp | |
| N/A | 127.0.0.1:54479 | tcp | |
| N/A | 127.0.0.1:54481 | tcp | |
| N/A | 127.0.0.1:54487 | tcp | |
| N/A | 127.0.0.1:54489 | tcp | |
| N/A | 127.0.0.1:54496 | tcp | |
| N/A | 127.0.0.1:54504 | tcp | |
| N/A | 127.0.0.1:54515 | tcp | |
| N/A | 127.0.0.1:54531 | tcp | |
| N/A | 127.0.0.1:54535 | tcp | |
| N/A | 127.0.0.1:54537 | tcp | |
| N/A | 127.0.0.1:54539 | tcp | |
| N/A | 127.0.0.1:54547 | tcp | |
| N/A | 127.0.0.1:54550 | tcp | |
| N/A | 127.0.0.1:54553 | tcp | |
| N/A | 127.0.0.1:54555 | tcp | |
| N/A | 127.0.0.1:54557 | tcp | |
| N/A | 127.0.0.1:54559 | tcp | |
| N/A | 127.0.0.1:54561 | tcp | |
| N/A | 127.0.0.1:54563 | tcp | |
| N/A | 127.0.0.1:54565 | tcp | |
| N/A | 127.0.0.1:54573 | tcp | |
| N/A | 127.0.0.1:54577 | tcp | |
| N/A | 127.0.0.1:54579 | tcp | |
| N/A | 127.0.0.1:54581 | tcp | |
| N/A | 127.0.0.1:54583 | tcp | |
| N/A | 127.0.0.1:54586 | tcp | |
| N/A | 127.0.0.1:54588 | tcp | |
| N/A | 127.0.0.1:54592 | tcp | |
| N/A | 127.0.0.1:54596 | tcp | |
| N/A | 127.0.0.1:54607 | tcp | |
| N/A | 127.0.0.1:54622 | tcp | |
| N/A | 127.0.0.1:54631 | tcp | |
| N/A | 127.0.0.1:54639 | tcp | |
| N/A | 127.0.0.1:54641 | tcp | |
| N/A | 127.0.0.1:54643 | tcp | |
| N/A | 127.0.0.1:54645 | tcp | |
| N/A | 127.0.0.1:54649 | tcp | |
| N/A | 127.0.0.1:54655 | tcp | |
| N/A | 127.0.0.1:18404 | tcp | |
| N/A | 127.0.0.1:54667 | tcp | |
| N/A | 127.0.0.1:54673 | tcp | |
| N/A | 127.0.0.1:54676 | tcp | |
| N/A | 127.0.0.1:54680 | tcp | |
| N/A | 127.0.0.1:54683 | tcp | |
| N/A | 127.0.0.1:54688 | tcp | |
| N/A | 127.0.0.1:54696 | tcp | |
| N/A | 127.0.0.1:54699 | tcp | |
| N/A | 127.0.0.1:54701 | tcp | |
| N/A | 127.0.0.1:54704 | tcp | |
| N/A | 127.0.0.1:54708 | tcp | |
| N/A | 127.0.0.1:54711 | tcp | |
| N/A | 127.0.0.1:54715 | tcp | |
| N/A | 127.0.0.1:54717 | tcp | |
| N/A | 127.0.0.1:54721 | tcp | |
| N/A | 127.0.0.1:54726 | tcp | |
| N/A | 127.0.0.1:54732 | tcp | |
| N/A | 127.0.0.1:54734 | tcp | |
| N/A | 127.0.0.1:54736 | tcp | |
| N/A | 127.0.0.1:54739 | tcp | |
| N/A | 127.0.0.1:54742 | tcp | |
| N/A | 127.0.0.1:54752 | tcp | |
| N/A | 127.0.0.1:54755 | tcp | |
| N/A | 127.0.0.1:54757 | tcp | |
| N/A | 127.0.0.1:54759 | tcp | |
| N/A | 127.0.0.1:54761 | tcp | |
| N/A | 127.0.0.1:54763 | tcp | |
| N/A | 127.0.0.1:54765 | tcp | |
| N/A | 127.0.0.1:54769 | tcp | |
| N/A | 127.0.0.1:54780 | tcp | |
| N/A | 127.0.0.1:54784 | tcp | |
| N/A | 127.0.0.1:54786 | tcp | |
| N/A | 127.0.0.1:54788 | tcp | |
| N/A | 127.0.0.1:54790 | tcp | |
| N/A | 127.0.0.1:54792 | tcp | |
| N/A | 127.0.0.1:54827 | tcp | |
| N/A | 127.0.0.1:54833 | tcp | |
| N/A | 127.0.0.1:54837 | tcp | |
| N/A | 127.0.0.1:54839 | tcp | |
| N/A | 127.0.0.1:54842 | tcp | |
| N/A | 127.0.0.1:54850 | tcp | |
| N/A | 127.0.0.1:54853 | tcp | |
| N/A | 127.0.0.1:18404 | tcp | |
| N/A | 127.0.0.1:54858 | tcp | |
| N/A | 127.0.0.1:54865 | tcp | |
| N/A | 127.0.0.1:54869 | tcp | |
| N/A | 127.0.0.1:54872 | tcp | |
| N/A | 127.0.0.1:54888 | tcp | |
| N/A | 127.0.0.1:54893 | tcp | |
| N/A | 127.0.0.1:54896 | tcp | |
| N/A | 127.0.0.1:54900 | tcp | |
| N/A | 127.0.0.1:54905 | tcp | |
| N/A | 127.0.0.1:54923 | tcp | |
| N/A | 127.0.0.1:54931 | tcp | |
| N/A | 127.0.0.1:54934 | tcp | |
| N/A | 127.0.0.1:54936 | tcp | |
| N/A | 127.0.0.1:54940 | tcp | |
| N/A | 127.0.0.1:54942 | tcp | |
| N/A | 127.0.0.1:54944 | tcp | |
| N/A | 127.0.0.1:54947 | tcp | |
| N/A | 127.0.0.1:54949 | tcp | |
| N/A | 127.0.0.1:54952 | tcp | |
| N/A | 127.0.0.1:54954 | tcp | |
| N/A | 127.0.0.1:54956 | tcp | |
| N/A | 127.0.0.1:54958 | tcp | |
| N/A | 127.0.0.1:54960 | tcp | |
| N/A | 127.0.0.1:54965 | tcp | |
| N/A | 127.0.0.1:54970 | tcp | |
| N/A | 127.0.0.1:54977 | tcp | |
| N/A | 127.0.0.1:54979 | tcp | |
| N/A | 127.0.0.1:54981 | tcp | |
| N/A | 127.0.0.1:54983 | tcp | |
| N/A | 127.0.0.1:54985 | tcp | |
| N/A | 127.0.0.1:54987 | tcp | |
| N/A | 127.0.0.1:54989 | tcp | |
| N/A | 127.0.0.1:54991 | tcp | |
| N/A | 127.0.0.1:55006 | tcp | |
| N/A | 127.0.0.1:55011 | tcp | |
| N/A | 127.0.0.1:55027 | tcp | |
| N/A | 127.0.0.1:55029 | tcp | |
| N/A | 127.0.0.1:55032 | tcp | |
| N/A | 127.0.0.1:55038 | tcp | |
| N/A | 127.0.0.1:55042 | tcp | |
| N/A | 127.0.0.1:55045 | tcp | |
| N/A | 127.0.0.1:55058 | tcp | |
| US | 15.197.214.39:80 | eticket.railway.gov.bd | tcp |
| PL | 217.74.71.152:80 | konto-pocztowe.interia.pl | tcp |
| N/A | 127.0.0.1:55061 | tcp | |
| N/A | 127.0.0.1:55069 | tcp | |
| N/A | 127.0.0.1:55075 | tcp | |
| N/A | 127.0.0.1:55077 | tcp | |
| N/A | 127.0.0.1:55080 | tcp | |
| N/A | 127.0.0.1:55089 | tcp | |
| N/A | 127.0.0.1:55095 | tcp | |
| N/A | 127.0.0.1:55098 | tcp | |
| N/A | 127.0.0.1:55100 | tcp | |
| N/A | 127.0.0.1:55102 | tcp | |
| N/A | 127.0.0.1:55106 | tcp | |
| N/A | 127.0.0.1:55109 | tcp | |
| N/A | 127.0.0.1:55115 | tcp | |
| N/A | 127.0.0.1:55126 | tcp | |
| N/A | 127.0.0.1:55131 | tcp | |
| N/A | 127.0.0.1:55137 | tcp | |
| N/A | 127.0.0.1:55142 | tcp | |
| N/A | 127.0.0.1:55145 | tcp | |
| N/A | 127.0.0.1:55150 | tcp | |
| N/A | 127.0.0.1:55154 | tcp | |
| N/A | 127.0.0.1:55160 | tcp | |
| N/A | 127.0.0.1:55163 | tcp | |
| N/A | 127.0.0.1:55165 | tcp | |
| N/A | 127.0.0.1:55167 | tcp | |
| N/A | 127.0.0.1:55170 | tcp | |
| N/A | 127.0.0.1:55172 | tcp | |
| N/A | 127.0.0.1:55174 | tcp | |
| N/A | 127.0.0.1:55187 | tcp | |
| N/A | 127.0.0.1:55199 | tcp | |
| N/A | 127.0.0.1:18404 | tcp | |
| N/A | 127.0.0.1:55202 | tcp | |
| N/A | 127.0.0.1:55205 | tcp | |
| N/A | 127.0.0.1:55212 | tcp | |
| N/A | 127.0.0.1:55224 | tcp | |
| N/A | 127.0.0.1:55249 | tcp | |
| N/A | 127.0.0.1:55251 | tcp | |
| N/A | 127.0.0.1:55255 | tcp | |
| N/A | 127.0.0.1:55266 | tcp | |
| N/A | 127.0.0.1:55274 | tcp | |
| N/A | 127.0.0.1:55278 | tcp | |
| N/A | 127.0.0.1:55281 | tcp | |
| N/A | 127.0.0.1:55283 | tcp | |
| N/A | 127.0.0.1:55286 | tcp | |
| N/A | 127.0.0.1:55288 | tcp | |
| N/A | 127.0.0.1:55291 | tcp | |
| N/A | 127.0.0.1:55294 | tcp | |
| N/A | 127.0.0.1:55296 | tcp | |
| US | 8.8.8.8:53 | ows01.hireright.com | udp |
| US | 8.8.8.8:53 | escapefromtarkov.com | udp |
| US | 8.8.8.8:53 | ele.chaco.gob.ar | udp |
| N/A | 127.0.0.1:55303 | tcp | |
| N/A | 127.0.0.1:55305 | tcp | |
| N/A | 127.0.0.1:55308 | tcp | |
| N/A | 127.0.0.1:55311 | tcp | |
| N/A | 127.0.0.1:55315 | tcp | |
| N/A | 127.0.0.1:55318 | tcp | |
| N/A | 127.0.0.1:18404 | tcp | |
| N/A | 127.0.0.1:55323 | tcp | |
| N/A | 127.0.0.1:55327 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| N/A | 127.0.0.1:55331 | tcp | |
| N/A | 127.0.0.1:55342 | tcp | |
| N/A | 127.0.0.1:55348 | tcp | |
| N/A | 127.0.0.1:55363 | tcp | |
| N/A | 127.0.0.1:55366 | tcp | |
| N/A | 127.0.0.1:55374 | tcp | |
| N/A | 127.0.0.1:55376 | tcp | |
| N/A | 127.0.0.1:55380 | tcp | |
| N/A | 127.0.0.1:55382 | tcp | |
| N/A | 127.0.0.1:55384 | tcp | |
| N/A | 127.0.0.1:55386 | tcp | |
| N/A | 127.0.0.1:55388 | tcp | |
| N/A | 127.0.0.1:55392 | tcp | |
| N/A | 127.0.0.1:55394 | tcp | |
| N/A | 127.0.0.1:55396 | tcp | |
| N/A | 127.0.0.1:55401 | tcp | |
| N/A | 127.0.0.1:55405 | tcp | |
| N/A | 127.0.0.1:55407 | tcp | |
| N/A | 127.0.0.1:55410 | tcp | |
| N/A | 127.0.0.1:55412 | tcp | |
| N/A | 127.0.0.1:55414 | tcp | |
| N/A | 127.0.0.1:55416 | tcp | |
| N/A | 127.0.0.1:55418 | tcp | |
| N/A | 127.0.0.1:55429 | tcp | |
| N/A | 127.0.0.1:55435 | tcp | |
| N/A | 127.0.0.1:55442 | tcp | |
| N/A | 127.0.0.1:55444 | tcp | |
| N/A | 127.0.0.1:55446 | tcp | |
| N/A | 127.0.0.1:55448 | tcp | |
| N/A | 127.0.0.1:55450 | tcp | |
| N/A | 127.0.0.1:55452 | tcp | |
| N/A | 127.0.0.1:55458 | tcp | |
| N/A | 127.0.0.1:55461 | tcp | |
| N/A | 127.0.0.1:55463 | tcp | |
| N/A | 127.0.0.1:55465 | tcp | |
| N/A | 127.0.0.1:55468 | tcp | |
| N/A | 127.0.0.1:55472 | tcp | |
| N/A | 127.0.0.1:55474 | tcp | |
| N/A | 127.0.0.1:55477 | tcp | |
| N/A | 127.0.0.1:55479 | tcp | |
| N/A | 127.0.0.1:55481 | tcp | |
| N/A | 127.0.0.1:55483 | tcp | |
| N/A | 127.0.0.1:55487 | tcp | |
| N/A | 127.0.0.1:55493 | tcp | |
| N/A | 127.0.0.1:55505 | tcp | |
| N/A | 127.0.0.1:55508 | tcp | |
| N/A | 127.0.0.1:55511 | tcp | |
| N/A | 127.0.0.1:55513 | tcp | |
| N/A | 127.0.0.1:55514 | tcp | |
| N/A | 127.0.0.1:55517 | tcp | |
| N/A | 127.0.0.1:55519 | tcp | |
| N/A | 127.0.0.1:55521 | tcp | |
| N/A | 127.0.0.1:55523 | tcp | |
| N/A | 127.0.0.1:55527 | tcp | |
| N/A | 127.0.0.1:55538 | tcp | |
| N/A | 127.0.0.1:55541 | tcp | |
| N/A | 127.0.0.1:55544 | tcp | |
| N/A | 127.0.0.1:55543 | tcp | |
| N/A | 127.0.0.1:55550 | tcp | |
| N/A | 127.0.0.1:55554 | tcp | |
| N/A | 127.0.0.1:55557 | tcp | |
| N/A | 127.0.0.1:55562 | tcp | |
| N/A | 127.0.0.1:55564 | tcp | |
| N/A | 127.0.0.1:18404 | tcp | |
| N/A | 127.0.0.1:55567 | tcp | |
| N/A | 127.0.0.1:55575 | tcp | |
| N/A | 127.0.0.1:55578 | tcp | |
| N/A | 127.0.0.1:55580 | tcp | |
| N/A | 127.0.0.1:55581 | tcp | |
| N/A | 127.0.0.1:55584 | tcp | |
| N/A | 127.0.0.1:55586 | tcp | |
| N/A | 127.0.0.1:55588 | tcp | |
| N/A | 127.0.0.1:55590 | tcp | |
| N/A | 127.0.0.1:55603 | tcp | |
| N/A | 127.0.0.1:55605 | tcp | |
| N/A | 127.0.0.1:55609 | tcp | |
| N/A | 127.0.0.1:55611 | tcp | |
| N/A | 127.0.0.1:55615 | tcp | |
| N/A | 127.0.0.1:18404 | tcp | |
| N/A | 127.0.0.1:55629 | tcp | |
| N/A | 127.0.0.1:55642 | tcp | |
| N/A | 127.0.0.1:55655 | tcp | |
| N/A | 127.0.0.1:55660 | tcp | |
| N/A | 127.0.0.1:55662 | tcp | |
| N/A | 127.0.0.1:55670 | tcp | |
| N/A | 127.0.0.1:55674 | tcp | |
| N/A | 127.0.0.1:55677 | tcp | |
| N/A | 127.0.0.1:55681 | tcp | |
| N/A | 127.0.0.1:55687 | tcp | |
| N/A | 127.0.0.1:55692 | tcp | |
| N/A | 127.0.0.1:55695 | tcp | |
| N/A | 127.0.0.1:18404 | tcp | |
| N/A | 127.0.0.1:55699 | tcp | |
| N/A | 127.0.0.1:55707 | tcp | |
| N/A | 127.0.0.1:55710 | tcp | |
| N/A | 127.0.0.1:55714 | tcp | |
| N/A | 127.0.0.1:55719 | tcp | |
| N/A | 127.0.0.1:55725 | tcp | |
| N/A | 127.0.0.1:55729 | tcp | |
| N/A | 127.0.0.1:55731 | tcp | |
| N/A | 127.0.0.1:55735 | tcp | |
| N/A | 127.0.0.1:18404 | tcp | |
| N/A | 127.0.0.1:55740 | tcp | |
| N/A | 127.0.0.1:55744 | tcp | |
| N/A | 127.0.0.1:55748 | tcp | |
| N/A | 127.0.0.1:55751 | tcp | |
| N/A | 127.0.0.1:55755 | tcp | |
| N/A | 127.0.0.1:55765 | tcp | |
| N/A | 127.0.0.1:55769 | tcp | |
| US | 8.8.8.8:53 | web.facebook.com | udp |
| GB | 163.70.147.22:80 | web.facebook.com | tcp |
| N/A | 127.0.0.1:55772 | tcp | |
| US | 8.8.8.8:53 | esia.gosuslugi.ru | udp |
| BG | 185.176.40.130:80 | cp1.awardspace.net | tcp |
| DE | 185.70.42.42:443 | mail.protonmail.com | tcp |
| N/A | 127.0.0.1:55777 | tcp | |
| N/A | 127.0.0.1:55780 | tcp | |
| N/A | 127.0.0.1:55784 | tcp | |
| N/A | 127.0.0.1:55790 | tcp | |
| N/A | 127.0.0.1:55794 | tcp | |
| N/A | 127.0.0.1:55797 | tcp | |
| N/A | 127.0.0.1:55805 | tcp | |
| N/A | 127.0.0.1:55808 | tcp | |
| N/A | 127.0.0.1:55812 | tcp | |
| N/A | 127.0.0.1:55815 | tcp | |
| N/A | 127.0.0.1:55819 | tcp | |
| N/A | 127.0.0.1:55823 | tcp | |
| N/A | 127.0.0.1:55827 | tcp | |
| N/A | 127.0.0.1:55832 | tcp | |
| N/A | 127.0.0.1:55838 | tcp | |
| N/A | 127.0.0.1:55842 | tcp | |
| N/A | 127.0.0.1:55847 | tcp | |
| N/A | 127.0.0.1:55851 | tcp | |
| N/A | 127.0.0.1:18404 | tcp | |
| N/A | 127.0.0.1:55855 | tcp | |
| N/A | 127.0.0.1:55857 | tcp | |
| N/A | 127.0.0.1:55861 | tcp | |
| N/A | 127.0.0.1:55865 | tcp | |
| N/A | 127.0.0.1:55869 | tcp | |
| N/A | 127.0.0.1:55873 | tcp | |
| N/A | 127.0.0.1:55876 | tcp | |
| N/A | 127.0.0.1:55880 | tcp | |
| N/A | 127.0.0.1:55885 | tcp | |
| N/A | 127.0.0.1:55889 | tcp | |
| N/A | 127.0.0.1:55893 | tcp | |
| N/A | 127.0.0.1:55897 | tcp | |
| N/A | 127.0.0.1:55904 | tcp | |
| N/A | 127.0.0.1:55909 | tcp | |
| N/A | 127.0.0.1:55911 | tcp | |
| N/A | 127.0.0.1:55915 | tcp | |
| US | 103.224.212.212:80 | cobracolumnone.com | tcp |
| US | 8.8.8.8:53 | pay.skrill.com | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| N/A | 127.0.0.1:55923 | tcp | |
| N/A | 127.0.0.1:55926 | tcp | |
| N/A | 127.0.0.1:55929 | tcp | |
| N/A | 127.0.0.1:55935 | tcp | |
| N/A | 127.0.0.1:55939 | tcp | |
| N/A | 127.0.0.1:55943 | tcp | |
| N/A | 127.0.0.1:55952 | tcp | |
| N/A | 127.0.0.1:55954 | tcp | |
| N/A | 127.0.0.1:55957 | tcp | |
| N/A | 127.0.0.1:55960 | tcp | |
| N/A | 127.0.0.1:55965 | tcp | |
| N/A | 127.0.0.1:55971 | tcp | |
| N/A | 127.0.0.1:55975 | tcp | |
| N/A | 127.0.0.1:55977 | tcp | |
| N/A | 127.0.0.1:55981 | tcp | |
| N/A | 127.0.0.1:55988 | tcp | |
| N/A | 127.0.0.1:55990 | tcp | |
| N/A | 127.0.0.1:55994 | tcp | |
| N/A | 127.0.0.1:55997 | tcp | |
| N/A | 127.0.0.1:56007 | tcp | |
| N/A | 127.0.0.1:56010 | tcp | |
| N/A | 127.0.0.1:56014 | tcp | |
| N/A | 127.0.0.1:56019 | tcp | |
| N/A | 127.0.0.1:56020 | tcp | |
| N/A | 127.0.0.1:56025 | tcp | |
| N/A | 127.0.0.1:56028 | tcp | |
| N/A | 127.0.0.1:56032 | tcp | |
| N/A | 127.0.0.1:56036 | tcp | |
| N/A | 127.0.0.1:56044 | tcp | |
| N/A | 127.0.0.1:56048 | tcp | |
| N/A | 127.0.0.1:56049 | tcp | |
| N/A | 127.0.0.1:56058 | tcp | |
| N/A | 127.0.0.1:56060 | tcp | |
| N/A | 127.0.0.1:56062 | tcp | |
| N/A | 127.0.0.1:56067 | tcp | |
| N/A | 127.0.0.1:56072 | tcp | |
| N/A | 127.0.0.1:56077 | tcp | |
| N/A | 127.0.0.1:56080 | tcp | |
| N/A | 127.0.0.1:56085 | tcp | |
| N/A | 127.0.0.1:56093 | tcp | |
| N/A | 127.0.0.1:56095 | tcp | |
| N/A | 127.0.0.1:56100 | tcp | |
| N/A | 127.0.0.1:56106 | tcp | |
| N/A | 127.0.0.1:56108 | tcp | |
| N/A | 127.0.0.1:56113 | tcp | |
| N/A | 127.0.0.1:56116 | tcp | |
| N/A | 127.0.0.1:56119 | tcp | |
| N/A | 127.0.0.1:56122 | tcp | |
| N/A | 127.0.0.1:56124 | tcp | |
| N/A | 127.0.0.1:56132 | tcp | |
| N/A | 127.0.0.1:56138 | tcp | |
| N/A | 127.0.0.1:56146 | tcp | |
| N/A | 127.0.0.1:56149 | tcp | |
| N/A | 127.0.0.1:56152 | tcp | |
| N/A | 127.0.0.1:56155 | tcp | |
| N/A | 127.0.0.1:56159 | tcp | |
| N/A | 127.0.0.1:56167 | tcp | |
| N/A | 127.0.0.1:56171 | tcp | |
| N/A | 127.0.0.1:56173 | tcp | |
| N/A | 127.0.0.1:56176 | tcp | |
| N/A | 127.0.0.1:56182 | tcp | |
| N/A | 127.0.0.1:56184 | tcp | |
| N/A | 127.0.0.1:56186 | tcp | |
| N/A | 127.0.0.1:56191 | tcp | |
| N/A | 127.0.0.1:56195 | tcp | |
| N/A | 127.0.0.1:56197 | tcp | |
| US | 8.8.8.8:53 | ftp.jrchcm2022.onlineregistrationform.org | udp |
| US | 8.8.8.8:53 | ftp.gasodomesticosdelsur.com | udp |
| US | 8.8.8.8:53 | gasodomesticosdelsur.com | udp |
| US | 8.8.8.8:53 | esia.gosuslugi.ru | udp |
| US | 8.8.8.8:53 | mail.jrchcm2022.onlineregistrationform.org | udp |
| N/A | 127.0.0.1:56209 | tcp | |
| N/A | 127.0.0.1:56212 | tcp | |
| N/A | 127.0.0.1:56215 | tcp | |
| N/A | 127.0.0.1:18404 | tcp | |
| N/A | 127.0.0.1:56222 | tcp | |
| N/A | 127.0.0.1:56224 | tcp | |
| N/A | 127.0.0.1:56229 | tcp | |
| N/A | 127.0.0.1:56233 | tcp | |
| N/A | 127.0.0.1:56235 | tcp | |
| N/A | 127.0.0.1:56239 | tcp | |
| N/A | 127.0.0.1:56246 | tcp | |
| N/A | 127.0.0.1:56250 | tcp | |
| N/A | 127.0.0.1:56253 | tcp | |
| N/A | 127.0.0.1:56256 | tcp | |
| N/A | 127.0.0.1:56266 | tcp | |
| N/A | 127.0.0.1:56269 | tcp | |
| N/A | 127.0.0.1:56271 | tcp | |
| N/A | 127.0.0.1:56278 | tcp | |
| N/A | 127.0.0.1:56283 | tcp | |
| N/A | 127.0.0.1:56286 | tcp | |
| N/A | 127.0.0.1:56289 | tcp | |
| N/A | 127.0.0.1:56293 | tcp | |
| N/A | 127.0.0.1:56297 | tcp | |
| N/A | 127.0.0.1:56303 | tcp | |
| N/A | 127.0.0.1:56306 | tcp | |
| N/A | 127.0.0.1:56309 | tcp | |
| N/A | 127.0.0.1:56315 | tcp | |
| N/A | 127.0.0.1:56322 | tcp | |
| N/A | 127.0.0.1:56324 | tcp | |
| N/A | 127.0.0.1:56329 | tcp | |
| N/A | 127.0.0.1:56337 | tcp | |
| N/A | 127.0.0.1:56339 | tcp | |
| N/A | 127.0.0.1:56342 | tcp | |
| N/A | 127.0.0.1:56345 | tcp | |
| N/A | 127.0.0.1:56351 | tcp | |
| N/A | 127.0.0.1:56359 | tcp | |
| N/A | 127.0.0.1:56362 | tcp | |
| N/A | 127.0.0.1:56364 | tcp | |
| N/A | 127.0.0.1:56372 | tcp | |
| N/A | 127.0.0.1:56374 | tcp | |
| N/A | 127.0.0.1:56378 | tcp | |
| N/A | 127.0.0.1:56381 | tcp | |
| N/A | 127.0.0.1:56385 | tcp | |
| N/A | 127.0.0.1:56389 | tcp | |
| N/A | 127.0.0.1:56394 | tcp | |
| N/A | 127.0.0.1:56397 | tcp | |
| N/A | 127.0.0.1:56401 | tcp | |
| N/A | 127.0.0.1:56410 | tcp | |
| N/A | 127.0.0.1:56415 | tcp | |
| N/A | 127.0.0.1:56417 | tcp | |
| N/A | 127.0.0.1:56420 | tcp | |
| N/A | 127.0.0.1:56425 | tcp | |
| N/A | 127.0.0.1:56428 | tcp | |
| N/A | 127.0.0.1:56435 | tcp | |
| N/A | 127.0.0.1:56443 | tcp | |
| N/A | 127.0.0.1:56445 | tcp | |
| N/A | 127.0.0.1:56449 | tcp | |
| N/A | 127.0.0.1:56452 | tcp | |
| N/A | 127.0.0.1:56455 | tcp | |
| N/A | 127.0.0.1:56461 | tcp | |
| N/A | 127.0.0.1:56465 | tcp | |
| N/A | 127.0.0.1:56468 | tcp | |
| N/A | 127.0.0.1:56471 | tcp | |
| N/A | 127.0.0.1:56475 | tcp | |
| N/A | 127.0.0.1:56477 | tcp | |
| N/A | 127.0.0.1:56479 | tcp | |
| N/A | 127.0.0.1:56488 | tcp | |
| N/A | 127.0.0.1:56492 | tcp | |
| N/A | 127.0.0.1:56497 | tcp | |
| N/A | 127.0.0.1:56500 | tcp | |
| N/A | 127.0.0.1:56503 | tcp | |
| N/A | 127.0.0.1:56509 | tcp | |
| N/A | 127.0.0.1:56517 | tcp | |
| N/A | 127.0.0.1:56519 | tcp | |
| N/A | 127.0.0.1:56521 | tcp | |
| N/A | 127.0.0.1:56527 | tcp | |
| N/A | 127.0.0.1:56534 | tcp | |
| N/A | 127.0.0.1:56538 | tcp | |
| N/A | 127.0.0.1:56541 | tcp | |
| N/A | 127.0.0.1:56547 | tcp | |
| N/A | 127.0.0.1:56550 | tcp | |
| N/A | 127.0.0.1:56553 | tcp | |
| N/A | 127.0.0.1:56558 | tcp | |
| N/A | 127.0.0.1:56567 | tcp | |
| N/A | 127.0.0.1:56570 | tcp | |
| N/A | 127.0.0.1:56573 | tcp | |
| ID | 118.98.166.195:80 | epak.gtk.kemdikbud.go.id | tcp |
| US | 162.214.96.139:80 | mail.edit.duplexplay.com | tcp |
| US | 8.8.8.8:53 | 22.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ele.chaco.gob.ar | udp |
| US | 8.8.8.8:53 | m.facebook.com | udp |
| FR | 212.83.152.79:80 | www.eklablog.com | tcp |
| US | 8.8.8.8:53 | ewaybill.nic.in | udp |
| US | 8.8.8.8:53 | mail.mysalam.com.my | udp |
| MY | 175.143.36.22:80 | mysalam.com.my | tcp |
| N/A | 127.0.0.1:56576 | tcp | |
| N/A | 127.0.0.1:56583 | tcp | |
| N/A | 127.0.0.1:56585 | tcp | |
| N/A | 127.0.0.1:56591 | tcp | |
| N/A | 127.0.0.1:56594 | tcp | |
| N/A | 127.0.0.1:56596 | tcp | |
| N/A | 127.0.0.1:56601 | tcp | |
| N/A | 127.0.0.1:56605 | tcp | |
| N/A | 127.0.0.1:56610 | tcp | |
| N/A | 127.0.0.1:56614 | tcp | |
| N/A | 127.0.0.1:56621 | tcp | |
| N/A | 127.0.0.1:56625 | tcp | |
| N/A | 127.0.0.1:56628 | tcp | |
| N/A | 127.0.0.1:56635 | tcp | |
| N/A | 127.0.0.1:56639 | tcp | |
| N/A | 127.0.0.1:56643 | tcp | |
| N/A | 127.0.0.1:56648 | tcp | |
| N/A | 127.0.0.1:56652 | tcp | |
| N/A | 127.0.0.1:56654 | tcp | |
| N/A | 127.0.0.1:56665 | tcp | |
| N/A | 127.0.0.1:56668 | tcp | |
| N/A | 127.0.0.1:56673 | tcp | |
| N/A | 127.0.0.1:56678 | tcp | |
| N/A | 127.0.0.1:56683 | tcp | |
| N/A | 127.0.0.1:56690 | tcp | |
| N/A | 127.0.0.1:56692 | tcp | |
| N/A | 127.0.0.1:56694 | tcp | |
| N/A | 127.0.0.1:56697 | tcp | |
| N/A | 127.0.0.1:56700 | tcp | |
| N/A | 127.0.0.1:56704 | tcp | |
| N/A | 127.0.0.1:56713 | tcp | |
| N/A | 127.0.0.1:56718 | tcp | |
| N/A | 127.0.0.1:56723 | tcp | |
| N/A | 127.0.0.1:56725 | tcp | |
| N/A | 127.0.0.1:56728 | tcp | |
| N/A | 127.0.0.1:56738 | tcp | |
| N/A | 127.0.0.1:56741 | tcp | |
| N/A | 127.0.0.1:56748 | tcp | |
| N/A | 127.0.0.1:56751 | tcp | |
| N/A | 127.0.0.1:56755 | tcp | |
| N/A | 127.0.0.1:56758 | tcp | |
| N/A | 127.0.0.1:56762 | tcp | |
| N/A | 127.0.0.1:56769 | tcp | |
| N/A | 127.0.0.1:56773 | tcp | |
| N/A | 127.0.0.1:56776 | tcp | |
| N/A | 127.0.0.1:56780 | tcp | |
| N/A | 127.0.0.1:56786 | tcp | |
| N/A | 127.0.0.1:56790 | tcp | |
| N/A | 127.0.0.1:56793 | tcp | |
| N/A | 127.0.0.1:56796 | tcp | |
| N/A | 127.0.0.1:56798 | tcp | |
| N/A | 127.0.0.1:56811 | tcp | |
| N/A | 127.0.0.1:56814 | tcp | |
| N/A | 127.0.0.1:56817 | tcp | |
| N/A | 127.0.0.1:56825 | tcp | |
| N/A | 127.0.0.1:56827 | tcp | |
| N/A | 127.0.0.1:56829 | tcp | |
| N/A | 127.0.0.1:56833 | tcp | |
| N/A | 127.0.0.1:56836 | tcp | |
| N/A | 127.0.0.1:56838 | tcp | |
| N/A | 127.0.0.1:56841 | tcp | |
| N/A | 127.0.0.1:56854 | tcp | |
| N/A | 127.0.0.1:56857 | tcp | |
| N/A | 127.0.0.1:56859 | tcp | |
| N/A | 127.0.0.1:56863 | tcp | |
| N/A | 127.0.0.1:56868 | tcp | |
| N/A | 127.0.0.1:56871 | tcp | |
| N/A | 127.0.0.1:56875 | tcp | |
| N/A | 127.0.0.1:56883 | tcp | |
| N/A | 127.0.0.1:56885 | tcp | |
| N/A | 127.0.0.1:56890 | tcp | |
| N/A | 127.0.0.1:56895 | tcp | |
| N/A | 127.0.0.1:56900 | tcp | |
| N/A | 127.0.0.1:56904 | tcp | |
| N/A | 127.0.0.1:56909 | tcp | |
| N/A | 127.0.0.1:56913 | tcp | |
| N/A | 127.0.0.1:56917 | tcp | |
| N/A | 127.0.0.1:56923 | tcp | |
| N/A | 127.0.0.1:56928 | tcp | |
| N/A | 127.0.0.1:56931 | tcp | |
| N/A | 127.0.0.1:56934 | tcp | |
| N/A | 127.0.0.1:56937 | tcp | |
| N/A | 127.0.0.1:56951 | tcp | |
| N/A | 127.0.0.1:56953 | tcp | |
| N/A | 127.0.0.1:56957 | tcp | |
| N/A | 127.0.0.1:56962 | tcp | |
| N/A | 127.0.0.1:56966 | tcp | |
| N/A | 127.0.0.1:56969 | tcp | |
| N/A | 127.0.0.1:56971 | tcp | |
| N/A | 127.0.0.1:56974 | tcp | |
| N/A | 127.0.0.1:56978 | tcp | |
| N/A | 127.0.0.1:56988 | tcp | |
| N/A | 127.0.0.1:56992 | tcp | |
| N/A | 127.0.0.1:56996 | tcp | |
| N/A | 127.0.0.1:57001 | tcp | |
| US | 8.8.8.8:53 | ftp.picoworkers.com | udp |
| US | 8.8.8.8:53 | dsmanila.aralinks.net | udp |
| CL | 200.89.78.253:80 | auth.demre.cl | tcp |
| US | 8.8.8.8:53 | ftp.konto-pocztowe.interia.pl | udp |
| PL | 79.133.196.140:80 | moj.cosinus.pl | tcp |
| TR | 95.0.196.40:80 | mebbisyd.meb.gov.tr | tcp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | ssh.cp1.awardspace.net | udp |
| US | 8.8.8.8:53 | ftp.sribulancer.com | udp |
| US | 8.8.8.8:53 | minhaconta.levelupgames.com.br | udp |
| US | 8.8.8.8:53 | t.me | udp |
| SE | 185.134.15.215:80 | www.roed25.dk | tcp |
| US | 8.8.8.8:53 | ewaybill.nic.in | udp |
| N/A | 127.0.0.1:57005 | tcp | |
| N/A | 127.0.0.1:57008 | tcp | |
| N/A | 127.0.0.1:57011 | tcp | |
| N/A | 127.0.0.1:57020 | tcp | |
| N/A | 127.0.0.1:57024 | tcp | |
| N/A | 127.0.0.1:57027 | tcp | |
| N/A | 127.0.0.1:57030 | tcp | |
| N/A | 127.0.0.1:57034 | tcp | |
| N/A | 127.0.0.1:57040 | tcp | |
| N/A | 127.0.0.1:57043 | tcp | |
| N/A | 127.0.0.1:57051 | tcp | |
| N/A | 127.0.0.1:57056 | tcp | |
| N/A | 127.0.0.1:57059 | tcp | |
| N/A | 127.0.0.1:57062 | tcp | |
| N/A | 127.0.0.1:57066 | tcp | |
| N/A | 127.0.0.1:57071 | tcp | |
| N/A | 127.0.0.1:57074 | tcp | |
| N/A | 127.0.0.1:57077 | tcp | |
| N/A | 127.0.0.1:57080 | tcp | |
| N/A | 127.0.0.1:57083 | tcp | |
| N/A | 127.0.0.1:57093 | tcp | |
| N/A | 127.0.0.1:57097 | tcp | |
| N/A | 127.0.0.1:57099 | tcp | |
| N/A | 127.0.0.1:57102 | tcp | |
| N/A | 127.0.0.1:57108 | tcp | |
| N/A | 127.0.0.1:57112 | tcp | |
| US | 8.8.8.8:53 | ftp.mebbisyd.meb.gov.tr | udp |
| US | 8.8.8.8:53 | 8.254.59.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ftp.mail.protonmail.com | udp |
| US | 8.8.8.8:53 | ftp.minhaconta.levelupgames.com.br | udp |
| MX | 187.210.130.91:80 | sistemas.udo.mx | tcp |
| US | 8.8.8.8:53 | mail.mail.protonmail.com | udp |
| US | 8.8.8.8:53 | ftp.roed25.dk | udp |
| N/A | 127.0.0.1:57116 | tcp | |
| N/A | 127.0.0.1:57118 | tcp | |
| N/A | 127.0.0.1:57129 | tcp | |
| N/A | 127.0.0.1:57132 | tcp | |
| N/A | 127.0.0.1:57137 | tcp | |
| N/A | 127.0.0.1:57139 | tcp | |
| N/A | 127.0.0.1:57143 | tcp | |
| N/A | 127.0.0.1:57148 | tcp | |
| N/A | 127.0.0.1:57152 | tcp | |
| N/A | 127.0.0.1:57155 | tcp | |
| N/A | 127.0.0.1:57160 | tcp | |
| N/A | 127.0.0.1:57163 | tcp | |
| N/A | 127.0.0.1:57166 | tcp | |
| N/A | 127.0.0.1:57174 | tcp | |
| N/A | 127.0.0.1:57180 | tcp | |
| N/A | 127.0.0.1:57183 | tcp | |
| N/A | 127.0.0.1:57188 | tcp | |
| N/A | 127.0.0.1:57194 | tcp | |
| N/A | 127.0.0.1:57197 | tcp | |
| N/A | 127.0.0.1:57200 | tcp | |
| N/A | 127.0.0.1:57204 | tcp | |
| N/A | 127.0.0.1:57212 | tcp | |
| N/A | 127.0.0.1:57215 | tcp | |
| N/A | 127.0.0.1:57219 | tcp | |
| N/A | 127.0.0.1:18404 | tcp | |
| N/A | 127.0.0.1:57226 | tcp | |
| N/A | 127.0.0.1:57228 | tcp | |
| N/A | 127.0.0.1:57232 | tcp | |
| N/A | 127.0.0.1:57236 | tcp | |
| N/A | 127.0.0.1:57239 | tcp | |
| N/A | 127.0.0.1:57247 | tcp | |
| N/A | 127.0.0.1:57250 | tcp | |
| N/A | 127.0.0.1:57253 | tcp | |
| N/A | 127.0.0.1:57258 | tcp | |
| N/A | 127.0.0.1:57261 | tcp | |
| N/A | 127.0.0.1:57265 | tcp | |
| N/A | 127.0.0.1:57268 | tcp | |
| N/A | 127.0.0.1:57270 | tcp | |
| N/A | 127.0.0.1:57272 | tcp | |
| N/A | 127.0.0.1:57279 | tcp | |
| N/A | 127.0.0.1:57284 | tcp | |
| N/A | 127.0.0.1:57292 | tcp | |
| N/A | 127.0.0.1:57295 | tcp | |
| N/A | 127.0.0.1:57298 | tcp | |
| N/A | 127.0.0.1:57301 | tcp | |
| N/A | 127.0.0.1:57305 | tcp | |
| N/A | 127.0.0.1:57309 | tcp | |
| N/A | 127.0.0.1:57316 | tcp | |
| N/A | 127.0.0.1:57320 | tcp | |
| N/A | 127.0.0.1:57323 | tcp | |
| N/A | 127.0.0.1:57325 | tcp | |
| N/A | 127.0.0.1:57329 | tcp | |
| N/A | 127.0.0.1:57334 | tcp | |
| N/A | 127.0.0.1:57341 | tcp | |
| US | 8.8.8.8:53 | t.me | udp |
| US | 8.8.8.8:53 | accounts.spotify.com | udp |
| RU | 213.59.253.8:80 | esia.gosuslugi.ru | tcp |
| GB | 23.214.154.77:80 | help.steampowered.com | tcp |
| US | 8.8.8.8:53 | accounts.spotify.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | ubuntuthemes.org | udp |
| US | 8.8.8.8:53 | ubuntuthemes.org | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| N/A | 127.0.0.1:57344 | tcp | |
| N/A | 127.0.0.1:57351 | tcp | |
| N/A | 127.0.0.1:57354 | tcp | |
| N/A | 127.0.0.1:57358 | tcp | |
| N/A | 127.0.0.1:57363 | tcp | |
| N/A | 127.0.0.1:57366 | tcp | |
| N/A | 127.0.0.1:57370 | tcp | |
| N/A | 127.0.0.1:57374 | tcp | |
| N/A | 127.0.0.1:57380 | tcp | |
| N/A | 127.0.0.1:57384 | tcp | |
| N/A | 127.0.0.1:57388 | tcp | |
| N/A | 127.0.0.1:57392 | tcp | |
| N/A | 127.0.0.1:57397 | tcp | |
| N/A | 127.0.0.1:57399 | tcp | |
| N/A | 127.0.0.1:57403 | tcp | |
| N/A | 127.0.0.1:57407 | tcp | |
| N/A | 127.0.0.1:57412 | tcp | |
| N/A | 127.0.0.1:57416 | tcp | |
| N/A | 127.0.0.1:57419 | tcp | |
| N/A | 127.0.0.1:57429 | tcp | |
| N/A | 127.0.0.1:57433 | tcp | |
| N/A | 127.0.0.1:57435 | tcp | |
| N/A | 127.0.0.1:57437 | tcp | |
| US | 8.8.8.8:53 | oadmoney.club | udp |
| US | 8.8.8.8:53 | authenticate2.navient.com | udp |
| US | 8.8.8.8:53 | oadmoney.club | udp |
| US | 8.8.8.8:53 | authenticate2.navient.com | udp |
| US | 8.8.8.8:53 | reg.msu.ac.th | udp |
| US | 8.8.8.8:53 | reg.msu.ac.th | udp |
| US | 8.8.8.8:53 | elaynebeauty.com.br | udp |
| US | 8.8.8.8:53 | elaynebeauty.com.br | udp |
| US | 8.8.8.8:53 | idm.netcombo.com.br | udp |
| N/A | 127.0.0.1:57442 | tcp | |
| N/A | 127.0.0.1:57445 | tcp | |
| N/A | 127.0.0.1:57447 | tcp | |
| N/A | 127.0.0.1:57452 | tcp | |
| N/A | 127.0.0.1:57458 | tcp | |
| N/A | 127.0.0.1:57461 | tcp | |
| N/A | 127.0.0.1:57469 | tcp | |
| N/A | 127.0.0.1:57472 | tcp | |
| N/A | 127.0.0.1:57477 | tcp | |
| N/A | 127.0.0.1:57483 | tcp | |
| N/A | 127.0.0.1:57485 | tcp | |
| N/A | 127.0.0.1:57491 | tcp | |
| N/A | 127.0.0.1:57494 | tcp | |
| N/A | 127.0.0.1:57499 | tcp | |
| N/A | 127.0.0.1:57502 | tcp | |
| N/A | 127.0.0.1:57504 | tcp | |
| N/A | 127.0.0.1:57509 | tcp | |
| N/A | 127.0.0.1:57511 | tcp | |
| N/A | 127.0.0.1:57518 | tcp | |
| N/A | 127.0.0.1:57522 | tcp | |
| N/A | 127.0.0.1:57524 | tcp | |
| N/A | 127.0.0.1:57531 | tcp | |
| N/A | 127.0.0.1:57533 | tcp | |
| N/A | 127.0.0.1:57540 | tcp | |
| N/A | 127.0.0.1:57543 | tcp | |
| N/A | 127.0.0.1:57547 | tcp | |
| N/A | 127.0.0.1:57552 | tcp | |
| N/A | 127.0.0.1:57556 | tcp | |
| N/A | 127.0.0.1:57559 | tcp | |
| N/A | 127.0.0.1:57563 | tcp | |
| N/A | 127.0.0.1:57566 | tcp | |
| N/A | 127.0.0.1:57570 | tcp | |
| N/A | 127.0.0.1:57573 | tcp | |
| N/A | 127.0.0.1:57576 | tcp | |
| N/A | 127.0.0.1:57582 | tcp | |
| N/A | 127.0.0.1:57585 | tcp | |
| N/A | 127.0.0.1:57588 | tcp | |
| N/A | 127.0.0.1:57592 | tcp | |
| N/A | 127.0.0.1:57597 | tcp | |
| N/A | 127.0.0.1:57601 | tcp | |
| N/A | 127.0.0.1:57608 | tcp | |
| N/A | 127.0.0.1:57612 | tcp | |
| N/A | 127.0.0.1:57616 | tcp | |
| N/A | 127.0.0.1:57621 | tcp | |
| N/A | 127.0.0.1:57624 | tcp | |
| N/A | 127.0.0.1:57629 | tcp | |
| N/A | 127.0.0.1:57631 | tcp | |
| N/A | 127.0.0.1:57638 | tcp | |
| N/A | 127.0.0.1:57641 | tcp | |
| N/A | 127.0.0.1:57648 | tcp | |
| N/A | 127.0.0.1:57651 | tcp | |
| N/A | 127.0.0.1:57654 | tcp | |
| N/A | 127.0.0.1:57658 | tcp | |
| N/A | 127.0.0.1:57662 | tcp | |
| N/A | 127.0.0.1:57665 | tcp | |
| N/A | 127.0.0.1:57671 | tcp | |
| N/A | 127.0.0.1:57675 | tcp | |
| N/A | 127.0.0.1:57681 | tcp | |
| N/A | 127.0.0.1:57687 | tcp | |
| N/A | 127.0.0.1:57689 | tcp | |
| N/A | 127.0.0.1:57692 | tcp | |
| N/A | 127.0.0.1:57697 | tcp | |
| N/A | 127.0.0.1:57702 | tcp | |
| N/A | 127.0.0.1:57705 | tcp | |
| N/A | 127.0.0.1:57711 | tcp | |
| N/A | 127.0.0.1:57713 | tcp | |
| N/A | 127.0.0.1:57719 | tcp | |
| N/A | 127.0.0.1:57722 | tcp | |
| N/A | 127.0.0.1:57725 | tcp | |
| N/A | 127.0.0.1:57729 | tcp | |
| N/A | 127.0.0.1:57732 | tcp | |
| N/A | 127.0.0.1:57740 | tcp | |
| N/A | 127.0.0.1:57746 | tcp | |
| N/A | 127.0.0.1:57749 | tcp | |
| N/A | 127.0.0.1:57751 | tcp | |
| N/A | 127.0.0.1:57753 | tcp | |
| N/A | 127.0.0.1:57756 | tcp | |
| N/A | 127.0.0.1:57764 | tcp | |
| N/A | 127.0.0.1:57768 | tcp | |
| N/A | 127.0.0.1:57770 | tcp | |
| N/A | 127.0.0.1:57775 | tcp | |
| N/A | 127.0.0.1:57778 | tcp | |
| N/A | 127.0.0.1:57781 | tcp | |
| N/A | 127.0.0.1:57785 | tcp | |
| N/A | 127.0.0.1:57788 | tcp | |
| N/A | 127.0.0.1:57791 | tcp | |
| N/A | 127.0.0.1:57794 | tcp | |
| N/A | 127.0.0.1:57804 | tcp | |
| N/A | 127.0.0.1:57806 | tcp | |
| N/A | 127.0.0.1:57808 | tcp | |
| N/A | 127.0.0.1:57811 | tcp | |
| N/A | 127.0.0.1:57821 | tcp | |
| N/A | 127.0.0.1:57823 | tcp | |
| N/A | 127.0.0.1:57829 | tcp | |
| N/A | 127.0.0.1:57831 | tcp | |
| N/A | 127.0.0.1:57833 | tcp | |
| N/A | 127.0.0.1:57841 | tcp | |
| N/A | 127.0.0.1:57843 | tcp | |
| N/A | 127.0.0.1:57847 | tcp | |
| N/A | 127.0.0.1:57850 | tcp | |
| N/A | 127.0.0.1:57853 | tcp | |
| N/A | 127.0.0.1:57858 | tcp | |
| N/A | 127.0.0.1:57862 | tcp | |
| N/A | 127.0.0.1:57866 | tcp | |
| N/A | 127.0.0.1:57870 | tcp | |
| N/A | 127.0.0.1:57873 | tcp | |
| N/A | 127.0.0.1:57880 | tcp | |
| N/A | 127.0.0.1:57883 | tcp | |
| N/A | 127.0.0.1:57885 | tcp | |
| N/A | 127.0.0.1:57891 | tcp | |
| N/A | 127.0.0.1:57899 | tcp | |
| N/A | 127.0.0.1:57901 | tcp | |
| N/A | 127.0.0.1:57909 | tcp | |
| N/A | 127.0.0.1:57912 | tcp | |
| N/A | 127.0.0.1:57914 | tcp | |
| N/A | 127.0.0.1:57921 | tcp | |
| N/A | 127.0.0.1:57924 | tcp | |
| N/A | 127.0.0.1:57926 | tcp | |
| N/A | 127.0.0.1:57929 | tcp | |
| N/A | 127.0.0.1:57932 | tcp | |
| N/A | 127.0.0.1:57935 | tcp | |
| N/A | 127.0.0.1:57938 | tcp | |
| N/A | 127.0.0.1:57947 | tcp | |
| N/A | 127.0.0.1:57950 | tcp | |
| N/A | 127.0.0.1:57952 | tcp | |
| N/A | 127.0.0.1:57958 | tcp | |
| N/A | 127.0.0.1:57961 | tcp | |
| N/A | 127.0.0.1:57964 | tcp | |
| N/A | 127.0.0.1:57966 | tcp | |
| N/A | 127.0.0.1:57970 | tcp | |
| US | 8.8.8.8:53 | id.vk.com | udp |
| US | 8.8.8.8:53 | id.vk.com | udp |
| US | 8.8.8.8:53 | turnos.clinicamg.com.ar | udp |
| US | 8.8.8.8:53 | flexitog.eu | udp |
| US | 8.8.8.8:53 | turnos.clinicamg.com.ar | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | c19lab.bpums.ac.ir | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | c19lab.bpums.ac.ir | udp |
| US | 8.8.8.8:53 | atlanticwave.qadracreatives.com | udp |
| US | 8.8.8.8:53 | atlanticwave.qadracreatives.com | udp |
| US | 8.8.8.8:53 | scene.ca | udp |
| US | 8.8.8.8:53 | scene.ca | udp |
| US | 8.8.8.8:53 | meiliyizu.com | udp |
| US | 8.8.8.8:53 | meiliyizu.com | udp |
| US | 8.8.8.8:53 | ftp.help.steampowered.com | udp |
| US | 8.8.8.8:53 | bdr130.net | udp |
| US | 8.8.8.8:53 | bdr130.net | udp |
| US | 8.8.8.8:53 | ftp.eticket.railway.gov.bd | udp |
| US | 8.8.8.8:53 | m.oi.com.br | udp |
| US | 8.8.8.8:53 | sslmember2.gmarket.co.kr | udp |
| US | 8.8.8.8:53 | m.oi.com.br | udp |
| US | 8.8.8.8:53 | sslmember2.gmarket.co.kr | udp |
| US | 8.8.8.8:53 | asunlocker.com | udp |
| N/A | 127.0.0.1:57977 | tcp | |
| US | 8.8.8.8:53 | asunlocker.com | udp |
| US | 8.8.8.8:53 | accounts.nintendo.com | udp |
| US | 8.8.8.8:53 | resultados.grupoexame.com.br | udp |
| US | 8.8.8.8:53 | mail.minhaconta.levelupgames.com.br | udp |
| US | 8.8.8.8:53 | resultados.grupoexame.com.br | udp |
| US | 8.8.8.8:53 | ts1.waroftribe.com | udp |
| US | 8.8.8.8:53 | ts1.waroftribe.com | udp |
| US | 8.8.8.8:53 | portal.mayora.co.id | udp |
| US | 8.8.8.8:53 | mail.cp1.awardspace.net | udp |
| US | 8.8.8.8:53 | portal.mayora.co.id | udp |
| US | 8.8.8.8:53 | ibercursos.com | udp |
| US | 8.8.8.8:53 | ftp.cp1.awardspace.net | udp |
| US | 8.8.8.8:53 | ibercursos.com | udp |
| US | 8.8.8.8:53 | associado.afpesp.org.br | udp |
| US | 8.8.8.8:53 | gasodomesticosdelsur.com | udp |
| US | 8.8.8.8:53 | associado.afpesp.org.br | udp |
| US | 8.8.8.8:53 | mujhseshaadikarogee.net | udp |
| US | 8.8.8.8:53 | mujhseshaadikarogee.net | udp |
| US | 8.8.8.8:53 | elearnmarkets.com | udp |
| US | 8.8.8.8:53 | jrchcm2022.onlineregistrationform.org | udp |
| US | 8.8.8.8:53 | eu.wargaming.net | udp |
| US | 8.8.8.8:53 | eu.wargaming.net | udp |
| US | 8.8.8.8:53 | elearnmarkets.com | udp |
| US | 8.8.8.8:53 | launchpad.classlink.com | udp |
| US | 8.8.8.8:53 | account.fifa.com | udp |
| US | 8.8.8.8:53 | account.fifa.com | udp |
| US | 8.8.8.8:53 | launchpad.classlink.com | udp |
| US | 8.8.8.8:53 | mail.jrchcm2022.onlineregistrationform.org | udp |
| US | 8.8.8.8:53 | intranet.atac.roma.it | udp |
| US | 8.8.8.8:53 | intranet.atac.roma.it | udp |
| US | 8.8.8.8:53 | udiseplus.gov.in | udp |
| US | 8.8.8.8:53 | ftp.pay.skrill.com | udp |
| US | 8.8.8.8:53 | us05web.zoom.us | udp |
| US | 8.8.8.8:53 | udiseplus.gov.in | udp |
| US | 8.8.8.8:53 | us05web.zoom.us | udp |
| US | 8.8.8.8:53 | unifiedportal-mem.epfindia.gov.in | udp |
| US | 8.8.8.8:53 | ssh.jrchcm2022.onlineregistrationform.org | udp |
| US | 8.8.8.8:53 | unifiedportal-mem.epfindia.gov.in | udp |
| US | 8.8.8.8:53 | secure.soundcloud.com | udp |
| US | 8.8.8.8:53 | roed25-dk.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | account.battle.net | udp |
| US | 8.8.8.8:53 | secure.soundcloud.com | udp |
| US | 8.8.8.8:53 | account.battle.net | udp |
| US | 8.8.8.8:53 | amazon.eg | udp |
| US | 8.8.8.8:53 | t.me | udp |
| US | 8.8.8.8:53 | devgaming.pl | udp |
| US | 8.8.8.8:53 | mx.yandex.ru | udp |
| US | 8.8.8.8:53 | devgaming.pl | udp |
| US | 8.8.8.8:53 | registration.mercadolibre.com.pe | udp |
| US | 8.8.8.8:53 | registration.mercadolibre.com.pe | udp |
| US | 8.8.8.8:53 | schneiderele.taleo.net | udp |
| US | 8.8.8.8:53 | schneiderele.taleo.net | udp |
| US | 8.8.8.8:53 | mail.mebbisyd.meb.gov.tr | udp |
| US | 8.8.8.8:53 | sql.printmarket.ua | udp |
| US | 8.8.8.8:53 | sql.printmarket.ua | udp |
| US | 8.8.8.8:53 | pscwb.ucanapply.com | udp |
| US | 8.8.8.8:53 | pscwb.ucanapply.com | udp |
| US | 8.8.8.8:53 | iregalidellabonta.it | udp |
| US | 8.8.8.8:53 | iregalidellabonta.it | udp |
| US | 8.8.8.8:53 | spacedogemining.com | udp |
| US | 8.8.8.8:53 | spacedogemining.com | udp |
| US | 8.8.8.8:53 | mc-lastdayz.net | udp |
| US | 8.8.8.8:53 | mc-lastdayz.net | udp |
| US | 8.8.8.8:53 | metacarsnft.com | udp |
| US | 8.8.8.8:53 | metacarsnft.com | udp |
| US | 8.8.8.8:53 | mycredit.ge | udp |
| US | 8.8.8.8:53 | mycredit.ge | udp |
| US | 8.8.8.8:53 | epargnants.interepargne.natixis.fr | udp |
| US | 8.8.8.8:53 | epargnants.interepargne.natixis.fr | udp |
| US | 8.8.8.8:53 | ppkb.siagapendis.com | udp |
| US | 8.8.8.8:53 | ppkb.siagapendis.com | udp |
| US | 8.8.8.8:53 | store.teomacorp.com | udp |
| US | 8.8.8.8:53 | mail.konto-pocztowe.interia.pl | udp |
| US | 8.8.8.8:53 | needrom.com | udp |
| US | 8.8.8.8:53 | needrom.com | udp |
| US | 8.8.8.8:53 | store.teomacorp.com | udp |
| US | 8.8.8.8:53 | accounts.nintendo.com | udp |
| US | 8.8.8.8:53 | mitelmex.telmex.com | udp |
| US | 8.8.8.8:53 | account.seller.shopee.com | udp |
| US | 8.8.8.8:53 | mitelmex.telmex.com | udp |
| US | 8.8.8.8:53 | itdb.mamfsoft.com | udp |
| US | 8.8.8.8:53 | itdb.mamfsoft.com | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | account.mojang.com | udp |
| US | 8.8.8.8:53 | account.mojang.com | udp |
| US | 8.8.8.8:53 | forumsport.com | udp |
| US | 8.8.8.8:53 | authenticate.riotgames.com | udp |
| US | 8.8.8.8:53 | authenticate.riotgames.com | udp |
| US | 8.8.8.8:53 | ugcap.uoc.ac.in | udp |
| US | 8.8.8.8:53 | gasodomesticosdelsur.com | udp |
| US | 8.8.8.8:53 | ugcap.uoc.ac.in | udp |
| US | 8.8.8.8:53 | checkout.playstation.com | udp |
| US | 8.8.8.8:53 | checkout.playstation.com | udp |
| US | 8.8.8.8:53 | forum.scssoft.com | udp |
| US | 8.8.8.8:53 | br.betano.com | udp |
| US | 8.8.8.8:53 | forum.scssoft.com | udp |
| US | 8.8.8.8:53 | br.betano.com | udp |
| US | 8.8.8.8:53 | pip.kemdikbud.go.id | udp |
| US | 8.8.8.8:53 | pip.kemdikbud.go.id | udp |
| US | 8.8.8.8:53 | takipcimx.com | udp |
| US | 8.8.8.8:53 | takipcimx.com | udp |
| US | 8.8.8.8:53 | argonfinancecorp.online | udp |
| US | 8.8.8.8:53 | argonfinancecorp.online | udp |
| US | 8.8.8.8:53 | connect.easi-training.fr | udp |
| US | 8.8.8.8:53 | connect.easi-training.fr | udp |
| US | 8.8.8.8:53 | login.mailchimp.com | udp |
| US | 8.8.8.8:53 | login.mailchimp.com | udp |
| US | 8.8.8.8:53 | umrohgratis.co.id | udp |
| US | 8.8.8.8:53 | umrohgratis.co.id | udp |
| US | 8.8.8.8:53 | member.lazada.vn | udp |
| US | 8.8.8.8:53 | member.lazada.vn | udp |
| US | 8.8.8.8:53 | belajar.kemdikbud.go.id | udp |
| US | 8.8.8.8:53 | bne.cl | udp |
| US | 8.8.8.8:53 | belajar.kemdikbud.go.id | udp |
| US | 8.8.8.8:53 | bne.cl | udp |
| US | 8.8.8.8:53 | accounts.wondershare.com | udp |
| US | 8.8.8.8:53 | accounts.wondershare.com | udp |
| US | 8.8.8.8:53 | ayudawordpress.com | udp |
| US | 8.8.8.8:53 | ayudawordpress.com | udp |
| US | 8.8.8.8:53 | fansly.com | udp |
| US | 8.8.8.8:53 | fansly.com | udp |
| US | 8.8.8.8:53 | passport.twitch.tv | udp |
| US | 8.8.8.8:53 | passport.twitch.tv | udp |
| US | 8.8.8.8:53 | pdt-m-appli-1skfry3a69j5i-180533094.ap-southeast-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | pdt-m-appli-1skfry3a69j5i-180533094.ap-southeast-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | clasespasivas.net | udp |
| US | 8.8.8.8:53 | clasespasivas.net | udp |
| US | 8.8.8.8:53 | financecop1.com | udp |
| US | 8.8.8.8:53 | financecop1.com | udp |
| US | 8.8.8.8:53 | accounts.ecitizen.go.ke | udp |
| US | 8.8.8.8:53 | accounts.ecitizen.go.ke | udp |
| US | 8.8.8.8:53 | br116.hostgator.com.br | udp |
| US | 8.8.8.8:53 | ce.sev.gob.mx | udp |
| US | 8.8.8.8:53 | ce.sev.gob.mx | udp |
| US | 8.8.8.8:53 | br116.hostgator.com.br | udp |
| US | 8.8.8.8:53 | ww25.cobracolumnone.com | udp |
| US | 8.8.8.8:53 | 212.212.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sams.act.edu.ph | udp |
| US | 8.8.8.8:53 | sams.act.edu.ph | udp |
| US | 8.8.8.8:53 | web.roblox.com | udp |
| US | 8.8.8.8:53 | web.roblox.com | udp |
| US | 8.8.8.8:53 | esp.windscribe.com | udp |
| US | 8.8.8.8:53 | note1.cn | udp |
| US | 8.8.8.8:53 | esp.windscribe.com | udp |
| US | 8.8.8.8:53 | areaclientes.orange.es | udp |
| US | 8.8.8.8:53 | areaclientes.orange.es | udp |
| US | 8.8.8.8:53 | westrock.csod.com | udp |
| US | 8.8.8.8:53 | flyrobo.in | udp |
| US | 8.8.8.8:53 | westrock.csod.com | udp |
| US | 8.8.8.8:53 | flyrobo.in | udp |
| US | 8.8.8.8:53 | jaltechsas.com | udp |
| US | 8.8.8.8:53 | ftp.gasodomesticosdelsur.com | udp |
| US | 8.8.8.8:53 | mail.gasodomesticosdelsur.com | udp |
| US | 8.8.8.8:53 | ftp.esia.gosuslugi.ru | udp |
| US | 8.8.8.8:53 | mail.jrchcm2022.onlineregistrationform.org | udp |
| US | 8.8.8.8:53 | mail.help.steampowered.com | udp |
| US | 8.8.8.8:53 | ftp.epak.gtk.kemdikbud.go.id | udp |
| US | 8.8.8.8:53 | 22.36.143.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ftp.voxi.co.uk | udp |
| US | 8.8.8.8:53 | mail.pay.skrill.com | udp |
| US | 8.8.8.8:53 | ftp.picoworkers.com | udp |
| US | 8.8.8.8:53 | ftp.konto-pocztowe.interia.pl | udp |
| US | 8.8.8.8:53 | ssh.cp1.awardspace.net | udp |
| US | 8.8.8.8:53 | ftp.sribulancer.com | udp |
| US | 8.8.8.8:53 | infossep.cordoba.gob.ar | udp |
| US | 8.8.8.8:53 | ftp.mebbisyd.meb.gov.tr | udp |
| US | 8.8.8.8:53 | ftp.mail.protonmail.com | udp |
| US | 8.8.8.8:53 | ftp.minhaconta.levelupgames.com.br | udp |
| US | 8.8.8.8:53 | mail.mail.protonmail.com | udp |
| US | 8.8.8.8:53 | 91.130.210.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ftp.momijidreamfansub.eklablog.com | udp |
| US | 8.8.8.8:53 | ftp.roed25.dk | udp |
| US | 8.8.8.8:53 | accounts.spotify.com | udp |
| US | 8.8.8.8:53 | mail.voxi.co.uk | udp |
| US | 8.8.8.8:53 | us-smtp-inbound-2.mimecast.com | udp |
| US | 8.8.8.8:53 | mail.esia.gosuslugi.ru | udp |
| US | 8.8.8.8:53 | mx1.ubuntuthemes.org | udp |
| US | 8.8.8.8:53 | alt1.gmr-smtp-in.l.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | oadmoney.club | udp |
| US | 8.8.8.8:53 | authenticate2.navient.com | udp |
| US | 8.8.8.8:53 | elaynebeauty.com.br | udp |
| N/A | 127.0.0.1:57980 | tcp | |
| N/A | 127.0.0.1:57986 | tcp | |
| N/A | 127.0.0.1:57988 | tcp | |
| N/A | 127.0.0.1:57990 | tcp | |
| US | 107.162.155.79:80 | ows01.hireright.com | tcp |
| US | 205.172.49.230:80 | cafe-cp.dcfs.la.gov | tcp |
| N/A | 127.0.0.1:57997 | tcp | |
| N/A | 127.0.0.1:58000 | tcp | |
| N/A | 127.0.0.1:58004 | tcp | |
| N/A | 127.0.0.1:58006 | tcp | |
| N/A | 127.0.0.1:58011 | tcp | |
| N/A | 127.0.0.1:58016 | tcp | |
| N/A | 127.0.0.1:58021 | tcp | |
| N/A | 127.0.0.1:58023 | tcp | |
| N/A | 127.0.0.1:58026 | tcp | |
| N/A | 127.0.0.1:58028 | tcp | |
| N/A | 127.0.0.1:58031 | tcp | |
| N/A | 127.0.0.1:58036 | tcp | |
| N/A | 127.0.0.1:58044 | tcp | |
| N/A | 127.0.0.1:58046 | tcp | |
| N/A | 127.0.0.1:58049 | tcp | |
| N/A | 127.0.0.1:58053 | tcp | |
| N/A | 127.0.0.1:58057 | tcp | |
| N/A | 127.0.0.1:58061 | tcp | |
| N/A | 127.0.0.1:58068 | tcp | |
| N/A | 127.0.0.1:58071 | tcp | |
| N/A | 127.0.0.1:58073 | tcp | |
| N/A | 127.0.0.1:58080 | tcp | |
| N/A | 127.0.0.1:58083 | tcp | |
| N/A | 127.0.0.1:58086 | tcp | |
| N/A | 127.0.0.1:58091 | tcp | |
| N/A | 127.0.0.1:58096 | tcp | |
| N/A | 127.0.0.1:58098 | tcp | |
| N/A | 127.0.0.1:58102 | tcp | |
| N/A | 127.0.0.1:58106 | tcp | |
| N/A | 127.0.0.1:58109 | tcp | |
| N/A | 127.0.0.1:58115 | tcp | |
| N/A | 127.0.0.1:58118 | tcp | |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| IN | 20.204.0.189:80 | admission.punjab.gov.in | tcp |
| GB | 2.22.143.25:80 | accounts.nintendo.com | tcp |
| JP | 140.83.39.249:80 | dsmanila.aralinks.net | tcp |
| AR | 201.217.244.97:80 | ele.chaco.gob.ar | tcp |
| US | 103.224.212.212:80 | cobracolumnone.com | tcp |
| IN | 164.100.78.248:80 | ewaybill.nic.in | tcp |
| MY | 175.143.36.22:80 | mysalam.com.my | tcp |
| SE | 185.134.15.215:80 | www.roed25.dk | tcp |
| NL | 149.154.167.99:80 | t.me | tcp |
| MX | 187.210.130.91:80 | sistemas.udo.mx | tcp |
| GB | 23.214.154.77:80 | help.steampowered.com | tcp |
| US | 104.168.134.21:80 | mx1.ubuntuthemes.org | tcp |
| US | 172.67.166.246:80 | sribulancer.com | tcp |
| BE | 74.125.206.84:80 | accounts.google.com | tcp |
| US | 35.186.224.25:80 | accounts.spotify.com | tcp |
| US | 167.16.35.162:80 | authenticate2.navient.com | tcp |
| US | 8.8.8.8:53 | elaynebeauty.com.br | udp |
| US | 8.8.8.8:53 | flexitog-eu.mail.protection.outlook.com | udp |
| N/A | 127.0.0.1:58121 | tcp | |
| N/A | 127.0.0.1:58127 | tcp | |
| N/A | 127.0.0.1:58129 | tcp | |
| N/A | 127.0.0.1:58134 | tcp | |
| N/A | 127.0.0.1:58137 | tcp | |
| N/A | 127.0.0.1:58141 | tcp | |
| N/A | 127.0.0.1:58146 | tcp | |
| N/A | 127.0.0.1:58150 | tcp | |
| US | 8.8.8.8:53 | ows01.hireright.com | udp |
| US | 8.8.8.8:53 | c19lab.bpums.ac.ir | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | pay.skrill.com | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | ftp.help.steampowered.com | udp |
| US | 8.8.8.8:53 | mail.asunlocker.com | udp |
| US | 8.8.8.8:53 | mail.minhaconta.levelupgames.com.br | udp |
| US | 8.8.8.8:53 | accounts.nintendo.com | udp |
| US | 8.8.8.8:53 | ftp.eticket.railway.gov.bd | udp |
| US | 8.8.8.8:53 | mail.cp1.awardspace.net | udp |
| US | 8.8.8.8:53 | ftp.cp1.awardspace.net | udp |
| US | 8.8.8.8:53 | mx1.upc.es | udp |
| US | 8.8.8.8:53 | gasodomesticosdelsur.com | udp |
| US | 8.8.8.8:53 | jrchcm2022.onlineregistrationform.org | udp |
| US | 8.8.8.8:53 | mujhseshaadikarogee.net | udp |
| US | 8.8.8.8:53 | c19lab.bpums.ac.ir | udp |
| US | 8.8.8.8:53 | mxa-00189a01.gslb.pphosted.com | udp |
| US | 8.8.8.8:53 | ftp.dsmanila.aralinks.net | udp |
| US | 8.8.8.8:53 | mujhseshaadikarogee.net | udp |
| US | 8.8.8.8:53 | roed25-dk.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | 97.244.217.201.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.134.168.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.224.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssh.jrchcm2022.onlineregistrationform.org | udp |
| US | 8.8.8.8:53 | amazon-smtp.amazon.com | udp |
| US | 8.8.8.8:53 | t.me | udp |
| US | 8.8.8.8:53 | web.facebook.com | udp |
| US | 104.168.134.21:80 | mx1.ubuntuthemes.org | tcp |
| US | 167.16.35.162:80 | authenticate2.navient.com | tcp |
| US | 103.224.212.210:80 | mdkwn.me | tcp |
| US | 8.8.8.8:53 | inbound-smtp.eu-west-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | mail.mebbisyd.meb.gov.tr | udp |
| US | 8.8.8.8:53 | mail-galaxy.easy-geo-dns.com | udp |
| US | 8.8.8.8:53 | mc-lastdayz.net | udp |
| US | 8.8.8.8:53 | ftp.moj.cosinus.pl | udp |
| US | 8.8.8.8:53 | ppkb.siagapendis.com | udp |
| US | 8.8.8.8:53 | mycredit.ge | udp |
| US | 8.8.8.8:53 | mail.teomaglobal.com | udp |
| US | 8.8.8.8:53 | accounts.nintendo.com | udp |
| US | 8.8.8.8:53 | mail.konto-pocztowe.interia.pl | udp |
| US | 8.8.8.8:53 | account.mojang.com | udp |
| US | 8.8.8.8:53 | gasodomesticosdelsur.com | udp |
| US | 8.8.8.8:53 | checkout.playstation.com | udp |
| US | 8.8.8.8:53 | ssh.gasodomesticosdelsur.com | udp |
| US | 8.8.8.8:53 | argonfinancecorp.online | udp |
| US | 8.8.8.8:53 | login.mailchimp.com | udp |
| US | 8.8.8.8:53 | umrohgratis.co.id | udp |
| US | 8.8.8.8:53 | mail.ayudawordpress.com | udp |
| US | 8.8.8.8:53 | ele.chaco.gob.ar | udp |
| US | 8.8.8.8:53 | dsmanila.aralinks.net | udp |
| US | 8.8.8.8:53 | fansly.com | udp |
| US | 8.8.8.8:53 | bne-cl.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | smtp.belajar.kemdikbud.go.id | udp |
| US | 8.8.8.8:53 | pdt-m-appli-1skfry3a69j5i-180533094.ap-southeast-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | mx.clasespasivas.net | udp |
| US | 8.8.8.8:53 | esia.gosuslugi.ru | udp |
| US | 8.8.8.8:53 | pay.skrill.com | udp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | mail.epak.gtk.kemdikbud.go.id | udp |
| US | 8.8.8.8:53 | ssh.mebbisyd.meb.gov.tr | udp |
| US | 8.8.8.8:53 | ftp.campus.infossep.gob.ar | udp |
| US | 8.8.8.8:53 | ftp.admission.punjab.gov.in | udp |
| US | 8.8.8.8:53 | mail.dsmanila.aralinks.net | udp |
| US | 8.8.8.8:53 | ssh.sribulancer.com | udp |
| US | 8.8.8.8:53 | ssh.minhaconta.levelupgames.com.br | udp |
| US | 8.8.8.8:53 | ssh.mail.protonmail.com | udp |
| US | 8.8.8.8:53 | ftp.accounts.nintendo.com | udp |
| US | 8.8.8.8:53 | mail.mail.protonmail.com | udp |
| US | 8.8.8.8:53 | mail.minhaconta.levelupgames.com.br | udp |
| US | 8.8.8.8:53 | ssh.roed25.dk | udp |
| US | 8.8.8.8:53 | ssh.eticket.railway.gov.bd | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | minhaconta.levelupgames.com.br | udp |
| US | 8.8.8.8:53 | ftp.payments.virginmedia.com | udp |
| US | 8.8.8.8:53 | mx3.zoho.in | udp |
| US | 8.8.8.8:53 | ftp.voxi.co.uk | udp |
| US | 8.8.8.8:53 | oadmoney.club | udp |
| US | 8.8.8.8:53 | ftp.mail.protonmail.com | udp |
| US | 8.8.8.8:53 | ftp.minhaconta.levelupgames.com.br | udp |
| US | 8.8.8.8:53 | mail.jrchcm2022.onlineregistrationform.org | udp |
| US | 8.8.8.8:53 | ftp.mebbisyd.meb.gov.tr | udp |
| US | 8.8.8.8:53 | mail.help.steampowered.com | udp |
| US | 8.8.8.8:53 | mx1.hostinger.com | udp |
| US | 8.8.8.8:53 | tcp | |
| PL | 79.133.196.140:80 | moj.cosinus.pl | tcp |
| US | 8.8.8.8:53 | relay.mycredit.ge | udp |
| US | 8.8.8.8:53 | pdt-m-appli-1skfry3a69j5i-180533094.ap-southeast-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | ssh.picoworkers.com | udp |
| US | 8.8.8.8:53 | ftp.konto-pocztowe.interia.pl | udp |
| US | 8.8.8.8:53 | pop.pay.skrill.com | udp |
| FR | 92.205.2.244:80 | flexitog.eu | tcp |
| BR | 45.152.44.235:80 | turnos.clinicamg.com.ar | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| US | 104.21.8.2:80 | atlanticwave.qadracreatives.com | tcp |
| US | 45.223.160.162:80 | scene.ca | tcp |
| US | 162.214.96.139:80 | mail.edit.duplexplay.com | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| US | 104.21.3.131:80 | bdr130.net | tcp |
| RU | 213.59.254.8:80 | esia.gosuslugi.ru | tcp |
| US | 8.8.8.8:53 | relay.accounts.ecitizen.go.ke | udp |
| US | 8.8.8.8:53 | ftp.roed25.dk | udp |
| US | 8.8.8.8:53 | mail.gasodomesticosdelsur.com | udp |
| US | 8.8.8.8:53 | oadmoney.club | udp |
| US | 8.8.8.8:53 | elaynebeauty.com.br | udp |
| US | 8.8.8.8:53 | mail.elaynebeauty.com.br | udp |
| US | 8.8.8.8:53 | mailgate.voxi.co.uk | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | mujhseshaadikarogee.net | udp |
| US | 8.8.8.8:53 | pdt-m-appli-1skfry3a69j5i-180533094.ap-southeast-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | bne-cl.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | umrohgratis.co.id | udp |
| US | 8.8.8.8:53 | argonfinancecorp.online | udp |
| US | 8.8.8.8:53 | mycredit.ge | udp |
| US | 8.8.8.8:53 | ppkb.siagapendis.com | udp |
| US | 8.8.8.8:53 | mc-lastdayz.net | udp |
| US | 8.8.8.8:53 | pscwb.ucanapply.com | udp |
| US | 8.8.8.8:53 | secure.soundcloud.com | udp |
| US | 8.8.8.8:53 | us05web.zoom.us | udp |
| US | 8.8.8.8:53 | account.fifa.com | udp |
| US | 8.8.8.8:53 | smtp.belajar.kemdikbud.go.id | udp |
| US | 8.8.8.8:53 | connect.easi-training.fr | udp |
| US | 8.8.8.8:53 | mx.yandex.ru | udp |
| US | 8.8.8.8:53 | ftp.pay.skrill.com | udp |
| US | 8.8.8.8:53 | ww25.mdkwn.me | udp |
| BE | 13.225.239.11:80 | launchpad.classlink.com | tcp |
| US | 8.8.8.8:53 | 210.212.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | flexitog-eu.mail.protection.outlook.com | udp |
| KR | 183.111.134.15:80 | sslmember2.gmarket.co.kr | tcp |
| US | 172.67.134.42:80 | asunlocker.com | tcp |
| BR | 200.183.11.163:80 | associado.afpesp.org.br | tcp |
| ES | 147.83.195.36:80 | ibercursos.com | tcp |
| US | 108.179.235.139:80 | ts1.waroftribe.com | tcp |
| BR | 177.136.76.155:80 | resultados.grupoexame.com.br | tcp |
| BR | 187.6.211.51:80 | m.oi.com.br | tcp |
| IN | 3.109.135.5:80 | elearnmarkets.com | tcp |
| LU | 92.223.7.169:80 | eu.wargaming.net | tcp |
| N/A | 127.0.0.1:58156 | tcp | |
| N/A | 127.0.0.1:58158 | tcp | |
| N/A | 127.0.0.1:18404 | tcp | |
| N/A | 127.0.0.1:58163 | tcp | |
| N/A | 127.0.0.1:58165 | tcp | |
| N/A | 127.0.0.1:58167 | tcp | |
| N/A | 10.150.32.147:80 | c19lab.bpums.ac.ir | tcp |
| GB | 213.105.9.34:80 | payments.virginmedia.com | tcp |
| BE | 185.35.173.170:80 | connect.easi-training.fr | tcp |
| CL | 200.89.78.253:80 | auth.demre.cl | tcp |
Files
memory/3504-1-0x0000000002420000-0x0000000002520000-memory.dmp
memory/3504-2-0x0000000002340000-0x000000000234B000-memory.dmp
memory/3504-3-0x0000000000400000-0x00000000022D1000-memory.dmp
memory/3124-4-0x0000000000CE0000-0x0000000000CF6000-memory.dmp
memory/3504-5-0x0000000000400000-0x00000000022D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\B5F2.exe
| MD5 | 398ab69b1cdc624298fbc00526ea8aca |
| SHA1 | b2c76463ae08bb3a08accfcbf609ec4c2a9c0821 |
| SHA256 | ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be |
| SHA512 | 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739 |
memory/8-20-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\B5F2.exe
| MD5 | 7f434979261c289f4b611eaf4488aab3 |
| SHA1 | 4cf8b86e70a8627dfc0de78f380d0c6086ecdcb8 |
| SHA256 | 8ba6525efdad26932ccd1b33672f207d8648faac28621d87d81c7cf990e7a73b |
| SHA512 | 212adf4ae65ebcf27532aa33ecb5fabde12e396a2c4b64580295b0971ab103994011048bd69fbaf561cefcfac2daaadcdea133d19a5ead5af128f131d16003a7 |
memory/8-21-0x0000000000400000-0x0000000000848000-memory.dmp
memory/8-16-0x0000000000400000-0x0000000000848000-memory.dmp
memory/3824-18-0x0000000003A90000-0x0000000003C47000-memory.dmp
memory/3824-17-0x00000000038D0000-0x0000000003A8D000-memory.dmp
memory/8-22-0x0000000000400000-0x0000000000848000-memory.dmp
memory/8-23-0x0000000000400000-0x0000000000848000-memory.dmp
memory/8-24-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BC9A.dll
| MD5 | 9b1697d40dfd386fdd7e9327844f301a |
| SHA1 | e75defb119e2c7b7d3f75ab70a100ec504af5ebf |
| SHA256 | 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d |
| SHA512 | 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69 |
memory/2836-32-0x0000000010000000-0x0000000010202000-memory.dmp
memory/2836-34-0x0000000001050000-0x0000000001056000-memory.dmp
memory/2836-35-0x00000000050F0000-0x0000000005218000-memory.dmp
memory/2836-36-0x0000000005220000-0x000000000532D000-memory.dmp
memory/2836-39-0x0000000005220000-0x000000000532D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CE2F.exe
| MD5 | d689d942a645a468007b85fdf9413de9 |
| SHA1 | c94e0a7ff515c05a73048f3c6d2dd0c95071c4b6 |
| SHA256 | 82177bd7ae6c995aa53d63d21e5c53883af16f3b84832d5557fe3dfce3cf58cd |
| SHA512 | 525184773ae2e1642e05bee15b58457a995a3225f417a8b26580d306bd292ab880d9768187b6e5c144bf9d4eb3f95f2a2b82f7402eb11b3239740f5412f7608c |
memory/4812-45-0x0000000000DB0000-0x00000000016A1000-memory.dmp
memory/4812-44-0x0000000000BF0000-0x0000000000BF1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\D266.exe
| MD5 | a1b5ee1b9649ab629a7ac257e2392f8d |
| SHA1 | dc1b14b6d57589440fb3021c9e06a3e3191968dc |
| SHA256 | 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65 |
| SHA512 | 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b |
memory/2024-54-0x0000000001D40000-0x0000000001DAB000-memory.dmp
memory/2024-53-0x0000000001DE0000-0x0000000001EE0000-memory.dmp
memory/2024-55-0x0000000000400000-0x0000000001A77000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E052.exe
| MD5 | 9f01fae5adc49a20bd063cca47b197b6 |
| SHA1 | 597f09318d605ed5559d0ecca5ce70c51147226a |
| SHA256 | 406fb88a38bb307d4d946dd60c3aeef5b9bc6d29e32d3727302d7401460c8720 |
| SHA512 | 2ecbc0316032ef0ee1323bd0fdea4bc09c490ff038f5efa00c45b4f40c83426f100a7b30a6da2237a7bb71781ad7c0acbddc9dac3d2189fd18eedd379c65fe83 |
C:\Users\Admin\AppData\Local\Temp\E052.exe
| MD5 | 23996f5917e939a08a336ce049b1a842 |
| SHA1 | 53b781cdee8a125c779959640a910a6f08908bd2 |
| SHA256 | 16815e667fa4115c008ffb57771b63ab2b594b12fb34d631508bfbe4da376f4c |
| SHA512 | 28a67f92bffa4fd4915a279156138e48fb5addbcf30290b13aec29a2cbfd65796760370c134d7a214c0b1191088ab28efc52428074edc97ab004229452a26d3e |
memory/8-60-0x0000000000400000-0x0000000000848000-memory.dmp
memory/5088-61-0x00000000007D0000-0x0000000000C5C000-memory.dmp
memory/5088-63-0x0000000072D40000-0x000000007342E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
| MD5 | 0564a9bf638169a89ccb3820a6b9a58e |
| SHA1 | 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb |
| SHA256 | 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058 |
| SHA512 | 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6 |
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
| MD5 | 9b1da1f7e72cb2eb847758633d5e01dd |
| SHA1 | 099a29cf48da64ae520e3bd51b66c2b06d7a68a9 |
| SHA256 | 6200e074579f88c5189bec8d196785ae1ff9cc820b1b9e8b4f0ac330e82bc062 |
| SHA512 | 5ba6f515df07a827cf14e7773f9c85c0ca65165a47337e0198c5d4962e68b4e6aace67319cb87199fcdba7efd848713a4e27b45cb1a5872987a8c8d866a91652 |
memory/2836-71-0x0000000010000000-0x0000000010202000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | fa5183a50620533fa7db14d53993f457 |
| SHA1 | 9a9ae0a778200b31c1dc814b47607debc653356a |
| SHA256 | 6607a24b48c9898d364d643cb9813d287615a9bab40b61f628107c515117451f |
| SHA512 | d3655c253517e0215eca99d3984cf7fd6b2b691f2d56371bd69ba6ca5da7dc38a1ea6b5a3aa5f03ea051bb73ed0d282f057267e9005761525078aba0fc36d6d4 |
memory/1868-76-0x0000000001C90000-0x0000000001D90000-memory.dmp
memory/1868-77-0x0000000001BF0000-0x0000000001C57000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 1c4b63f509232f7955b1d32d5a77eeb6 |
| SHA1 | 37a740409422f3722dabd6c6eb1a23ce7d2b3af8 |
| SHA256 | 5fc6d94ecb2f8ab45c12da944d759839b827bceb7bbce5804c7384a3ac76c238 |
| SHA512 | 159422b3947380fee8dd13fc1dd64ff59a3b8a0ff4f40d22a2772a01713c07d05e049ee67ee6816c143d19e7e075e16c7619a75028f8182629b880fb65f57944 |
memory/1868-80-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/5088-79-0x0000000072D40000-0x000000007342E000-memory.dmp
memory/4848-82-0x0000000003A90000-0x0000000003E8B000-memory.dmp
memory/8-81-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4848-83-0x0000000003F90000-0x000000000487B000-memory.dmp
memory/4848-84-0x0000000000400000-0x0000000001E0F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EE3D.exe
| MD5 | 38617539f3925b6017474f088cc3769a |
| SHA1 | c689b57ab62eac790a204c8231b02bfe0bc243a6 |
| SHA256 | defe2d4c932a7ef607e8ef1a643fb57b9c69cbc53b52bf802f9471aae5caef49 |
| SHA512 | 15d87c6231a8f2115ae3f0f021949d175d3f36735637c7b508a229af5b2a93f70f32e19d9b8e3d1e0fa41bd21ee46ab5d9c6ef630c826afe2210a789e5da53e7 |
C:\Users\Admin\AppData\Local\Temp\u1fw.0.exe
| MD5 | 5c47e4602163dd29a39294b7192f0658 |
| SHA1 | 268d1bf1f4c8c8b696298f802b95af8bd3891c10 |
| SHA256 | 5c0b29d51d9b148c8c19ce0efca365ccb1bbe720f634a15897684abbd1dc5d76 |
| SHA512 | 7baa0359781ba21c378a0fbd37dfcde2d1b0c5a9ce3afcf8db0617f91a49dd552416c90963731798669002eda0a15f2296120cb9307c8cafef18dfdb4a52ad91 |
C:\Users\Admin\AppData\Local\Temp\u1fw.1.exe
| MD5 | 5b87828ea000c7111084d8beed17175e |
| SHA1 | e8aa3848e39c449051702a333e608fafd2e5330f |
| SHA256 | 1a557fae2d39d06392f4bea760fb72c87f0959a7c3ac66865e36f316866f57d3 |
| SHA512 | 56b0d0e5422b89a4659969f59570962dbb267fde913ed051fbedf3d66653c9c23d15c945a6ae8ce5570af010b3671eb0be085e8afb44c3088def9f423290f385 |
memory/1868-97-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/4444-99-0x0000000000400000-0x0000000000930000-memory.dmp
memory/2024-100-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/4444-101-0x0000000000AB0000-0x0000000000AB1000-memory.dmp
memory/8-106-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4812-107-0x0000000000DB0000-0x00000000016A1000-memory.dmp
memory/3432-108-0x0000000002570000-0x0000000002670000-memory.dmp
memory/3432-109-0x0000000002410000-0x000000000241B000-memory.dmp
memory/3432-111-0x0000000000400000-0x00000000022D3000-memory.dmp
memory/1696-112-0x0000000002540000-0x0000000002567000-memory.dmp
memory/1696-113-0x0000000000400000-0x00000000022DA000-memory.dmp
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
memory/4848-116-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/2024-117-0x0000000001DE0000-0x0000000001EE0000-memory.dmp
memory/1696-118-0x00000000025D0000-0x00000000026D0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | 46b1068f4a605358281eafb05bf4f7ce |
| SHA1 | acdaf418f82cb4fdaa43c5e41c3c1381b14faa23 |
| SHA256 | df3c7e15390ddbf8b5a191788af6a5e3adaa25915deeecc34b664cc7b2f061ba |
| SHA512 | 3a1df0477ab7bfd322a2e382aa85c385017c7bf5435847344dd6a811f32d6a503da326453b89b81613ffa34257a7f765c71a2202bba89252f22e0b66d4bbbadb |
memory/3124-127-0x0000000002740000-0x0000000002756000-memory.dmp
memory/3432-128-0x0000000000400000-0x00000000022D3000-memory.dmp
memory/1696-131-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | db5a6eca91c4ae44dab47612dceaafb1 |
| SHA1 | 484b53b383a9efaf4dfe69e4e2eacf5355812acd |
| SHA256 | c6b944a9ef2e0c6a24946f33e916a35b7da3fdc5f10758abed0d31a79c3e1044 |
| SHA512 | 5b5a39f9e0d91663bdf3bfe0e4faf789a35079a423346ba10705467a68999e348ed1c1ec001d83572566d7876d2b3ce9813eee5d7fccc6ce76067bd802f52188 |
memory/8-182-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1696-186-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/4444-188-0x0000000000400000-0x0000000000930000-memory.dmp
\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
memory/1696-217-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/4848-220-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/792-223-0x00000000720C0000-0x00000000727AE000-memory.dmp
memory/792-226-0x0000000006860000-0x0000000006870000-memory.dmp
memory/792-225-0x0000000006780000-0x00000000067B6000-memory.dmp
memory/792-228-0x0000000006EA0000-0x00000000074C8000-memory.dmp
memory/792-229-0x0000000006860000-0x0000000006870000-memory.dmp
memory/4848-227-0x0000000003A90000-0x0000000003E8B000-memory.dmp
memory/792-230-0x00000000074D0000-0x00000000074F2000-memory.dmp
memory/792-231-0x00000000076E0000-0x0000000007746000-memory.dmp
memory/792-232-0x0000000007760000-0x00000000077C6000-memory.dmp
memory/792-233-0x00000000077D0000-0x0000000007B20000-memory.dmp
memory/792-234-0x0000000007C10000-0x0000000007C2C000-memory.dmp
memory/792-235-0x0000000007C80000-0x0000000007CCB000-memory.dmp
memory/4812-236-0x0000000000DB0000-0x00000000016A1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_uz5mg4ie.e1l.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/792-255-0x0000000006AB0000-0x0000000006AEC000-memory.dmp
memory/792-289-0x0000000008D40000-0x0000000008DB6000-memory.dmp
memory/8-293-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4848-296-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/792-302-0x0000000009BB0000-0x0000000009BE3000-memory.dmp
memory/792-305-0x000000006EEB0000-0x000000006F200000-memory.dmp
memory/792-304-0x00000000729C0000-0x0000000072A0B000-memory.dmp
memory/792-303-0x000000007ED20000-0x000000007ED30000-memory.dmp
memory/792-306-0x0000000009B90000-0x0000000009BAE000-memory.dmp
memory/792-311-0x0000000009BF0000-0x0000000009C95000-memory.dmp
memory/4444-312-0x0000000000AB0000-0x0000000000AB1000-memory.dmp
memory/792-314-0x0000000006860000-0x0000000006870000-memory.dmp
memory/792-313-0x0000000009DF0000-0x0000000009E84000-memory.dmp
memory/8-385-0x0000000000400000-0x0000000000848000-memory.dmp
memory/792-518-0x0000000009CE0000-0x0000000009CFA000-memory.dmp
memory/792-523-0x0000000009CD0000-0x0000000009CD8000-memory.dmp
memory/792-562-0x00000000720C0000-0x00000000727AE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 0c7b8daa9b09bcdf947a020bf28c2f19 |
| SHA1 | 738f89f4da5256d14fe11394cf79e42060a7e98b |
| SHA256 | ff0c709f06a8850794f2501c7dc9ce4ffc75f1ab3039218952cd87a067d3d3ff |
| SHA512 | b069ef6d30a5afafc4b4e2632cb4f9da65e58dcedb66706921d85a6be97a024c1e786ec51299ba52668a65fe948d499609aa2b4978fb20738dd0b643d84cbcf6 |
memory/2088-569-0x0000000003960000-0x0000000003D67000-memory.dmp
memory/4848-570-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/2088-571-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/4140-574-0x00000000720C0000-0x00000000727AE000-memory.dmp
memory/4140-576-0x0000000004CA0000-0x0000000004CB0000-memory.dmp
memory/4140-575-0x0000000004CA0000-0x0000000004CB0000-memory.dmp
memory/4140-577-0x0000000007C00000-0x0000000007F50000-memory.dmp
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | 1c19c16e21c97ed42d5beabc93391fc5 |
| SHA1 | 8ad83f8e0b3acf8dfbbf87931e41f0d664c4df68 |
| SHA256 | 1bcd97396c83babfe6c5068ba590d7a3f8b70e72955a9d1e4070648e404cbf05 |
| SHA512 | 7d18776d8f649b3d29c182ff03efc6cea8b527542ee55304980f24577aae8b64e37044407776e220984346c3998ace5f8853afa58c8b38407482a728e9495e0c |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 9309436d37d67251d328ebc2842d8a3e |
| SHA1 | d1ab26f0a59543d0c42dd602cb983dc2a0a95e44 |
| SHA256 | 3ee1880de609332839cab4855ee439bc911e8aef0cbf04dd84aa1761184b0d24 |
| SHA512 | fb7e57ef2e63b95e0f8e9e33ce30361ed831d7173e7a814e75c1d97622dcc7e28131e9d34f514ec9f7a1c19f06718a51787897481ccbf698a1ac3c850dc984a9 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | ef7d0973e689976257c2c8257d2d7b5c |
| SHA1 | b9d27b85065007eca26d9eca0022517ccd5be061 |
| SHA256 | 6390af6b93e0134b2c00e071ea5771dc624a75a288b0514284b19fdcbafab5c1 |
| SHA512 | 1cceae4923b189500e79f3a61bad8e510c17a706a1ccfd542090f1be00250ead97d01344215ba87161ad8cbd48df2226ba52644d76b24d0d284124c4a665795e |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | fa825110115edee145ff594777158213 |
| SHA1 | 1c70735e43def34f79a0fadeb4607c812e9a08b9 |
| SHA256 | 68bfa87b9a1eb9bf66040ccdab44b65b0f3e772cea477246e49c780c2708cdd4 |
| SHA512 | 1bb66bad93d028b49f9d948689ab4878934c1acbb794db5eccee8bc32cccda97e5f833f14ed6cfade600a6ec9e60e53bd620a10c83aa34beba3d1779cc7bef94 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | c213b4314f6b40b4781877421105c99a |
| SHA1 | 1ddb3d3a81790167778f3af3e39b4a2b9f7ed4a4 |
| SHA256 | 06a697c043d40f75de3cd3b0e198bb07227ac0f642bc7b35c8d1f16250eaedda |
| SHA512 | 61f565aa49c56119714148e084c65dd4a4492664d84d0bf53ece64e3f01689fea2bc7cb422ad6bd8e9f3b5a6af3880294f2b3148a6e3d4748aaed44cea0259d0 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 2102b13dd3a306d73c764cd995be7daa |
| SHA1 | c51a6f5befe2d9401ae03173d32c4cfd4926f403 |
| SHA256 | 541e02b0c01749ac370f47f80bb3eaf5308ad53f77257c4f16afa5080a47c902 |
| SHA512 | 010eb0091fce9b9c62062e2302298f34b1446bc7db59733403ebc18e0e41c33ad1d1efb701301b6d54275db5bbf4048fb8b607d5575b9f18993fbb1b8adc91d3 |
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
| MD5 | d98e33b66343e7c96158444127a117f6 |
| SHA1 | bb716c5509a2bf345c6c1152f6e3e1452d39d50d |
| SHA256 | 5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1 |
| SHA512 | 705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5 |
C:\Users\Admin\AppData\Roaming\efiidcj
| MD5 | c7e909d16fbebfbaf79cfb035ca2a39e |
| SHA1 | 2a532e5373cf513995ca3062b6ce110be8785f64 |
| SHA256 | 8b8e12ac5250ba8223fe60dfc7ebee3d22d024c3559668b86ed003335b196c1c |
| SHA512 | db5c922281a8827438fa05606dc1944e03638656fc7fff2ffdbbf7642acc0fe2387df7488c1be739aacd58096b7a0f22cefa894b28d5a7eb885772d8edcd5f35 |
C:\Windows\windefender.exe
| MD5 | 8e67f58837092385dcf01e8a2b4f5783 |
| SHA1 | 012c49cfd8c5d06795a6f67ea2baf2a082cf8625 |
| SHA256 | 166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa |
| SHA512 | 40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec |