Analysis Overview
SHA256
fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d
Threat Level: Known bad
The file fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d was found to be: Known bad.
Malicious Activity Summary
Glupteba payload
Windows security bypass
Glupteba
SmokeLoader
Pitou
Lumma Stealer
DcRat
Modifies boot configuration data using bcdedit
Downloads MZ/PE file
Possible attempt to disable PatchGuard
Modifies Windows Firewall
Drops file in Drivers directory
Deletes itself
Windows security modification
Loads dropped DLL
Reads data files stored by FTP clients
Executes dropped EXE
UPX packed file
Reads user/profile data of web browsers
Adds Run key to start application
Checks installed software on the system
Manipulates WinMon driver.
Manipulates WinMonFS driver.
Legitimate hosting services abused for malware hosting/C2
Accesses cryptocurrency files/wallets, possible credential harvesting
Writes to the Master Boot Record (MBR)
Suspicious use of SetThreadContext
Drops file in System32 directory
Checks for VirtualBox DLLs, possible anti-VM trick
Drops file in Windows directory
Launches sc.exe
Enumerates physical storage devices
Unsigned PE
Program crash
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Creates scheduled task(s)
Suspicious behavior: LoadsDriver
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Modifies system certificate store
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-29 05:11
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-29 05:11
Reported
2024-02-29 05:16
Platform
win10-20240221-en
Max time kernel
221s
Max time network
304s
Command Line
Signatures
DcRat
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
Pitou
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Windows security bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C767.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C767.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\D989.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\DE4D.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\F021.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3xg.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\31D.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3xg.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| N/A | N/A | C:\Windows\rss\csrss.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C767.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3xg.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3xg.0.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Windows security modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\C767.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" | C:\Windows\rss\csrss.exe | N/A |
Checks installed software on the system
Manipulates WinMonFS driver.
| Description | Indicator | Process | Target |
| File opened for modification | \??\WinMonFS | C:\Windows\rss\csrss.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\DE4D.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 520 set thread context of 316 | N/A | C:\Users\Admin\AppData\Local\Temp\C767.exe | C:\Users\Admin\AppData\Local\Temp\C767.exe |
Checks for VirtualBox DLLs, possible anti-VM trick
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\rss | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| File created | C:\Windows\rss\csrss.exe | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\31D.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\31D.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\31D.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\u3xg.0.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\u3xg.0.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-622 = "Korea Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-751 = "Tonga Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1931 = "Russia TZ 11 Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1891 = "Russia TZ 3 Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2771 = "Omsk Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-752 = "Tonga Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1972 = "Belarus Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-332 = "E. Europe Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-931 = "Coordinated Universal Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-571 = "China Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-331 = "E. Europe Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-435 = "Georgian Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-431 = "Iran Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-891 = "Morocco Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-201 = "US Mountain Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-392 = "Arab Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-451 = "Caucasus Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2062 = "North Korea Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-282 = "Central Europe Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-341 = "Egypt Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-131 = "US Eastern Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-242 = "Samoa Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2591 = "Tocantins Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-671 = "AUS Eastern Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2631 = "Norfolk Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1412 = "Syria Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2792 = "Novosibirsk Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1862 = "Russia TZ 6 Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-11 = "Azores Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-351 = "FLE Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-632 = "Tokyo Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-241 = "Samoa Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-192 = "Mountain Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\31D.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\rss\csrss.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u3xg.1.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d.exe
"C:\Users\Admin\AppData\Local\Temp\fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d.exe"
C:\Users\Admin\AppData\Local\Temp\C767.exe
C:\Users\Admin\AppData\Local\Temp\C767.exe
C:\Users\Admin\AppData\Local\Temp\C767.exe
C:\Users\Admin\AppData\Local\Temp\C767.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\CCA7.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\CCA7.dll
C:\Users\Admin\AppData\Local\Temp\D989.exe
C:\Users\Admin\AppData\Local\Temp\D989.exe
C:\Users\Admin\AppData\Local\Temp\DE4D.exe
C:\Users\Admin\AppData\Local\Temp\DE4D.exe
C:\Users\Admin\AppData\Local\Temp\F021.exe
C:\Users\Admin\AppData\Local\Temp\F021.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\u3xg.0.exe
"C:\Users\Admin\AppData\Local\Temp\u3xg.0.exe"
C:\Users\Admin\AppData\Local\Temp\31D.exe
C:\Users\Admin\AppData\Local\Temp\31D.exe
C:\Users\Admin\AppData\Local\Temp\u3xg.1.exe
"C:\Users\Admin\AppData\Local\Temp\u3xg.1.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\System32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| US | 8.8.8.8:53 | 120.85.215.91.in-addr.arpa | udp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | resergvearyinitiani.shop | udp |
| US | 172.67.217.100:443 | resergvearyinitiani.shop | tcp |
| US | 8.8.8.8:53 | 19.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.217.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| KR | 211.171.233.126:80 | trmpc.com | tcp |
| US | 8.8.8.8:53 | 90.128.172.185.in-addr.arpa | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 8.8.8.8:53 | 126.233.171.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.128.172.185.in-addr.arpa | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| US | 8.8.8.8:53 | 109.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | joly.bestsup.su | udp |
| US | 104.21.29.103:80 | joly.bestsup.su | tcp |
| US | 8.8.8.8:53 | 103.29.21.104.in-addr.arpa | udp |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| US | 8.8.8.8:53 | 145.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | 118.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 8.8.8.8:53 | 126.195.67.172.in-addr.arpa | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 8.8.8.8:53 | 191.202.67.172.in-addr.arpa | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 242.10.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.64.52.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kamsmad.com | udp |
| CO | 186.147.159.149:80 | kamsmad.com | tcp |
| N/A | 127.0.0.1:50359 | tcp | |
| GB | 185.65.205.10:443 | tcp | |
| CO | 186.147.159.149:80 | kamsmad.com | tcp |
| SG | 192.46.225.58:9001 | tcp | |
| US | 8.8.8.8:53 | 149.159.147.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.205.65.185.in-addr.arpa | udp |
| CO | 186.147.159.149:80 | kamsmad.com | tcp |
| CO | 186.147.159.149:80 | kamsmad.com | tcp |
| SE | 192.121.44.26:9001 | tcp | |
| CO | 186.147.159.149:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | 26.44.121.192.in-addr.arpa | udp |
| CO | 186.147.159.149:80 | kamsmad.com | tcp |
| DE | 148.251.151.125:9001 | tcp | |
| FI | 65.21.5.137:443 | tcp | |
| CO | 186.147.159.149:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | 125.151.251.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.5.21.65.in-addr.arpa | udp |
| CO | 186.147.159.149:80 | kamsmad.com | tcp |
| CO | 186.147.159.149:80 | kamsmad.com | tcp |
| FI | 65.21.5.137:443 | tcp | |
| DE | 148.251.151.125:9001 | tcp | |
| N/A | 127.0.0.1:34556 | tcp | |
| US | 8.8.8.8:53 | 287486b0-0206-412e-b453-8cda2ecc9279.uuid.localstats.org | udp |
| N/A | 127.0.0.1:34556 | tcp | |
| N/A | 127.0.0.1:34556 | tcp | |
| N/A | 127.0.0.1:34556 | tcp | |
| N/A | 127.0.0.1:34556 | tcp | |
| N/A | 127.0.0.1:51915 | tcp | |
| N/A | 127.0.0.1:51920 | tcp | |
| US | 8.8.8.8:53 | ba.clf.uk | udp |
| US | 8.8.8.8:53 | ba.clf.uk | udp |
| US | 8.8.8.8:53 | metastransformed.net | udp |
| US | 8.8.8.8:53 | metastransformed.net | udp |
| US | 8.8.8.8:53 | ferieli.com | udp |
| US | 8.8.8.8:53 | ferieli.com | udp |
| US | 8.8.8.8:53 | maginagroup.com | udp |
| US | 8.8.8.8:53 | ba-clf-uk.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | maginagroup.com | udp |
| N/A | 127.0.0.1:51928 | tcp | |
| N/A | 127.0.0.1:51929 | tcp | |
| US | 8.8.8.8:53 | gcations.com | udp |
| IE | 52.101.68.15:143 | ba-clf-uk.mail.protection.outlook.com | tcp |
| US | 147.182.128.74:22 | ferieli.com | tcp |
| US | 147.182.128.74:21 | ferieli.com | tcp |
| US | 8.8.8.8:53 | gcations.com | udp |
| US | 8.8.8.8:53 | siol.netr | udp |
| US | 8.8.8.8:53 | mosipov.fr | udp |
| IE | 52.101.68.15:465 | ba-clf-uk.mail.protection.outlook.com | tcp |
| US | 82.180.172.94:21 | maginagroup.com | tcp |
| US | 82.180.172.94:22 | maginagroup.com | tcp |
| US | 8.8.8.8:53 | mosipov.fr | udp |
| US | 147.182.128.74:443 | ferieli.com | tcp |
| N/A | 127.0.0.1:51932 | tcp | |
| N/A | 127.0.0.1:51935 | tcp | |
| N/A | 127.0.0.1:51945 | tcp | |
| N/A | 127.0.0.1:51948 | tcp | |
| N/A | 127.0.0.1:51951 | tcp | |
| N/A | 127.0.0.1:51953 | tcp | |
| N/A | 127.0.0.1:51962 | tcp | |
| N/A | 127.0.0.1:51966 | tcp | |
| N/A | 127.0.0.1:51968 | tcp | |
| N/A | 127.0.0.1:51975 | tcp | |
| N/A | 127.0.0.1:51977 | tcp | |
| N/A | 127.0.0.1:51981 | tcp | |
| N/A | 127.0.0.1:51983 | tcp | |
| N/A | 127.0.0.1:51987 | tcp | |
| N/A | 127.0.0.1:51991 | tcp | |
| N/A | 127.0.0.1:51994 | tcp | |
| N/A | 127.0.0.1:51996 | tcp | |
| N/A | 127.0.0.1:52008 | tcp | |
| N/A | 127.0.0.1:52012 | tcp | |
| N/A | 127.0.0.1:52014 | tcp | |
| N/A | 127.0.0.1:52020 | tcp | |
| N/A | 127.0.0.1:52023 | tcp | |
| N/A | 127.0.0.1:52025 | tcp | |
| N/A | 127.0.0.1:52028 | tcp | |
| N/A | 127.0.0.1:52031 | tcp | |
| N/A | 127.0.0.1:52045 | tcp | |
| N/A | 127.0.0.1:52051 | tcp | |
| N/A | 127.0.0.1:52055 | tcp | |
| N/A | 127.0.0.1:52059 | tcp | |
| N/A | 127.0.0.1:52063 | tcp | |
| N/A | 127.0.0.1:52067 | tcp | |
| N/A | 127.0.0.1:52071 | tcp | |
| N/A | 127.0.0.1:52076 | tcp | |
| N/A | 127.0.0.1:52080 | tcp | |
| N/A | 127.0.0.1:52084 | tcp | |
| N/A | 127.0.0.1:52091 | tcp | |
| N/A | 127.0.0.1:52096 | tcp | |
| N/A | 127.0.0.1:52098 | tcp | |
| N/A | 127.0.0.1:52102 | tcp | |
| N/A | 127.0.0.1:52104 | tcp | |
| N/A | 127.0.0.1:52108 | tcp | |
| N/A | 127.0.0.1:52110 | tcp | |
| US | 82.180.172.94:443 | maginagroup.com | tcp |
| US | 8.8.8.8:53 | mx1.titan.email | udp |
| US | 8.8.8.8:53 | siol.netr | udp |
| US | 8.8.8.8:53 | kafrelsheikh2.moe.edu.eg | udp |
| IE | 52.101.68.15:995 | ba-clf-uk.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | localhost.local | udp |
| US | 8.8.8.8:53 | allfb.xpress.com.mx | udp |
| US | 8.8.8.8:53 | localhost.local | udp |
| US | 8.8.8.8:53 | go-makkah.com | udp |
| US | 8.8.8.8:53 | kafrelsheikh2.moe.edu.eg | udp |
| US | 52.5.195.176:465 | mx1.titan.email | tcp |
| US | 52.5.195.176:143 | mx1.titan.email | tcp |
| US | 8.8.8.8:53 | 94.172.180.82.in-addr.arpa | udp |
| US | 82.180.172.94:80 | maginagroup.com | tcp |
| US | 8.8.8.8:53 | localhost.local | udp |
| US | 8.8.8.8:53 | go-makkah.com | udp |
| US | 8.8.8.8:53 | shopfixnepal.xyz | udp |
| US | 8.8.8.8:53 | metastransformed.net | udp |
| N/A | 127.0.0.1:52122 | tcp | |
| N/A | 127.0.0.1:52126 | tcp | |
| N/A | 127.0.0.1:52129 | tcp | |
| N/A | 127.0.0.1:52132 | tcp | |
| N/A | 127.0.0.1:52144 | tcp | |
| N/A | 127.0.0.1:52148 | tcp | |
| N/A | 127.0.0.1:52151 | tcp | |
| N/A | 127.0.0.1:52154 | tcp | |
| N/A | 127.0.0.1:52159 | tcp | |
| N/A | 127.0.0.1:52162 | tcp | |
| N/A | 127.0.0.1:52164 | tcp | |
| N/A | 127.0.0.1:52170 | tcp | |
| N/A | 127.0.0.1:52172 | tcp | |
| N/A | 127.0.0.1:52176 | tcp | |
| N/A | 127.0.0.1:52178 | tcp | |
| N/A | 127.0.0.1:52180 | tcp | |
| N/A | 127.0.0.1:52182 | tcp | |
| N/A | 127.0.0.1:52184 | tcp | |
| US | 147.182.128.74:80 | ferieli.com | tcp |
| GB | 193.200.214.101:143 | allfb.xpress.com.mx | tcp |
| GB | 193.200.214.101:465 | allfb.xpress.com.mx | tcp |
| US | 8.8.8.8:53 | shopfixnepal.xyz | udp |
| US | 52.5.195.176:995 | mx1.titan.email | tcp |
| GB | 193.200.214.101:995 | allfb.xpress.com.mx | tcp |
| US | 8.8.8.8:53 | ba.clf.uk | udp |
| IE | 52.101.68.27:465 | ba-clf-uk.mail.protection.outlook.com | tcp |
| US | 104.26.8.156:22 | go-makkah.com | tcp |
| IE | 52.101.68.27:143 | ba-clf-uk.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | 176.195.5.52.in-addr.arpa | udp |
| US | 104.26.8.156:21 | go-makkah.com | tcp |
| US | 82.180.172.94:22 | maginagroup.com | tcp |
| N/A | 127.0.0.1:52188 | tcp | |
| N/A | 127.0.0.1:52194 | tcp | |
| N/A | 127.0.0.1:52198 | tcp | |
| N/A | 127.0.0.1:52200 | tcp | |
| N/A | 127.0.0.1:52203 | tcp | |
| US | 82.180.172.94:80 | maginagroup.com | tcp |
| US | 104.26.8.156:443 | go-makkah.com | tcp |
| IE | 52.101.68.27:995 | ba-clf-uk.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | yahootlook.com.ar | udp |
| US | 35.173.74.227:143 | mx1.titan.email | tcp |
| US | 8.8.8.8:53 | kafrelsheikh2-moe-edu-eg.mail.protection.outlook.com | udp |
| IE | 52.101.68.32:143 | ba-clf-uk.mail.protection.outlook.com | tcp |
| IE | 52.101.68.32:465 | ba-clf-uk.mail.protection.outlook.com | tcp |
| N/A | 127.0.0.1:52207 | tcp | |
| N/A | 127.0.0.1:52211 | tcp | |
| N/A | 127.0.0.1:52220 | tcp | |
| N/A | 127.0.0.1:52222 | tcp | |
| N/A | 127.0.0.1:52229 | tcp | |
| N/A | 127.0.0.1:52234 | tcp | |
| N/A | 127.0.0.1:52236 | tcp | |
| N/A | 127.0.0.1:52238 | tcp | |
| N/A | 127.0.0.1:52245 | tcp | |
| IE | 52.101.68.32:995 | ba-clf-uk.mail.protection.outlook.com | tcp |
| US | 35.173.74.227:995 | mx1.titan.email | tcp |
| US | 8.8.8.8:53 | gcations.com | udp |
| NL | 52.101.73.28:143 | kafrelsheikh2-moe-edu-eg.mail.protection.outlook.com | tcp |
| NL | 52.101.73.15:143 | kafrelsheikh2-moe-edu-eg.mail.protection.outlook.com | tcp |
| NL | 52.101.73.28:465 | kafrelsheikh2-moe-edu-eg.mail.protection.outlook.com | tcp |
| N/A | 127.0.0.1:52250 | tcp | |
| US | 172.67.71.187:22 | go-makkah.com | tcp |
| NL | 52.101.73.28:995 | kafrelsheikh2-moe-edu-eg.mail.protection.outlook.com | tcp |
| US | 54.152.20.103:143 | mx1.titan.email | tcp |
| US | 82.180.172.94:443 | maginagroup.com | tcp |
| US | 8.8.8.8:53 | yahootlook.com.ar | udp |
| US | 172.67.71.187:21 | go-makkah.com | tcp |
| US | 8.8.8.8:53 | fnestles.fr | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| N/A | 127.0.0.1:52257 | tcp | |
| N/A | 127.0.0.1:52261 | tcp | |
| N/A | 127.0.0.1:52264 | tcp | |
| N/A | 127.0.0.1:52268 | tcp | |
| N/A | 127.0.0.1:52272 | tcp | |
| N/A | 127.0.0.1:52279 | tcp | |
| N/A | 127.0.0.1:52286 | tcp | |
| N/A | 127.0.0.1:52289 | tcp | |
| N/A | 127.0.0.1:52291 | tcp | |
| N/A | 127.0.0.1:52293 | tcp | |
| N/A | 127.0.0.1:52296 | tcp | |
| N/A | 127.0.0.1:52298 | tcp | |
| N/A | 127.0.0.1:52304 | tcp | |
| N/A | 127.0.0.1:52311 | tcp | |
| N/A | 127.0.0.1:52316 | tcp | |
| N/A | 127.0.0.1:52323 | tcp | |
| N/A | 127.0.0.1:52325 | tcp | |
| N/A | 127.0.0.1:52330 | tcp | |
| N/A | 127.0.0.1:52335 | tcp | |
| N/A | 127.0.0.1:52356 | tcp | |
| N/A | 127.0.0.1:52365 | tcp | |
| N/A | 127.0.0.1:52369 | tcp | |
| N/A | 127.0.0.1:52373 | tcp | |
| N/A | 127.0.0.1:52372 | tcp | |
| N/A | 127.0.0.1:52379 | tcp | |
| N/A | 127.0.0.1:52383 | tcp | |
| N/A | 127.0.0.1:52385 | tcp | |
| N/A | 127.0.0.1:52387 | tcp | |
| N/A | 127.0.0.1:52391 | tcp | |
| US | 82.180.172.94:80 | maginagroup.com | tcp |
| US | 8.8.8.8:53 | kafrelsheikh2.moe.edu.eg | udp |
| NL | 52.101.73.15:465 | kafrelsheikh2-moe-edu-eg.mail.protection.outlook.com | tcp |
| US | 54.152.20.103:995 | mx1.titan.email | tcp |
| BE | 74.125.71.26:143 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | metastransformed.net | udp |
| US | 104.26.9.156:22 | go-makkah.com | tcp |
| GB | 193.200.214.101:465 | allfb.xpress.com.mx | tcp |
| US | 104.26.9.156:21 | go-makkah.com | tcp |
| US | 8.8.8.8:53 | shopfixnepal.xyz | udp |
| NL | 52.101.73.30:143 | kafrelsheikh2-moe-edu-eg.mail.protection.outlook.com | tcp |
| N/A | 127.0.0.1:52394 | tcp | |
| N/A | 127.0.0.1:52396 | tcp | |
| N/A | 127.0.0.1:52398 | tcp | |
| N/A | 127.0.0.1:52408 | tcp | |
| N/A | 127.0.0.1:52411 | tcp | |
| N/A | 127.0.0.1:52413 | tcp | |
| N/A | 127.0.0.1:52415 | tcp | |
| N/A | 127.0.0.1:52419 | tcp | |
| N/A | 127.0.0.1:52421 | tcp | |
| N/A | 127.0.0.1:52425 | tcp | |
| N/A | 127.0.0.1:52429 | tcp | |
| N/A | 127.0.0.1:52435 | tcp | |
| N/A | 127.0.0.1:52437 | tcp | |
| N/A | 127.0.0.1:52441 | tcp | |
| N/A | 127.0.0.1:52445 | tcp | |
| N/A | 127.0.0.1:52448 | tcp | |
| N/A | 127.0.0.1:52450 | tcp | |
| N/A | 127.0.0.1:52452 | tcp | |
| NL | 52.101.73.30:465 | kafrelsheikh2-moe-edu-eg.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | siol.netr | udp |
| NL | 52.101.73.26:143 | kafrelsheikh2-moe-edu-eg.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | localhost.local | udp |
| US | 8.8.8.8:53 | fnestles.fr | udp |
| NL | 52.101.73.28:143 | kafrelsheikh2-moe-edu-eg.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | riantengineers.com | udp |
| N/A | 127.0.0.1:52459 | tcp | |
| N/A | 127.0.0.1:52463 | tcp | |
| N/A | 127.0.0.1:52470 | tcp | |
| N/A | 127.0.0.1:52472 | tcp | |
| N/A | 127.0.0.1:52474 | tcp | |
| N/A | 127.0.0.1:52476 | tcp | |
| N/A | 127.0.0.1:52478 | tcp | |
| N/A | 127.0.0.1:52481 | tcp | |
| N/A | 127.0.0.1:52494 | tcp | |
| N/A | 127.0.0.1:52498 | tcp | |
| N/A | 127.0.0.1:52501 | tcp | |
| N/A | 127.0.0.1:52504 | tcp | |
| N/A | 127.0.0.1:52507 | tcp | |
| N/A | 127.0.0.1:52510 | tcp | |
| N/A | 127.0.0.1:52513 | tcp | |
| N/A | 127.0.0.1:52524 | tcp | |
| N/A | 127.0.0.1:52530 | tcp | |
| N/A | 127.0.0.1:52532 | tcp | |
| N/A | 127.0.0.1:52535 | tcp | |
| N/A | 127.0.0.1:52543 | tcp | |
| N/A | 127.0.0.1:52545 | tcp | |
| N/A | 127.0.0.1:52547 | tcp | |
| N/A | 127.0.0.1:52549 | tcp | |
| N/A | 127.0.0.1:52551 | tcp | |
| N/A | 127.0.0.1:52554 | tcp | |
| N/A | 127.0.0.1:52557 | tcp | |
| N/A | 127.0.0.1:52559 | tcp | |
| N/A | 127.0.0.1:52566 | tcp | |
| N/A | 127.0.0.1:52571 | tcp | |
| N/A | 127.0.0.1:52574 | tcp | |
| N/A | 127.0.0.1:52577 | tcp | |
| NL | 52.101.73.26:465 | kafrelsheikh2-moe-edu-eg.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | mosipov.fr | udp |
| US | 8.8.8.8:53 | gcations.com | udp |
| US | 8.8.8.8:53 | localhost.local | udp |
| US | 8.8.8.8:53 | yahootlook.com.ar | udp |
| US | 8.8.8.8:53 | riantengineers.com | udp |
| US | 8.8.8.8:53 | kafrelsheikh2.moe.edu.eg | udp |
| US | 8.8.8.8:53 | libt.com.br | udp |
| US | 8.8.8.8:53 | 156.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | localhost.local | udp |
| US | 8.8.8.8:53 | libt.com.br | udp |
| US | 8.8.8.8:53 | ba.clf.uk | udp |
| US | 8.8.8.8:53 | ftp.ba.clf.uk | udp |
| US | 8.8.8.8:53 | localhost.local | udp |
| US | 8.8.8.8:53 | gmail.cmtu.edu.vn | udp |
| US | 8.8.8.8:53 | dolmahotels.com | udp |
| US | 8.8.8.8:53 | dolmahotels.com | udp |
| US | 8.8.8.8:53 | gmail.cmtu.edu.vn | udp |
| US | 8.8.8.8:53 | theshanghairaceclub.com | udp |
| US | 8.8.8.8:53 | code.ail.com | udp |
| US | 8.8.8.8:53 | theshanghairaceclub.com | udp |
| US | 8.8.8.8:53 | code.ail.com | udp |
| US | 8.8.8.8:53 | stun.ipfire.org | udp |
| US | 8.8.8.8:53 | metastransformed.net | udp |
| US | 8.8.8.8:53 | ba-clf-uk.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | server6.localstats.org | udp |
| US | 8.8.8.8:53 | tripasysfo.com | udp |
| US | 8.8.8.8:53 | laplata.mo.us | udp |
| US | 8.8.8.8:53 | tripasysfo.com | udp |
| US | 8.8.8.8:53 | laplata.mo.us | udp |
| US | 8.8.8.8:53 | samwellg.m | udp |
| US | 8.8.8.8:53 | samwellg.m | udp |
| US | 8.8.8.8:53 | gmail.cco.uk | udp |
| US | 8.8.8.8:53 | student.zone.college | udp |
| US | 8.8.8.8:53 | gmail.cco.uk | udp |
| US | 8.8.8.8:53 | difcoinc.com | udp |
| US | 8.8.8.8:53 | student.zone.college | udp |
| US | 8.8.8.8:53 | difcoinc.com | udp |
| US | 8.8.8.8:53 | ledaudio.hr | udp |
| US | 8.8.8.8:53 | tol.fr | udp |
| US | 8.8.8.8:53 | tol.fr | udp |
| US | 8.8.8.8:53 | ledaudio.hr | udp |
| US | 8.8.8.8:53 | ftp.metastransformed.net | udp |
| US | 8.8.8.8:53 | shopfixnepal.xyz | udp |
| US | 8.8.8.8:53 | estudiodgb.com.ar | udp |
| US | 8.8.8.8:53 | sescorp.cl | udp |
| US | 8.8.8.8:53 | estudiodgb.com.ar | udp |
| US | 8.8.8.8:53 | sescorp.cl | udp |
| US | 8.8.8.8:53 | trantortechnologies.mx | udp |
| US | 8.8.8.8:53 | trantortechnologies.mx | udp |
| US | 8.8.8.8:53 | corongiugroup.com | udp |
| US | 8.8.8.8:53 | corongiugroup.com | udp |
| US | 8.8.8.8:53 | assiut1.moe.edu.eg | udp |
| US | 8.8.8.8:53 | assiut1.moe.edu.eg | udp |
| US | 8.8.8.8:53 | gruposeza.com.mx | udp |
| US | 8.8.8.8:53 | momentfotografi.dk | udp |
| US | 8.8.8.8:53 | gruposeza.com.mx | udp |
| US | 8.8.8.8:53 | momentfotografi.dk | udp |
| US | 8.8.8.8:53 | qmailers.com | udp |
| US | 8.8.8.8:53 | qmailers.com | udp |
| US | 8.8.8.8:53 | gediz.bel.tr | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| N/A | 127.0.0.1:52580 | tcp | |
| N/A | 127.0.0.1:52583 | tcp | |
| N/A | 127.0.0.1:52585 | tcp | |
| N/A | 127.0.0.1:52587 | tcp | |
| US | 104.26.8.156:80 | go-makkah.com | tcp |
| N/A | 127.0.0.1:52589 | tcp | |
| US | 82.180.172.94:80 | maginagroup.com | tcp |
| CA | 69.90.160.63:21 | gruposeza.com.mx | tcp |
| US | 8.8.8.8:53 | gediz.bel.tr | udp |
| US | 8.8.8.8:53 | fnestles.fr | udp |
| US | 8.8.8.8:53 | qmailers.com | udp |
| US | 8.8.8.8:53 | kafrelsheikh2-moe-edu-eg.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | capebyrondistillery.com | udp |
| US | 8.8.8.8:53 | metastransformed.net | udp |
| US | 8.8.8.8:53 | mosipov.fr | udp |
| US | 8.8.8.8:53 | shopfixnepal.xyz | udp |
| US | 8.8.8.8:53 | siol.netr | udp |
| US | 8.8.8.8:53 | gcations.com | udp |
| US | 8.8.8.8:53 | kafrelsheikh2.moe.edu.eg | udp |
| US | 8.8.8.8:53 | capebyrondistillery.com | udp |
| US | 8.8.8.8:53 | yahootlook.com.ar | udp |
| US | 8.8.8.8:53 | riantengineers.com | udp |
| US | 8.8.8.8:53 | libt.com.br | udp |
| US | 8.8.8.8:53 | ftp.ba.clf.uk | udp |
| US | 8.8.8.8:53 | ba.clf.uk | udp |
| US | 8.8.8.8:53 | mx2.hostinger.com | udp |
| US | 8.8.8.8:53 | gmail.cmtu.edu.vn | udp |
| US | 8.8.8.8:53 | ALT2.ASPMX.L.GOOGLE.com | udp |
| US | 8.8.8.8:53 | code.ail.com | udp |
| US | 8.8.8.8:53 | ba-clf-uk.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mx1.hostinger.co.id | udp |
| US | 8.8.8.8:53 | laplata.mo.us | udp |
| US | 8.8.8.8:53 | samwellg.m | udp |
| US | 8.8.8.8:53 | uemaedu.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | 63.160.90.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | student.zone.college | udp |
| US | 147.182.128.74:80 | ferieli.com | tcp |
| US | 104.26.8.156:443 | go-makkah.com | tcp |
| N/A | 127.0.0.1:52602 | tcp | |
| N/A | 127.0.0.1:52605 | tcp | |
| DE | 81.3.27.44:3478 | stun.ipfire.org | udp |
| US | 8.8.8.8:53 | gmail.cmtu.edu.vn | udp |
| BG | 185.82.216.111:443 | server6.localstats.org | tcp |
| BG | 185.82.216.111:443 | server6.localstats.org | tcp |
| US | 217.196.54.100:80 | dolmahotels.com | tcp |
| US | 8.8.8.8:53 | code.ail.com | udp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| JP | 106.187.43.213:80 | theshanghairaceclub.com | tcp |
| N/A | 127.0.0.1:52609 | tcp | |
| N/A | 127.0.0.1:52614 | tcp | |
| N/A | 127.0.0.1:52618 | tcp | |
| N/A | 127.0.0.1:52634 | tcp | |
| N/A | 127.0.0.1:52635 | tcp | |
| N/A | 127.0.0.1:52639 | tcp | |
| US | 8.8.8.8:53 | laplata.mo.us | udp |
| SG | 185.232.14.24:80 | tripasysfo.com | tcp |
| US | 8.8.8.8:53 | samwellg.m | udp |
| US | 8.8.8.8:53 | uemaedu.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | nordestcred.com | udp |
| US | 8.8.8.8:53 | gmail.cco.uk | udp |
| US | 8.8.8.8:53 | student-zone-college.mail.protection.outlook.com | udp |
| N/A | 127.0.0.1:52645 | tcp | |
| N/A | 127.0.0.1:52654 | tcp | |
| N/A | 127.0.0.1:52657 | tcp | |
| N/A | 127.0.0.1:52663 | tcp | |
| N/A | 127.0.0.1:52667 | tcp | |
| N/A | 127.0.0.1:52670 | tcp | |
| N/A | 127.0.0.1:52674 | tcp | |
| N/A | 127.0.0.1:52677 | tcp | |
| N/A | 127.0.0.1:52680 | tcp | |
| N/A | 127.0.0.1:52685 | tcp | |
| N/A | 127.0.0.1:52688 | tcp | |
| N/A | 127.0.0.1:52692 | tcp | |
| N/A | 127.0.0.1:52694 | tcp | |
| N/A | 127.0.0.1:52696 | tcp | |
| N/A | 127.0.0.1:52699 | tcp | |
| N/A | 127.0.0.1:52701 | tcp | |
| N/A | 127.0.0.1:52707 | tcp | |
| N/A | 127.0.0.1:52710 | tcp | |
| N/A | 127.0.0.1:52714 | tcp | |
| N/A | 127.0.0.1:52726 | tcp | |
| N/A | 127.0.0.1:52730 | tcp | |
| N/A | 127.0.0.1:52736 | tcp | |
| N/A | 127.0.0.1:52740 | tcp | |
| N/A | 127.0.0.1:52744 | tcp | |
| N/A | 127.0.0.1:52746 | tcp | |
| N/A | 127.0.0.1:52751 | tcp | |
| US | 8.8.8.8:53 | fnestles.fr | udp |
| US | 8.8.8.8:53 | kafrelsheikh2.moe.edu.eg | udp |
| US | 8.8.8.8:53 | student.zone.college | udp |
| N/A | 127.0.0.1:52756 | tcp | |
| N/A | 127.0.0.1:52759 | tcp | |
| N/A | 127.0.0.1:52762 | tcp | |
| N/A | 127.0.0.1:52770 | tcp | |
| N/A | 127.0.0.1:52774 | tcp | |
| N/A | 127.0.0.1:52781 | tcp | |
| N/A | 127.0.0.1:52784 | tcp | |
| N/A | 127.0.0.1:52789 | tcp | |
| N/A | 127.0.0.1:52791 | tcp | |
| N/A | 127.0.0.1:52798 | tcp | |
| N/A | 127.0.0.1:52802 | tcp | |
| US | 8.8.8.8:53 | metastransformed.net | udp |
| US | 8.8.8.8:53 | gcations.com | udp |
| US | 8.8.8.8:53 | ftp.gcations.com | udp |
| US | 8.8.8.8:53 | siol.netr | udp |
| US | 8.8.8.8:53 | yahootlook.com.ar | udp |
| US | 8.8.8.8:53 | riantengineers.com | udp |
| US | 8.8.8.8:53 | mx195.mb5p.com | udp |
| US | 8.8.8.8:53 | qmailers.com | udp |
| US | 8.8.8.8:53 | localhost.local | udp |
| US | 8.8.8.8:53 | assiut1.moe.edu.eg | udp |
| US | 8.8.8.8:53 | mx.corongiugroup.com | udp |
| US | 8.8.8.8:53 | ftp.metastransformed.net | udp |
| US | 8.8.8.8:53 | trantortechnologies-mx.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | momentfotografi.dk | udp |
| US | 8.8.8.8:53 | assiut1-moe-edu-eg.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | estudiodgb.com.ar | udp |
| US | 8.8.8.8:53 | shopfixnepal.xyz | udp |
| US | 8.8.8.8:53 | difcoinc-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mx.turktelekomeposta.com | udp |
| US | 8.8.8.8:53 | ns2.couderc.eu | udp |
| US | 8.8.8.8:53 | libt.com.br | udp |
| US | 8.8.8.8:53 | gmail.cmtu.edu.vn | udp |
| US | 8.8.8.8:53 | code.ail.com | udp |
| US | 8.8.8.8:53 | laplata.mo.us | udp |
| US | 8.8.8.8:53 | samwellg.m | udp |
| US | 8.8.8.8:53 | uemaedu.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | nordestcred.com | udp |
| US | 8.8.8.8:53 | semonir.com | udp |
| US | 8.8.8.8:53 | gmail.cco.uk | udp |
| US | 8.8.8.8:53 | semonir.com | udp |
| US | 8.8.8.8:53 | truthandco.co | udp |
| US | 8.8.8.8:53 | truthandco.co | udp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | localhost.local | udp |
| US | 8.8.8.8:53 | localhost.local | udp |
| US | 8.8.8.8:53 | kafrelsheikh2-moe-edu-eg.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.metastransformed.net | udp |
| US | 8.8.8.8:53 | ba-clf-uk.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | uemaedu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | localhost.local | udp |
| US | 8.8.8.8:53 | ssh.ba.clf.uk | udp |
| US | 8.8.8.8:53 | ba.clf.uk | udp |
| US | 8.8.8.8:53 | ftp.ba.clf.uk | udp |
| US | 8.8.8.8:53 | fnestles.fr | udp |
| US | 8.8.8.8:53 | mosipov.fr | udp |
| US | 8.8.8.8:53 | ftp.mosipov.fr | udp |
| US | 8.8.8.8:53 | ftp.siol.netr | udp |
| US | 8.8.8.8:53 | kafrelsheikh2.moe.edu.eg | udp |
| N/A | 127.0.0.1:52808 | tcp | |
| US | 8.8.8.8:53 | shopfixnepal.xyz | udp |
| N/A | 127.0.0.1:52811 | tcp | |
| N/A | 127.0.0.1:52816 | tcp | |
| US | 82.180.172.94:443 | maginagroup.com | tcp |
| US | 170.10.160.123:80 | sescorp.cl | tcp |
| CA | 69.90.160.63:80 | gruposeza.com.mx | tcp |
| DE | 142.132.206.33:80 | ledaudio.hr | tcp |
| IT | 31.11.36.22:80 | corongiugroup.com | tcp |
| US | 107.180.51.26:80 | trantortechnologies.mx | tcp |
| US | 23.236.62.147:80 | difcoinc.com | tcp |
| FR | 82.96.133.177:80 | tol.fr | tcp |
| TR | 89.252.181.131:80 | gediz.bel.tr | tcp |
| US | 8.8.8.8:53 | yahootlook.com.ar | udp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | semonir.com | udp |
| US | 8.8.8.8:53 | gmlearning.com | udp |
| US | 8.8.8.8:53 | libt.com.br | udp |
| US | 8.8.8.8:53 | uemaedu.onmicrosoft.com | udp |
| US | 82.180.172.94:80 | maginagroup.com | tcp |
| CA | 69.90.160.63:80 | gruposeza.com.mx | tcp |
| N/A | 127.0.0.1:52820 | tcp | |
| N/A | 127.0.0.1:52824 | tcp | |
| N/A | 127.0.0.1:52827 | tcp | |
| N/A | 127.0.0.1:52830 | tcp | |
| US | 8.8.8.8:53 | student.zone.college | udp |
| US | 82.180.172.94:443 | maginagroup.com | tcp |
| US | 192.124.249.60:80 | capebyrondistillery.com | tcp |
| N/A | 127.0.0.1:52834 | tcp | |
| N/A | 127.0.0.1:52837 | tcp | |
| N/A | 127.0.0.1:52840 | tcp | |
| N/A | 127.0.0.1:52843 | tcp | |
| N/A | 127.0.0.1:52848 | tcp | |
| N/A | 127.0.0.1:52852 | tcp | |
| N/A | 127.0.0.1:52857 | tcp | |
| N/A | 127.0.0.1:52860 | tcp | |
| N/A | 127.0.0.1:52864 | tcp | |
| N/A | 127.0.0.1:52871 | tcp | |
| N/A | 127.0.0.1:52876 | tcp | |
| US | 8.8.8.8:53 | uemaedu.mail.protection.outlook.com | udp |
| JP | 106.187.43.213:80 | theshanghairaceclub.com | tcp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | kdt.co.th | udp |
| N/A | 127.0.0.1:52880 | tcp | |
| N/A | 127.0.0.1:52886 | tcp | |
| N/A | 127.0.0.1:52890 | tcp | |
| N/A | 127.0.0.1:52892 | tcp | |
| N/A | 127.0.0.1:52896 | tcp | |
| N/A | 127.0.0.1:52900 | tcp | |
| N/A | 127.0.0.1:52903 | tcp | |
| N/A | 127.0.0.1:52907 | tcp | |
| N/A | 127.0.0.1:52912 | tcp | |
| US | 8.8.8.8:53 | ethinking.com | udp |
| US | 8.8.8.8:53 | 44.27.3.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kdt.co.th | udp |
| US | 8.8.8.8:53 | ethinking.com | udp |
| US | 8.8.8.8:53 | gravesendgrammar.com | udp |
| US | 8.8.8.8:53 | gravesendgrammar.com | udp |
| US | 8.8.8.8:53 | gmail.cmtu.edu.vn | udp |
| US | 8.8.8.8:53 | googcel.c.com | udp |
| US | 8.8.8.8:53 | aaisi.com.ph | udp |
| US | 8.8.8.8:53 | aaisi.com.ph | udp |
| US | 8.8.8.8:53 | episousse.com.tn | udp |
| US | 8.8.8.8:53 | 111.216.82.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.54.196.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | code.ail.com | udp |
| US | 8.8.8.8:53 | episousse.com.tn | udp |
| US | 8.8.8.8:53 | serpremiumx.com | udp |
| US | 8.8.8.8:53 | isiconline.org | udp |
| US | 8.8.8.8:53 | isiconline.org | udp |
| US | 8.8.8.8:53 | osfte.com | udp |
| US | 8.8.8.8:53 | laplata.mo.us | udp |
| US | 8.8.8.8:53 | osfte.com | udp |
| US | 8.8.8.8:53 | rumrivercontracting.com | udp |
| US | 8.8.8.8:53 | 24.14.232.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rumrivercontracting.com | udp |
| US | 8.8.8.8:53 | yaedu.br | udp |
| US | 8.8.8.8:53 | yaedu.br | udp |
| US | 8.8.8.8:53 | samwellg.m | udp |
| US | 8.8.8.8:53 | gmail.cac.on.ca | udp |
| US | 8.8.8.8:53 | gmail.cac.on.ca | udp |
| US | 8.8.8.8:53 | sharma.com.np | udp |
| US | 8.8.8.8:53 | nordestcred.com | udp |
| US | 217.196.54.100:443 | dolmahotels.com | tcp |
| US | 104.26.8.156:80 | go-makkah.com | tcp |
| SG | 185.232.14.24:443 | tripasysfo.com | tcp |
| US | 8.8.8.8:53 | sharma.com.np | udp |
| US | 8.8.8.8:53 | outlgmail.com | udp |
| US | 8.8.8.8:53 | uemaedu.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | gmail.cco.uk | udp |
| US | 8.8.8.8:53 | outlgmail.com | udp |
| US | 8.8.8.8:53 | showbaz.com | udp |
| US | 8.8.8.8:53 | showbaz.com | udp |
| US | 8.8.8.8:53 | creepy-corp.eu | udp |
| US | 8.8.8.8:53 | student-zone-college.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | creepy-corp.eu | udp |
| US | 8.8.8.8:53 | fnestles.fr | udp |
| US | 8.8.8.8:53 | evodok.com | udp |
| US | 8.8.8.8:53 | evodok.com | udp |
| US | 8.8.8.8:53 | gbcs.org | udp |
| US | 8.8.8.8:53 | kafrelsheikh2.moe.edu.eg | udp |
| US | 8.8.8.8:53 | gbcs.org | udp |
| US | 8.8.8.8:53 | jetmail.cc | udp |
| US | 8.8.8.8:53 | ftp.kafrelsheikh2.moe.edu.eg | udp |
| US | 8.8.8.8:53 | jetmail.cc | udp |
| US | 8.8.8.8:53 | ecoglobalmfg.com | udp |
| US | 8.8.8.8:53 | ecoglobalmfg.com | udp |
| US | 8.8.8.8:53 | gmaiutlook.com | udp |
| US | 8.8.8.8:53 | student.zone.college | udp |
| US | 8.8.8.8:53 | gmaiutlook.com | udp |
| US | 8.8.8.8:53 | mx1.titan.email | udp |
| US | 8.8.8.8:53 | audi.ge | udp |
| US | 8.8.8.8:53 | creatingencores.co | udp |
| US | 8.8.8.8:53 | audi.ge | udp |
| US | 8.8.8.8:53 | creatingencores.co | udp |
| US | 8.8.8.8:53 | twebpages.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | twebpages.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | red.casa | udp |
| US | 8.8.8.8:53 | red.casa | udp |
| US | 8.8.8.8:53 | siol.netr | udp |
| US | 8.8.8.8:53 | yahootlook.com.ar | udp |
| US | 8.8.8.8:53 | riantengineers.com | udp |
| US | 8.8.8.8:53 | qmailers.com | udp |
| US | 8.8.8.8:53 | assiut1.moe.edu.eg | udp |
| US | 8.8.8.8:53 | ftp.metastransformed.net | udp |
| US | 8.8.8.8:53 | trantortechnologies-mx.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | momentfotografi.dk | udp |
| US | 8.8.8.8:53 | assiut1-moe-edu-eg.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | shopfixnepal.xyz | udp |
| US | 8.8.8.8:53 | gmail.cmtu.edu.vn | udp |
| US | 8.8.8.8:53 | laplata.mo.us | udp |
| US | 8.8.8.8:53 | samwellg.m | udp |
| US | 8.8.8.8:53 | code.ail.com | udp |
| US | 8.8.8.8:53 | libt.com.br | udp |
| US | 8.8.8.8:53 | www.corongiugroup.com | udp |
| US | 8.8.8.8:53 | 33.206.132.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.160.10.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.36.11.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.181.252.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.133.96.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.62.236.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.guenyven.com | udp |
| US | 8.8.8.8:53 | semonir.com | udp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | ftp.ferieli.com | udp |
| US | 8.8.8.8:53 | kafrelsheikh2-moe-edu-eg.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ba-clf-uk.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ba.clf.uk | udp |
| US | 8.8.8.8:53 | mail.metastransformed.net | udp |
| US | 8.8.8.8:53 | ssh.ba.clf.uk | udp |
| US | 8.8.8.8:53 | ftp.ba.clf.uk | udp |
| US | 8.8.8.8:53 | mosipov.fr | udp |
| US | 8.8.8.8:53 | ftp.mosipov.fr | udp |
| US | 8.8.8.8:53 | mail.mosipov.fr | udp |
| US | 8.8.8.8:53 | ssh.metastransformed.net | udp |
| US | 8.8.8.8:53 | metastransformed.net | udp |
| US | 8.8.8.8:53 | ftp.siol.netr | udp |
| US | 8.8.8.8:53 | mail.siol.netr | udp |
| US | 8.8.8.8:53 | elevatemedicalresources.com | udp |
| US | 8.8.8.8:53 | efundasa.c | udp |
| US | 8.8.8.8:53 | elevatemedicalresources.com | udp |
| N/A | 127.0.0.1:52922 | tcp | |
| US | 217.196.54.100:80 | dolmahotels.com | tcp |
| SG | 185.232.14.24:80 | tripasysfo.com | tcp |
| US | 8.8.8.8:53 | gcations.com | udp |
| US | 217.196.54.100:443 | dolmahotels.com | tcp |
| US | 107.180.51.26:80 | trantortechnologies.mx | tcp |
| N/A | 127.0.0.1:52924 | tcp | |
| FR | 82.96.133.177:443 | www.guenyven.com | tcp |
| TR | 89.252.181.131:443 | gediz.bel.tr | tcp |
| N/A | 127.0.0.1:52926 | tcp | |
| N/A | 127.0.0.1:52929 | tcp | |
| N/A | 127.0.0.1:52935 | tcp | |
| N/A | 127.0.0.1:52937 | tcp | |
| N/A | 127.0.0.1:52941 | tcp | |
| N/A | 127.0.0.1:52944 | tcp | |
| N/A | 127.0.0.1:52948 | tcp | |
| N/A | 127.0.0.1:52951 | tcp | |
| N/A | 127.0.0.1:52955 | tcp | |
| N/A | 127.0.0.1:52962 | tcp | |
| N/A | 127.0.0.1:52966 | tcp | |
| N/A | 127.0.0.1:52968 | tcp | |
| N/A | 127.0.0.1:52973 | tcp | |
| N/A | 127.0.0.1:52975 | tcp | |
| N/A | 127.0.0.1:52984 | tcp | |
| N/A | 127.0.0.1:52988 | tcp | |
| N/A | 127.0.0.1:52992 | tcp | |
| N/A | 127.0.0.1:52996 | tcp | |
| N/A | 127.0.0.1:53000 | tcp | |
| N/A | 127.0.0.1:53005 | tcp | |
| N/A | 127.0.0.1:53011 | tcp | |
| N/A | 127.0.0.1:53017 | tcp | |
| N/A | 127.0.0.1:53020 | tcp | |
| N/A | 127.0.0.1:53022 | tcp | |
| N/A | 127.0.0.1:53029 | tcp | |
| N/A | 127.0.0.1:53033 | tcp | |
| N/A | 127.0.0.1:53036 | tcp | |
| N/A | 127.0.0.1:53039 | tcp | |
| N/A | 127.0.0.1:53043 | tcp | |
| N/A | 127.0.0.1:53051 | tcp | |
| N/A | 127.0.0.1:53054 | tcp | |
| N/A | 127.0.0.1:53057 | tcp | |
| US | 8.8.8.8:53 | mail.gcations.com | udp |
| N/A | 127.0.0.1:53061 | tcp | |
| N/A | 127.0.0.1:34556 | tcp | |
| N/A | 127.0.0.1:53066 | tcp | |
| N/A | 127.0.0.1:53070 | tcp | |
| N/A | 127.0.0.1:53072 | tcp | |
| N/A | 127.0.0.1:53079 | tcp | |
| N/A | 127.0.0.1:53098 | tcp | |
| N/A | 127.0.0.1:53102 | tcp | |
| US | 8.8.8.8:53 | gcations.com | udp |
| US | 8.8.8.8:53 | ftp.gcations.com | udp |
| US | 8.8.8.8:53 | www.sescorp.cl | udp |
| US | 8.8.8.8:53 | www.difcoinc.com | udp |
| US | 8.8.8.8:53 | qmailers.com | udp |
| US | 8.8.8.8:53 | momentfotografi.dk | udp |
| N/A | 127.0.0.1:53180 | tcp | |
| N/A | 127.0.0.1:53182 | tcp | |
| N/A | 127.0.0.1:53185 | tcp | |
| N/A | 127.0.0.1:53187 | tcp | |
| N/A | 127.0.0.1:53190 | tcp | |
| N/A | 127.0.0.1:53192 | tcp | |
| N/A | 127.0.0.1:53194 | tcp | |
| N/A | 127.0.0.1:53196 | tcp | |
| N/A | 127.0.0.1:53198 | tcp | |
| N/A | 127.0.0.1:53200 | tcp | |
| N/A | 127.0.0.1:53202 | tcp | |
| N/A | 127.0.0.1:53204 | tcp | |
| N/A | 127.0.0.1:53206 | tcp | |
| N/A | 127.0.0.1:53208 | tcp | |
| N/A | 127.0.0.1:53210 | tcp | |
| N/A | 127.0.0.1:53212 | tcp | |
| N/A | 127.0.0.1:53214 | tcp | |
| N/A | 127.0.0.1:53216 | tcp | |
| N/A | 127.0.0.1:53218 | tcp | |
| N/A | 127.0.0.1:53222 | tcp | |
| N/A | 127.0.0.1:53224 | tcp | |
| N/A | 127.0.0.1:53226 | tcp | |
| N/A | 127.0.0.1:53228 | tcp | |
| N/A | 127.0.0.1:53231 | tcp | |
| N/A | 127.0.0.1:53234 | tcp | |
| N/A | 127.0.0.1:53236 | tcp | |
| N/A | 127.0.0.1:53238 | tcp | |
| N/A | 127.0.0.1:53240 | tcp | |
| N/A | 127.0.0.1:53242 | tcp | |
| N/A | 127.0.0.1:53244 | tcp | |
| N/A | 127.0.0.1:53246 | tcp | |
| N/A | 127.0.0.1:53248 | tcp | |
| N/A | 127.0.0.1:53250 | tcp | |
| N/A | 127.0.0.1:53252 | tcp | |
| N/A | 127.0.0.1:53254 | tcp | |
| N/A | 127.0.0.1:53256 | tcp | |
| N/A | 127.0.0.1:53258 | tcp | |
| N/A | 127.0.0.1:53260 | tcp | |
| N/A | 127.0.0.1:53262 | tcp | |
| N/A | 127.0.0.1:53264 | tcp | |
| N/A | 127.0.0.1:53266 | tcp | |
| N/A | 127.0.0.1:53268 | tcp | |
| N/A | 127.0.0.1:53270 | tcp | |
| N/A | 127.0.0.1:53272 | tcp | |
| N/A | 127.0.0.1:53274 | tcp | |
| N/A | 127.0.0.1:53276 | tcp | |
| N/A | 127.0.0.1:53278 | tcp | |
| N/A | 127.0.0.1:53280 | tcp | |
| N/A | 127.0.0.1:53282 | tcp | |
| N/A | 127.0.0.1:53286 | tcp | |
| N/A | 127.0.0.1:53288 | tcp | |
| N/A | 127.0.0.1:53290 | tcp | |
| N/A | 127.0.0.1:53292 | tcp | |
| N/A | 127.0.0.1:53294 | tcp | |
| N/A | 127.0.0.1:53297 | tcp | |
| N/A | 127.0.0.1:53299 | tcp | |
| N/A | 127.0.0.1:53301 | tcp | |
| N/A | 127.0.0.1:53304 | tcp | |
| N/A | 127.0.0.1:53306 | tcp | |
| N/A | 127.0.0.1:53308 | tcp | |
| N/A | 127.0.0.1:53310 | tcp | |
| N/A | 127.0.0.1:53312 | tcp | |
| N/A | 127.0.0.1:53314 | tcp | |
| N/A | 127.0.0.1:53316 | tcp | |
| N/A | 127.0.0.1:53318 | tcp | |
| N/A | 127.0.0.1:53320 | tcp | |
| N/A | 127.0.0.1:53322 | tcp | |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 170.10.160.123:80 | www.sescorp.cl | tcp |
| US | 8.8.8.8:53 | mx.mail-data.net | udp |
| US | 8.8.8.8:53 | difcoinc-com.mail.protection.outlook.com | udp |
| N/A | 127.0.0.1:53324 | tcp | |
| N/A | 127.0.0.1:53326 | tcp | |
| N/A | 127.0.0.1:53328 | tcp | |
| N/A | 127.0.0.1:53330 | tcp | |
| N/A | 127.0.0.1:53332 | tcp | |
| N/A | 127.0.0.1:53334 | tcp | |
| N/A | 127.0.0.1:53336 | tcp | |
| N/A | 127.0.0.1:53338 | tcp | |
| N/A | 127.0.0.1:53340 | tcp | |
| N/A | 127.0.0.1:53344 | tcp | |
| N/A | 127.0.0.1:53346 | tcp | |
| N/A | 127.0.0.1:53348 | tcp | |
| N/A | 127.0.0.1:53350 | tcp | |
| N/A | 127.0.0.1:53352 | tcp | |
| N/A | 127.0.0.1:53354 | tcp | |
| N/A | 127.0.0.1:53356 | tcp | |
| N/A | 127.0.0.1:53358 | tcp | |
| N/A | 127.0.0.1:53361 | tcp | |
| N/A | 127.0.0.1:53363 | tcp | |
| N/A | 127.0.0.1:53367 | tcp | |
| N/A | 127.0.0.1:53369 | tcp | |
| N/A | 127.0.0.1:53371 | tcp | |
| N/A | 127.0.0.1:53373 | tcp | |
| N/A | 127.0.0.1:53402 | tcp | |
| N/A | 127.0.0.1:53449 | tcp | |
| N/A | 127.0.0.1:53476 | tcp | |
| N/A | 127.0.0.1:53481 | tcp | |
| N/A | 127.0.0.1:53485 | tcp | |
| N/A | 127.0.0.1:53508 | tcp | |
| US | 8.8.8.8:53 | efundasa.c | udp |
| US | 8.8.8.8:53 | youngwomenscollegeprep.org | udp |
| US | 8.8.8.8:53 | estudiodgb.com.ar | udp |
| US | 8.8.8.8:53 | localhost.local | udp |
| N/A | 127.0.0.1:53512 | tcp | |
| N/A | 127.0.0.1:53520 | tcp | |
| N/A | 127.0.0.1:53524 | tcp | |
| N/A | 127.0.0.1:53530 | tcp | |
| N/A | 127.0.0.1:53533 | tcp | |
| N/A | 127.0.0.1:53552 | tcp | |
| N/A | 127.0.0.1:53555 | tcp | |
| N/A | 127.0.0.1:53558 | tcp | |
| N/A | 127.0.0.1:53560 | tcp | |
| N/A | 127.0.0.1:53572 | tcp | |
| N/A | 127.0.0.1:53575 | tcp | |
| N/A | 127.0.0.1:53578 | tcp | |
| N/A | 127.0.0.1:53586 | tcp | |
| N/A | 127.0.0.1:53589 | tcp | |
| N/A | 127.0.0.1:53592 | tcp | |
| N/A | 127.0.0.1:53600 | tcp | |
| N/A | 127.0.0.1:53602 | tcp | |
| N/A | 127.0.0.1:53604 | tcp | |
| N/A | 127.0.0.1:53606 | tcp | |
| N/A | 127.0.0.1:53608 | tcp | |
| N/A | 127.0.0.1:53610 | tcp | |
| N/A | 127.0.0.1:53612 | tcp | |
| N/A | 127.0.0.1:53614 | tcp | |
| N/A | 127.0.0.1:53616 | tcp | |
| N/A | 127.0.0.1:53618 | tcp | |
| N/A | 127.0.0.1:53620 | tcp | |
| N/A | 127.0.0.1:53622 | tcp | |
| N/A | 127.0.0.1:53624 | tcp | |
| N/A | 127.0.0.1:53626 | tcp | |
| N/A | 127.0.0.1:53628 | tcp | |
| N/A | 127.0.0.1:53629 | tcp | |
| N/A | 127.0.0.1:53632 | tcp | |
| N/A | 127.0.0.1:53634 | tcp | |
| N/A | 127.0.0.1:53636 | tcp | |
| N/A | 127.0.0.1:53638 | tcp | |
| N/A | 127.0.0.1:53640 | tcp | |
| N/A | 127.0.0.1:53642 | tcp | |
| N/A | 127.0.0.1:53644 | tcp | |
| N/A | 127.0.0.1:53647 | tcp | |
| N/A | 127.0.0.1:53650 | tcp | |
| N/A | 127.0.0.1:53653 | tcp | |
| N/A | 127.0.0.1:53656 | tcp | |
| N/A | 127.0.0.1:53658 | tcp | |
| N/A | 127.0.0.1:53660 | tcp | |
| N/A | 127.0.0.1:53662 | tcp | |
| N/A | 127.0.0.1:53664 | tcp | |
| N/A | 127.0.0.1:53667 | tcp | |
| N/A | 127.0.0.1:53670 | tcp | |
| N/A | 127.0.0.1:53672 | tcp | |
| N/A | 127.0.0.1:53674 | tcp | |
| N/A | 127.0.0.1:53676 | tcp | |
| N/A | 127.0.0.1:53678 | tcp | |
| N/A | 127.0.0.1:53680 | tcp | |
| N/A | 127.0.0.1:53682 | tcp | |
| N/A | 127.0.0.1:53684 | tcp | |
| N/A | 127.0.0.1:53686 | tcp | |
| N/A | 127.0.0.1:53688 | tcp | |
| N/A | 127.0.0.1:53690 | tcp | |
| N/A | 127.0.0.1:53693 | tcp | |
| N/A | 127.0.0.1:53695 | tcp | |
| N/A | 127.0.0.1:53697 | tcp | |
| N/A | 127.0.0.1:53699 | tcp | |
| N/A | 127.0.0.1:53701 | tcp | |
| N/A | 127.0.0.1:53703 | tcp | |
| N/A | 127.0.0.1:53705 | tcp | |
| CA | 69.90.160.63:80 | gruposeza.com.mx | tcp |
| US | 8.8.8.8:53 | 60.249.124.192.in-addr.arpa | udp |
| CA | 69.90.160.63:80 | gruposeza.com.mx | tcp |
| US | 147.182.128.74:80 | ftp.ferieli.com | tcp |
| US | 8.8.8.8:53 | uemaedu.mail.protection.outlook.com | udp |
| N/A | 127.0.0.1:53708 | tcp | |
| N/A | 127.0.0.1:53710 | tcp | |
| N/A | 127.0.0.1:53712 | tcp | |
| N/A | 127.0.0.1:53714 | tcp | |
| N/A | 127.0.0.1:53717 | tcp | |
| N/A | 127.0.0.1:53720 | tcp | |
| N/A | 127.0.0.1:53722 | tcp | |
| N/A | 127.0.0.1:53724 | tcp | |
| N/A | 127.0.0.1:53726 | tcp | |
| N/A | 127.0.0.1:53729 | tcp | |
| N/A | 127.0.0.1:53731 | tcp | |
| N/A | 127.0.0.1:53733 | tcp | |
| N/A | 127.0.0.1:53735 | tcp | |
| N/A | 127.0.0.1:53737 | tcp | |
| N/A | 127.0.0.1:53739 | tcp | |
| N/A | 127.0.0.1:53741 | tcp | |
| N/A | 127.0.0.1:53743 | tcp | |
| N/A | 127.0.0.1:53747 | tcp | |
| N/A | 127.0.0.1:53751 | tcp | |
| N/A | 127.0.0.1:53754 | tcp | |
| N/A | 127.0.0.1:53757 | tcp | |
| US | 8.8.8.8:53 | yahootlook.com.ar | udp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | semonir.com | udp |
| N/A | 127.0.0.1:53761 | tcp | |
| N/A | 127.0.0.1:53764 | tcp | |
| N/A | 127.0.0.1:53767 | tcp | |
| N/A | 127.0.0.1:53770 | tcp | |
| N/A | 127.0.0.1:53774 | tcp | |
| N/A | 127.0.0.1:53778 | tcp | |
| N/A | 127.0.0.1:53782 | tcp | |
| N/A | 127.0.0.1:53786 | tcp | |
| N/A | 127.0.0.1:53790 | tcp | |
| N/A | 127.0.0.1:53793 | tcp | |
| N/A | 127.0.0.1:53800 | tcp | |
| N/A | 127.0.0.1:53803 | tcp | |
| N/A | 127.0.0.1:53805 | tcp | |
| N/A | 127.0.0.1:53807 | tcp | |
| N/A | 127.0.0.1:53810 | tcp | |
| N/A | 127.0.0.1:53813 | tcp | |
| N/A | 127.0.0.1:53816 | tcp | |
| N/A | 127.0.0.1:53822 | tcp | |
| N/A | 127.0.0.1:53845 | tcp | |
| N/A | 127.0.0.1:53851 | tcp | |
| N/A | 127.0.0.1:53855 | tcp | |
| N/A | 127.0.0.1:53859 | tcp | |
| N/A | 127.0.0.1:53861 | tcp | |
| N/A | 127.0.0.1:53864 | tcp | |
| N/A | 127.0.0.1:53878 | tcp | |
| N/A | 127.0.0.1:53882 | tcp | |
| N/A | 127.0.0.1:53893 | tcp | |
| N/A | 127.0.0.1:53897 | tcp | |
| N/A | 127.0.0.1:53902 | tcp | |
| N/A | 127.0.0.1:53906 | tcp | |
| N/A | 127.0.0.1:53908 | tcp | |
| N/A | 127.0.0.1:53912 | tcp | |
| N/A | 127.0.0.1:53917 | tcp | |
| N/A | 127.0.0.1:53921 | tcp | |
| N/A | 127.0.0.1:53928 | tcp | |
| N/A | 127.0.0.1:53933 | tcp | |
| N/A | 127.0.0.1:53936 | tcp | |
| N/A | 127.0.0.1:53939 | tcp | |
| N/A | 127.0.0.1:53943 | tcp | |
| N/A | 127.0.0.1:53949 | tcp | |
| N/A | 127.0.0.1:53959 | tcp | |
| N/A | 127.0.0.1:53962 | tcp | |
| N/A | 127.0.0.1:53966 | tcp | |
| N/A | 127.0.0.1:53971 | tcp | |
| N/A | 127.0.0.1:53974 | tcp | |
| N/A | 127.0.0.1:53979 | tcp | |
| N/A | 127.0.0.1:53982 | tcp | |
| N/A | 127.0.0.1:53985 | tcp | |
| US | 8.8.8.8:53 | custmx.cscdns.net | udp |
| US | 8.8.8.8:53 | libt.com.br | udp |
| N/A | 127.0.0.1:53991 | tcp | |
| N/A | 127.0.0.1:53996 | tcp | |
| N/A | 127.0.0.1:53998 | tcp | |
| N/A | 127.0.0.1:54002 | tcp | |
| N/A | 127.0.0.1:54005 | tcp | |
| N/A | 127.0.0.1:54008 | tcp | |
| N/A | 127.0.0.1:54014 | tcp | |
| N/A | 127.0.0.1:54017 | tcp | |
| N/A | 127.0.0.1:54021 | tcp | |
| N/A | 127.0.0.1:54123 | tcp | |
| N/A | 127.0.0.1:54127 | tcp | |
| N/A | 127.0.0.1:54131 | tcp | |
| N/A | 127.0.0.1:54133 | tcp | |
| US | 8.8.8.8:53 | youngwomenscollegeprep.org | udp |
| US | 8.8.8.8:53 | efundasa.c | udp |
| US | 8.8.8.8:53 | localhost.local | udp |
| US | 147.182.128.74:80 | ftp.ferieli.com | tcp |
| US | 8.8.8.8:53 | ftp.shopfixnepal.xyz | udp |
| N/A | 127.0.0.1:54139 | tcp | |
| N/A | 127.0.0.1:54143 | tcp | |
| N/A | 127.0.0.1:54147 | tcp | |
| N/A | 127.0.0.1:54154 | tcp | |
| N/A | 127.0.0.1:54160 | tcp | |
| N/A | 127.0.0.1:54169 | tcp | |
| N/A | 127.0.0.1:54171 | tcp | |
| N/A | 127.0.0.1:54173 | tcp | |
| N/A | 127.0.0.1:54175 | tcp | |
| N/A | 127.0.0.1:54177 | tcp | |
| N/A | 127.0.0.1:54179 | tcp | |
| N/A | 127.0.0.1:54182 | tcp | |
| N/A | 127.0.0.1:54184 | tcp | |
| N/A | 127.0.0.1:54186 | tcp | |
| N/A | 127.0.0.1:54188 | tcp | |
| N/A | 127.0.0.1:54190 | tcp | |
| N/A | 127.0.0.1:54192 | tcp | |
| N/A | 127.0.0.1:54194 | tcp | |
| N/A | 127.0.0.1:54196 | tcp | |
| N/A | 127.0.0.1:54198 | tcp | |
| N/A | 127.0.0.1:54200 | tcp | |
| N/A | 127.0.0.1:54202 | tcp | |
| N/A | 127.0.0.1:54204 | tcp | |
| N/A | 127.0.0.1:54206 | tcp | |
| N/A | 127.0.0.1:54208 | tcp | |
| N/A | 127.0.0.1:54210 | tcp | |
| N/A | 127.0.0.1:54212 | tcp | |
| N/A | 127.0.0.1:54214 | tcp | |
| N/A | 127.0.0.1:54216 | tcp | |
| N/A | 127.0.0.1:54223 | tcp | |
| N/A | 127.0.0.1:54226 | tcp | |
| N/A | 127.0.0.1:54228 | tcp | |
| N/A | 127.0.0.1:54230 | tcp | |
| N/A | 127.0.0.1:54232 | tcp | |
| N/A | 127.0.0.1:54234 | tcp | |
| N/A | 127.0.0.1:54236 | tcp | |
| N/A | 127.0.0.1:54238 | tcp | |
| N/A | 127.0.0.1:54240 | tcp | |
| N/A | 127.0.0.1:54242 | tcp | |
| N/A | 127.0.0.1:54244 | tcp | |
| N/A | 127.0.0.1:54246 | tcp | |
| N/A | 127.0.0.1:54248 | tcp | |
| N/A | 127.0.0.1:54250 | tcp | |
| N/A | 127.0.0.1:54252 | tcp | |
| N/A | 127.0.0.1:54254 | tcp | |
| N/A | 127.0.0.1:54257 | tcp | |
| N/A | 127.0.0.1:54259 | tcp | |
| US | 8.8.8.8:53 | shopfixnepal.xyz | udp |
| US | 8.8.8.8:53 | localhost.local | udp |
| US | 8.8.8.8:53 | localhost.local | udp |
| US | 8.8.8.8:53 | semonir.com | udp |
| US | 165.160.15.20:80 | gmlearning.com | tcp |
| US | 8.8.8.8:53 | uemaedu.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | hotmawanadoo.fr | udp |
| US | 8.8.8.8:53 | putsbox.com | udp |
| US | 8.8.8.8:53 | hotmawanadoo.fr | udp |
| US | 8.8.8.8:53 | putsbox.com | udp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | localhost.local | udp |
| US | 8.8.8.8:53 | student.zone.college | udp |
| US | 8.8.8.8:53 | zsttp.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | zsttp.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | m-3services.com | udp |
| US | 8.8.8.8:53 | fourbends.com | udp |
| US | 8.8.8.8:53 | fourbends.com | udp |
| US | 8.8.8.8:53 | red-readpcap.com | udp |
| US | 8.8.8.8:53 | red-readpcap.com | udp |
| US | 8.8.8.8:53 | bitcock.io | udp |
| US | 8.8.8.8:53 | argux.com.co | udp |
| US | 8.8.8.8:53 | argux.com.co | udp |
| US | 8.8.8.8:53 | bigredcreative.com | udp |
| US | 8.8.8.8:53 | bitcock.io | udp |
| US | 8.8.8.8:53 | bigredcreative.com | udp |
| US | 8.8.8.8:53 | alunos.estacio.br | udp |
| US | 8.8.8.8:53 | alunos.estacio.br | udp |
| N/A | 127.0.0.1:54261 | tcp | |
| N/A | 127.0.0.1:54263 | tcp | |
| N/A | 127.0.0.1:54265 | tcp | |
| N/A | 127.0.0.1:54267 | tcp | |
| N/A | 127.0.0.1:54269 | tcp | |
| N/A | 127.0.0.1:54271 | tcp | |
| N/A | 127.0.0.1:54273 | tcp | |
| N/A | 127.0.0.1:54275 | tcp | |
| N/A | 127.0.0.1:54277 | tcp | |
| N/A | 127.0.0.1:54279 | tcp | |
| N/A | 127.0.0.1:54281 | tcp | |
| N/A | 127.0.0.1:54283 | tcp | |
| N/A | 127.0.0.1:54285 | tcp | |
| N/A | 127.0.0.1:54287 | tcp | |
| N/A | 127.0.0.1:54289 | tcp | |
| N/A | 127.0.0.1:54291 | tcp | |
| N/A | 127.0.0.1:54293 | tcp | |
| N/A | 127.0.0.1:54295 | tcp | |
| N/A | 127.0.0.1:54297 | tcp | |
| N/A | 127.0.0.1:54299 | tcp | |
| N/A | 127.0.0.1:54301 | tcp | |
| N/A | 127.0.0.1:54303 | tcp | |
| N/A | 127.0.0.1:54305 | tcp | |
| N/A | 127.0.0.1:54308 | tcp | |
| N/A | 127.0.0.1:54310 | tcp | |
| N/A | 127.0.0.1:54312 | tcp | |
| US | 8.8.8.8:53 | googcel.c.com | udp |
| US | 8.8.8.8:53 | gmail.cmtu.edu.vn | udp |
| US | 8.8.8.8:53 | episousse-com-tn.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | code.ail.com | udp |
| US | 8.8.8.8:53 | kdt-co-th.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | laplata.mo.us | udp |
| US | 8.8.8.8:53 | yaedu.br | udp |
| US | 8.8.8.8:53 | osfte.com | udp |
| US | 8.8.8.8:53 | samwellg.m | udp |
| US | 8.8.8.8:53 | mail.rumrivercontracting.com | udp |
| US | 8.8.8.8:53 | ontra.de | udp |
| US | 8.8.8.8:53 | ontra.de | udp |
| US | 8.8.8.8:53 | gmail.cac.on.ca | udp |
| US | 8.8.8.8:53 | mx2.hostinger.co | udp |
| US | 8.8.8.8:53 | meidir.com | udp |
| US | 8.8.8.8:53 | mail.mailerhost.net | udp |
| US | 8.8.8.8:53 | showbaz.com | udp |
| US | 8.8.8.8:53 | ftp.go-makkah.com | udp |
| US | 8.8.8.8:53 | evodok.com | udp |
| US | 8.8.8.8:53 | alt4.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | outlgmail.com | udp |
| N/A | 127.0.0.1:54314 | tcp | |
| US | 8.8.8.8:53 | gmail.cco.uk | udp |
| US | 8.8.8.8:53 | pgw.kazamax.xyz | udp |
| US | 8.8.8.8:53 | d156151a.ess.barracudanetworks.com | udp |
| US | 8.8.8.8:53 | fnestles.fr | udp |
| US | 8.8.8.8:53 | mx2.titan.email | udp |
| US | 8.8.8.8:53 | kafrelsheikh2.moe.edu.eg | udp |
| US | 8.8.8.8:53 | creepy-corp.eu | udp |
| US | 8.8.8.8:53 | in.arubabusiness.it | udp |
| US | 165.160.15.20:80 | gmlearning.com | tcp |
| N/A | 127.0.0.1:54316 | tcp | |
| N/A | 127.0.0.1:54318 | tcp | |
| N/A | 127.0.0.1:54320 | tcp | |
| N/A | 127.0.0.1:54322 | tcp | |
| US | 172.67.217.85:80 | gravesendgrammar.com | tcp |
| FR | 213.186.33.18:80 | episousse.com.tn | tcp |
| TH | 203.151.233.116:80 | kdt.co.th | tcp |
| US | 34.70.183.20:80 | rumrivercontracting.com | tcp |
| US | 45.33.18.44:80 | ethinking.com | tcp |
| LT | 84.32.84.32:80 | serpremiumx.com | tcp |
| JP | 163.44.242.13:80 | aaisi.com.ph | tcp |
| US | 54.209.32.212:80 | osfte.com | tcp |
| LT | 84.32.84.32:80 | serpremiumx.com | tcp |
| IN | 103.133.215.103:80 | isiconline.org | tcp |
| N/A | 127.0.0.1:54324 | tcp | |
| N/A | 127.0.0.1:54326 | tcp | |
| N/A | 127.0.0.1:54328 | tcp | |
| N/A | 127.0.0.1:54330 | tcp | |
| N/A | 127.0.0.1:54332 | tcp | |
| N/A | 127.0.0.1:54334 | tcp | |
| N/A | 127.0.0.1:54336 | tcp | |
| N/A | 127.0.0.1:54338 | tcp | |
| N/A | 127.0.0.1:54340 | tcp | |
| N/A | 127.0.0.1:54342 | tcp | |
| US | 8.8.8.8:53 | creepy-corp.eu | udp |
| N/A | 127.0.0.1:54344 | tcp | |
| N/A | 127.0.0.1:54346 | tcp | |
| N/A | 127.0.0.1:54348 | tcp | |
| N/A | 127.0.0.1:54350 | tcp | |
| N/A | 127.0.0.1:54352 | tcp | |
| N/A | 127.0.0.1:54354 | tcp | |
| N/A | 127.0.0.1:54356 | tcp | |
| N/A | 127.0.0.1:54358 | tcp | |
| N/A | 127.0.0.1:54360 | tcp | |
| N/A | 127.0.0.1:54362 | tcp | |
| N/A | 127.0.0.1:54364 | tcp | |
| N/A | 127.0.0.1:54366 | tcp | |
| N/A | 127.0.0.1:54368 | tcp | |
| N/A | 127.0.0.1:54370 | tcp | |
| N/A | 127.0.0.1:54373 | tcp | |
| N/A | 127.0.0.1:54376 | tcp | |
| US | 198.185.159.144:80 | creatingencores.co | tcp |
| US | 45.33.18.44:80 | ethinking.com | tcp |
| US | 8.8.8.8:53 | mail.code-planet.eu | udp |
| JP | 163.44.242.13:80 | aaisi.com.ph | tcp |
| TH | 203.151.233.116:80 | kdt.co.th | tcp |
| US | 8.8.8.8:53 | twebpages.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | allmx.xpress.com.mx | udp |
| US | 8.8.8.8:53 | outlgmail.com | udp |
| N/A | 127.0.0.1:54380 | tcp | |
| N/A | 127.0.0.1:54385 | tcp | |
| N/A | 127.0.0.1:54388 | tcp | |
| N/A | 127.0.0.1:54393 | tcp | |
| N/A | 127.0.0.1:34556 | tcp | |
| N/A | 127.0.0.1:54423 | tcp | |
| N/A | 127.0.0.1:54425 | tcp | |
| N/A | 127.0.0.1:54427 | tcp | |
| N/A | 127.0.0.1:54429 | tcp | |
| N/A | 127.0.0.1:54431 | tcp | |
| N/A | 127.0.0.1:54433 | tcp | |
| N/A | 127.0.0.1:54450 | tcp | |
| N/A | 127.0.0.1:54454 | tcp | |
| N/A | 127.0.0.1:54481 | tcp | |
| N/A | 127.0.0.1:54486 | tcp | |
| N/A | 127.0.0.1:54522 | tcp | |
| N/A | 127.0.0.1:54526 | tcp | |
| N/A | 127.0.0.1:54529 | tcp | |
| N/A | 127.0.0.1:54531 | tcp | |
| US | 8.8.8.8:53 | ecoglobalmfg-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gmaiutlook.com | udp |
| US | 8.8.8.8:53 | ftp.kafrelsheikh2.moe.edu.eg | udp |
| US | 8.8.8.8:53 | sharma.com.np | udp |
| US | 8.8.8.8:53 | audi-ge.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ftp.yahootlook.com.ar | udp |
| US | 8.8.8.8:53 | siol.netr | udp |
| US | 8.8.8.8:53 | riantengineers.com | udp |
| US | 8.8.8.8:53 | gmail.cco.uk | udp |
| N/A | 127.0.0.1:54544 | tcp | |
| N/A | 127.0.0.1:54548 | tcp | |
| N/A | 127.0.0.1:54552 | tcp | |
| N/A | 127.0.0.1:54557 | tcp | |
| N/A | 127.0.0.1:54560 | tcp | |
| N/A | 127.0.0.1:54564 | tcp | |
| N/A | 127.0.0.1:54576 | tcp | |
| N/A | 127.0.0.1:54578 | tcp | |
| N/A | 127.0.0.1:54583 | tcp | |
| N/A | 127.0.0.1:54591 | tcp | |
| N/A | 127.0.0.1:54594 | tcp | |
| N/A | 127.0.0.1:54599 | tcp | |
| N/A | 127.0.0.1:54603 | tcp | |
| N/A | 127.0.0.1:54605 | tcp | |
| N/A | 127.0.0.1:54609 | tcp | |
| N/A | 127.0.0.1:54611 | tcp | |
| N/A | 127.0.0.1:54615 | tcp | |
| N/A | 127.0.0.1:54619 | tcp | |
| N/A | 127.0.0.1:54627 | tcp | |
| US | 8.8.8.8:53 | qmailers.com | udp |
| US | 8.8.8.8:53 | assiut1.moe.edu.eg | udp |
| US | 8.8.8.8:53 | ftp.metastransformed.net | udp |
| US | 8.8.8.8:53 | trantortechnologies-mx.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | assiut1-moe-edu-eg.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | momentfotografi.dk | udp |
| US | 8.8.8.8:53 | shopfixnepal.xyz | udp |
| N/A | 127.0.0.1:54631 | tcp | |
| N/A | 127.0.0.1:54636 | tcp | |
| N/A | 127.0.0.1:54640 | tcp | |
| N/A | 127.0.0.1:54645 | tcp | |
| N/A | 127.0.0.1:54648 | tcp | |
| N/A | 127.0.0.1:54650 | tcp | |
| N/A | 127.0.0.1:54654 | tcp | |
| N/A | 127.0.0.1:54663 | tcp | |
| N/A | 127.0.0.1:54666 | tcp | |
| N/A | 127.0.0.1:54671 | tcp | |
| N/A | 127.0.0.1:54674 | tcp | |
| N/A | 127.0.0.1:54676 | tcp | |
| N/A | 127.0.0.1:54683 | tcp | |
| N/A | 127.0.0.1:54688 | tcp | |
| N/A | 127.0.0.1:54691 | tcp | |
| N/A | 127.0.0.1:54699 | tcp | |
| N/A | 127.0.0.1:54703 | tcp | |
| N/A | 127.0.0.1:54705 | tcp | |
| N/A | 127.0.0.1:54709 | tcp | |
| N/A | 127.0.0.1:54713 | tcp | |
| N/A | 127.0.0.1:54717 | tcp | |
| N/A | 127.0.0.1:54720 | tcp | |
| N/A | 127.0.0.1:54725 | tcp | |
| N/A | 127.0.0.1:54733 | tcp | |
| N/A | 127.0.0.1:54737 | tcp | |
| N/A | 127.0.0.1:54740 | tcp | |
| N/A | 127.0.0.1:54742 | tcp | |
| N/A | 127.0.0.1:54745 | tcp | |
| N/A | 127.0.0.1:54747 | tcp | |
| N/A | 127.0.0.1:54749 | tcp | |
| N/A | 127.0.0.1:54753 | tcp | |
| N/A | 127.0.0.1:54765 | tcp | |
| N/A | 127.0.0.1:54768 | tcp | |
| N/A | 127.0.0.1:54772 | tcp | |
| N/A | 127.0.0.1:54778 | tcp | |
| N/A | 127.0.0.1:54782 | tcp | |
| N/A | 127.0.0.1:54785 | tcp | |
| N/A | 127.0.0.1:54791 | tcp | |
| N/A | 127.0.0.1:54794 | tcp | |
| N/A | 127.0.0.1:54797 | tcp | |
| N/A | 127.0.0.1:54800 | tcp | |
| N/A | 127.0.0.1:54803 | tcp | |
| N/A | 127.0.0.1:54805 | tcp | |
| N/A | 127.0.0.1:54808 | tcp | |
| N/A | 127.0.0.1:54817 | tcp | |
| N/A | 127.0.0.1:54822 | tcp | |
| N/A | 127.0.0.1:54825 | tcp | |
| N/A | 127.0.0.1:54828 | tcp | |
| N/A | 127.0.0.1:54833 | tcp | |
| N/A | 127.0.0.1:54840 | tcp | |
| N/A | 127.0.0.1:54844 | tcp | |
| N/A | 127.0.0.1:54846 | tcp | |
| N/A | 127.0.0.1:54849 | tcp | |
| N/A | 127.0.0.1:54855 | tcp | |
| N/A | 127.0.0.1:54857 | tcp | |
| US | 8.8.8.8:53 | student.zone.college | udp |
| US | 8.8.8.8:53 | gmail.cac.on.ca | udp |
| US | 8.8.8.8:53 | gmail.cmtu.edu.vn | udp |
| US | 8.8.8.8:53 | uemaedu.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | laplata.mo.us | udp |
| US | 8.8.8.8:53 | samwellg.m | udp |
| US | 8.8.8.8:53 | code.ail.com | udp |
| N/A | 127.0.0.1:54863 | tcp | |
| N/A | 127.0.0.1:54865 | tcp | |
| N/A | 127.0.0.1:54868 | tcp | |
| N/A | 127.0.0.1:54877 | tcp | |
| N/A | 127.0.0.1:54882 | tcp | |
| N/A | 127.0.0.1:54884 | tcp | |
| N/A | 127.0.0.1:54887 | tcp | |
| N/A | 127.0.0.1:54893 | tcp | |
| N/A | 127.0.0.1:54899 | tcp | |
| N/A | 127.0.0.1:54901 | tcp | |
| N/A | 127.0.0.1:54905 | tcp | |
| N/A | 127.0.0.1:54908 | tcp | |
| N/A | 127.0.0.1:54912 | tcp | |
| N/A | 127.0.0.1:54916 | tcp | |
| N/A | 127.0.0.1:54918 | tcp | |
| N/A | 127.0.0.1:54928 | tcp | |
| N/A | 127.0.0.1:54933 | tcp | |
| N/A | 127.0.0.1:54937 | tcp | |
| N/A | 127.0.0.1:54939 | tcp | |
| N/A | 127.0.0.1:54943 | tcp | |
| N/A | 127.0.0.1:54945 | tcp | |
| N/A | 127.0.0.1:54948 | tcp | |
| N/A | 127.0.0.1:54956 | tcp | |
| N/A | 127.0.0.1:54961 | tcp | |
| N/A | 127.0.0.1:54965 | tcp | |
| N/A | 127.0.0.1:54970 | tcp | |
| N/A | 127.0.0.1:54973 | tcp | |
| N/A | 127.0.0.1:54975 | tcp | |
| N/A | 127.0.0.1:54985 | tcp | |
| N/A | 127.0.0.1:54988 | tcp | |
| N/A | 127.0.0.1:54992 | tcp | |
| N/A | 127.0.0.1:54995 | tcp | |
| N/A | 127.0.0.1:55000 | tcp | |
| N/A | 127.0.0.1:55002 | tcp | |
| N/A | 127.0.0.1:55006 | tcp | |
| US | 8.8.8.8:53 | semonir.com | udp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| N/A | 127.0.0.1:55197 | tcp | |
| N/A | 127.0.0.1:55208 | tcp | |
| N/A | 127.0.0.1:55212 | tcp | |
| N/A | 127.0.0.1:55214 | tcp | |
| N/A | 127.0.0.1:55216 | tcp | |
| N/A | 127.0.0.1:55218 | tcp | |
| N/A | 127.0.0.1:55220 | tcp | |
| N/A | 127.0.0.1:55222 | tcp | |
| N/A | 127.0.0.1:55224 | tcp | |
| N/A | 127.0.0.1:55226 | tcp | |
| N/A | 127.0.0.1:55229 | tcp | |
| N/A | 127.0.0.1:55231 | tcp | |
| N/A | 127.0.0.1:55233 | tcp | |
| N/A | 127.0.0.1:55235 | tcp | |
| N/A | 127.0.0.1:55237 | tcp | |
| N/A | 127.0.0.1:55239 | tcp | |
| N/A | 127.0.0.1:55241 | tcp | |
| N/A | 127.0.0.1:55243 | tcp | |
| N/A | 127.0.0.1:55245 | tcp | |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55249 | tcp | |
| N/A | 127.0.0.1:55251 | tcp | |
| N/A | 127.0.0.1:55253 | tcp | |
| N/A | 127.0.0.1:55255 | tcp | |
| N/A | 127.0.0.1:55257 | tcp | |
| N/A | 127.0.0.1:55259 | tcp | |
| N/A | 127.0.0.1:55261 | tcp | |
| N/A | 127.0.0.1:55263 | tcp | |
| N/A | 127.0.0.1:55265 | tcp | |
| N/A | 127.0.0.1:55267 | tcp | |
| N/A | 127.0.0.1:55269 | tcp | |
| N/A | 127.0.0.1:55271 | tcp | |
| N/A | 127.0.0.1:55273 | tcp | |
| N/A | 127.0.0.1:55275 | tcp | |
| N/A | 127.0.0.1:55277 | tcp | |
| N/A | 127.0.0.1:55279 | tcp | |
| N/A | 127.0.0.1:55281 | tcp | |
| N/A | 127.0.0.1:55283 | tcp | |
| N/A | 127.0.0.1:55285 | tcp | |
| N/A | 127.0.0.1:55287 | tcp | |
| N/A | 127.0.0.1:55289 | tcp | |
| N/A | 127.0.0.1:55291 | tcp | |
| N/A | 127.0.0.1:55293 | tcp | |
| N/A | 127.0.0.1:55295 | tcp | |
| N/A | 127.0.0.1:55297 | tcp | |
| N/A | 127.0.0.1:55299 | tcp | |
| N/A | 127.0.0.1:55301 | tcp | |
| N/A | 127.0.0.1:55303 | tcp | |
| N/A | 127.0.0.1:55305 | tcp | |
| N/A | 127.0.0.1:55307 | tcp | |
| N/A | 127.0.0.1:55309 | tcp | |
| N/A | 127.0.0.1:55311 | tcp | |
| N/A | 127.0.0.1:55313 | tcp | |
| N/A | 127.0.0.1:55315 | tcp | |
| N/A | 127.0.0.1:55317 | tcp | |
| N/A | 127.0.0.1:55319 | tcp | |
| N/A | 127.0.0.1:55321 | tcp | |
| N/A | 127.0.0.1:55323 | tcp | |
| N/A | 127.0.0.1:55325 | tcp | |
| N/A | 127.0.0.1:55327 | tcp | |
| N/A | 127.0.0.1:55329 | tcp | |
| N/A | 127.0.0.1:55331 | tcp | |
| N/A | 127.0.0.1:55333 | tcp | |
| N/A | 127.0.0.1:55335 | tcp | |
| N/A | 127.0.0.1:55337 | tcp | |
| N/A | 127.0.0.1:55340 | tcp | |
| N/A | 127.0.0.1:55342 | tcp | |
| N/A | 127.0.0.1:55345 | tcp | |
| N/A | 127.0.0.1:55347 | tcp | |
| N/A | 127.0.0.1:55351 | tcp | |
| N/A | 127.0.0.1:55354 | tcp | |
| N/A | 127.0.0.1:55356 | tcp | |
| N/A | 127.0.0.1:55358 | tcp | |
| N/A | 127.0.0.1:55361 | tcp | |
| N/A | 127.0.0.1:55363 | tcp | |
| N/A | 127.0.0.1:55366 | tcp | |
| N/A | 127.0.0.1:55369 | tcp | |
| N/A | 127.0.0.1:55371 | tcp | |
| N/A | 127.0.0.1:55373 | tcp | |
| N/A | 127.0.0.1:55375 | tcp | |
| N/A | 127.0.0.1:55377 | tcp | |
| N/A | 127.0.0.1:55379 | tcp | |
| N/A | 127.0.0.1:55381 | tcp | |
| N/A | 127.0.0.1:55383 | tcp | |
| N/A | 127.0.0.1:55385 | tcp | |
| N/A | 127.0.0.1:55387 | tcp | |
| N/A | 127.0.0.1:55389 | tcp | |
| N/A | 127.0.0.1:55391 | tcp | |
| N/A | 127.0.0.1:55393 | tcp | |
| US | 8.8.8.8:53 | ssh.maginagroup.com | udp |
| US | 8.8.8.8:53 | ftp.dolmahotels.com | udp |
| US | 8.8.8.8:53 | ftp.theshanghairaceclub.com | udp |
| US | 8.8.8.8:53 | ftp.tripasysfo.com | udp |
| N/A | 127.0.0.1:55395 | tcp | |
| N/A | 127.0.0.1:55397 | tcp | |
| N/A | 127.0.0.1:55399 | tcp | |
| N/A | 127.0.0.1:55401 | tcp | |
| N/A | 127.0.0.1:55403 | tcp | |
| N/A | 127.0.0.1:55406 | tcp | |
| N/A | 127.0.0.1:55408 | tcp | |
| N/A | 127.0.0.1:55410 | tcp | |
| N/A | 127.0.0.1:55412 | tcp | |
| N/A | 127.0.0.1:55414 | tcp | |
| N/A | 127.0.0.1:55416 | tcp | |
| N/A | 127.0.0.1:55418 | tcp | |
| N/A | 127.0.0.1:55421 | tcp | |
| N/A | 127.0.0.1:55423 | tcp | |
| N/A | 127.0.0.1:55425 | tcp | |
| N/A | 127.0.0.1:55427 | tcp | |
| N/A | 127.0.0.1:55429 | tcp | |
| N/A | 127.0.0.1:55431 | tcp | |
| N/A | 127.0.0.1:55433 | tcp | |
| N/A | 127.0.0.1:55435 | tcp | |
| N/A | 127.0.0.1:55437 | tcp | |
| N/A | 127.0.0.1:55439 | tcp | |
| N/A | 127.0.0.1:55441 | tcp | |
| N/A | 127.0.0.1:55443 | tcp | |
| N/A | 127.0.0.1:55445 | tcp | |
| N/A | 127.0.0.1:55447 | tcp | |
| N/A | 127.0.0.1:55449 | tcp | |
| N/A | 127.0.0.1:55451 | tcp | |
| N/A | 127.0.0.1:55453 | tcp | |
| N/A | 127.0.0.1:55455 | tcp | |
| N/A | 127.0.0.1:55457 | tcp | |
| N/A | 127.0.0.1:55459 | tcp | |
| N/A | 127.0.0.1:55461 | tcp | |
| N/A | 127.0.0.1:55463 | tcp | |
| N/A | 127.0.0.1:55465 | tcp | |
| N/A | 127.0.0.1:55467 | tcp | |
| N/A | 127.0.0.1:55469 | tcp | |
| N/A | 127.0.0.1:55471 | tcp | |
| N/A | 127.0.0.1:55473 | tcp | |
| N/A | 127.0.0.1:55475 | tcp | |
| N/A | 127.0.0.1:55477 | tcp | |
| N/A | 127.0.0.1:55479 | tcp | |
| N/A | 127.0.0.1:55481 | tcp | |
| N/A | 127.0.0.1:55483 | tcp | |
| N/A | 127.0.0.1:55485 | tcp | |
| N/A | 127.0.0.1:55487 | tcp | |
| N/A | 127.0.0.1:55489 | tcp | |
| N/A | 127.0.0.1:55491 | tcp | |
| N/A | 127.0.0.1:55493 | tcp | |
| N/A | 127.0.0.1:55495 | tcp | |
| N/A | 127.0.0.1:55497 | tcp | |
| N/A | 127.0.0.1:55499 | tcp | |
| N/A | 127.0.0.1:55501 | tcp | |
| N/A | 127.0.0.1:55503 | tcp | |
| N/A | 127.0.0.1:55505 | tcp | |
| N/A | 127.0.0.1:55507 | tcp | |
| N/A | 127.0.0.1:55509 | tcp | |
| N/A | 127.0.0.1:55511 | tcp | |
| N/A | 127.0.0.1:55513 | tcp | |
| N/A | 127.0.0.1:55515 | tcp | |
| N/A | 127.0.0.1:55517 | tcp | |
| N/A | 127.0.0.1:55519 | tcp | |
| N/A | 127.0.0.1:55521 | tcp | |
| N/A | 127.0.0.1:55523 | tcp | |
| N/A | 127.0.0.1:55525 | tcp | |
| N/A | 127.0.0.1:55527 | tcp | |
| N/A | 127.0.0.1:55529 | tcp | |
| N/A | 127.0.0.1:55531 | tcp | |
| N/A | 127.0.0.1:55533 | tcp | |
| N/A | 127.0.0.1:55535 | tcp | |
| N/A | 127.0.0.1:55537 | tcp | |
| N/A | 127.0.0.1:55539 | tcp | |
| N/A | 127.0.0.1:55541 | tcp | |
| N/A | 127.0.0.1:55543 | tcp | |
| N/A | 127.0.0.1:55545 | tcp | |
| N/A | 127.0.0.1:55547 | tcp | |
| N/A | 127.0.0.1:55549 | tcp | |
| N/A | 127.0.0.1:55551 | tcp | |
| N/A | 127.0.0.1:34556 | tcp | |
| N/A | 127.0.0.1:55554 | tcp | |
| N/A | 127.0.0.1:55556 | tcp | |
| N/A | 127.0.0.1:55558 | tcp | |
| N/A | 127.0.0.1:55560 | tcp | |
| N/A | 127.0.0.1:55562 | tcp | |
| N/A | 127.0.0.1:55564 | tcp | |
| N/A | 127.0.0.1:55566 | tcp | |
| N/A | 127.0.0.1:55568 | tcp | |
| N/A | 127.0.0.1:55570 | tcp | |
| N/A | 127.0.0.1:55572 | tcp | |
| N/A | 127.0.0.1:55574 | tcp | |
| N/A | 127.0.0.1:55576 | tcp | |
| N/A | 127.0.0.1:55585 | tcp | |
| N/A | 127.0.0.1:55587 | tcp | |
| N/A | 127.0.0.1:55589 | tcp | |
| N/A | 127.0.0.1:55592 | tcp | |
| N/A | 127.0.0.1:55597 | tcp | |
| N/A | 127.0.0.1:55599 | tcp | |
| N/A | 127.0.0.1:55601 | tcp | |
| N/A | 127.0.0.1:55603 | tcp | |
| N/A | 127.0.0.1:55605 | tcp | |
| US | 8.8.8.8:53 | ftp.samwellg.m | udp |
| US | 8.8.8.8:53 | qmailers.com | udp |
| US | 8.8.8.8:53 | ba-clf-uk.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | kafrelsheikh2-moe-edu-eg.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | kafrelsheikh2.moe.edu.eg | udp |
| US | 8.8.8.8:53 | mail.metastransformed.net | udp |
| US | 8.8.8.8:53 | ftp.code.ail.com | udp |
| US | 8.8.8.8:53 | ba.clf.uk | udp |
| US | 8.8.8.8:53 | uemaedu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | code.ail.com | udp |
| US | 8.8.8.8:53 | ftp.riantengineers.com | udp |
| US | 8.8.8.8:53 | ftp.laplata.mo.us | udp |
| US | 8.8.8.8:53 | laplata.mo.us | udp |
| US | 8.8.8.8:53 | daj.coe.fr | udp |
| US | 8.8.8.8:53 | ssh.ba.clf.uk | udp |
| US | 8.8.8.8:53 | gmail.cmtu.edu.vn | udp |
| US | 8.8.8.8:53 | ftp.gmail.cmtu.edu.vn | udp |
| US | 8.8.8.8:53 | siol.netr | udp |
| US | 8.8.8.8:53 | fnestles.fr | udp |
| US | 8.8.8.8:53 | ssh.siol.netr | udp |
| US | 8.8.8.8:53 | metastransformed.net | udp |
| US | 8.8.8.8:53 | ftp.mosipov.fr | udp |
| US | 8.8.8.8:53 | mail.mosipov.fr | udp |
| US | 8.8.8.8:53 | mosipov.fr | udp |
| US | 8.8.8.8:53 | ssh.mosipov.fr | udp |
| US | 8.8.8.8:53 | ftp.fnestles.fr | udp |
| US | 8.8.8.8:53 | ssh.metastransformed.net | udp |
| N/A | 127.0.0.1:55623 | tcp | |
| N/A | 127.0.0.1:55694 | tcp | |
| N/A | 127.0.0.1:55705 | tcp | |
| N/A | 127.0.0.1:55722 | tcp | |
| N/A | 127.0.0.1:55728 | tcp | |
| N/A | 127.0.0.1:55805 | tcp | |
| N/A | 127.0.0.1:55808 | tcp | |
| N/A | 127.0.0.1:55810 | tcp | |
| N/A | 127.0.0.1:55812 | tcp | |
| N/A | 127.0.0.1:55814 | tcp | |
| N/A | 127.0.0.1:55817 | tcp | |
| N/A | 127.0.0.1:55843 | tcp | |
| N/A | 127.0.0.1:55854 | tcp | |
| N/A | 127.0.0.1:55856 | tcp | |
| N/A | 127.0.0.1:55858 | tcp | |
| N/A | 127.0.0.1:55860 | tcp | |
| N/A | 127.0.0.1:55862 | tcp | |
| N/A | 127.0.0.1:55864 | tcp | |
| N/A | 127.0.0.1:55866 | tcp | |
| N/A | 127.0.0.1:55868 | tcp | |
| US | 8.8.8.8:53 | meidir.com | udp |
| US | 8.8.8.8:53 | ftp.siol.netr | udp |
| US | 8.8.8.8:53 | shopfixnepal.xyz | udp |
| US | 8.8.8.8:53 | mail.siol.netr | udp |
| US | 8.8.8.8:53 | ssh.kafrelsheikh2.moe.edu.eg | udp |
| US | 8.8.8.8:53 | mail.shopfixnepal.xyz | udp |
| US | 8.8.8.8:53 | nordestcred.com | udp |
| US | 8.8.8.8:53 | efundasa.c | udp |
| US | 8.8.8.8:53 | googcel.c.com | udp |
| US | 8.8.8.8:53 | sharma.com.np | udp |
| US | 8.8.8.8:53 | mx2.hostinger.co | udp |
| US | 8.8.8.8:53 | outlgmail.com | udp |
| US | 8.8.8.8:53 | showbaz.com | udp |
| US | 8.8.8.8:53 | creepy-corp.eu | udp |
| US | 8.8.8.8:53 | twebpages.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | ecoglobalmfg-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gmaiutlook.com | udp |
| US | 8.8.8.8:53 | evodok.com | udp |
| US | 8.8.8.8:53 | gmail.cac.on.ca | udp |
| US | 8.8.8.8:53 | gmail.cco.uk | udp |
| US | 8.8.8.8:53 | libt.com.br | udp |
| US | 8.8.8.8:53 | sfw52.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | audi-ge.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ssh.gcations.com | udp |
| US | 8.8.8.8:53 | gcations.com | udp |
| US | 8.8.8.8:53 | sfw52.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | www.daryl.fr | udp |
| US | 8.8.8.8:53 | www.daryl.fr | udp |
| US | 8.8.8.8:53 | statefarm.ook.com | udp |
| US | 8.8.8.8:53 | statefarm.ook.com | udp |
| US | 8.8.8.8:53 | mail.gcations.com | udp |
| US | 8.8.8.8:53 | hudsontaxes.com | udp |
| US | 8.8.8.8:53 | hudsontaxes.com | udp |
| US | 8.8.8.8:53 | pesuonline.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | pesuonline.onmicrosoft.com | udp |
| US | 8.8.8.8:53 | gmail.telefonica.net | udp |
| US | 8.8.8.8:53 | digdig.org | udp |
| US | 8.8.8.8:53 | ftp.gcations.com | udp |
| US | 8.8.8.8:53 | digdig.org | udp |
| US | 8.8.8.8:53 | sis.hust.edu.vn | udp |
| US | 8.8.8.8:53 | sis.hust.edu.vn | udp |
| US | 8.8.8.8:53 | momentfotografi.dk | udp |
| US | 8.8.8.8:53 | thecreditcookie.com | udp |
| US | 8.8.8.8:53 | stockdalesolar.com | udp |
| US | 8.8.8.8:53 | thecreditcookie.com | udp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | ordicom.de | udp |
| US | 8.8.8.8:53 | ordicom.de | udp |
| US | 8.8.8.8:53 | agentesuniversitarios.com | udp |
| US | 8.8.8.8:53 | agentesuniversitarios.com | udp |
| US | 8.8.8.8:53 | bufetecorporativosps.com | udp |
| US | 8.8.8.8:53 | bufetecorporativosps.com | udp |
| US | 8.8.8.8:53 | vortexcompanies.com | udp |
| US | 8.8.8.8:53 | difcoinc-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | vortexcompanies.com | udp |
| US | 8.8.8.8:53 | lucsul.com.br | udp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| US | 8.8.8.8:53 | lucsul.com.br | udp |
| US | 8.8.8.8:53 | estudiodgb.com.ar | udp |
| US | 8.8.8.8:53 | bigpoint.acc | udp |
| N/A | 127.0.0.1:55888 | tcp | |
| N/A | 127.0.0.1:55891 | tcp | |
| N/A | 127.0.0.1:55894 | tcp | |
| N/A | 127.0.0.1:55902 | tcp | |
| N/A | 127.0.0.1:55904 | tcp | |
| N/A | 127.0.0.1:55906 | tcp | |
| N/A | 127.0.0.1:55908 | tcp | |
| N/A | 127.0.0.1:55910 | tcp | |
| N/A | 127.0.0.1:55912 | tcp | |
| N/A | 127.0.0.1:55914 | tcp | |
| N/A | 127.0.0.1:55916 | tcp | |
| N/A | 127.0.0.1:55918 | tcp | |
| N/A | 127.0.0.1:55920 | tcp | |
| N/A | 127.0.0.1:55922 | tcp | |
| N/A | 127.0.0.1:55924 | tcp | |
| N/A | 127.0.0.1:55927 | tcp |
Files
memory/2052-1-0x0000000002640000-0x0000000002740000-memory.dmp
memory/2052-2-0x0000000002620000-0x000000000262B000-memory.dmp
memory/2052-3-0x0000000000400000-0x00000000022D1000-memory.dmp
memory/3336-4-0x0000000001290000-0x00000000012A6000-memory.dmp
memory/2052-5-0x0000000000400000-0x00000000022D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C767.exe
| MD5 | 398ab69b1cdc624298fbc00526ea8aca |
| SHA1 | b2c76463ae08bb3a08accfcbf609ec4c2a9c0821 |
| SHA256 | ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be |
| SHA512 | 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739 |
memory/316-16-0x0000000000400000-0x0000000000848000-memory.dmp
memory/316-20-0x0000000000400000-0x0000000000848000-memory.dmp
memory/520-21-0x0000000003A70000-0x0000000003C27000-memory.dmp
memory/316-22-0x0000000000400000-0x0000000000848000-memory.dmp
memory/316-23-0x0000000000400000-0x0000000000848000-memory.dmp
memory/520-19-0x00000000038B0000-0x0000000003A6B000-memory.dmp
memory/316-18-0x0000000000400000-0x0000000000848000-memory.dmp
memory/316-24-0x0000000000400000-0x0000000000848000-memory.dmp
memory/316-26-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CCA7.dll
| MD5 | 9b1697d40dfd386fdd7e9327844f301a |
| SHA1 | e75defb119e2c7b7d3f75ab70a100ec504af5ebf |
| SHA256 | 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d |
| SHA512 | 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69 |
memory/316-29-0x0000000010000000-0x0000000010202000-memory.dmp
memory/5028-34-0x00000000023F0000-0x00000000023F6000-memory.dmp
memory/316-30-0x00000000008E0000-0x00000000008E6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\D989.exe
| MD5 | 3850a693bb8b00eff393321a3400301b |
| SHA1 | 38c4e266e1c55ef3820e225e774bbc5d282cc577 |
| SHA256 | 125b36965aacf7a669893d212e8f3846301beb75522e88aec987101750227e6b |
| SHA512 | 67d480ca004d981486c838852d3873df229e1072f7f2ef13c92b58eae216e01f5173653f0d5ed3c183b10c69cd2afeabcf8c2968c8678fcf20e134355354d5e3 |
C:\Users\Admin\AppData\Local\Temp\D989.exe
| MD5 | 422efd9ff9778c9680f637aa2863147a |
| SHA1 | 2b66d1241b8736a4afa744b9dcd12b4f168d277d |
| SHA256 | 210fe9bfce6d2d036add4c17468625ebf6b460fd03619f31cec40b740b368a9b |
| SHA512 | 3dc0c31ae885ecb6fce936fa6fbc608d05c86abaa4f0a992ebb294c7aefe9c537c2f9bb62a81a2bf72f08854e2430166efdaf01e05e9d259c5e09e76ff55b6d4 |
memory/3332-41-0x0000000000360000-0x0000000000C51000-memory.dmp
memory/3332-40-0x0000000001250000-0x0000000001251000-memory.dmp
memory/3332-43-0x0000000000360000-0x0000000000C51000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DE4D.exe
| MD5 | a1b5ee1b9649ab629a7ac257e2392f8d |
| SHA1 | dc1b14b6d57589440fb3021c9e06a3e3191968dc |
| SHA256 | 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65 |
| SHA512 | 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b |
memory/3332-45-0x0000000000360000-0x0000000000C51000-memory.dmp
memory/3332-52-0x0000000001260000-0x00000000012A0000-memory.dmp
memory/3332-55-0x0000000001260000-0x00000000012A0000-memory.dmp
memory/3332-53-0x0000000001260000-0x00000000012A0000-memory.dmp
memory/3332-48-0x0000000001260000-0x00000000012A0000-memory.dmp
memory/4948-54-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/3332-56-0x0000000001260000-0x00000000012A0000-memory.dmp
memory/4948-57-0x0000000001BD0000-0x0000000001C3B000-memory.dmp
memory/4948-58-0x0000000001C60000-0x0000000001D60000-memory.dmp
memory/5028-59-0x0000000004440000-0x0000000004568000-memory.dmp
memory/316-60-0x0000000002D50000-0x0000000002E78000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\F021.exe
| MD5 | 8a816367276d1e4972997ab374568734 |
| SHA1 | 19597dd4a96dea33de9dcf12caf90f8348be94c1 |
| SHA256 | cd6330fc4d36f907f30c1b77ad837b565fa3b14356bdf540c6fd5c9903f0b9d0 |
| SHA512 | da54c2ccbe2836cf7730d7c55c28af86be773ce04b0c9ae83bb42a190863e5ef1677f8f9f1c751c6eff21ce756352b60b1c9fe1fabb6baf1f386267d5deb61df |
memory/5028-65-0x0000000004570000-0x000000000467D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\F021.exe
| MD5 | af086af62c26a2a7cbb013b44da78169 |
| SHA1 | af49aedc1c46f569c7909945cd266234b5ade26c |
| SHA256 | 327bcb3ec165991c80ebe2ca8668a9c3223ca7abfc0d011c8652dc5e58c92d1d |
| SHA512 | 8abc900abf8e4c98fdcb37bf87d983a1160a251ad99dbadbcf8399243f36fdee53620ee1c3a2966ecf54ec4b6bd985832480c03de99ab29ca14ed08791131ac6 |
memory/316-69-0x0000000010000000-0x0000000010202000-memory.dmp
memory/3500-68-0x0000000000F60000-0x00000000013EC000-memory.dmp
memory/5028-72-0x0000000004570000-0x000000000467D000-memory.dmp
memory/316-73-0x0000000002E80000-0x0000000002F8D000-memory.dmp
memory/3500-74-0x00000000733C0000-0x0000000073AAE000-memory.dmp
memory/316-77-0x0000000002E80000-0x0000000002F8D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
| MD5 | 0564a9bf638169a89ccb3820a6b9a58e |
| SHA1 | 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb |
| SHA256 | 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058 |
| SHA512 | 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6 |
memory/5092-92-0x00000000035A0000-0x0000000003607000-memory.dmp
memory/5092-87-0x0000000001C00000-0x0000000001D00000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | e00f2014541006c46bd69677d27eee52 |
| SHA1 | 3f494dff72105b0c816250437c5051728a8694c3 |
| SHA256 | 0f083588893441a0fbfa9f548bec90c6b76b5103bdee80602c6cb45b10bdc1e1 |
| SHA512 | 3755b57e127e58f6156b24975e321613b8f80c776974b04c7c9c7c1a367a474a6fe8668d0ff902a352c6f6c2d9d3930e8f280963f2cea340fce4046053edd8fb |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | d435a1d6c92b350c824ace24f94d5b58 |
| SHA1 | 2de65c5665e7cfbc18e90a58e778d34948a54eca |
| SHA256 | 94add31e627e99dfba3c4abd0159c0a6fba7736eb925e0829b185e1d148261be |
| SHA512 | c3689a2a363277d5f57d6cd52de3e03a9add38a863d03f99ffce5769256d09c19bf5d0c10be7f5659b1bf0e95a7a5185dc37958d8e47a3fe04a57a067c037746 |
memory/3500-93-0x00000000733C0000-0x0000000073AAE000-memory.dmp
memory/5092-94-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/920-95-0x0000000003AC0000-0x0000000003EBF000-memory.dmp
memory/920-96-0x0000000003EC0000-0x00000000047AB000-memory.dmp
memory/920-98-0x0000000000400000-0x0000000001E0F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\u3xg.0.exe
| MD5 | 5c47e4602163dd29a39294b7192f0658 |
| SHA1 | 268d1bf1f4c8c8b696298f802b95af8bd3891c10 |
| SHA256 | 5c0b29d51d9b148c8c19ce0efca365ccb1bbe720f634a15897684abbd1dc5d76 |
| SHA512 | 7baa0359781ba21c378a0fbd37dfcde2d1b0c5a9ce3afcf8db0617f91a49dd552416c90963731798669002eda0a15f2296120cb9307c8cafef18dfdb4a52ad91 |
C:\Users\Admin\AppData\Local\Temp\31D.exe
| MD5 | 38617539f3925b6017474f088cc3769a |
| SHA1 | c689b57ab62eac790a204c8231b02bfe0bc243a6 |
| SHA256 | defe2d4c932a7ef607e8ef1a643fb57b9c69cbc53b52bf802f9471aae5caef49 |
| SHA512 | 15d87c6231a8f2115ae3f0f021949d175d3f36735637c7b508a229af5b2a93f70f32e19d9b8e3d1e0fa41bd21ee46ab5d9c6ef630c826afe2210a789e5da53e7 |
C:\Users\Admin\AppData\Local\Temp\u3xg.1.exe
| MD5 | 5b87828ea000c7111084d8beed17175e |
| SHA1 | e8aa3848e39c449051702a333e608fafd2e5330f |
| SHA256 | 1a557fae2d39d06392f4bea760fb72c87f0959a7c3ac66865e36f316866f57d3 |
| SHA512 | 56b0d0e5422b89a4659969f59570962dbb267fde913ed051fbedf3d66653c9c23d15c945a6ae8ce5570af010b3671eb0be085e8afb44c3088def9f423290f385 |
memory/4948-112-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/5092-111-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/2976-113-0x0000000000400000-0x0000000000930000-memory.dmp
memory/2976-114-0x0000000000AB0000-0x0000000000AB1000-memory.dmp
memory/920-123-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/3936-124-0x0000000002430000-0x0000000002530000-memory.dmp
memory/3936-125-0x0000000003ED0000-0x0000000003EF7000-memory.dmp
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
memory/3936-127-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/596-128-0x0000000002570000-0x0000000002670000-memory.dmp
memory/596-130-0x00000000023D0000-0x00000000023DB000-memory.dmp
memory/596-131-0x0000000000400000-0x00000000022D3000-memory.dmp
memory/3332-133-0x0000000001260000-0x00000000012A0000-memory.dmp
memory/3336-135-0x0000000001360000-0x0000000001376000-memory.dmp
memory/596-137-0x0000000000400000-0x00000000022D3000-memory.dmp
memory/3936-139-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
memory/3332-208-0x0000000001260000-0x00000000012A0000-memory.dmp
memory/3332-209-0x0000000001260000-0x00000000012A0000-memory.dmp
memory/3332-210-0x0000000001260000-0x00000000012A0000-memory.dmp
memory/3332-211-0x0000000001260000-0x00000000012A0000-memory.dmp
memory/3332-213-0x0000000000360000-0x0000000000C51000-memory.dmp
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
memory/3936-228-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/4948-236-0x0000000001C60000-0x0000000001D60000-memory.dmp
memory/4128-241-0x0000000006E80000-0x0000000006EB6000-memory.dmp
memory/4128-244-0x0000000007560000-0x0000000007B88000-memory.dmp
memory/4128-246-0x0000000072450000-0x0000000072B3E000-memory.dmp
memory/4128-248-0x0000000006F20000-0x0000000006F30000-memory.dmp
memory/4128-249-0x0000000006F20000-0x0000000006F30000-memory.dmp
memory/4128-250-0x0000000007BE0000-0x0000000007C02000-memory.dmp
memory/4128-251-0x0000000007CF0000-0x0000000007D56000-memory.dmp
memory/4128-252-0x0000000007EE0000-0x0000000007F46000-memory.dmp
memory/4128-253-0x0000000007F50000-0x00000000082A0000-memory.dmp
memory/4128-254-0x0000000007DA0000-0x0000000007DBC000-memory.dmp
memory/4128-255-0x0000000008360000-0x00000000083AB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hzvoi04a.2n5.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/4128-274-0x0000000009370000-0x00000000093AC000-memory.dmp
memory/4128-305-0x00000000094B0000-0x0000000009526000-memory.dmp
memory/4128-321-0x000000000A2B0000-0x000000000A2E3000-memory.dmp
memory/4128-324-0x000000007E280000-0x000000007E290000-memory.dmp
memory/4128-325-0x000000006F090000-0x000000006F3E0000-memory.dmp
memory/920-322-0x0000000003AC0000-0x0000000003EBF000-memory.dmp
memory/920-327-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/4128-326-0x0000000009400000-0x000000000941E000-memory.dmp
memory/4128-323-0x0000000073360000-0x00000000733AB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 0c7b8daa9b09bcdf947a020bf28c2f19 |
| SHA1 | 738f89f4da5256d14fe11394cf79e42060a7e98b |
| SHA256 | ff0c709f06a8850794f2501c7dc9ce4ffc75f1ab3039218952cd87a067d3d3ff |
| SHA512 | b069ef6d30a5afafc4b4e2632cb4f9da65e58dcedb66706921d85a6be97a024c1e786ec51299ba52668a65fe948d499609aa2b4978fb20738dd0b643d84cbcf6 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | 46b1068f4a605358281eafb05bf4f7ce |
| SHA1 | acdaf418f82cb4fdaa43c5e41c3c1381b14faa23 |
| SHA256 | df3c7e15390ddbf8b5a191788af6a5e3adaa25915deeecc34b664cc7b2f061ba |
| SHA512 | 3a1df0477ab7bfd322a2e382aa85c385017c7bf5435847344dd6a811f32d6a503da326453b89b81613ffa34257a7f765c71a2202bba89252f22e0b66d4bbbadb |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | 1c19c16e21c97ed42d5beabc93391fc5 |
| SHA1 | 8ad83f8e0b3acf8dfbbf87931e41f0d664c4df68 |
| SHA256 | 1bcd97396c83babfe6c5068ba590d7a3f8b70e72955a9d1e4070648e404cbf05 |
| SHA512 | 7d18776d8f649b3d29c182ff03efc6cea8b527542ee55304980f24577aae8b64e37044407776e220984346c3998ace5f8853afa58c8b38407482a728e9495e0c |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 3e21e7289bd430caac27ee97a09c5f8f |
| SHA1 | d41d5e738caf36c38c7f7d1d59018f4040afa439 |
| SHA256 | 77b496b7e6638191705c359be84be8c8ea33ec4b69b9ae88dd33d4ec0e043be0 |
| SHA512 | 2f2fe0275489a81286054bd529e149351ff5fb9aa759c3cf0ec9995586bee2fe7f1086872c9123b1f32c5c709d204f3233799e0da0dffd6197a7a42aa381682b |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | 751ab476f1b9176f9d8feb72c57be63a |
| SHA1 | 386114fddf9a3cefdcd9a168c05497e6c6342e87 |
| SHA256 | 3e7406dbb5816528b789ae290f05976656e6590a05f3d6ac7f981d574bb92424 |
| SHA512 | 148ca8d7f3a135ef26bd35a5b732116f2114a9e87a9bad949914f39e8af0095b54409cd68974b733d78a7364cd650cffaadbc6b801f3d998168ad49d9ceaac45 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 070d18f76d02c38c4dc0d465d628a90f |
| SHA1 | c70f4f199bdc2470b780cc8e426995ac3138ace7 |
| SHA256 | 721fae9bd15607860fcdd8058dab4cca062debd53e2acfeffdd90292f37979ab |
| SHA512 | 245d0ed4dd55c2050467540dcc875316da0503231fb2375606ba3cec8bae63c2940e551c72b1e01519babfd8a92a6ca3ba4003986d15535045af8953a2b53f83 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | b2da1896b38e2c335849f6988d215a8a |
| SHA1 | eb28ffca1a0458213e72c005a223fbea8705a133 |
| SHA256 | 9836ab59e9beea9cf32bfb5b3f41b5807ca9fb7197ecd0a8c5f80c03cc4a85d6 |
| SHA512 | d9e97b4a6a8e357e7e02a5889af8929d88ed483be237cc2154b02ac85dc04545db3cad05a5e3b5641e2044351c93183954780c8f5448400eea4648ced33b44cc |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | e8dc8049185460f8575fed5c14d06b86 |
| SHA1 | 45828c799e452ec842f644665754ca790be09abe |
| SHA256 | 1e3899fe39a598b0a9cfd649d1cd0cf8b383f303be8666ef5189646e334e3c5f |
| SHA512 | 098b74be33fa59266cc460f9c0dec8e177e579dadf4be6e6eeb4fe2ea1d6fa0d1b54d57be532d533b8d896365d0f0075d5337f7f554d435cbf0570ba6156af0b |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | ddaecd3486bfc1af11e8ec337171b66a |
| SHA1 | e6fe01a7dacad8ed9fe3cc911708103a670211f5 |
| SHA256 | 84af5d3d1e5c764a0b02263edbe9a0848da4fdf734ab1990b1950287b6d35702 |
| SHA512 | 3b47a7c1d603bb6fe9b795527912e79b034a3b907c817e8f5881aa398d095e494f5835a65915e01306fa55daeb3e82d1d77a8aa107fb92401acefe1378682dec |
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
| MD5 | d98e33b66343e7c96158444127a117f6 |
| SHA1 | bb716c5509a2bf345c6c1152f6e3e1452d39d50d |
| SHA256 | 5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1 |
| SHA512 | 705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-29 05:11
Reported
2024-02-29 05:16
Platform
win7-20240215-en
Max time kernel
153s
Max time network
300s
Command Line
Signatures
DcRat
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\5CB0.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d.exe | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Pitou
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Windows security bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\Winmon.sys | C:\Windows\rss\csrss.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Possible attempt to disable PatchGuard
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Windows security modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\5CB0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" | C:\Windows\rss\csrss.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Manipulates WinMon driver.
| Description | Indicator | Process | Target |
| File opened for modification | \??\WinMon | C:\Windows\rss\csrss.exe | N/A |
Manipulates WinMonFS driver.
| Description | Indicator | Process | Target |
| File opened for modification | \??\WinMonFS | C:\Windows\rss\csrss.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\87E8.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2544 set thread context of 2692 | N/A | C:\Users\Admin\AppData\Local\Temp\5CB0.exe | C:\Users\Admin\AppData\Local\Temp\5CB0.exe |
Checks for VirtualBox DLLs, possible anti-VM trick
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rss\csrss.exe | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| File created | C:\Windows\Logs\CBS\CbsPersist_20240229051330.cab | C:\Windows\system32\makecab.exe | N/A |
| File created | C:\Windows\windefender.exe | C:\Windows\rss\csrss.exe | N/A |
| File opened for modification | C:\Windows\windefender.exe | C:\Windows\rss\csrss.exe | N/A |
| File opened for modification | C:\Windows\rss | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\7E46.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\AD06.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\AD06.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\AD06.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\u1tw.0.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\u1tw.0.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-272 = "Greenwich Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-492 = "India Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-211 = "Pacific Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-602 = "Taipei Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\eapqec.dll,-101 = "Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies." | C:\Windows\system32\netsh.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-442 = "Arabian Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-162 = "Central Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-732 = "Fiji Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-172 = "Central Standard Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-841 = "Argentina Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-512 = "Central Asia Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-281 = "Central Europe Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-632 = "Tokyo Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-931 = "Coordinated Universal Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-652 = "AUS Central Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-111 = "Eastern Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-871 = "Pakistan Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-562 = "SE Asia Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-411 = "E. Africa Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-892 = "Morocco Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-121 = "SA Pacific Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-52 = "Greenland Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-381 = "South Africa Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-1042 = "Ulaanbaatar Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-842 = "Argentina Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-511 = "Central Asia Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-252 = "Dateline Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-621 = "Korea Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-241 = "Samoa Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-282 = "Central Europe Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-722 = "Central Pacific Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\NetTrace | C:\Windows\system32\netsh.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-552 = "North Asia Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-214 = "Pacific Daylight Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-911 = "Mauritius Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-365 = "Middle East Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\tsgqec.dll,-101 = "Provides RD Gateway enforcement for NAP" | C:\Windows\system32\netsh.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-332 = "E. Europe Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-352 = "FLE Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-431 = "Iran Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-792 = "SA Western Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-12 = "Azores Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-104 = "Central Brazilian Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-334 = "Jordan Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-232 = "Hawaiian Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-542 = "Myanmar Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-1411 = "Syria Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-11 = "Azores Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-751 = "Tonga Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-122 = "SA Pacific Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\dhcpqec.dll,-101 = "Provides DHCP based enforcement for NAP" | C:\Windows\system32\netsh.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-721 = "Central Pacific Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-981 = "Kamchatka Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-502 = "Nepal Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-522 = "N. Central Asia Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-71 = "Newfoundland Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-301 = "Romance Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\rss\csrss.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-161 = "Central Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-471 = "Ekaterinburg Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-591 = "Malay Peninsula Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-382 = "South Africa Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32\,@tzres.dll,-532 = "Sri Lanka Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\napipsec.dll,-3 = "Microsoft Corporation" | C:\Windows\system32\netsh.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e4030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4 | C:\Windows\rss\csrss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 0f00000001000000200000004b4eb4b074298b828b5c003095a10b4523fb951c0c88348b09c53e5baba408a3030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a42000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 040000000100000010000000e4a68ac854ac5242460afd72481b2a440f00000001000000200000004b4eb4b074298b828b5c003095a10b4523fb951c0c88348b09c53e5baba408a3030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a41400000001000000140000004e2254201895e6e36ee60ffafab912ed06178f392000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 19000000010000001000000014c3bd3549ee225aece13734ad8ca0b81400000001000000140000004e2254201895e6e36ee60ffafab912ed06178f39030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a40f00000001000000200000004b4eb4b074298b828b5c003095a10b4523fb951c0c88348b09c53e5baba408a3040000000100000010000000e4a68ac854ac5242460afd72481b2a442000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec5290f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae474040000000100000010000000acb694a59c17e0d791529bb19706a6e420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a42000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6 | C:\Windows\rss\csrss.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 1400000001000000140000004e2254201895e6e36ee60ffafab912ed06178f39030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a40f00000001000000200000004b4eb4b074298b828b5c003095a10b4523fb951c0c88348b09c53e5baba408a32000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6 | C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AD06.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\rss\csrss.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u1tw.1.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d.exe
"C:\Users\Admin\AppData\Local\Temp\fe6913f27719e418e1976b24e0be79b09a0652b982dad5be27493c6737ad3b6d.exe"
C:\Users\Admin\AppData\Local\Temp\5CB0.exe
C:\Users\Admin\AppData\Local\Temp\5CB0.exe
C:\Users\Admin\AppData\Local\Temp\5CB0.exe
C:\Users\Admin\AppData\Local\Temp\5CB0.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6440.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\6440.dll
C:\Users\Admin\AppData\Local\Temp\7E46.exe
C:\Users\Admin\AppData\Local\Temp\7E46.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 124
C:\Users\Admin\AppData\Local\Temp\87E8.exe
C:\Users\Admin\AppData\Local\Temp\87E8.exe
C:\Users\Admin\AppData\Local\Temp\9928.exe
C:\Users\Admin\AppData\Local\Temp\9928.exe
C:\Users\Admin\AppData\Local\Temp\AD06.exe
C:\Users\Admin\AppData\Local\Temp\AD06.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\u1tw.0.exe
"C:\Users\Admin\AppData\Local\Temp\u1tw.0.exe"
C:\Users\Admin\AppData\Local\Temp\u1tw.1.exe
"C:\Users\Admin\AppData\Local\Temp\u1tw.1.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\system32\makecab.exe
"C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20240229051330.log C:\Windows\Logs\CBS\CbsPersist_20240229051330.cab
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\system32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe
"C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe"
C:\Windows\system32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} recoveryenabled 0
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -default {71A3C7FC-F751-4982-AEC1-E958357E6813}
C:\Windows\system32\bcdedit.exe
C:\Windows\Sysnative\bcdedit.exe /v
C:\Users\Admin\AppData\Local\Temp\csrss\dsefix.exe
C:\Users\Admin\AppData\Local\Temp\csrss\dsefix.exe
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -timeout 0
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -displayorder {71A3C7FC-F751-4982-AEC1-E958357E6813} -addlast
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} inherit {bootloadersettings}
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} nointegritychecks 1
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} nx OptIn
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} kernel ntkrnlmp.exe
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} path \Windows\system32\osloader.exe
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} systemroot \Windows
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} osdevice partition=C:
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} device partition=C:
C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -create {71A3C7FC-F751-4982-AEC1-E958357E6813} -d "Windows Fast Mode" -application OSLOADER
C:\Windows\system32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\windefender.exe
"C:\Windows\windefender.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\SysWOW64\sc.exe
sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\windefender.exe
C:\Windows\windefender.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| N/A | 127.0.0.1:49223 | tcp | |
| DE | 131.188.40.189:443 | tcp | |
| DE | 130.61.16.129:9001 | tcp | |
| FR | 178.32.136.221:443 | tcp | |
| US | 199.195.248.172:443 | tcp | |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| DE | 130.61.16.129:9001 | tcp | |
| FR | 178.32.136.221:443 | tcp | |
| US | 8.8.8.8:53 | trmpc.com | udp |
| KR | 123.140.161.243:80 | trmpc.com | tcp |
| US | 8.8.8.8:53 | joly.bestsup.su | udp |
| US | 104.21.29.103:80 | joly.bestsup.su | tcp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| US | 8.8.8.8:53 | kamsmad.com | udp |
| KR | 175.119.10.231:80 | kamsmad.com | tcp |
| KR | 175.119.10.231:80 | kamsmad.com | tcp |
| KR | 175.119.10.231:80 | kamsmad.com | tcp |
| KR | 175.119.10.231:80 | kamsmad.com | tcp |
| KR | 175.119.10.231:80 | kamsmad.com | tcp |
| KR | 175.119.10.231:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | 763916b7-db2c-4b13-9c90-b396562a56fe.uuid.localstats.org | udp |
| N/A | 127.0.0.1:15457 | tcp | |
| US | 8.8.8.8:53 | msdl.microsoft.com | udp |
| US | 204.79.197.219:443 | msdl.microsoft.com | tcp |
| US | 8.8.8.8:53 | vsblobprodscussu5shard30.blob.core.windows.net | udp |
| US | 20.150.38.228:443 | vsblobprodscussu5shard30.blob.core.windows.net | tcp |
| KR | 175.119.10.231:80 | kamsmad.com | tcp |
| KR | 175.119.10.231:80 | kamsmad.com | tcp |
| KR | 175.119.10.231:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | vsblobprodscussu5shard20.blob.core.windows.net | udp |
| US | 20.150.70.36:443 | vsblobprodscussu5shard20.blob.core.windows.net | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | stun4.l.google.com | udp |
| US | 8.8.8.8:53 | server9.localstats.org | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| BG | 185.82.216.111:443 | server9.localstats.org | tcp |
| CH | 172.217.210.127:19302 | stun4.l.google.com | udp |
| US | 8.8.8.8:53 | carsalessystem.com | udp |
| US | 104.21.94.82:443 | carsalessystem.com | tcp |
| BG | 185.82.216.111:443 | server9.localstats.org | tcp |
| N/A | 127.0.0.1:15457 | tcp | |
| N/A | 127.0.0.1:15457 | tcp | |
| N/A | 127.0.0.1:15457 | tcp | |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | transacciones.nequi.com | udp |
| US | 8.8.8.8:53 | transacciones.nequi.com | udp |
| US | 8.8.8.8:53 | aeldra.to | udp |
| US | 8.8.8.8:53 | aeldra.to | udp |
| US | 8.8.8.8:53 | mppa.cc | udp |
| N/A | 127.0.0.1:15457 | tcp | |
| N/A | 127.0.0.1:49742 | tcp | |
| US | 8.8.8.8:53 | klase.eduka.lt | udp |
| US | 8.8.8.8:53 | mppa.cc | udp |
| US | 8.8.8.8:53 | klase.eduka.lt | udp |
| US | 8.8.8.8:53 | mppa.cc | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | online.samsodisha.gov.in | udp |
| US | 8.8.8.8:53 | park-mx.above.com | udp |
| US | 8.8.8.8:53 | park-mx.above.com | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | polkadot.js.org | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 103.224.212.216:80 | mppa.cc | tcp |
| US | 172.67.73.64:21 | polkadot.js.org | tcp |
| US | 8.8.8.8:53 | polkadot.js.org | udp |
| US | 103.224.212.34:143 | park-mx.above.com | tcp |
| US | 8.8.8.8:53 | online.samsodisha.gov.in | udp |
| US | 103.224.212.216:443 | mppa.cc | tcp |
| US | 103.224.212.34:995 | park-mx.above.com | tcp |
| US | 103.224.212.34:465 | park-mx.above.com | tcp |
| US | 172.67.131.78:22 | klase.eduka.lt | tcp |
| N/A | 127.0.0.1:49748 | tcp | |
| US | 54.145.108.213:443 | transacciones.nequi.com | tcp |
| US | 54.145.108.213:22 | transacciones.nequi.com | tcp |
| US | 172.67.73.64:22 | polkadot.js.org | tcp |
| US | 172.67.131.78:143 | klase.eduka.lt | tcp |
| US | 103.224.212.216:21 | mppa.cc | tcp |
| US | 8.8.8.8:53 | gate.gov.hu | udp |
| US | 8.8.8.8:53 | gate.gov.hu | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | gate.gov.hu | udp |
| US | 8.8.8.8:53 | ww25.mppa.cc | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | idp.namirialtsp.com | udp |
| IN | 164.100.141.100:143 | online.samsodisha.gov.in | tcp |
| IN | 164.100.141.100:465 | online.samsodisha.gov.in | tcp |
| US | 54.145.108.213:21 | transacciones.nequi.com | tcp |
| US | 54.145.108.213:143 | transacciones.nequi.com | tcp |
| US | 54.145.108.213:80 | transacciones.nequi.com | tcp |
| IN | 164.100.141.100:21 | online.samsodisha.gov.in | tcp |
| US | 172.67.73.64:143 | polkadot.js.org | tcp |
| US | 103.224.212.216:22 | mppa.cc | tcp |
| US | 8.8.8.8:53 | idp.namirialtsp.com | udp |
| US | 172.67.131.78:465 | klase.eduka.lt | tcp |
| US | 172.67.131.78:21 | klase.eduka.lt | tcp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| HU | 84.206.132.187:21 | gate.gov.hu | tcp |
| US | 54.145.108.213:995 | transacciones.nequi.com | tcp |
| IT | 185.217.29.15:443 | idp.namirialtsp.com | tcp |
| US | 172.67.73.64:443 | polkadot.js.org | tcp |
| US | 172.67.131.78:443 | klase.eduka.lt | tcp |
| HU | 84.206.132.187:22 | gate.gov.hu | tcp |
| US | 199.59.243.225:80 | ww25.mppa.cc | tcp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| IN | 164.100.141.100:80 | online.samsodisha.gov.in | tcp |
| IN | 164.100.141.100:995 | online.samsodisha.gov.in | tcp |
| US | 172.67.131.78:995 | klase.eduka.lt | tcp |
| US | 172.67.131.78:80 | klase.eduka.lt | tcp |
| US | 54.145.108.213:465 | transacciones.nequi.com | tcp |
| IN | 164.100.141.100:443 | online.samsodisha.gov.in | tcp |
| US | 103.224.212.34:143 | park-mx.above.com | tcp |
| IN | 164.100.141.100:22 | online.samsodisha.gov.in | tcp |
| HU | 84.206.132.187:443 | gate.gov.hu | tcp |
| IT | 185.217.29.15:22 | idp.namirialtsp.com | tcp |
| US | 172.67.73.64:465 | polkadot.js.org | tcp |
| US | 54.145.108.213:80 | transacciones.nequi.com | tcp |
| US | 103.224.212.34:995 | park-mx.above.com | tcp |
| IT | 185.217.29.15:21 | idp.namirialtsp.com | tcp |
| US | 104.21.10.99:22 | klase.eduka.lt | tcp |
| US | 54.235.180.240:22 | transacciones.nequi.com | tcp |
| US | 8.8.8.8:53 | arlsura.com | udp |
| US | 104.26.9.84:21 | polkadot.js.org | tcp |
| US | 104.26.9.84:22 | polkadot.js.org | tcp |
| US | 54.235.180.240:21 | transacciones.nequi.com | tcp |
| US | 104.21.10.99:143 | klase.eduka.lt | tcp |
| US | 104.21.10.99:21 | klase.eduka.lt | tcp |
| US | 8.8.8.8:53 | app.cfe.mx | udp |
| US | 8.8.8.8:53 | cittadicavadetirreniportalegare.aflink.it | udp |
| US | 54.235.180.240:143 | transacciones.nequi.com | tcp |
| US | 54.235.180.240:995 | transacciones.nequi.com | tcp |
| US | 103.224.212.216:80 | mppa.cc | tcp |
| US | 8.8.8.8:53 | mijn.ing.nl | udp |
| US | 8.8.8.8:53 | moneycardservices.com | udp |
| US | 8.8.8.8:53 | arlsura.com | udp |
| US | 104.26.9.84:143 | polkadot.js.org | tcp |
| US | 172.67.73.64:80 | polkadot.js.org | tcp |
| US | 104.21.10.99:465 | klase.eduka.lt | tcp |
| US | 172.67.73.64:995 | polkadot.js.org | tcp |
| US | 8.8.8.8:53 | auth.riotgames.com | udp |
| US | 54.235.180.240:465 | transacciones.nequi.com | tcp |
| US | 104.26.8.84:22 | polkadot.js.org | tcp |
| US | 104.21.10.99:995 | klase.eduka.lt | tcp |
| US | 104.26.8.84:21 | polkadot.js.org | tcp |
| US | 103.224.212.34:465 | park-mx.above.com | tcp |
| US | 199.59.243.225:80 | ww25.mppa.cc | tcp |
| US | 45.60.63.131:22 | arlsura.com | tcp |
| US | 8.8.8.8:53 | siac.dataprev.gov.br | udp |
| US | 8.8.8.8:53 | touchndail.com | udp |
| US | 45.60.63.131:21 | arlsura.com | tcp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | app.cfe.mx | udp |
| US | 8.8.8.8:53 | gmc400.itb.hu | udp |
| US | 8.8.8.8:53 | gmc400.itb.hu | udp |
| US | 8.8.8.8:53 | mijn.ing.nl | udp |
| US | 8.8.8.8:53 | spid.namirial.it | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | cittadicavadetirreniportalegare.aflink.it | udp |
| US | 8.8.8.8:53 | cittadicavadetirreniportalegare.aflink.it | udp |
| US | 8.8.8.8:53 | gmc400.itb.hu | udp |
| US | 8.8.8.8:53 | moneycardservices.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | siac.dataprev.gov.br | udp |
| US | 8.8.8.8:53 | auth.riotgames.com | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | siac.dataprev.gov.br | udp |
| US | 8.8.8.8:53 | touchndail.com | udp |
| US | 8.8.8.8:53 | siac.dataprev.gov.br | udp |
| US | 104.26.8.84:143 | polkadot.js.org | tcp |
| US | 104.26.9.84:465 | polkadot.js.org | tcp |
| US | 45.60.63.131:443 | arlsura.com | tcp |
| US | 104.26.9.84:995 | polkadot.js.org | tcp |
| US | 8.8.8.8:53 | test.deujogo.bet | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 172.67.131.78:443 | klase.eduka.lt | tcp |
| US | 54.145.108.213:80 | transacciones.nequi.com | tcp |
| N/A | 127.0.0.1:49754 | tcp | |
| US | 45.60.155.51:21 | app.cfe.mx | tcp |
| NL | 145.221.181.241:21 | mijn.ing.nl | tcp |
| US | 45.60.155.51:443 | app.cfe.mx | tcp |
| IT | 185.217.29.15:995 | idp.namirialtsp.com | tcp |
| IN | 164.100.141.100:80 | online.samsodisha.gov.in | tcp |
| IT | 185.217.29.15:143 | idp.namirialtsp.com | tcp |
| IT | 185.217.29.13:443 | spid.namirial.it | tcp |
| US | 45.60.155.51:22 | app.cfe.mx | tcp |
| US | 172.67.131.78:80 | klase.eduka.lt | tcp |
| US | 45.60.63.131:143 | arlsura.com | tcp |
| US | 104.16.119.50:22 | auth.riotgames.com | tcp |
| US | 45.60.155.51:143 | app.cfe.mx | tcp |
| BR | 200.152.32.46:22 | siac.dataprev.gov.br | tcp |
| IT | 185.217.29.15:80 | idp.namirialtsp.com | tcp |
| US | 13.107.246.64:22 | cittadicavadetirreniportalegare.aflink.it | tcp |
| NL | 145.221.181.241:22 | mijn.ing.nl | tcp |
| US | 172.67.73.64:80 | polkadot.js.org | tcp |
| US | 45.60.63.131:465 | arlsura.com | tcp |
| US | 104.16.119.50:21 | auth.riotgames.com | tcp |
| US | 45.60.69.131:22 | arlsura.com | tcp |
| US | 204.11.56.48:22 | touchndail.com | tcp |
| US | 104.26.8.84:995 | polkadot.js.org | tcp |
| BR | 200.152.32.46:443 | siac.dataprev.gov.br | tcp |
| US | 54.145.108.213:22 | transacciones.nequi.com | tcp |
| BR | 200.152.32.46:21 | siac.dataprev.gov.br | tcp |
| NL | 145.221.213.241:21 | mijn.ing.nl | tcp |
| IT | 185.217.29.15:465 | idp.namirialtsp.com | tcp |
| US | 13.107.246.64:21 | cittadicavadetirreniportalegare.aflink.it | tcp |
| HU | 84.206.132.187:80 | gate.gov.hu | tcp |
| US | 54.145.108.213:21 | transacciones.nequi.com | tcp |
| NL | 145.221.181.241:443 | mijn.ing.nl | tcp |
| US | 13.107.246.64:443 | cittadicavadetirreniportalegare.aflink.it | tcp |
| BE | 64.233.167.84:22 | accounts.google.com | tcp |
| US | 172.67.131.78:21 | klase.eduka.lt | tcp |
| US | 8.8.8.8:53 | eu.recovery.riotgames.com | udp |
| US | 8.8.8.8:53 | www2.afc.cl | udp |
| US | 8.8.8.8:53 | www2.afc.cl | udp |
| US | 8.8.8.8:53 | test.deujogo.bet | udp |
| US | 8.8.8.8:53 | eu.recovery.riotgames.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 45.60.63.131:80 | arlsura.com | tcp |
| US | 103.224.212.34:110 | park-mx.above.com | tcp |
| US | 45.60.63.131:995 | arlsura.com | tcp |
| US | 172.67.131.78:22 | klase.eduka.lt | tcp |
| US | 204.11.56.48:443 | touchndail.com | tcp |
| US | 103.224.212.216:80 | mppa.cc | tcp |
| US | 13.107.246.64:143 | cittadicavadetirreniportalegare.aflink.it | tcp |
| US | 13.107.246.64:465 | cittadicavadetirreniportalegare.aflink.it | tcp |
| US | 104.16.119.50:443 | auth.riotgames.com | tcp |
| US | 103.224.212.216:80 | mppa.cc | tcp |
| US | 54.145.108.213:80 | transacciones.nequi.com | tcp |
| US | 104.16.120.50:21 | auth.riotgames.com | tcp |
| US | 204.11.56.48:21 | touchndail.com | tcp |
| US | 54.235.180.240:22 | transacciones.nequi.com | tcp |
| US | 54.235.180.240:21 | transacciones.nequi.com | tcp |
| US | 104.21.10.99:21 | klase.eduka.lt | tcp |
| US | 13.107.213.64:143 | cittadicavadetirreniportalegare.aflink.it | tcp |
| US | 13.107.213.64:465 | cittadicavadetirreniportalegare.aflink.it | tcp |
| US | 8.8.8.8:53 | www2.afc.cl | udp |
| US | 8.8.8.8:53 | alt3.gmr-smtp-in.l.google.com | udp |
| US | 8.8.8.8:53 | gmc400.itb.hu | udp |
| US | 8.8.8.8:53 | portal.namirialtsp.com | udp |
| US | 8.8.8.8:53 | www.cfe.mx | udp |
| US | 13.107.246.64:995 | cittadicavadetirreniportalegare.aflink.it | tcp |
| US | 54.145.108.213:995 | transacciones.nequi.com | tcp |
| US | 103.224.212.216:21 | mppa.cc | tcp |
| US | 172.67.73.64:21 | polkadot.js.org | tcp |
| US | 104.16.119.50:80 | auth.riotgames.com | tcp |
| US | 103.224.212.216:22 | mppa.cc | tcp |
| NL | 145.221.181.241:995 | mijn.ing.nl | tcp |
| IN | 164.100.141.100:22 | online.samsodisha.gov.in | tcp |
| US | 13.107.246.64:80 | cittadicavadetirreniportalegare.aflink.it | tcp |
| US | 54.145.108.213:465 | transacciones.nequi.com | tcp |
| IT | 185.217.29.13:443 | portal.namirialtsp.com | tcp |
| US | 8.8.8.8:53 | flro.org | udp |
| US | 8.8.8.8:53 | a2plcpnl0309.prod.iad2.secureserver.net | udp |
| US | 8.8.8.8:53 | gmc400.itb.hu | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| IT | 185.217.29.15:80 | idp.namirialtsp.com | tcp |
| US | 8.8.8.8:53 | a2plcpnl0309.prod.iad2.secureserver.net | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | flro.org | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| IT | 185.217.29.13:443 | portal.namirialtsp.com | tcp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | gmc400.itb.hu | udp |
| US | 45.60.155.51:80 | www.cfe.mx | tcp |
| US | 103.224.212.34:993 | park-mx.above.com | tcp |
| US | 104.16.56.40:21 | eu.recovery.riotgames.com | tcp |
| NL | 145.221.181.241:80 | mijn.ing.nl | tcp |
| US | 172.67.73.64:143 | polkadot.js.org | tcp |
| FI | 142.250.150.14:143 | alt3.gmr-smtp-in.l.google.com | tcp |
| US | 104.16.119.50:995 | auth.riotgames.com | tcp |
| IN | 164.100.141.100:465 | online.samsodisha.gov.in | tcp |
| IT | 185.217.29.15:80 | idp.namirialtsp.com | tcp |
| IN | 164.100.141.100:995 | online.samsodisha.gov.in | tcp |
| US | 172.67.131.78:80 | klase.eduka.lt | tcp |
| IT | 185.217.29.15:21 | idp.namirialtsp.com | tcp |
| US | 204.11.56.48:143 | touchndail.com | tcp |
| US | 172.67.73.64:465 | polkadot.js.org | tcp |
| US | 103.224.212.34:587 | park-mx.above.com | tcp |
| BR | 200.152.32.46:143 | siac.dataprev.gov.br | tcp |
| HU | 84.206.132.187:22 | gate.gov.hu | tcp |
| US | 172.67.73.64:443 | polkadot.js.org | tcp |
| US | 199.59.243.225:80 | ww25.mppa.cc | tcp |
| US | 204.11.56.48:22 | touchndail.com | tcp |
| IT | 185.217.29.15:22 | idp.namirialtsp.com | tcp |
| US | 104.16.56.40:443 | eu.recovery.riotgames.com | tcp |
| US | 54.145.108.213:80 | transacciones.nequi.com | tcp |
| HU | 84.206.132.187:443 | gate.gov.hu | tcp |
| NL | 145.221.181.241:80 | mijn.ing.nl | tcp |
| FI | 142.250.150.14:465 | alt3.gmr-smtp-in.l.google.com | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| IT | 185.217.29.15:143 | idp.namirialtsp.com | tcp |
| US | 13.107.246.64:80 | cittadicavadetirreniportalegare.aflink.it | tcp |
| HU | 84.206.132.187:443 | gate.gov.hu | tcp |
| BR | 200.152.32.46:80 | siac.dataprev.gov.br | tcp |
| US | 204.11.56.48:80 | touchndail.com | tcp |
| US | 198.71.230.66:22 | a2plcpnl0309.prod.iad2.secureserver.net | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| US | 104.16.119.50:80 | auth.riotgames.com | tcp |
| US | 45.60.63.131:22 | arlsura.com | tcp |
| US | 45.60.63.131:80 | arlsura.com | tcp |
| US | 172.67.73.64:995 | polkadot.js.org | tcp |
| US | 204.11.56.48:995 | touchndail.com | tcp |
| IN | 164.100.141.100:443 | online.samsodisha.gov.in | tcp |
| IT | 185.217.29.15:465 | idp.namirialtsp.com | tcp |
| US | 13.107.246.64:21 | cittadicavadetirreniportalegare.aflink.it | tcp |
| US | 8.8.8.8:53 | rocketleaguemods.com | udp |
| US | 8.8.8.8:53 | seguro.cesgranrio.org.br | udp |
| US | 8.8.8.8:53 | rocketleaguemods.com | udp |
| US | 45.60.69.131:22 | arlsura.com | tcp |
| US | 104.26.9.84:995 | polkadot.js.org | tcp |
| US | 13.107.213.64:21 | cittadicavadetirreniportalegare.aflink.it | tcp |
| US | 45.60.63.131:21 | arlsura.com | tcp |
| US | 204.11.56.48:80 | touchndail.com | tcp |
| US | 8.8.8.8:53 | passbook.epfindia.gov.in | udp |
| US | 8.8.8.8:53 | app.cfe.gob.mx | udp |
| US | 8.8.8.8:53 | passbook.epfindia.gov.in | udp |
| US | 172.67.146.18:21 | flro.org | tcp |
| BR | 200.152.32.46:21 | siac.dataprev.gov.br | tcp |
| US | 54.145.108.213:222 | transacciones.nequi.com | tcp |
| US | 172.67.131.78:993 | klase.eduka.lt | tcp |
| BR | 200.152.32.46:80 | siac.dataprev.gov.br | tcp |
| US | 54.145.108.213:990 | transacciones.nequi.com | tcp |
| BE | 64.233.167.84:21 | accounts.google.com | tcp |
| US | 104.16.119.50:143 | auth.riotgames.com | tcp |
| US | 45.60.63.131:465 | arlsura.com | tcp |
| BE | 64.233.167.84:22 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | seguro.cesgranrio.org.br | udp |
| US | 8.8.8.8:53 | seguro.cesgranrio.org.br | udp |
| N/A | 127.0.0.1:49757 | tcp | |
| US | 13.107.246.64:143 | seguro.cesgranrio.org.br | tcp |
| US | 104.16.119.50:443 | auth.riotgames.com | tcp |
| US | 172.67.131.78:990 | klase.eduka.lt | tcp |
| US | 198.71.230.66:443 | a2plcpnl0309.prod.iad2.secureserver.net | tcp |
| US | 13.107.246.64:465 | seguro.cesgranrio.org.br | tcp |
| US | 104.21.10.104:22 | rocketleaguemods.com | tcp |
| US | 45.60.63.131:443 | arlsura.com | tcp |
| IN | 164.100.141.100:587 | online.samsodisha.gov.in | tcp |
| IT | 185.217.29.15:80 | idp.namirialtsp.com | tcp |
| IT | 185.217.29.15:80 | idp.namirialtsp.com | tcp |
| NL | 145.221.181.241:443 | mijn.ing.nl | tcp |
| US | 45.60.155.51:443 | www.cfe.mx | tcp |
| NL | 145.221.181.241:443 | mijn.ing.nl | tcp |
| US | 103.224.212.216:80 | mppa.cc | tcp |
| US | 104.16.56.40:995 | eu.recovery.riotgames.com | tcp |
| US | 104.16.56.40:21 | eu.recovery.riotgames.com | tcp |
| FI | 142.250.150.14:143 | alt3.gmr-smtp-in.l.google.com | tcp |
| IT | 185.217.29.15:990 | idp.namirialtsp.com | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 204.11.56.48:465 | touchndail.com | tcp |
| US | 198.71.230.66:143 | a2plcpnl0309.prod.iad2.secureserver.net | tcp |
| NL | 145.221.181.241:443 | mijn.ing.nl | tcp |
| US | 45.60.63.131:80 | arlsura.com | tcp |
| US | 13.107.246.64:21 | seguro.cesgranrio.org.br | tcp |
| IN | 164.100.141.100:110 | online.samsodisha.gov.in | tcp |
| US | 104.16.56.40:80 | eu.recovery.riotgames.com | tcp |
| NL | 145.221.181.241:443 | mijn.ing.nl | tcp |
| US | 172.67.73.64:80 | polkadot.js.org | tcp |
| US | 104.21.10.104:443 | rocketleaguemods.com | tcp |
| US | 172.67.131.78:443 | klase.eduka.lt | tcp |
| HU | 84.206.132.187:990 | gate.gov.hu | tcp |
| US | 103.224.212.34:587 | park-mx.above.com | tcp |
| US | 103.224.212.34:993 | park-mx.above.com | tcp |
| IN | 103.194.45.140:22 | passbook.epfindia.gov.in | tcp |
| IT | 185.217.29.15:222 | idp.namirialtsp.com | tcp |
| US | 13.107.246.64:443 | seguro.cesgranrio.org.br | tcp |
| US | 204.11.56.48:143 | touchndail.com | tcp |
| US | 172.67.131.78:80 | klase.eduka.lt | tcp |
| US | 45.60.155.51:222 | www.cfe.mx | tcp |
| BR | 200.152.32.46:143 | siac.dataprev.gov.br | tcp |
| HU | 84.206.132.187:222 | gate.gov.hu | tcp |
| US | 204.11.56.48:222 | touchndail.com | tcp |
| US | 8.8.8.8:53 | gmc400.itb.hu | udp |
| US | 8.8.8.8:53 | sistema.gestiondeobrasprivadas.com.ar | udp |
| US | 8.8.8.8:53 | gmc400.itb.hu | udp |
| US | 8.8.8.8:53 | demo1.thts.com.vn | udp |
| US | 13.107.213.64:21 | seguro.cesgranrio.org.br | tcp |
| US | 8.8.8.8:53 | lfnai.com | udp |
| US | 8.8.8.8:53 | app.cfe.gob.mx | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | cittadicavadetirreniportalegare.aflink.it | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 45.60.63.131:80 | arlsura.com | tcp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | gmc400.itb.hu | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | ftp.auth.mogul.gg | udp |
| US | 8.8.8.8:53 | sistema.gestiondeobrasprivadas.com.ar | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | sistema.gestiondeobrasprivadas.com.ar | udp |
| US | 45.60.63.131:80 | arlsura.com | tcp |
| NL | 145.221.181.241:990 | mijn.ing.nl | tcp |
| US | 8.8.8.8:53 | lfnai.com | udp |
| US | 8.8.8.8:53 | demo1.thts.com.vn | udp |
| US | 54.145.108.213:80 | transacciones.nequi.com | tcp |
| HU | 84.206.132.187:80 | gate.gov.hu | tcp |
| IN | 164.100.141.100:80 | online.samsodisha.gov.in | tcp |
| US | 198.71.230.66:80 | a2plcpnl0309.prod.iad2.secureserver.net | tcp |
| FI | 142.250.150.14:995 | alt3.gmr-smtp-in.l.google.com | tcp |
| BR | 200.152.32.46:990 | siac.dataprev.gov.br | tcp |
| US | 104.16.119.50:80 | auth.riotgames.com | tcp |
| US | 104.21.10.104:80 | rocketleaguemods.com | tcp |
| US | 204.11.56.48:80 | touchndail.com | tcp |
| BR | 200.152.32.46:222 | siac.dataprev.gov.br | tcp |
| US | 8.8.8.8:53 | app.cfe.mx | udp |
| US | 8.8.8.8:53 | app.cfe.mx | udp |
| US | 8.8.8.8:53 | app.cfe.mx | udp |
| US | 8.8.8.8:53 | ru.forgeofempires.com | udp |
| US | 8.8.8.8:53 | food4rhino.com | udp |
| US | 8.8.8.8:53 | videogamemods.com | udp |
| BR | 200.152.32.46:443 | siac.dataprev.gov.br | tcp |
| US | 204.11.56.48:80 | touchndail.com | tcp |
| US | 172.67.146.18:80 | flro.org | tcp |
| US | 103.224.212.216:80 | mppa.cc | tcp |
| US | 172.67.131.78:587 | klase.eduka.lt | tcp |
| VN | 115.146.127.53:21 | demo1.thts.com.vn | tcp |
| US | 199.59.243.225:80 | ww25.mppa.cc | tcp |
| US | 172.67.73.64:443 | polkadot.js.org | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| NL | 145.221.181.241:80 | mijn.ing.nl | tcp |
| IT | 185.217.29.13:443 | portal.namirialtsp.com | tcp |
| IN | 103.194.45.140:80 | passbook.epfindia.gov.in | tcp |
| US | 45.60.155.51:443 | app.cfe.mx | tcp |
| IT | 185.217.29.15:80 | idp.namirialtsp.com | tcp |
| IT | 185.217.29.13:443 | portal.namirialtsp.com | tcp |
| US | 13.107.246.64:80 | cittadicavadetirreniportalegare.aflink.it | tcp |
| US | 13.107.246.64:80 | cittadicavadetirreniportalegare.aflink.it | tcp |
| US | 13.107.246.64:80 | cittadicavadetirreniportalegare.aflink.it | tcp |
| US | 172.67.131.78:80 | klase.eduka.lt | tcp |
| IN | 103.194.45.140:80 | passbook.epfindia.gov.in | tcp |
| US | 45.60.155.51:80 | app.cfe.mx | tcp |
| BR | 200.152.32.46:80 | siac.dataprev.gov.br | tcp |
| US | 8.8.8.8:53 | makedoge.com | udp |
| US | 8.8.8.8:53 | cambridgelms.org | udp |
| US | 8.8.8.8:53 | shopee.vn | udp |
| US | 8.8.8.8:53 | auth.opera.com | udp |
| US | 8.8.8.8:53 | cart.webex.com | udp |
| US | 8.8.8.8:53 | seguro.cesgranrio.org.br | udp |
| US | 8.8.8.8:53 | ru.forgeofempires.com | udp |
| US | 8.8.8.8:53 | food4rhino.com | udp |
| US | 8.8.8.8:53 | food4rhino.com | udp |
| US | 8.8.8.8:53 | mail.lfnai.com | udp |
| US | 8.8.8.8:53 | cittadicavadetirreniportalegare.aflink.it | udp |
| US | 8.8.8.8:53 | ftp.aeldra.to | udp |
| US | 8.8.8.8:53 | gmc400.itb.hu | udp |
| US | 8.8.8.8:53 | ftp.auth.mogul.gg | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | gmc400.itb.hu | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | makedoge.com | udp |
| N/A | 127.0.0.1:49762 | tcp | |
| N/A | 127.0.0.1:49767 | tcp | |
| N/A | 127.0.0.1:49772 | tcp | |
| N/A | 127.0.0.1:49776 | tcp | |
| N/A | 127.0.0.1:49777 | tcp | |
| N/A | 127.0.0.1:49782 | tcp | |
| N/A | 127.0.0.1:49785 | tcp | |
| N/A | 127.0.0.1:49794 | tcp | |
| N/A | 127.0.0.1:49797 | tcp | |
| N/A | 127.0.0.1:49799 | tcp | |
| N/A | 127.0.0.1:49804 | tcp | |
| US | 8.8.8.8:53 | mail.transacciones.nequi.com | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | mail.auth.mogul.gg | udp |
| US | 8.8.8.8:53 | mail.klase.eduka.lt | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | ftp.klase.eduka.lt | udp |
| US | 8.8.8.8:53 | ftp.idp.namirialtsp.com | udp |
| US | 8.8.8.8:53 | ftp.polkadot.js.org | udp |
| US | 8.8.8.8:53 | gmc400.itb.hu | udp |
| US | 8.8.8.8:53 | ftp.gate.gov.hu | udp |
| US | 8.8.8.8:53 | ftp.online.samsodisha.gov.in | udp |
| US | 8.8.8.8:53 | shopee.vn | udp |
| US | 8.8.8.8:53 | mail.online.samsodisha.gov.in | udp |
| US | 8.8.8.8:53 | cambridgelms.org | udp |
| US | 8.8.8.8:53 | ftp.moneycardservices.com | udp |
| US | 8.8.8.8:53 | cart.webex.com | udp |
| US | 8.8.8.8:53 | ftp.mppa.cc | udp |
| US | 8.8.8.8:53 | auth.opera.com | udp |
| US | 8.8.8.8:53 | mail.aeldra.to | udp |
| US | 8.8.8.8:53 | ftp.transacciones.nequi.com | udp |
| US | 45.60.63.131:80 | arlsura.com | tcp |
| US | 104.16.119.50:443 | auth.riotgames.com | tcp |
| US | 104.26.6.191:443 | videogamemods.com | tcp |
| HU | 84.206.132.187:443 | gate.gov.hu | tcp |
| US | 54.145.108.213:80 | transacciones.nequi.com | tcp |
| US | 103.224.212.216:80 | ftp.mppa.cc | tcp |
| IN | 164.100.141.100:443 | online.samsodisha.gov.in | tcp |
| US | 204.11.56.48:80 | touchndail.com | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| NL | 145.221.181.241:443 | mijn.ing.nl | tcp |
| DE | 212.53.194.208:80 | ru.forgeofempires.com | tcp |
| US | 172.67.146.18:443 | flro.org | tcp |
| BR | 200.152.32.46:80 | siac.dataprev.gov.br | tcp |
| HU | 84.206.132.187:443 | gate.gov.hu | tcp |
| US | 13.107.246.64:80 | cittadicavadetirreniportalegare.aflink.it | tcp |
| CA | 198.50.125.66:80 | sistema.gestiondeobrasprivadas.com.ar | tcp |
| IT | 185.217.29.15:80 | idp.namirialtsp.com | tcp |
| US | 13.107.246.64:80 | cittadicavadetirreniportalegare.aflink.it | tcp |
| VN | 115.146.127.53:80 | demo1.thts.com.vn | tcp |
| NL | 145.221.181.241:443 | mijn.ing.nl | tcp |
| US | 104.16.56.40:80 | eu.recovery.riotgames.com | tcp |
| US | 172.67.145.16:80 | lfnai.com | tcp |
| US | 172.67.145.16:80 | lfnai.com | tcp |
| US | 172.67.131.78:443 | klase.eduka.lt | tcp |
| US | 45.60.155.51:80 | app.cfe.mx | tcp |
| IN | 103.194.45.140:80 | passbook.epfindia.gov.in | tcp |
| NL | 145.221.181.241:443 | mijn.ing.nl | tcp |
| DE | 3.120.86.44:80 | food4rhino.com | tcp |
| IN | 103.194.45.140:80 | passbook.epfindia.gov.in | tcp |
| NL | 145.221.181.241:443 | mijn.ing.nl | tcp |
| US | 8.8.8.8:53 | account.protonvpn.com | udp |
| US | 8.8.8.8:53 | tyhh.net | udp |
| US | 8.8.8.8:53 | login.intelbras.com.br | udp |
| US | 8.8.8.8:53 | seguro.cesgranrio.org.br | udp |
| US | 8.8.8.8:53 | cittadicavadetirreniportalegare.aflink.it | udp |
| US | 198.71.230.66:80 | a2plcpnl0309.prod.iad2.secureserver.net | tcp |
| US | 8.8.8.8:53 | ftp.test.deujogo.bet | udp |
| US | 8.8.8.8:53 | mail.idp.namirialtsp.com | udp |
| US | 8.8.8.8:53 | mail.cittadicavadetirreniportalegare.aflink.it | udp |
| US | 8.8.8.8:53 | mail.moneycardservices.com | udp |
| US | 8.8.8.8:53 | mail.polkadot.js.org | udp |
| US | 8.8.8.8:53 | ftp.auth.mogul.gg | udp |
| US | 8.8.8.8:53 | mail.arlsura.com | udp |
| US | 8.8.8.8:53 | ftp.eu.recovery.riotgames.com | udp |
| N/A | 127.0.0.1:49807 | tcp | |
| N/A | 127.0.0.1:49813 | tcp | |
| N/A | 127.0.0.1:49819 | tcp | |
| N/A | 127.0.0.1:49823 | tcp | |
| N/A | 127.0.0.1:49827 | tcp | |
| N/A | 127.0.0.1:49831 | tcp | |
| N/A | 127.0.0.1:49834 | tcp | |
| N/A | 127.0.0.1:49836 | tcp | |
| N/A | 127.0.0.1:49839 | tcp | |
| N/A | 127.0.0.1:49841 | tcp | |
| N/A | 127.0.0.1:49845 | tcp | |
| N/A | 127.0.0.1:49850 | tcp | |
| N/A | 127.0.0.1:49862 | tcp | |
| N/A | 127.0.0.1:49864 | tcp | |
| N/A | 127.0.0.1:49869 | tcp | |
| N/A | 127.0.0.1:49872 | tcp | |
| N/A | 127.0.0.1:49876 | tcp | |
| N/A | 127.0.0.1:49880 | tcp | |
| N/A | 127.0.0.1:49883 | tcp | |
| N/A | 127.0.0.1:49885 | tcp | |
| N/A | 127.0.0.1:49891 | tcp | |
| N/A | 127.0.0.1:49902 | tcp | |
| N/A | 127.0.0.1:49905 | tcp | |
| US | 8.8.8.8:53 | ftp.touchndail.com | udp |
| US | 8.8.8.8:53 | mail.auth.mogul.gg | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | inbound-smtp.eu-west-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | riteh.uniri.hr | udp |
| US | 8.8.8.8:53 | mxa-004fae02.gslb.pphosted.com | udp |
| US | 8.8.8.8:53 | mxa-004fae02.gslb.pphosted.com | udp |
| US | 8.8.8.8:53 | eu-smtp-inbound-1.mimecast.com | udp |
| US | 8.8.8.8:53 | ssh.auth.mogul.gg | udp |
| US | 8.8.8.8:53 | riteh.uniri.hr | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | login.intelbras.com.br | udp |
| US | 8.8.8.8:53 | ftp.arlsura.com | udp |
| US | 8.8.8.8:53 | ftp.mijn.ing.nl | udp |
| US | 8.8.8.8:53 | ftp.accounts.google.com | udp |
| US | 8.8.8.8:53 | mail.auth.riotgames.com | udp |
| US | 8.8.8.8:53 | riteh.uniri.hr | udp |
| US | 8.8.8.8:53 | solutions4u.online | udp |
| US | 8.8.8.8:53 | transacciones.nequi.com | udp |
| US | 8.8.8.8:53 | ftp.cittadicavadetirreniportalegare.aflink.it | udp |
| US | 8.8.8.8:53 | mail.mijn.ing.nl | udp |
| US | 8.8.8.8:53 | gmc400.itb.hu | udp |
| US | 8.8.8.8:53 | solutions4u.online | udp |
| US | 8.8.8.8:53 | ssh.aeldra.to | udp |
| US | 45.60.63.131:443 | arlsura.com | tcp |
| NL | 185.26.182.112:80 | auth.opera.com | tcp |
| HU | 84.206.132.187:80 | gate.gov.hu | tcp |
| US | 204.11.56.48:80 | ftp.touchndail.com | tcp |
| NL | 145.221.181.241:25 | mijn.ing.nl | tcp |
| US | 104.21.10.104:80 | rocketleaguemods.com | tcp |
| SG | 143.92.75.92:80 | shopee.vn | tcp |
| US | 45.223.60.87:443 | login.intelbras.com.br | tcp |
| US | 172.67.146.18:80 | flro.org | tcp |
| US | 13.107.246.64:443 | cittadicavadetirreniportalegare.aflink.it | tcp |
| US | 54.235.180.240:80 | transacciones.nequi.com | tcp |
| US | 104.16.119.50:80 | auth.riotgames.com | tcp |
| US | 8.8.8.8:53 | tyhh.net | udp |
| US | 45.60.63.131:80 | arlsura.com | tcp |
| DE | 212.53.194.208:443 | ru.forgeofempires.com | tcp |
| US | 8.8.8.8:53 | www.food4rhino.com | udp |
| US | 8.8.8.8:53 | rnp.gob.pe | udp |
| N/A | 127.0.0.1:49910 | tcp | |
| US | 8.8.8.8:53 | account.protonvpn.com | udp |
| DE | 3.120.86.44:80 | www.food4rhino.com | tcp |
| US | 34.205.242.146:80 | makedoge.com | tcp |
| NL | 145.221.181.241:80 | mijn.ing.nl | tcp |
| US | 8.8.8.8:53 | app.cfe.mx | udp |
| N/A | 127.0.0.1:49917 | tcp | |
| N/A | 127.0.0.1:49919 | tcp | |
| N/A | 127.0.0.1:49924 | tcp | |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | gmc400.itb.hu | udp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| BR | 200.152.32.46:443 | siac.dataprev.gov.br | tcp |
| US | 8.8.8.8:53 | ftp.siac.dataprev.gov.br | udp |
| US | 8.8.8.8:53 | webinscription.univ-lyon3.fr | udp |
| US | 8.8.8.8:53 | colegiojeanleblanc.com | udp |
| US | 8.8.8.8:53 | momentosmovistar.com | udp |
| US | 8.8.8.8:53 | mail.touchndail.com | udp |
| US | 8.8.8.8:53 | ssh.polkadot.js.org | udp |
| US | 8.8.8.8:53 | cittadicavadetirreniportalegare.aflink.it | udp |
| US | 8.8.8.8:53 | ssh.mppa.cc | udp |
| US | 8.8.8.8:53 | rnp.gob.pe | udp |
| US | 8.8.8.8:53 | ssh.klase.eduka.lt | udp |
| US | 8.8.8.8:53 | az1-sr6.supercp.com | udp |
| US | 8.8.8.8:53 | payment.bajajfinserv.in | udp |
| US | 8.8.8.8:53 | sistema.ceadeb.com.br | udp |
| US | 8.8.8.8:53 | espace-client.orange.ma | udp |
| US | 8.8.8.8:53 | s4.fourmizzz.fr | udp |
| US | 8.8.8.8:53 | portal.incometaxindiaefiling.gov.in | udp |
| US | 8.8.8.8:53 | ifinished3rdplace.com | udp |
| US | 8.8.8.8:53 | ftp.a2plcpnl0309.prod.iad2.secureserver.net | udp |
| US | 8.8.8.8:53 | mail.auth.mogul.gg | udp |
| US | 8.8.8.8:53 | alt2.gmr-smtp-in.l.google.com | udp |
| US | 8.8.8.8:53 | colegiojeanleblanc.com | udp |
| US | 8.8.8.8:53 | mail.siac.dataprev.gov.br | udp |
| US | 8.8.8.8:53 | ftp.flro.org | udp |
| US | 8.8.8.8:53 | mail.eu.recovery.riotgames.com | udp |
| US | 8.8.8.8:53 | momentosmovistar.com | udp |
| US | 8.8.8.8:53 | rnp.gob.pe | udp |
| US | 8.8.8.8:53 | ssh.moneycardservices.com | udp |
| US | 8.8.8.8:53 | ssh.auth.mogul.gg | udp |
| US | 8.8.8.8:53 | ftp.auth.mogul.gg | udp |
| US | 8.8.8.8:53 | rnp.gob.pe | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | webinscription.univ-lyon3.fr | udp |
| US | 8.8.8.8:53 | gmc400.itb.hu | udp |
| US | 8.8.8.8:53 | ssh.transacciones.nequi.com | udp |
| US | 8.8.8.8:53 | ssh.online.samsodisha.gov.in | udp |
| US | 8.8.8.8:53 | sistema.ceadeb.com.br | udp |
| US | 8.8.8.8:53 | correoweb.rnp.gob.pe | udp |
| US | 8.8.8.8:53 | az1-sr6.supercp.com | udp |
| US | 8.8.8.8:53 | payment.bajajfinserv.in | udp |
| US | 8.8.8.8:53 | espace-client.orange.ma | udp |
| US | 8.8.8.8:53 | us04web.zoom.us | udp |
| US | 8.8.8.8:53 | ftp.www2.afc.cl | udp |
| US | 8.8.8.8:53 | espace-client.orange.ma | udp |
| US | 8.8.8.8:53 | s4.fourmizzz.fr | udp |
| US | 8.8.8.8:53 | s4.fourmizzz.fr | udp |
| US | 8.8.8.8:53 | ifinished3rdplace.com | udp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 8.8.8.8:53 | portal.incometaxindiaefiling.gov.in | udp |
| US | 8.8.8.8:53 | portal.incometaxindiaefiling.gov.in | udp |
| US | 8.8.8.8:53 | portal.incometaxindiaefiling.gov.in | udp |
| CA | 198.50.125.66:80 | sistema.gestiondeobrasprivadas.com.ar | tcp |
| US | 172.67.131.78:80 | klase.eduka.lt | tcp |
| BR | 200.152.32.46:80 | siac.dataprev.gov.br | tcp |
| US | 172.67.145.16:80 | lfnai.com | tcp |
| US | 172.67.145.16:80 | lfnai.com | tcp |
| US | 104.26.6.37:443 | www.hugedomains.com | tcp |
| BE | 13.225.239.65:80 | cart.webex.com | tcp |
| US | 34.211.195.116:80 | cambridgelms.org | tcp |
| US | 13.107.246.64:80 | cittadicavadetirreniportalegare.aflink.it | tcp |
| NL | 185.26.182.112:443 | auth.opera.com | tcp |
| VN | 115.146.127.53:80 | demo1.thts.com.vn | tcp |
| IN | 164.100.141.100:80 | online.samsodisha.gov.in | tcp |
| NL | 185.26.182.112:443 | auth.opera.com | tcp |
| US | 204.11.56.48:80 | mail.touchndail.com | tcp |
| IN | 103.194.45.140:80 | passbook.epfindia.gov.in | tcp |
| US | 104.26.6.191:443 | videogamemods.com | tcp |
| DE | 185.159.159.143:80 | account.protonvpn.com | tcp |
| US | 45.223.60.87:80 | login.intelbras.com.br | tcp |
| US | 45.223.60.87:80 | login.intelbras.com.br | tcp |
| SG | 104.248.149.142:80 | tyhh.net | tcp |
| US | 104.16.119.50:443 | auth.riotgames.com | tcp |
| HU | 84.206.132.187:443 | gate.gov.hu | tcp |
| US | 172.67.146.18:443 | flro.org | tcp |
| US | 45.60.63.131:80 | arlsura.com | tcp |
| SG | 143.92.75.92:443 | shopee.vn | tcp |
| NL | 145.221.181.241:443 | mijn.ing.nl | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| NL | 145.221.181.241:443 | mijn.ing.nl | tcp |
| HR | 161.53.40.5:80 | riteh.uniri.hr | tcp |
| US | 34.205.242.146:80 | makedoge.com | tcp |
| US | 45.60.155.51:80 | app.cfe.mx | tcp |
| US | 13.107.246.64:80 | cittadicavadetirreniportalegare.aflink.it | tcp |
| MY | 103.27.72.16:80 | solutions4u.online | tcp |
| DE | 212.53.194.208:80 | ru.forgeofempires.com | tcp |
| SG | 143.92.75.92:80 | shopee.vn | tcp |
| BR | 200.152.32.46:443 | siac.dataprev.gov.br | tcp |
| N/A | 127.0.0.1:49928 | tcp | |
| US | 8.8.8.8:53 | netbanking.netpnb.com | udp |
| US | 8.8.8.8:53 | auth.opera.com | udp |
| US | 8.8.8.8:53 | payment.bajajfinserv.in | udp |
| US | 8.8.8.8:53 | payment.bajajfinserv.in | udp |
| US | 8.8.8.8:53 | mail.test.deujogo.bet | udp |
| US | 8.8.8.8:53 | makedoge.com | udp |
| US | 8.8.8.8:53 | ssh.eu.recovery.riotgames.com | udp |
| US | 8.8.8.8:53 | cart.webex.com | udp |
| US | 8.8.8.8:53 | mxa-004fae02.gslb.pphosted.com | udp |
| US | 8.8.8.8:53 | seguro.cesgranrio.org.br | udp |
| MY | 103.27.72.16:80 | solutions4u.online | tcp |
| US | 8.8.8.8:53 | ssh.touchndail.com | udp |
| US | 8.8.8.8:53 | ssh.gate.gov.hu | udp |
| US | 8.8.8.8:53 | ftp.seguro.cesgranrio.org.br | udp |
| US | 8.8.8.8:53 | ssh.siac.dataprev.gov.br | udp |
| US | 8.8.8.8:53 | mx01.1and1.fr | udp |
| US | 8.8.8.8:53 | ssh.arlsura.com | udp |
| SG | 143.92.75.92:443 | shopee.vn | tcp |
| IT | 185.217.29.15:80 | idp.namirialtsp.com | tcp |
| US | 8.8.8.8:53 | idp.namirialtsp.com | udp |
| US | 8.8.8.8:53 | ssh.auth.mogul.gg | udp |
| US | 8.8.8.8:53 | ssh.mijn.ing.nl | udp |
| US | 8.8.8.8:53 | ssh.auth.riotgames.com | udp |
| US | 8.8.8.8:53 | cittadicavadetirreniportalegare.aflink.it | udp |
| US | 8.8.8.8:53 | mail.app.cfe.mx | udp |
| US | 8.8.8.8:53 | login.intelbras.com.br | udp |
| US | 8.8.8.8:53 | riteh-uniri-hr.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | payment.bajajfinserv.in | udp |
| US | 8.8.8.8:53 | ssh.www2.afc.cl | udp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | ftp.passbook.epfindia.gov.in | udp |
| US | 204.11.56.48:80 | ssh.touchndail.com | tcp |
| US | 172.67.145.16:80 | lfnai.com | tcp |
| DE | 3.120.86.44:443 | www.food4rhino.com | tcp |
| DE | 185.159.159.143:443 | account.protonvpn.com | tcp |
| CA | 198.50.125.66:80 | sistema.gestiondeobrasprivadas.com.ar | tcp |
| US | 13.107.246.64:80 | cittadicavadetirreniportalegare.aflink.it | tcp |
| US | 8.8.8.8:53 | mail.auth.mogul.gg | udp |
| US | 103.224.212.216:80 | ssh.mppa.cc | tcp |
| NL | 185.26.182.111:80 | auth.opera.com | tcp |
| US | 198.71.230.66:80 | a2plcpnl0309.prod.iad2.secureserver.net | tcp |
| US | 104.16.119.50:80 | auth.riotgames.com | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| NL | 145.221.181.241:80 | mijn.ing.nl | tcp |
| GB | 23.48.165.161:80 | payment.bajajfinserv.in | tcp |
| US | 104.26.6.191:443 | videogamemods.com | tcp |
| US | 8.8.8.8:53 | makedoge.com | udp |
| US | 8.8.8.8:53 | mail.flro.org | udp |
| US | 8.8.8.8:53 | payment.bajajfinserv.in | udp |
| US | 8.8.8.8:53 | cart.webex.com | udp |
| US | 8.8.8.8:53 | mail.mppa.cc | udp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | mail.www2.afc.cl | udp |
| US | 8.8.8.8:53 | app.cfe.mx | udp |
| US | 8.8.8.8:53 | ssh.app.cfe.mx | udp |
| US | 45.223.60.87:80 | login.intelbras.com.br | tcp |
| US | 45.223.60.87:80 | login.intelbras.com.br | tcp |
| US | 170.114.52.4:80 | us04web.zoom.us | tcp |
| GB | 23.48.165.161:80 | payment.bajajfinserv.in | tcp |
| US | 172.67.146.18:80 | flro.org | tcp |
| US | 8.8.8.8:53 | payment.bajajfinserv.in | udp |
| US | 45.60.155.51:443 | app.cfe.mx | tcp |
| US | 8.8.8.8:53 | shopee.vn | udp |
| MA | 41.205.208.7:80 | espace-client.orange.ma | tcp |
| US | 8.8.8.8:53 | food4rhino.com | udp |
| US | 8.8.8.8:53 | portal.incometaxindiaefiling.gov.in | udp |
| US | 8.8.8.8:53 | riteh-uniri-hr.mail.protection.outlook.com | udp |
| US | 68.66.226.73:80 | az1-sr6.supercp.com | tcp |
| US | 68.66.226.73:80 | az1-sr6.supercp.com | tcp |
| US | 193.46.199.146:80 | momentosmovistar.com | tcp |
| US | 8.8.8.8:53 | portal.incometaxindiaefiling.gov.in | udp |
| US | 107.170.157.77:80 | sistema.ceadeb.com.br | tcp |
| US | 8.8.8.8:53 | portal.incometaxindiaefiling.gov.in | udp |
| US | 8.8.8.8:53 | ssh.idp.namirialtsp.com | udp |
| US | 8.8.8.8:53 | idp.uniecampus.it | udp |
| US | 8.8.8.8:53 | payment.bajajfinserv.in | udp |
| US | 8.8.8.8:53 | portal.incometaxindiaefiling.gov.in | udp |
| US | 8.8.8.8:53 | netbanking.netpnb.com | udp |
| US | 8.8.8.8:53 | mail.a2plcpnl0309.prod.iad2.secureserver.net | udp |
| US | 8.8.8.8:53 | mail.auth.mogul.gg | udp |
| US | 8.8.8.8:53 | gmc400.itb.hu | udp |
| US | 8.8.8.8:53 | gmc400.itb.hu | udp |
| US | 8.8.8.8:53 | ftp.rocketleaguemods.com | udp |
| US | 8.8.8.8:53 | ftp.lfnai.com | udp |
| US | 8.8.8.8:53 | mail.rocketleaguemods.com | udp |
| US | 8.8.8.8:53 | cambridgelms.org | udp |
| US | 8.8.8.8:53 | portal.incometaxindiaefiling.gov.in | udp |
| US | 8.8.8.8:53 | portal.incometaxindiaefiling.gov.in | udp |
| US | 8.8.8.8:53 | payment.bajajfinserv.in | udp |
| US | 104.16.56.40:80 | eu.recovery.riotgames.com | tcp |
| US | 8.8.8.8:53 | nmfdegree.edu.in | udp |
| US | 8.8.8.8:53 | club.pokemon.com | udp |
| US | 8.8.8.8:53 | idp.uniecampus.it | udp |
| US | 8.8.8.8:53 | slushpool.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | hotspot.itera.ac.id | udp |
| HR | 161.53.40.5:80 | riteh.uniri.hr | tcp |
| US | 8.8.8.8:53 | servicossociais.caixa.gov.br | udp |
| US | 8.8.8.8:53 | mereumaimult.ro | udp |
| US | 8.8.8.8:53 | internetmurah.online | udp |
| US | 8.8.8.8:53 | portal.incometaxindiaefiling.gov.in | udp |
| US | 8.8.8.8:53 | nmfdegree.edu.in | udp |
| US | 8.8.8.8:53 | club.pokemon.com | udp |
| US | 8.8.8.8:53 | ssh.test.deujogo.bet | udp |
| US | 8.8.8.8:53 | payment.bajajfinserv.in | udp |
| US | 8.8.8.8:53 | ftp.shopee.vn | udp |
| US | 8.8.8.8:53 | ftp.food4rhino.com | udp |
| US | 8.8.8.8:53 | ssh.flro.org | udp |
| US | 8.8.8.8:53 | ssh.cittadicavadetirreniportalegare.aflink.it | udp |
| US | 8.8.8.8:53 | mail.demo1.thts.com.vn | udp |
| US | 8.8.8.8:53 | auth.opera.com | udp |
| US | 8.8.8.8:53 | ftp.cart.webex.com | udp |
| US | 8.8.8.8:53 | mail.passbook.epfindia.gov.in | udp |
| US | 8.8.8.8:53 | ftp.ru.forgeofempires.com | udp |
| US | 8.8.8.8:53 | ssh.a2plcpnl0309.prod.iad2.secureserver.net | udp |
| US | 8.8.8.8:53 | payment.bajajfinserv.in | udp |
| US | 8.8.8.8:53 | inbound-smtp.eu-west-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | ssh.rocketleaguemods.com | udp |
| US | 8.8.8.8:53 | ssh.accounts.google.com | udp |
| US | 8.8.8.8:53 | slushpool.com | udp |
| US | 8.8.8.8:53 | slushpool.com | udp |
| US | 8.8.8.8:53 | ssh.auth.mogul.gg | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | ftp.auth.opera.com | udp |
| US | 8.8.8.8:53 | pop.klase.eduka.lt | udp |
| US | 8.8.8.8:53 | mail.sistema.gestiondeobrasprivadas.com.ar | udp |
| US | 8.8.8.8:53 | pop.auth.mogul.gg | udp |
| US | 8.8.8.8:53 | mail.seguro.cesgranrio.org.br | udp |
| US | 8.8.8.8:53 | pop.online.samsodisha.gov.in | udp |
| US | 8.8.8.8:53 | internetmurah.online | udp |
| US | 8.8.8.8:53 | hotspot.itera.ac.id | udp |
| US | 8.8.8.8:53 | servicossociais.caixa.gov.br | udp |
| US | 8.8.8.8:53 | hotspot.itera.ac.id | udp |
| US | 8.8.8.8:53 | mereumaimult.ro | udp |
| HU | 84.206.132.187:80 | gate.gov.hu | tcp |
| DE | 52.58.134.171:80 | food4rhino.com | tcp |
| IN | 103.194.45.140:80 | passbook.epfindia.gov.in | tcp |
| VN | 115.146.127.53:80 | demo1.thts.com.vn | tcp |
| US | 8.8.8.8:53 | www.cfe.mx | udp |
| FR | 193.52.198.132:80 | webinscription.univ-lyon3.fr | tcp |
| DE | 185.159.159.143:80 | account.protonvpn.com | tcp |
| US | 172.67.145.16:80 | ftp.lfnai.com | tcp |
| VN | 103.117.240.45:80 | shopee.vn | tcp |
| US | 104.26.6.191:443 | videogamemods.com | tcp |
| US | 204.11.56.48:80 | ssh.touchndail.com | tcp |
| NL | 185.26.182.93:443 | auth.opera.com | tcp |
| US | 198.71.230.66:80 | a2plcpnl0309.prod.iad2.secureserver.net | tcp |
| US | 54.209.32.212:80 | makedoge.com | tcp |
| BR | 200.152.32.46:80 | siac.dataprev.gov.br | tcp |
| US | 45.223.60.87:80 | login.intelbras.com.br | tcp |
| CA | 198.50.125.66:80 | sistema.gestiondeobrasprivadas.com.ar | tcp |
| MY | 103.27.72.16:80 | solutions4u.online | tcp |
| US | 44.241.34.216:443 | cambridgelms.org | tcp |
| BE | 13.225.239.27:443 | cart.webex.com | tcp |
| GB | 23.48.165.161:80 | payment.bajajfinserv.in | tcp |
| GB | 23.48.165.161:80 | payment.bajajfinserv.in | tcp |
| MA | 41.205.208.7:443 | espace-client.orange.ma | tcp |
| US | 13.107.246.64:80 | cittadicavadetirreniportalegare.aflink.it | tcp |
| US | 172.67.131.78:80 | klase.eduka.lt | tcp |
| US | 104.16.56.40:80 | eu.recovery.riotgames.com | tcp |
| FR | 87.98.156.178:80 | s4.fourmizzz.fr | tcp |
| FR | 193.52.198.132:80 | webinscription.univ-lyon3.fr | tcp |
| US | 54.209.32.212:80 | makedoge.com | tcp |
| US | 8.8.8.8:53 | auth.mogul.gg | udp |
| US | 8.8.8.8:53 | mail.food4rhino.com | udp |
| US | 8.8.8.8:53 | mail.nmfdegree.edu.in | udp |
| US | 8.8.8.8:53 | riteh-uniri-hr.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | selfcare.wateen.com | udp |
| US | 8.8.8.8:53 | mubadratnews.net | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | selfcare.wateen.com | udp |
| MA | 41.205.208.7:443 | espace-client.orange.ma | tcp |
| US | 8.8.8.8:53 | login.intelbras.com.br | udp |
| US | 8.8.8.8:53 | payment.bajajfinserv.in | udp |
| US | 8.8.8.8:53 | mail.app.cfe.gob.mx | udp |
| US | 8.8.8.8:53 | mail.auth.mogul.gg | udp |
| US | 8.8.8.8:53 | www.food4rhino.com | udp |
| US | 8.8.8.8:53 | us04web.zoom.us | udp |
| US | 8.8.8.8:53 | pop.transacciones.nequi.com | udp |
| US | 8.8.8.8:53 | cart.webex.com | udp |
Files
memory/1568-2-0x0000000000220000-0x000000000022B000-memory.dmp
memory/1568-1-0x00000000024A0000-0x00000000025A0000-memory.dmp
memory/1568-3-0x0000000000400000-0x00000000022D1000-memory.dmp
memory/1100-4-0x0000000002670000-0x0000000002686000-memory.dmp
memory/1568-5-0x0000000000400000-0x00000000022D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5CB0.exe
| MD5 | 398ab69b1cdc624298fbc00526ea8aca |
| SHA1 | b2c76463ae08bb3a08accfcbf609ec4c2a9c0821 |
| SHA256 | ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be |
| SHA512 | 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739 |
memory/2544-17-0x0000000003540000-0x00000000036F8000-memory.dmp
memory/2692-22-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2544-25-0x0000000003540000-0x00000000036F8000-memory.dmp
memory/2544-26-0x0000000003700000-0x00000000038B7000-memory.dmp
memory/2692-24-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2692-28-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2692-20-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2692-29-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2692-30-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2692-31-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\6440.dll
| MD5 | 9b1697d40dfd386fdd7e9327844f301a |
| SHA1 | e75defb119e2c7b7d3f75ab70a100ec504af5ebf |
| SHA256 | 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d |
| SHA512 | 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69 |
memory/2460-40-0x0000000010000000-0x0000000010202000-memory.dmp
memory/2460-39-0x0000000000130000-0x0000000000136000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | 69272d604bcfc79a6cf9c8a117524e0a |
| SHA1 | 4c79237f6de3a3e0fb770157a83fb77923b43560 |
| SHA256 | 40632a2f3dca03b4d56b7e4c8db05c054079c6de44c26579f9f4722270840cdb |
| SHA512 | 8aa579a6e603288afeb757b85f5cf72ea32e88c24100820fd890ff7fb0e6edb7b043c1d9adea0667c7912029293d723fea51fbaea6bb26d6e2170aed4c9d5ee6 |
memory/2460-51-0x00000000028F0000-0x0000000002A18000-memory.dmp
memory/2460-52-0x0000000002A20000-0x0000000002B2D000-memory.dmp
memory/2460-55-0x0000000002A20000-0x0000000002B2D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | cbfd791b55973c33e5ea8508863d6002 |
| SHA1 | d498110f8d3955d5cfb88b3f9461bf0e133fc954 |
| SHA256 | b16d18c23561bdcae91e632c852c2b3580a027bb1e2aeb23c4354d6178f77cbe |
| SHA512 | dcbf7441e591cda3ad56199c148a5375d37222d7e43d4b404f3955c5dbb0802be2b8035d42c3860386384b63cd9673df7e5fce7ee6b55298c75598bff2a6053d |
C:\Users\Admin\AppData\Local\Temp\7E46.exe
| MD5 | 422db637dbf50842dd07e17ee94816f3 |
| SHA1 | 60e6cd9c324737ccec09e8a1db38d87af9d28ab8 |
| SHA256 | 4a9704a22b1a4dd8902bb3f11c1358f6a84962c0296c38cb1e8453abc24351ce |
| SHA512 | 124a61f149c30951a6b2f8ee5d4653a961d23fbf3aed416605f2f0594af8c2c8909af811f21cf5c74341a4d632ca4c3ff54caa5089965447928209778f69b6d7 |
memory/2696-70-0x0000000000100000-0x0000000000101000-memory.dmp
memory/2696-72-0x00000000011F0000-0x0000000001AE1000-memory.dmp
memory/2696-73-0x0000000000100000-0x0000000000101000-memory.dmp
memory/2696-75-0x0000000000100000-0x0000000000101000-memory.dmp
memory/2696-76-0x00000000774B0000-0x00000000774B1000-memory.dmp
memory/2692-79-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2696-81-0x0000000000110000-0x0000000000111000-memory.dmp
memory/2692-80-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\87E8.exe
| MD5 | a1b5ee1b9649ab629a7ac257e2392f8d |
| SHA1 | dc1b14b6d57589440fb3021c9e06a3e3191968dc |
| SHA256 | 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65 |
| SHA512 | 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b |
C:\Users\Admin\AppData\Local\Temp\87E8.exe
| MD5 | 087e955c52700e29ffdca5436535a6ab |
| SHA1 | 81602310bcc9a76102b653df38f989d5a4d7cda8 |
| SHA256 | 44bfdc01c1ed980d112c4d72bc009d6f164dc4b22ae740835b79a2541ffd0c8f |
| SHA512 | 7414675a3b497844b037ee16b3fc4d07184b82db2876b45cada38a73dffa03b5cac460a130a3cbcea3c789315b4603d3c489f48ae4bae4569a2b96938ff5457d |
memory/1588-91-0x0000000001C20000-0x0000000001D20000-memory.dmp
memory/1588-92-0x0000000000220000-0x000000000028B000-memory.dmp
memory/2692-93-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1588-95-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/2460-96-0x0000000010000000-0x0000000010202000-memory.dmp
\Users\Admin\AppData\Local\Temp\7E46.exe
| MD5 | 69b8c9f37ac4766b572538b2e8836dc0 |
| SHA1 | 82bf0148cd45fd624f02d4a4b96baa9c2e3d9702 |
| SHA256 | e664aadbbcf631a8793b01e9106c3c59a923c63ba11b85da3c58295918e2590d |
| SHA512 | fb13241d6cda11e1132c8bd5ee109dce79db35eaf8787a3c6fc06b1142110bfbd34ff95a9b8def5805dcba508ee15f6ba7d288fa729d15ccbb0882451dbbff28 |
C:\Users\Admin\AppData\Local\Temp\9928.exe
| MD5 | 2c7078b90caee9d791dd338c2441ca32 |
| SHA1 | 56901d99127fd701353ab7c68e66c94c49eb507c |
| SHA256 | 8ad20c4b4c312feb468a58d1748c0d7abba3dd2d0fb8e6bfbee837c47a0e8c5a |
| SHA512 | 000d81908bc2df1f09fcbf0ac50c72079064923f23fbea2ee0868590eaf693dff4246bb0090083aaec6f031b11353147393b710f72cd1e3630c2ecd071401ef6 |
memory/1084-110-0x0000000000CE0000-0x000000000116C000-memory.dmp
\Users\Admin\AppData\Local\Temp\7E46.exe
| MD5 | d689d942a645a468007b85fdf9413de9 |
| SHA1 | c94e0a7ff515c05a73048f3c6d2dd0c95071c4b6 |
| SHA256 | 82177bd7ae6c995aa53d63d21e5c53883af16f3b84832d5557fe3dfce3cf58cd |
| SHA512 | 525184773ae2e1642e05bee15b58457a995a3225f417a8b26580d306bd292ab880d9768187b6e5c144bf9d4eb3f95f2a2b82f7402eb11b3239740f5412f7608c |
C:\Users\Admin\AppData\Local\Temp\AD06.exe
| MD5 | 38617539f3925b6017474f088cc3769a |
| SHA1 | c689b57ab62eac790a204c8231b02bfe0bc243a6 |
| SHA256 | defe2d4c932a7ef607e8ef1a643fb57b9c69cbc53b52bf802f9471aae5caef49 |
| SHA512 | 15d87c6231a8f2115ae3f0f021949d175d3f36735637c7b508a229af5b2a93f70f32e19d9b8e3d1e0fa41bd21ee46ab5d9c6ef630c826afe2210a789e5da53e7 |
memory/1084-118-0x0000000073260000-0x000000007394E000-memory.dmp
memory/2692-120-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1588-122-0x0000000000400000-0x0000000001A77000-memory.dmp
\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
| MD5 | 0564a9bf638169a89ccb3820a6b9a58e |
| SHA1 | 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb |
| SHA256 | 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058 |
| SHA512 | 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6 |
memory/2372-130-0x00000000002B0000-0x0000000000317000-memory.dmp
memory/2372-129-0x0000000001BC0000-0x0000000001CC0000-memory.dmp
memory/2372-132-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/2044-133-0x0000000000220000-0x000000000022B000-memory.dmp
memory/2044-136-0x0000000002370000-0x0000000002470000-memory.dmp
memory/2044-134-0x0000000000400000-0x00000000022D3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 2ce2c35ccba681d1dfdb273e894f1cf2 |
| SHA1 | 32730298565385205b865aef50f7f60eb1f1ae2f |
| SHA256 | ed018a0feeacecd48c52e26c097ae7faaba6d2a206793d71759578c0555631ce |
| SHA512 | 34f4fc03f1300237ef06d361540774b42d850c3523f52b647de4680943610403f3c2034df80f1bd13b69811d8f256e119c5a9f493ca40eec04c25269e82ebf45 |
memory/1084-146-0x0000000073260000-0x000000007394E000-memory.dmp
memory/1920-145-0x0000000003660000-0x0000000003A58000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 5e67e7a27a64e2b972aafb53b65cb4f1 |
| SHA1 | 5f661f7f8a1faa7af6a49f98e6f6090f5d77a65e |
| SHA256 | 9407ade2b0f74267cb66af7729842323323b2792e1b134b4f2d1f4a29b4b82a9 |
| SHA512 | 1ac5d2ddfc2e44680e7b7eb2c279722fe77be10e38545c2e1feec57ce4ee172cd715ef087e4483263ed01ea6b4b112367153cef1b1a9f9963393456f3b9beb9b |
\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 7e7d4354aac9056766b540cab8c965c9 |
| SHA1 | 5984d781337d95aa799c2742af77159c9e2fb99a |
| SHA256 | bb66bf379237b3f5c30bcea83c11d1133f985f0be02d0e95073f1a03af3169f4 |
| SHA512 | acd48355dca0c0c475f2a3f8cc46005c3e62b26c713605c31380eb1b94f5ae4a8d4f337b6f40d89c43c5878a486491d798a42cb1285b8c8894de81d429f630a2 |
\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 6ed0423b605c5ae80bc9695cb8c18d1a |
| SHA1 | 3062203aae80249f23c2064b2466cdff956453ac |
| SHA256 | f5810d899b09e94142f16a61a762a4aea9eef36070cca208bf3ea49372096f4c |
| SHA512 | 42e53ece8999811fbe91ef59660799196f7646959c55298735b85ff31bbbf33e5ac037235be7bee77baa9c0ac2d56cd4504c9b4d29fc0007d171de98d7bbdaaa |
memory/1920-147-0x0000000003660000-0x0000000003A58000-memory.dmp
memory/1920-148-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/2696-149-0x00000000011F0000-0x0000000001AE1000-memory.dmp
memory/1920-150-0x0000000003A60000-0x000000000434B000-memory.dmp
\Users\Admin\AppData\Local\Temp\u1tw.0.exe
| MD5 | 5c47e4602163dd29a39294b7192f0658 |
| SHA1 | 268d1bf1f4c8c8b696298f802b95af8bd3891c10 |
| SHA256 | 5c0b29d51d9b148c8c19ce0efca365ccb1bbe720f634a15897684abbd1dc5d76 |
| SHA512 | 7baa0359781ba21c378a0fbd37dfcde2d1b0c5a9ce3afcf8db0617f91a49dd552416c90963731798669002eda0a15f2296120cb9307c8cafef18dfdb4a52ad91 |
memory/1100-171-0x0000000002E00000-0x0000000002E16000-memory.dmp
memory/2044-172-0x0000000000400000-0x00000000022D3000-memory.dmp
\Users\Admin\AppData\Local\Temp\u1tw.1.exe
| MD5 | f6b8e4d1efbcc0e4e6e3fa1d193ee34e |
| SHA1 | 16f0132e8da1f1af91c399e52a10ca95b4dfe5e7 |
| SHA256 | 4d59a99022baae98e10a2d55d7f1927fd43c983fd1a823f5595719b4dd481534 |
| SHA512 | cf1237ab6e187a76aeb715fc5074bf689c50231cbad468884ffee6f3afb33c14c48911ca149b5f8c2fd4755a10036788090980d70f43d979b76eec59264d72fd |
memory/2692-188-0x0000000000400000-0x0000000000848000-memory.dmp
\Users\Admin\AppData\Local\Temp\u1tw.1.exe
| MD5 | b7fbce03ceacd0d35d59fc883b7f2bc4 |
| SHA1 | 115e9b6364eadb72b86b5231adf3f7645235940c |
| SHA256 | 6bd05d8d4869eda9fc07967310ebf5adbd489cf4499b45f4933fb24eea234f30 |
| SHA512 | 64194db39a571f0bc657eb8faadea943728af4170a2599ad40b9e2752872fc0d0c34cc817e1bf760e1ee114fd50aeb13d58bb92cae0a5620c329470ecd0406b9 |
\Users\Admin\AppData\Local\Temp\u1tw.1.exe
| MD5 | 73d0427d9595724dd3d1408e14b3cf4f |
| SHA1 | ee9f967fa342ad6529c2ac6d35f7bab97912266d |
| SHA256 | 8edc1054c407ce58e264800a20c83efa5e528ec7f3917a2887721f3aa0759815 |
| SHA512 | f878c369c15290f48e08dfc10f3818e622cee32cfb1a7ffcef3dc3473ac27d62985d5b1e9a0813fe025ac573abb8e2a45c7f0015f642fb6f9b972d87cf9d5dc9 |
memory/2372-190-0x0000000004E00000-0x0000000005330000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\u1tw.1.exe
| MD5 | 88a3d3dddaff28c7462422d7b9bb39d4 |
| SHA1 | 7e811f79992f68f6a30d4011d256eba672ada687 |
| SHA256 | 35ab625b862478a31539a391082058fce150da6a49a2b4a8e1ddcb03d92eefbe |
| SHA512 | e8085474d6da4e93c8aad2917956928e0afdd4e865236e3d51637d8f3d0613dd26f15191d4a947ad3c8cf21c34fc6942a5058280ae1a13e4a3271ed0604a2413 |
C:\Users\Admin\AppData\Local\Temp\u1tw.1.exe
| MD5 | 7c42773206ac3040f4d7f5baa1d330ef |
| SHA1 | 057a331261f0e6c0284e0821641002eac82c7596 |
| SHA256 | fb82579e99a9e9fd64b5226735fe0e94f2bb72df4af1af36fd59b9835ae1f8e0 |
| SHA512 | ac82ef2b673b08a0fa13f88932a3c1fc6a0216e8a489b02a79bd10fc303647bacbd0c32340d779f103bcd47ba2dc56aea046066b79e28d24b989a8e3ea043bc6 |
\Users\Admin\AppData\Local\Temp\u1tw.1.exe
| MD5 | 5c6832ee6f4401aa64ba55041a2e55b9 |
| SHA1 | 4238c51b1de8c673e8da8404ea81560092036f7a |
| SHA256 | ec63ea6421ccdba657515e55a4af428619b13996425aba0f29e147dd8ea5a9da |
| SHA512 | c9bde035ea0c8a1883771f4c042ea4abf0bf619e739427c658e0640e3c54a9d58353d76fb748be7a696e251ac2f3bb1bee5ce8f246a356d350104b8047c56893 |
memory/2372-189-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/2372-193-0x0000000004E00000-0x0000000005330000-memory.dmp
memory/2968-195-0x0000000000230000-0x0000000000231000-memory.dmp
memory/2968-196-0x0000000000400000-0x0000000000930000-memory.dmp
memory/832-198-0x0000000002410000-0x0000000002510000-memory.dmp
memory/832-199-0x0000000000220000-0x0000000000247000-memory.dmp
memory/832-200-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/2692-201-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1920-202-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/2968-204-0x0000000000400000-0x0000000000930000-memory.dmp
memory/1588-205-0x0000000001C20000-0x0000000001D20000-memory.dmp
memory/1588-207-0x0000000000220000-0x000000000028B000-memory.dmp
memory/832-208-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/1920-213-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/832-214-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/2692-215-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1920-218-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/2968-219-0x0000000000400000-0x0000000000930000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 0c7b8daa9b09bcdf947a020bf28c2f19 |
| SHA1 | 738f89f4da5256d14fe11394cf79e42060a7e98b |
| SHA256 | ff0c709f06a8850794f2501c7dc9ce4ffc75f1ab3039218952cd87a067d3d3ff |
| SHA512 | b069ef6d30a5afafc4b4e2632cb4f9da65e58dcedb66706921d85a6be97a024c1e786ec51299ba52668a65fe948d499609aa2b4978fb20738dd0b643d84cbcf6 |
memory/2692-226-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2968-230-0x0000000000400000-0x0000000000930000-memory.dmp
memory/2692-236-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1920-242-0x0000000003660000-0x0000000003A58000-memory.dmp
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
memory/1920-259-0x0000000000400000-0x0000000001E0F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 6e0435f8b1644f72fda8e2853ed30a34 |
| SHA1 | d22851e8fca1888ac5f7deefbea73f0cce270627 |
| SHA256 | 6efb9502a23f730ef4c9125a1833b941b02bce1942e3f1f563b03554520c0c14 |
| SHA512 | d9a254d1ba65ee02cae0a5df6f2466b381b40821b1e78aad1b502c149da9628cded2774c3b745448c8ad08131f8868f09302889af97744ed8b540372d678cae0 |
memory/1920-301-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/1784-300-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/1784-302-0x00000000037B0000-0x0000000003BA8000-memory.dmp
memory/2372-307-0x0000000004E00000-0x0000000005330000-memory.dmp
\Windows\rss\csrss.exe
| MD5 | d431c08bdf6a4f413b832d0332864646 |
| SHA1 | 1144c086d174640b5b11f9e575ffe92cec120656 |
| SHA256 | e23ad0f70c33eed26130ff278c9606eabc317600e2314c186fb3d83513810ea3 |
| SHA512 | 5afa79dfc6e07fb068f6f57c8753a39273e2118b400fb96d1f4303c7942b174384c4fdbe05a4b6ca9512eab2e1b189f4f7f72e99ecac511e208ffc7bf7298adf |
C:\Windows\rss\csrss.exe
| MD5 | 8f0ce9ec9d029362fde7f2464db3e5f6 |
| SHA1 | 4edd6eab941272354e6624dcef888e523a3cd43b |
| SHA256 | 714413653446b92d9c87d0f0a40113427158067a2a20f0187118edb445b3ed76 |
| SHA512 | a69ef3cc9db3e5b7052ff7ae44b5d1800fd509d63420e868c1789a0999f79950193d8d66fa766d7a192c7195939c19c98154c00ee1a9ed2c863724726a972544 |
\Windows\rss\csrss.exe
| MD5 | 9215125b0b0fbc87d02cc9232c343b21 |
| SHA1 | 724c7c6b211f159dd5cfe517771610ede04f06f3 |
| SHA256 | def3e2faf9499ccd1943751a39e6cda9bcf09016f5fb028eddcf9f9204f6946f |
| SHA512 | 2779771e47ade5fdc9a69f40efb15e15e57ba0cd898baaaab03d9e5c6a750db53cabda975d0841348cebe57ff65f2eb4902c2d5fa86181f4f66f2c054382b157 |
memory/1784-321-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/2968-323-0x0000000000230000-0x0000000000231000-memory.dmp
memory/2968-324-0x0000000000400000-0x0000000000930000-memory.dmp
memory/2112-322-0x00000000038E0000-0x0000000003CD8000-memory.dmp
memory/832-328-0x0000000000400000-0x00000000022DA000-memory.dmp
memory/832-330-0x0000000002410000-0x0000000002510000-memory.dmp
C:\Windows\rss\csrss.exe
| MD5 | 144f0b7bc8d9e2c14a92131fcc8f22f0 |
| SHA1 | 7062db4d023633177620a000bf5a8a044d77e9a3 |
| SHA256 | 51d53792d6d17bed64e3ba8d9b0686ee98dc4fe2ddf299cd352c036125de4632 |
| SHA512 | 5f41352bd6207e221a801a3e565587bb4d2775456ce8bac1889ed35a9d7df6470132bb400e03fe155121d79d3828af21928665b4164eb711e5ff1e73bceb8f76 |
memory/2112-331-0x0000000000400000-0x0000000001E0F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe
| MD5 | d0a7150b329f1ab07573732b9347e805 |
| SHA1 | fc089f7ed078c457039dcfca1c8eeae9a25a1add |
| SHA256 | a0b6dddbc710acc317d1768fdd02d6762f73917a69a9b8678629b5f8131c99ff |
| SHA512 | 09a543ca6791c9f7469ca537f1ffaaa5869e41351f1b878577625bb42865ac109d3cea549afa79913c3ce5132b4b9751822369e2f70fbcd5f09636eac9edef3f |
memory/1580-346-0x0000000140000000-0x00000001405E8000-memory.dmp
\Users\Admin\AppData\Local\Temp\symsrv.dll
| MD5 | fc6ffa7b0a8c98638b2ceb934919ead9 |
| SHA1 | 109df0fd62083eb59887ef64f8fa7005d7cffb70 |
| SHA256 | 715b0c19a07ca379fbb47ffb11fbd9cac0edee3ef10d4b2e660d7ae05c84b9fe |
| SHA512 | f3dc1cd3e6ddb2b5ae723eacaa748aac2607a31e4dcb05e6fa7aa75ef3c32cddb1a7afa4c02c8c8d1d2487b9593c33b06861754bc7d53c2f86448527220abe52 |
C:\Users\Admin\AppData\Local\Temp\ntkrnlmp.exe
| MD5 | f469e3084fb0a4b03073a4db681efa44 |
| SHA1 | 828fa36a3a8c8e91dfbb00e6c2e5e5d3c4a3eea6 |
| SHA256 | c56ff3aa9da4dda7696ff44c02b9d73321e6753eb1cdf0039f1a97dd18b2fbf0 |
| SHA512 | d17a892bacdc9d5e91d9dd3ca296846251b017d48c2547dfa49a2ef769100191bffacb53cc2d7ac2a11b090bae35b24102435cffb18c558d0d11c9a8aebbf0c8 |
\Users\Admin\AppData\Local\Temp\ntkrnlmp.exe
| MD5 | 8a067b6434dcfe55ff1a79bb698c7380 |
| SHA1 | cca819c631f3b839ef614ef3095e0b715284a062 |
| SHA256 | 4e96cb40c71616186747c67890e6d5578b84b1d2d678ab7512979e9fe8422736 |
| SHA512 | 5036e8903391a0164bbb8c5e53c3af12b57d67d9629bca46f04a54a1ed2cf1d097f2ee48b4fe3790c49175b9297320a8c680d2b9f2d339d34a57734d058dc5eb |
\Users\Admin\AppData\Local\Temp\ntkrnlmp.exe
| MD5 | d226b46efa50b7ad76d03197ddae7d90 |
| SHA1 | 36d369db1a6cfcc605fcd10a9459f99157938717 |
| SHA256 | 0697bf7733ea9d50d5495fb5bacc4747238b18a59fa161544a7f6560e1facf0d |
| SHA512 | 95c359d4b095b0c53c172046fcbf6413bf17c8be2aa813d888ac03a55fbf15389644b30755af5a3f36e1fe2e9516402fafec2170e0f0ba2190f73c58133f98e0 |
memory/1580-354-0x0000000140000000-0x00000001405E8000-memory.dmp
\Users\Admin\AppData\Local\Temp\ntkrnlmp.exe
| MD5 | cdf6987419e8137762a2d37678fa451a |
| SHA1 | 31c3aad6b2b95b4a089e57af84f53b32ce0d6c1b |
| SHA256 | 001544f910a957c5b33cf1df965f212539061568f8a4f72dac8fe408b24810bd |
| SHA512 | 3750bdf0608b0cd00913a79f76dd50faab25d3ef1d3b4129b4fcd0431684000c7681da7fafec72d792df620c27847c5e68397fb59eeb5e599f51381580d0af7f |
\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
\ProgramData\nss3.dll
| MD5 | e2ada72ad8cdaaa3a9f3a75583498c2e |
| SHA1 | 231611f02c90c7e74231d26b1a755bc1d58f858a |
| SHA256 | 0040cfd65b94aafc0d8d4f354541faa65e254321fbc78f11116447786ed6d4d1 |
| SHA512 | 3d7188711889e59174245da97ffff6c7e7afc2ed4fc4dbd57362c4a2d0645c5c8c1f49072b1f1f50ca98c8d21b1ca20404e57774a38cca8726c3f55333ac544a |
\Users\Admin\AppData\Local\Temp\dbghelp.dll
| MD5 | 2da21b0e8b932dfe2be9f763e3645e81 |
| SHA1 | a1073f66e02f1385d5ffcd46dd6f126c7d5d3965 |
| SHA256 | 9b0ddd620211c834510924fc7a383b9419fb901eaf1686de0439c065e72de7d1 |
| SHA512 | e1fb563963942bdc5626615604e3400c089b65c21465d416c1108adbfdd33b89d0729fbd42eef9645a7b0cd817e51eb853565ea90c6abcf8e1d28d459d57bc19 |
\Users\Admin\AppData\Local\Temp\csrss\patch.exe
| MD5 | 13aaafe14eb60d6a718230e82c671d57 |
| SHA1 | e039dd924d12f264521b8e689426fb7ca95a0a7b |
| SHA256 | f44a7deb678ae7bbaaadf88e4c620d7cdf7e6831a1656c456545b1c06feb4ef3 |
| SHA512 | ade02218c0fd1ef9290c3113cf993dd89e87d4fb66fa1b34afdc73c84876123cd742d2a36d8daa95e2a573d2aa7e880f3c8ba0c5c91916ed15e7c4f6ff847de3 |
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
| MD5 | d98e33b66343e7c96158444127a117f6 |
| SHA1 | bb716c5509a2bf345c6c1152f6e3e1452d39d50d |
| SHA256 | 5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1 |
| SHA512 | 705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5 |
C:\Users\Admin\AppData\Local\Temp\CabA6CC.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\CabA7E9.tmp
| MD5 | 753df6889fd7410a2e9fe333da83a429 |
| SHA1 | 3c425f16e8267186061dd48ac1c77c122962456e |
| SHA256 | b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78 |
| SHA512 | 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444 |
C:\Users\Admin\AppData\Local\Temp\TarA83A.tmp
| MD5 | dd73cead4b93366cf3465c8cd32e2796 |
| SHA1 | 74546226dfe9ceb8184651e920d1dbfb432b314e |
| SHA256 | a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22 |
| SHA512 | ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63 |
memory/832-435-0x0000000000400000-0x00000000022DA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\AAF33CF37E194E98957768CF9C02DE8E2\download.error
| MD5 | e5ab7df9b066f71a0c577c9211908ed0 |
| SHA1 | f9d6d66467280375bd97d0e717c5e3a5f4cc3a06 |
| SHA256 | d3065fcab2fd5486ea7bad4205ebb120b4c7807fd3408a8c2367c4a84619ab39 |
| SHA512 | 2f6a65fee994f0c8d0ae47a2c260f42d6aeb101f5a32fa69fdd7ee22368df131f941747893970ed6d9d1a9ef97b5f941addb9e1f70abb5376792f98b80316d41 |
\Users\Admin\AppData\Local\Temp\osloader.exe
| MD5 | e2f68dc7fbd6e0bf031ca3809a739346 |
| SHA1 | 9c35494898e65c8a62887f28e04c0359ab6f63f5 |
| SHA256 | b74cd24cef07f0226e7b777f7862943faee4cf288178b423d5344b0769dc15d4 |
| SHA512 | 26256a12b5b8b3a40b34f18e081cdb45ea11845589c9d458a79385a4b8178f32164b417ddc9346fab8299bc6d4b9fedb620274c4edf9321424f37a2e2a6de579 |
memory/2112-469-0x00000000038E0000-0x0000000003CD8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Symbols\winload_prod.pdb\768283CA443847FB8822F9DB1F36ECC51\download.error
| MD5 | fafbf2197151d5ce947872a4b0bcbe16 |
| SHA1 | a86eaa2dd9fc6d36fcfb41df7ead8d1166aea020 |
| SHA256 | feb122b7916a1e62a7a6ae8d25ea48a2efc86f6e6384f5526e18ffbfc5f5ff71 |
| SHA512 | acbd49a111704d001a4ae44d1a071d566452f92311c5c0099d57548eddc9b3393224792c602022df5c3dd19b0a1fb4eff965bf038c8783ae109336699f9d13f6 |
C:\Users\Admin\AppData\Local\Temp\csrss\dsefix.exe
| MD5 | d98e78fd57db58a11f880b45bb659767 |
| SHA1 | ab70c0d3bd9103c07632eeecee9f51d198ed0e76 |
| SHA256 | 414035cc96d8bcc87ed173852a839ffbb45882a98c7a6f7b821e1668891deef0 |
| SHA512 | aafbd3eee102d0b682c4c854d69d50bac077e48f7f0dd8a5f913c6c73027aed7231d99fc9d716511759800da8c4f0f394b318821e9e47f6e62e436c8725a7831 |
memory/2112-488-0x0000000000400000-0x0000000001E0F000-memory.dmp
C:\Windows\windefender.exe
| MD5 | 8e67f58837092385dcf01e8a2b4f5783 |
| SHA1 | 012c49cfd8c5d06795a6f67ea2baf2a082cf8625 |
| SHA256 | 166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa |
| SHA512 | 40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec |
memory/1428-492-0x0000000000400000-0x00000000008DF000-memory.dmp
C:\Windows\windefender.exe
| MD5 | ac0ecf99e658b842971955c73e4e3407 |
| SHA1 | d327a86562ac3d2edacdc3f1f768f432bd1dac22 |
| SHA256 | 0b974dc87467e4899237227caf772209320197cf86f0ff512a469154d25d347a |
| SHA512 | dd6cfb7c0cbb3f98249e43932b48c0b3855789eb7b05c08f058962a07d25c870ac264735d5e0b18c90a6f6965d5dcc93fd91bfa3b08c30bf66fc0ddf318529ea |
memory/2500-495-0x0000000000400000-0x00000000008DF000-memory.dmp
memory/1428-500-0x0000000000400000-0x00000000008DF000-memory.dmp