Analysis Overview
SHA256
d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910
Threat Level: Known bad
The file d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
SmokeLoader
Glupteba
Glupteba payload
DcRat
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
Detects executables containing artifacts associated with disabling Widnows Defender
Detects executables Discord URL observed in first stage droppers
Detects Windows executables referencing non-Windows User-Agents
UPX dump on OEP (original entry point)
Detects executables referencing many varying, potentially fake Windows User-Agents
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Detect binaries embedding considerable number of MFA browser extension IDs.
Detects executables containing URLs to raw contents of a Github gist
Downloads MZ/PE file
Modifies Windows Firewall
UPX packed file
Unexpected DNS network traffic destination
Checks computer location settings
Executes dropped EXE
Reads user/profile data of web browsers
Deletes itself
Loads dropped DLL
Reads data files stored by FTP clients
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Writes to the Master Boot Record (MBR)
Suspicious use of SetThreadContext
Enumerates physical storage devices
Program crash
Unsigned PE
Uses Task Scheduler COM API
Checks SCSI registry key(s)
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: MapViewOfSection
Creates scheduled task(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-29 05:55
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-29 05:55
Reported
2024-02-29 05:58
Platform
win10v2004-20240226-en
Max time kernel
78s
Max time network
155s
Command Line
Signatures
DcRat
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\BC2C.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
SmokeLoader
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects Windows executables referencing non-Windows User-Agents
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects executables Discord URL observed in first stage droppers
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects executables containing URLs to raw contents of a Github gist
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects executables containing artifacts associated with disabling Widnows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects executables referencing many varying, potentially fake Windows User-Agents
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\E311.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BC2C.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BC2C.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\D5EF.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\D8B0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E311.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EEBA.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u12o.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u12o.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BC2C.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u12o.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u12o.0.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 62.102.148.68 | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\BC2C.exe | N/A |
Checks installed software on the system
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\D8B0.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2932 set thread context of 4704 | N/A | C:\Users\Admin\AppData\Local\Temp\BC2C.exe | C:\Users\Admin\AppData\Local\Temp\BC2C.exe |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\EEBA.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\EEBA.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\EEBA.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\u12o.0.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\u12o.0.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-602 = "Taipei Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2592 = "Tocantins Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2142 = "Transbaikal Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-42 = "E. South America Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2872 = "Magallanes Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-211 = "Pacific Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-1931 = "Russia TZ 11 Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-562 = "SE Asia Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-591 = "Malay Peninsula Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-512 = "Central Asia Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-105 = "Central Brazilian Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-411 = "E. Africa Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-1472 = "Magadan Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-242 = "Samoa Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-181 = "Mountain Daylight Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-71 = "Newfoundland Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-961 = "Paraguay Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2492 = "Aus Central W. Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-291 = "Central European Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-262 = "GMT Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-432 = "Iran Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-192 = "Mountain Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-449 = "Azerbaijan Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2432 = "Cuba Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2411 = "Marquesas Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-542 = "Myanmar Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-92 = "Pacific SA Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-752 = "Tonga Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-541 = "Myanmar Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-215 = "Pacific Standard Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-402 = "Arabic Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-81 = "Atlantic Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-672 = "AUS Eastern Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-161 = "Central Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-891 = "Morocco Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-282 = "Central Europe Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-1842 = "Russia TZ 4 Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-151 = "Central America Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2512 = "Lord Howe Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-241 = "Samoa Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-692 = "Tasmania Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-281 = "Central Europe Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-682 = "E. Australia Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-435 = "Georgian Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-372 = "Jerusalem Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-214 = "Pacific Daylight Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-3142 = "South Sudan Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2571 = "Turks and Caicos Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-261 = "GMT Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-32 = "Mid-Atlantic Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-962 = "Paraguay Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-382 = "South Africa Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-691 = "Tasmania Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-462 = "Afghanistan Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-104 = "Central Brazilian Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-171 = "Central Daylight Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-1721 = "Libya Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EEBA.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u12o.1.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe
"C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe"
C:\Users\Admin\AppData\Local\Temp\BC2C.exe
C:\Users\Admin\AppData\Local\Temp\BC2C.exe
C:\Users\Admin\AppData\Local\Temp\BC2C.exe
C:\Users\Admin\AppData\Local\Temp\BC2C.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\C303.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\C303.dll
C:\Users\Admin\AppData\Local\Temp\D5EF.exe
C:\Users\Admin\AppData\Local\Temp\D5EF.exe
C:\Users\Admin\AppData\Local\Temp\D8B0.exe
C:\Users\Admin\AppData\Local\Temp\D8B0.exe
C:\Users\Admin\AppData\Local\Temp\E311.exe
C:\Users\Admin\AppData\Local\Temp\E311.exe
C:\Users\Admin\AppData\Local\Temp\EEBA.exe
C:\Users\Admin\AppData\Local\Temp\EEBA.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\u12o.0.exe
"C:\Users\Admin\AppData\Local\Temp\u12o.0.exe"
C:\Users\Admin\AppData\Local\Temp\u12o.1.exe
"C:\Users\Admin\AppData\Local\Temp\u12o.1.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 1392 -ip 1392
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 1580
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4824 -ip 4824
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 2148
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4848 -ip 4848
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 752
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| US | 8.8.8.8:53 | 120.85.215.91.in-addr.arpa | udp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | 19.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| IR | 151.233.51.166:80 | trmpc.com | tcp |
| US | 8.8.8.8:53 | 166.51.233.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | joly.bestsup.su | udp |
| US | 104.21.29.103:80 | joly.bestsup.su | tcp |
| US | 8.8.8.8:53 | resergvearyinitiani.shop | udp |
| US | 172.67.217.100:443 | resergvearyinitiani.shop | tcp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.29.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.217.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.128.172.185.in-addr.arpa | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 8.8.8.8:53 | 127.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| US | 8.8.8.8:53 | 109.128.172.185.in-addr.arpa | udp |
| DE | 185.220.101.205:10205 | tcp | |
| US | 199.249.230.115:443 | tcp | |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| DE | 88.198.112.25:9001 | tcp | |
| US | 104.149.139.42:8080 | tcp | |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| US | 8.8.8.8:53 | 145.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| SE | 62.102.148.68:53 | tcp | |
| DE | 131.188.40.189:443 | tcp | |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | 132.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.40.188.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 23.141.40.7:443 | tcp | |
| US | 162.251.116.10:443 | tcp | |
| US | 8.8.8.8:53 | 191.202.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.10.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.116.251.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.40.141.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:50326 | tcp | |
| US | 23.141.40.7:443 | tcp | |
| US | 162.251.116.10:443 | tcp | |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kamsmad.com | udp |
| KR | 58.151.148.90:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | c7a2a43c-2aa8-4947-9e3f-6083424d297b.uuid.localstats.org | udp |
| KR | 58.151.148.90:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | 90.148.151.58.in-addr.arpa | udp |
| KR | 58.151.148.90:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | husngold.com | udp |
| US | 8.8.8.8:53 | hyomblog.com | udp |
| US | 8.8.8.8:53 | www.hypepeng.com | udp |
| IN | 217.21.84.90:443 | husngold.com | tcp |
| US | 8.8.8.8:53 | iammrroy.com | udp |
| GB | 91.238.162.87:443 | www.hypepeng.com | tcp |
| US | 8.8.8.8:53 | iamngugi.com | udp |
| US | 8.8.8.8:53 | www.ibcollab.com | udp |
| SG | 165.22.103.167:443 | hyomblog.com | tcp |
| US | 162.213.255.30:443 | iamngugi.com | tcp |
| US | 8.8.8.8:53 | idanoida.com | udp |
| US | 162.241.24.233:443 | iammrroy.com | tcp |
| US | 8.8.8.8:53 | iesnftjp.com | udp |
| KR | 58.151.148.90:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | www.ilumifer.com | udp |
| FR | 109.234.165.176:443 | www.ibcollab.com | tcp |
| US | 8.8.8.8:53 | infohoya.com | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.84.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.162.238.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipaktech.com | udp |
| US | 8.8.8.8:53 | irispola.com | udp |
| GB | 185.77.97.157:443 | www.ilumifer.com | tcp |
| US | 8.8.8.8:53 | isg-sady.com | udp |
| KR | 183.111.199.214:80 | iesnftjp.com | tcp |
| US | 8.8.8.8:53 | www.islayinn.com | udp |
| US | 8.8.8.8:53 | www.issomode.com | udp |
| US | 162.241.217.24:443 | irispola.com | tcp |
| IN | 103.92.235.18:443 | idanoida.com | tcp |
| JP | 172.105.236.173:443 | infohoya.com | tcp |
| US | 8.8.8.8:53 | it-sonic.com | udp |
| US | 8.8.8.8:53 | italysmo.com | udp |
| US | 8.8.8.8:53 | itaxi786.com | udp |
| US | 8.8.8.8:53 | itcloudb.com | udp |
| GB | 88.208.252.227:443 | www.islayinn.com | tcp |
| US | 8.8.8.8:53 | itsulbar.com | udp |
| IT | 89.46.226.31:443 | www.issomode.com | tcp |
| FI | 135.181.4.163:443 | it-sonic.com | tcp |
| US | 8.8.8.8:53 | 30.255.213.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.165.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.24.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.217.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.235.92.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iwcarver.com | udp |
| CA | 144.217.129.28:80 | isg-sady.com | tcp |
| FR | 54.36.31.145:443 | italysmo.com | tcp |
| US | 149.100.151.80:443 | itaxi786.com | tcp |
| US | 8.8.8.8:53 | javerbis.com | udp |
| US | 8.8.8.8:53 | jagoraeg.com | udp |
| ID | 178.16.132.250:443 | iwcarver.com | tcp |
| US | 8.8.8.8:53 | jayccobi.com | udp |
| KR | 146.56.136.247:80 | itcloudb.com | tcp |
| IR | 94.74.145.16:443 | javerbis.com | tcp |
| US | 8.8.8.8:53 | jheeblog.com | udp |
| ID | 153.92.11.40:80 | itsulbar.com | tcp |
| US | 8.8.8.8:53 | www.jimeidao.com | udp |
| US | 8.8.8.8:53 | joddnews.com | udp |
| US | 8.8.8.8:53 | jaygblog.com | udp |
| US | 8.8.8.8:53 | johnmiko.com | udp |
| US | 154.49.143.32:443 | jagoraeg.com | tcp |
| KR | 141.164.44.16:443 | jayccobi.com | tcp |
| US | 8.8.8.8:53 | jongamer.com | udp |
| KR | 58.151.148.90:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | juanvico.com | udp |
| US | 8.8.8.8:53 | 214.199.111.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.236.105.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.252.208.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.226.46.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.4.181.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.31.36.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.129.217.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.97.77.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jootella.com | udp |
| HK | 121.127.241.125:443 | www.jiutubao.com | tcp |
| US | 8.8.8.8:53 | just-nmn.com | udp |
| US | 8.8.8.8:53 | ilumifer.com | udp |
| US | 8.8.8.8:53 | kaidao55.com | udp |
| JP | 167.179.67.105:443 | jheeblog.com | tcp |
| US | 173.254.28.213:443 | johnmiko.com | tcp |
| HK | 121.127.241.30:443 | www.jimeidao.com | tcp |
| SG | 143.198.209.132:443 | jaygblog.com | tcp |
| US | 31.170.161.119:443 | jongamer.com | tcp |
| IN | 62.72.28.22:443 | joddnews.com | tcp |
| US | 8.8.8.8:53 | kanominc.com | udp |
| US | 8.8.8.8:53 | karenvob.com | udp |
| US | 8.8.8.8:53 | kijairan.com | udp |
| US | 8.8.8.8:53 | www.kite-fly.com | udp |
| US | 8.8.8.8:53 | kokainet.com | udp |
| SG | 104.248.144.174:443 | juanvico.com | tcp |
| US | 8.8.8.8:53 | kriketti.com | udp |
| US | 104.21.63.87:443 | kaidao55.com | tcp |
| GB | 154.49.138.48:443 | ilumifer.com | tcp |
| US | 104.21.78.192:443 | jootella.com | tcp |
| US | 8.8.8.8:53 | krjungbo.com | udp |
| US | 8.8.8.8:53 | 250.132.16.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.145.74.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.143.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.11.92.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.44.164.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.161.170.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.28.254.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | krknewsy.com | udp |
| JP | 152.70.97.21:443 | kanominc.com | tcp |
| US | 8.8.8.8:53 | www.kuaituku.com | udp |
| US | 8.8.8.8:53 | kyunglog.com | udp |
| US | 8.8.8.8:53 | labsagna.com | udp |
| FR | 51.255.110.12:80 | kijairan.com | tcp |
| US | 8.8.8.8:53 | lambocdn.com | udp |
| MX | 216.238.81.214:80 | kriketti.com | tcp |
| US | 8.8.8.8:53 | lannitae.com | udp |
| US | 8.8.8.8:53 | lathaspa.com | udp |
| US | 8.8.8.8:53 | lcp-auto.com | udp |
| BD | 103.159.37.24:443 | karenvob.com | tcp |
| US | 8.8.8.8:53 | leondjay.com | udp |
| US | 8.8.8.8:53 | lgilaser.com | udp |
| SG | 167.71.205.27:443 | krjungbo.com | tcp |
| US | 8.8.8.8:53 | www.lingtuku.com | udp |
| US | 8.8.8.8:53 | www.lionidia.com | udp |
| GB | 154.49.138.184:443 | krknewsy.com | tcp |
| IN | 103.187.238.41:443 | www.kite-fly.com | tcp |
| US | 8.8.8.8:53 | lowthity.com | udp |
| US | 8.8.8.8:53 | 125.241.127.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.28.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.241.127.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.144.248.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.78.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.110.255.51.in-addr.arpa | udp |
| LT | 84.32.84.32:443 | lathaspa.com | tcp |
| US | 8.8.8.8:53 | macaluxe.com | udp |
| US | 8.8.8.8:53 | luffytwo.com | udp |
| US | 8.8.8.8:53 | maescort.com | udp |
| HK | 121.127.241.34:443 | www.kuaituku.com | tcp |
| KR | 158.247.207.85:443 | kyunglog.com | tcp |
| US | 104.21.91.131:443 | lannitae.com | tcp |
| IR | 193.141.65.182:443 | lgilaser.com | tcp |
| KR | 58.151.148.90:80 | kamsmad.com | tcp |
| US | 8.8.8.8:53 | www.tyck.co.uk | udp |
| NL | 212.107.17.226:443 | labsagna.com | tcp |
| VN | 103.77.162.18:443 | lcp-auto.com | tcp |
| FR | 109.234.165.172:443 | www.lionidia.com | tcp |
| US | 8.8.8.8:53 | mania-pc.com | udp |
| US | 51.81.213.64:443 | leondjay.com | tcp |
| HK | 121.127.241.125:443 | www.lingtuku.com | tcp |
| US | 8.8.8.8:53 | mankenai.com | udp |
| US | 8.8.8.8:53 | maretaga.com | udp |
| US | 8.8.8.8:53 | matasoca.com | udp |
| ID | 154.41.240.234:443 | luffytwo.com | tcp |
| US | 172.67.138.105:80 | maescort.com | tcp |
| US | 172.67.222.98:443 | www.tyck.co.uk | tcp |
| US | 104.21.41.66:443 | lowthity.com | tcp |
| US | 8.8.8.8:53 | mbkmedya.com | udp |
| US | 8.8.8.8:53 | mbtisite.com | udp |
| US | 8.8.8.8:53 | 21.97.70.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.81.238.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.37.159.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.205.71.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.84.32.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.238.187.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.91.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.241.127.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.17.107.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.65.141.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.165.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | medrcoin.com | udp |
| VN | 202.92.7.103:443 | macaluxe.com | tcp |
| US | 8.8.8.8:53 | medusawp.com | udp |
| US | 8.8.8.8:53 | merkenit.com | udp |
| DE | 78.159.117.65:80 | maretaga.com | tcp |
| US | 185.28.21.214:443 | mankenai.com | tcp |
| US | 162.241.218.25:443 | mania-pc.com | tcp |
| US | 8.8.8.8:53 | metodo14.com | udp |
| US | 8.8.8.8:53 | mianadri.com | udp |
| US | 8.8.8.8:53 | minhathk.com | udp |
| SG | 156.67.222.121:443 | matasoca.com | tcp |
| US | 8.8.8.8:53 | misxvluz.com | udp |
| US | 8.8.8.8:53 | mmcdtech.com | udp |
| US | 8.8.8.8:53 | www.mitubang.com | udp |
| US | 8.8.8.8:53 | www.maescort.com | udp |
| DE | 188.34.149.114:443 | medrcoin.com | tcp |
| FR | 154.49.245.3:443 | medusawp.com | tcp |
| IN | 82.180.143.209:443 | minhathk.com | tcp |
| FI | 95.217.83.76:443 | mianadri.com | tcp |
| US | 172.67.196.216:443 | metodo14.com | tcp |
| US | 8.8.8.8:53 | mnstaqar.com | udp |
| US | 8.8.8.8:53 | momohi88.com | udp |
| US | 8.8.8.8:53 | montagsp.com | udp |
| US | 8.8.8.8:53 | motorizz.com | udp |
| US | 8.8.8.8:53 | 85.207.247.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.213.81.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.162.77.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.138.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.222.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.41.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.240.41.154.in-addr.arpa | udp |
| US | 160.153.0.14:443 | merkenit.com | tcp |
| US | 8.8.8.8:53 | mudarimo.com | udp |
| US | 8.8.8.8:53 | mnawarly.com | udp |
| US | 8.8.8.8:53 | tyck.co.uk | udp |
| TR | 94.199.206.15:443 | mbkmedya.com | tcp |
| US | 50.6.138.170:443 | misxvluz.com | tcp |
| US | 162.241.216.104:443 | mbtisite.com | tcp |
| US | 8.8.8.8:53 | muhniyas.com | udp |
| US | 3.90.232.64:443 | mmcdtech.com | tcp |
| US | 172.67.138.105:443 | www.maescort.com | tcp |
| HK | 121.127.241.67:443 | www.mitubang.com | tcp |
| US | 8.8.8.8:53 | mumu-two.com | udp |
| SA | 185.207.31.71:443 | mnstaqar.com | tcp |
| US | 8.8.8.8:53 | muskwatt.com | udp |
| US | 104.21.86.166:443 | tyck.co.uk | tcp |
| US | 172.67.167.196:443 | motorizz.com | tcp |
| US | 66.23.233.184:443 | montagsp.com | tcp |
| US | 8.8.8.8:53 | muyuren1.com | udp |
| KR | 58.151.148.90:80 | kamsmad.com | tcp |
| US | 164.92.66.17:443 | mudarimo.com | tcp |
| US | 8.8.8.8:53 | myriaweb.com | udp |
| KR | 183.111.242.60:443 | momohi88.com | tcp |
| IN | 82.180.143.209:443 | muhniyas.com | tcp |
| US | 45.33.78.30:443 | mnawarly.com | tcp |
| US | 8.8.8.8:53 | 121.222.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.149.34.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.83.217.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.143.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.138.6.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.216.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.232.90.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.21.28.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.218.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.207.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.86.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.167.67.172.in-addr.arpa | udp |
| SG | 156.67.222.5:443 | mumu-two.com | tcp |
| US | 8.8.8.8:53 | nasirent.com | udp |
| US | 104.21.19.49:443 | muskwatt.com | tcp |
| US | 8.8.8.8:53 | nbsydzsw.com | udp |
| US | 8.8.8.8:53 | nckutest.com | udp |
| US | 8.8.8.8:53 | ncpparty.com | udp |
| US | 8.8.8.8:53 | nebulico.com | udp |
| US | 8.8.8.8:53 | negretta.com | udp |
| US | 8.8.8.8:53 | netxwall.com | udp |
| US | 8.8.8.8:53 | newstabe.com | udp |
| US | 8.8.8.8:53 | newsvima.com | udp |
| US | 8.8.8.8:53 | newswisa.com | udp |
| US | 8.8.8.8:53 | vanmaken.com | udp |
| US | 206.72.195.93:443 | nasirent.com | tcp |
| US | 8.8.8.8:53 | vero-san.com | udp |
| US | 173.249.159.146:443 | myriaweb.com | tcp |
| US | 8.8.8.8:53 | maimai-otakujoho.com | udp |
| US | 185.212.71.198:443 | newstabe.com | tcp |
| US | 8.8.8.8:53 | mitratransmalang.com | udp |
| N/A | 172.20.10.2:443 | nckutest.com | tcp |
| GB | 154.49.138.129:443 | newsvima.com | tcp |
| US | 8.8.8.8:53 | 103.7.92.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.241.127.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.233.23.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.196.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.66.92.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.245.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.19.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.0.153.160.in-addr.arpa | udp |
| FR | 213.32.43.13:443 | netxwall.com | tcp |
| US | 149.100.151.68:443 | newswisa.com | tcp |
| US | 162.241.225.210:443 | vero-san.com | tcp |
| JP | 152.70.97.21:443 | maimai-otakujoho.com | tcp |
| US | 8.8.8.8:53 | morganamdesigner.com | udp |
| US | 8.8.8.8:53 | siamcannabisguru.com | udp |
| AU | 163.47.72.161:80 | ncpparty.com | tcp |
| US | 8.8.8.8:53 | signalsforexgold.com | udp |
| US | 8.8.8.8:53 | apexcds.com | udp |
| US | 8.8.8.8:53 | www.sivascevhertaksi.com | udp |
| SG | 8.219.54.193:80 | nbsydzsw.com | tcp |
| US | 8.8.8.8:53 | www.skuhravamichaela.cz | udp |
| US | 8.8.8.8:53 | slowflow-pottery.com | udp |
| FR | 185.221.182.22:443 | vanmaken.com | tcp |
| US | 104.21.67.92:443 | negretta.com | tcp |
| US | 8.8.8.8:53 | significadosonar.com | udp |
| US | 8.8.8.8:53 | smatarunalampung.com | udp |
| US | 8.8.8.8:53 | sports-continent.com | udp |
| US | 8.8.8.8:53 | siteonlineseguro.com | udp |
| US | 8.8.8.8:53 | 93.195.72.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.159.249.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.117.159.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.78.33.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.242.111.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.222.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | biancaejunior.com.br | udp |
| US | 8.8.8.8:53 | stardacasino-vos.com | udp |
| US | 8.8.8.8:53 | curioustomdigital.com | udp |
| US | 8.8.8.8:53 | starbullcolombia.com | udp |
| US | 164.92.66.17:443 | apexcds.com | tcp |
| US | 104.21.41.53:443 | stardacasino-vos.com | tcp |
| BR | 149.100.155.242:443 | siteonlineseguro.com | tcp |
| ID | 103.247.8.181:443 | smatarunalampung.com | tcp |
| US | 8.8.8.8:53 | papageien-luedtke.com | udp |
| US | 162.241.60.255:443 | starbullcolombia.com | tcp |
| SG | 45.143.81.95:443 | signalsforexgold.com | tcp |
| US | 66.198.240.47:443 | sports-continent.com | tcp |
| US | 8.8.8.8:53 | prenatalpackageng.com | udp |
| SG | 111.221.46.82:443 | mitratransmalang.com | tcp |
| US | 8.8.8.8:53 | omninetworkteamsas.com | udp |
| US | 8.8.8.8:53 | onlinelingeriehome.com | udp |
| US | 8.8.8.8:53 | superiorcleaningfl.com | udp |
| US | 8.8.8.8:53 | onlinewriteressays.com | udp |
| US | 8.8.8.8:53 | pornstarsbiography.com | udp |
| US | 8.8.8.8:53 | sustaineurocluster.com | udp |
| US | 8.8.8.8:53 | www.takemydissertation.com | udp |
| US | 8.8.8.8:53 | tanaaccessoriesllc.com | udp |
| US | 172.67.183.109:443 | biancaejunior.com.br | tcp |
| US | 8.8.8.8:53 | thebeautyfreakroom.com | udp |
| US | 8.8.8.8:53 | techtouchbuildings.com | udp |
| US | 8.8.8.8:53 | 13.43.32.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.67.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.225.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.182.221.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.72.47.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.71.212.185.in-addr.arpa | udp |
| FI | 135.181.177.102:443 | significadosonar.com | tcp |
| US | 162.241.216.170:443 | curioustomdigital.com | tcp |
| CZ | 89.221.213.146:443 | www.skuhravamichaela.cz | tcp |
| TR | 5.2.85.136:443 | www.sivascevhertaksi.com | tcp |
| US | 162.241.24.152:443 | slowflow-pottery.com | tcp |
| US | 162.144.14.150:443 | siamcannabisguru.com | tcp |
| BR | 177.154.191.142:443 | morganamdesigner.com | tcp |
| US | 8.8.8.8:53 | thehappeeurologist.com | udp |
| US | 8.8.8.8:53 | thelordoftheprints.com | udp |
| US | 8.8.8.8:53 | weddingmatrimonybd.com | udp |
| US | 8.8.8.8:53 | aparthotelportugal.com | udp |
| US | 8.8.8.8:53 | askarotoyedekparca.com | udp |
| US | 8.8.8.8:53 | www.ayadivineawakening.com | udp |
| US | 8.8.8.8:53 | backtothepastvideo.com | udp |
| US | 8.8.8.8:53 | balivolcanosunrise.com | udp |
| DE | 51.68.178.175:443 | techtouchbuildings.com | tcp |
| US | 8.8.8.8:53 | www.birdwatchingmadrid.com | udp |
| US | 140.82.20.22:443 | tanaaccessoriesllc.com | tcp |
| FI | 65.109.93.229:443 | www.takemydissertation.com | tcp |
| US | 162.254.39.112:443 | prenatalpackageng.com | tcp |
| US | 67.223.118.156:443 | pornstarsbiography.com | tcp |
| US | 162.254.39.18:443 | omninetworkteamsas.com | tcp |
| DE | 81.169.145.158:80 | papageien-luedtke.com | tcp |
| US | 162.0.215.178:443 | onlinelingeriehome.com | tcp |
| US | 8.8.8.8:53 | 53.41.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.54.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.155.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.60.241.162.in-addr.arpa | udp |
| US | 66.29.137.40:443 | onlinewriteressays.com | tcp |
| FR | 89.117.169.43:443 | thelordoftheprints.com | tcp |
| US | 8.8.8.8:53 | 47.240.198.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.177.181.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.8.247.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.85.2.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bolboretamarketing.com | udp |
| US | 8.8.8.8:53 | bogoradventurecamp.com | udp |
| US | 8.8.8.8:53 | casacaribecolonial.com | udp |
| US | 8.8.8.8:53 | coconutsurfeschool.com | udp |
| US | 8.8.8.8:53 | camisetassudaderas.com | udp |
| US | 107.161.23.47:443 | weddingmatrimonybd.com | tcp |
| SG | 156.67.213.86:443 | balivolcanosunrise.com | tcp |
| GB | 154.49.138.65:443 | www.ayadivineawakening.com | tcp |
| US | 208.113.188.124:443 | www.birdwatchingmadrid.com | tcp |
| US | 149.100.151.165:443 | thehappeeurologist.com | tcp |
| ES | 134.0.11.148:80 | sustaineurocluster.com | tcp |
| NL | 213.249.67.36:443 | aparthotelportugal.com | tcp |
| CN | 139.224.101.133:80 | muyuren1.com | tcp |
| US | 74.208.236.75:443 | backtothepastvideo.com | tcp |
| US | 8.8.8.8:53 | congresoriadis2024.com | udp |
| US | 8.8.8.8:53 | cyberzebconsulting.com | udp |
| US | 172.67.153.211:443 | askarotoyedekparca.com | tcp |
| US | 8.8.8.8:53 | 82.46.221.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.216.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.24.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.14.144.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.191.154.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.93.109.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.39.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.145.169.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.118.223.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.39.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.215.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.169.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.137.29.66.in-addr.arpa | udp |
| KR | 58.151.148.90:80 | kamsmad.com | tcp |
| GB | 185.151.30.204:443 | bogoradventurecamp.com | tcp |
| DE | 157.90.91.29:443 | casacaribecolonial.com | tcp |
| US | 8.8.8.8:53 | dealerhondacilegon.com | udp |
| ES | 82.194.68.86:443 | camisetassudaderas.com | tcp |
| FR | 178.33.118.36:443 | bolboretamarketing.com | tcp |
| GB | 109.70.148.174:443 | cyberzebconsulting.com | tcp |
| US | 8.8.8.8:53 | www.negretta.com | udp |
| US | 8.8.8.8:53 | digitalcreationsbd.com | udp |
| US | 8.8.8.8:53 | fx-investor-trader.com | udp |
| US | 8.8.8.8:53 | disnypluscombegins.com | udp |
| US | 8.8.8.8:53 | elda-entertainment.com | udp |
| US | 8.8.8.8:53 | francilienneenergy.com | udp |
| US | 8.8.8.8:53 | fermionconsultants.com | udp |
| US | 8.8.8.8:53 | flourishaudiodrama.com | udp |
| US | 8.8.8.8:53 | ayadivineawakening.com | udp |
| US | 8.8.8.8:53 | www.gardeningloveslife.com | udp |
| US | 8.8.8.8:53 | gestorgastronomico.com | udp |
| ID | 103.131.51.22:443 | coconutsurfeschool.com | tcp |
| ES | 217.76.130.136:443 | congresoriadis2024.com | tcp |
| US | 8.8.8.8:53 | globaldailyupdates.com | udp |
| US | 8.8.8.8:53 | 95.81.143.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.67.249.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.11.0.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.153.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.188.113.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.30.151.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.23.161.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.236.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.178.68.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.213.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.91.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.148.70.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.118.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.68.194.82.in-addr.arpa | udp |
| US | 104.21.67.92:443 | www.negretta.com | tcp |
| US | 8.8.8.8:53 | www.sustaineurocluster.com | udp |
| GB | 154.49.138.191:443 | disnypluscombegins.com | tcp |
| SG | 45.143.81.40:443 | dealerhondacilegon.com | tcp |
| BD | 103.161.46.26:443 | digitalcreationsbd.com | tcp |
| US | 50.31.176.9:443 | gestorgastronomico.com | tcp |
| US | 173.236.170.172:443 | www.gardeningloveslife.com | tcp |
| US | 75.102.22.216:443 | fermionconsultants.com | tcp |
| US | 66.29.137.44:443 | globaldailyupdates.com | tcp |
| CA | 192.175.100.228:80 | flourishaudiodrama.com | tcp |
| FR | 213.186.33.5:443 | francilienneenergy.com | tcp |
| GB | 154.49.138.56:443 | ayadivineawakening.com | tcp |
| SE | 193.42.159.250:443 | elda-entertainment.com | tcp |
| US | 8.8.8.8:53 | www.havenspapreetvihar.com | udp |
| US | 8.8.8.8:53 | greenhomesbuilding.com | udp |
| US | 8.8.8.8:53 | glorywabisabihotel.com | udp |
| US | 8.8.8.8:53 | goldencitykomersil.com | udp |
| US | 8.8.8.8:53 | haryanajobsnetwork.com | udp |
| US | 8.8.8.8:53 | headlineshindinews.com | udp |
| US | 8.8.8.8:53 | www.houstonhearthealth.com | udp |
| US | 8.8.8.8:53 | i-ue.pl | udp |
| US | 8.8.8.8:53 | icandoanything0000.com | udp |
| JP | 152.70.97.21:443 | fx-investor-trader.com | tcp |
| US | 8.8.8.8:53 | illya-and-angelika.com | udp |
| US | 8.8.8.8:53 | iknowaguywebdesign.com | udp |
| US | 8.8.8.8:53 | indygenousfashions.com | udp |
| US | 8.8.8.8:53 | initiativesimpacts.com | udp |
| US | 8.8.8.8:53 | 22.20.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.51.131.103.in-addr.arpa | udp |
| KR | 58.151.148.90:80 | kamsmad.com | tcp |
| SG | 23.106.253.14:443 | www.havenspapreetvihar.com | tcp |
| ES | 134.0.11.148:80 | www.sustaineurocluster.com | tcp |
| US | 34.83.44.215:443 | iknowaguywebdesign.com | tcp |
| DE | 159.69.241.192:443 | i-ue.pl | tcp |
| RU | 193.109.85.11:443 | haryanajobsnetwork.com | tcp |
| IN | 89.117.188.248:443 | headlineshindinews.com | tcp |
| US | 50.62.222.52:443 | www.houstonhearthealth.com | tcp |
| US | 8.8.8.8:53 | innerstrengthwomen.com | udp |
| US | 8.8.8.8:53 | innovamediadigital.com | udp |
| TH | 203.170.129.4:443 | glorywabisabihotel.com | tcp |
| FR | 54.36.31.145:443 | initiativesimpacts.com | tcp |
| IN | 89.117.157.110:443 | indygenousfashions.com | tcp |
| DE | 81.169.204.196:443 | illya-and-angelika.com | tcp |
| US | 8.8.8.8:53 | insuranceallstates.com | udp |
| ID | 153.92.11.40:80 | goldencitykomersil.com | tcp |
| US | 137.184.82.109:443 | icandoanything0000.com | tcp |
| US | 198.252.98.112:443 | greenhomesbuilding.com | tcp |
| US | 8.8.8.8:53 | integratedbiopharm.com | udp |
| US | 8.8.8.8:53 | irpaintingservices.com | udp |
| US | 8.8.8.8:53 | 191.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.33.186.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.159.42.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.170.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.100.175.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.22.102.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.137.29.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.46.161.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.81.143.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.italianluxurystyle.com | udp |
| US | 8.8.8.8:53 | www.101vinaconstruction.com | udp |
| US | 8.8.8.8:53 | abishnuhematologist.com | udp |
| US | 8.8.8.8:53 | agriturismodaigobbi.com | udp |
| US | 8.8.8.8:53 | aiautomationsagency.com | udp |
| IT | 89.46.106.68:443 | www.italianluxurystyle.com | tcp |
| US | 8.8.8.8:53 | ajwaspicesindonesia.com | udp |
| IT | 80.88.87.221:80 | agriturismodaigobbi.com | tcp |
| US | 8.8.8.8:53 | alivemusicayeventos.com | udp |
| US | 8.8.8.8:53 | alemdoolharanapolis.com | udp |
| US | 8.8.8.8:53 | ambaariaudiovisuals.com | udp |
| FR | 89.117.103.14:443 | integratedbiopharm.com | tcp |
| DE | 5.189.128.66:443 | abishnuhematologist.com | tcp |
| CA | 69.90.221.106:443 | irpaintingservices.com | tcp |
| US | 173.236.253.237:443 | www.101vinaconstruction.com | tcp |
| US | 8.8.8.8:53 | angelaandradeballet.com | udp |
| US | 8.8.8.8:53 | annonce-legale-eurl.com | udp |
| US | 8.8.8.8:53 | 192.241.69.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.85.109.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.204.169.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.44.83.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.253.106.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.188.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.157.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.98.252.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.82.184.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.129.170.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | appliancecareriyadh.com | udp |
| US | 8.8.8.8:53 | aprendotodoslosdias.com | udp |
| US | 8.8.8.8:53 | www.elda-entertainment.com | udp |
| US | 8.8.8.8:53 | artofficial-gallery.com | udp |
| US | 8.8.8.8:53 | babyboutiqueldesing.com | udp |
| US | 8.8.8.8:53 | www.headlineshindinews.com | udp |
| US | 8.8.8.8:53 | batallaculturalcali.com | udp |
| US | 8.8.8.8:53 | blankcanvasbranding.com | udp |
| US | 8.8.8.8:53 | bourneepsomprotocol.com | udp |
| US | 72.167.255.86:443 | alivemusicayeventos.com | tcp |
| ID | 103.229.73.226:443 | ajwaspicesindonesia.com | tcp |
| AU | 221.121.144.149:443 | aiautomationsagency.com | tcp |
| US | 8.8.8.8:53 | bradwischproperties.com | udp |
| US | 8.8.8.8:53 | brandscapemarketing.com | udp |
| US | 8.8.8.8:53 | businesslife-lounge.com | udp |
| TR | 188.132.202.144:443 | babyboutiqueldesing.com | tcp |
| US | 8.8.8.8:53 | aurorasuitesjamaica.com | udp |
| US | 8.8.8.8:53 | automekanicapremier.com | udp |
| US | 8.8.8.8:53 | 68.106.46.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.87.88.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.103.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.128.189.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cancolakmuhendislik.com | udp |
| US | 8.8.8.8:53 | canalretronostalgia.com | udp |
| GB | 31.170.164.205:443 | alemdoolharanapolis.com | tcp |
| US | 193.160.64.21:443 | ambaariaudiovisuals.com | tcp |
| US | 8.8.8.8:53 | carinsuranceliberia.com | udp |
| US | 162.241.38.100:443 | angelaandradeballet.com | tcp |
| BE | 34.76.145.169:443 | annonce-legale-eurl.com | tcp |
| ZA | 156.38.230.159:80 | artofficial-gallery.com | tcp |
| FI | 95.217.116.67:443 | appliancecareriyadh.com | tcp |
| GB | 93.113.111.37:443 | bourneepsomprotocol.com | tcp |
| IN | 89.117.188.248:443 | www.headlineshindinews.com | tcp |
| US | 192.250.227.14:443 | aprendotodoslosdias.com | tcp |
| US | 8.8.8.8:53 | carlundergroundwrld.com | udp |
| US | 151.106.97.1:443 | blankcanvasbranding.com | tcp |
| CO | 190.60.234.22:443 | batallaculturalcali.com | tcp |
| US | 8.8.8.8:53 | whatsappnumbers.info | udp |
| US | 8.8.8.8:53 | cavedeshautesvignes.com | udp |
| US | 8.8.8.8:53 | narc-casualties.info | udp |
| SE | 193.42.159.250:443 | www.elda-entertainment.com | tcp |
| US | 192.250.227.12:443 | aurorasuitesjamaica.com | tcp |
| US | 75.75.243.166:443 | bradwischproperties.com | tcp |
| US | 208.109.35.76:443 | brandscapemarketing.com | tcp |
| DE | 94.130.216.164:443 | automekanicapremier.com | tcp |
| SE | 194.9.94.86:443 | businesslife-lounge.com | tcp |
| NL | 185.166.188.2:443 | canalretronostalgia.com | tcp |
| US | 8.8.8.8:53 | 237.253.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.221.90.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.164.170.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.73.229.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.64.160.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.144.121.221.in-addr.arpa | udp |
| TR | 104.247.165.146:443 | cancolakmuhendislik.com | tcp |
| US | 8.8.8.8:53 | phongthuycantho.info | udp |
| FR | 37.187.88.46:443 | cavedeshautesvignes.com | tcp |
| US | 63.250.43.134:443 | carlundergroundwrld.com | tcp |
| US | 8.8.8.8:53 | visitkarlskrona.info | udp |
| ZA | 41.203.18.2:80 | carinsuranceliberia.com | tcp |
| US | 172.67.178.237:443 | whatsappnumbers.info | tcp |
| US | 172.67.186.66:443 | narc-casualties.info | tcp |
| US | 8.8.8.8:53 | fairfoodprogram.org | udp |
| US | 198.54.126.75:443 | visitkarlskrona.info | tcp |
| US | 8.8.8.8:53 | powerwisesaver.com | udp |
| US | 8.8.8.8:53 | besthealthfitness.info | udp |
| US | 8.8.8.8:53 | www.cavedeshautesvignes.com | udp |
| US | 8.8.8.8:53 | www.fairfoodstandards.org | udp |
| US | 8.8.8.8:53 | fashioncollection.info | udp |
| VN | 115.75.96.102:80 | phongthuycantho.info | tcp |
| US | 199.250.197.2:443 | fairfoodprogram.org | tcp |
| US | 8.8.8.8:53 | greatdealbusiness.info | udp |
| US | 8.8.8.8:53 | 169.145.76.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.111.113.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.38.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.97.106.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.250.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.230.38.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.216.130.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.188.166.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.227.250.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.243.75.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.165.247.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.88.187.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.178.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.186.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.18.203.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hitta-golvslipare.info | udp |
| US | 8.8.8.8:53 | verkehrsleiter-bw.info | udp |
| US | 8.8.8.8:53 | cercademiubicacion.info | udp |
| US | 8.8.8.8:53 | ubytovani-vysocina.info | udp |
| US | 8.8.8.8:53 | www.agriturismodaigobbi.com | udp |
| US | 8.8.8.8:53 | latifanobeldelapaix.info | udp |
| US | 8.8.8.8:53 | freedesignresources.info | udp |
| US | 8.8.8.8:53 | sentidosytecnologia.info | udp |
| US | 66.42.125.253:443 | powerwisesaver.com | tcp |
| FR | 37.187.88.46:443 | www.cavedeshautesvignes.com | tcp |
| FR | 154.49.245.86:443 | greatdealbusiness.info | tcp |
| US | 209.51.163.199:443 | www.fairfoodstandards.org | tcp |
| FR | 154.49.245.86:443 | greatdealbusiness.info | tcp |
| US | 8.8.8.8:53 | www.drakgargdentalclinic.info | udp |
| US | 8.8.8.8:53 | beyondmentalwellbeing.info | udp |
| US | 104.21.80.69:443 | fashioncollection.info | tcp |
| DE | 139.177.183.210:443 | hitta-golvslipare.info | tcp |
| US | 8.8.8.8:53 | redessocialessandrablas.info | udp |
| US | 8.8.8.8:53 | 75.126.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.197.250.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.96.75.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | divergenttherapysolutions.info | udp |
| US | 174.138.182.157:443 | cercademiubicacion.info | tcp |
| IT | 80.88.87.221:80 | www.agriturismodaigobbi.com | tcp |
| US | 38.154.157.203:443 | ubytovani-vysocina.info | tcp |
| NL | 64.225.80.191:443 | sentidosytecnologia.info | tcp |
| US | 8.8.8.8:53 | rptv.xyz | udp |
| US | 69.58.1.118:443 | latifanobeldelapaix.info | tcp |
| US | 198.252.99.107:443 | freedesignresources.info | tcp |
| US | 8.8.8.8:53 | famousgamer.site | udp |
| US | 8.8.8.8:53 | gruenderpreis-speckguertel.info | udp |
| DE | 217.160.0.165:80 | verkehrsleiter-bw.info | tcp |
| US | 162.0.215.195:443 | divergenttherapysolutions.info | tcp |
| DE | 116.203.199.186:443 | rptv.xyz | tcp |
| US | 8.8.8.8:53 | getamiclear.site | udp |
| US | 8.8.8.8:53 | www.artofficial-gallery.com | udp |
| US | 8.8.8.8:53 | indianforum.site | udp |
| US | 154.41.230.3:443 | beyondmentalwellbeing.info | tcp |
| US | 8.8.8.8:53 | kitafricano.site | udp |
| US | 8.8.8.8:53 | metodoninja.site | udp |
| US | 8.8.8.8:53 | lordserial4.site | udp |
| US | 8.8.8.8:53 | 253.125.42.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.245.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.163.51.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.183.177.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.80.225.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.182.138.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.157.154.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.1.58.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.99.252.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rehberforex.site | udp |
| IN | 103.133.214.219:443 | www.drakgargdentalclinic.info | tcp |
| US | 8.8.8.8:53 | truongdx.dev | udp |
| US | 8.8.8.8:53 | viniamorim.dev | udp |
| NL | 185.166.188.248:443 | redessocialessandrablas.info | tcp |
| US | 195.35.10.141:443 | famousgamer.site | tcp |
| US | 8.8.8.8:53 | socialeswap.dev | udp |
| DE | 81.169.145.70:443 | gruenderpreis-speckguertel.info | tcp |
| BR | 149.100.155.152:443 | getamiclear.site | tcp |
| BR | 45.132.157.69:443 | metodoninja.site | tcp |
| SG | 109.106.254.112:443 | truongdx.dev | tcp |
| US | 104.21.86.14:443 | ziezmedia.dev | tcp |
| US | 8.8.8.8:53 | tomaszjedrzejczyk.dev | udp |
| US | 8.8.8.8:53 | sabz.life | udp |
| US | 172.67.140.203:443 | rehberforex.site | tcp |
| GB | 185.77.97.184:443 | viniamorim.dev | tcp |
| US | 216.239.36.21:443 | socialeswap.dev | tcp |
| ZA | 156.38.230.159:80 | www.artofficial-gallery.com | tcp |
| US | 8.8.8.8:53 | sortd.life | udp |
| US | 8.8.8.8:53 | webify.life | udp |
| US | 8.8.8.8:53 | detran.life | udp |
| US | 8.8.8.8:53 | 165.0.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.203.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.230.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.188.166.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.214.133.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.10.35.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | alogod.life | udp |
| US | 8.8.8.8:53 | gruenderpreis-speckguertel.de | udp |
| US | 8.8.8.8:53 | 70.145.169.81.in-addr.arpa | udp |
| IN | 89.117.188.184:443 | indianforum.site | tcp |
| LT | 84.32.84.32:443 | kitafricano.site | tcp |
| DE | 142.132.137.115:443 | tomaszjedrzejczyk.dev | tcp |
| US | 8.8.8.8:53 | athletix.life | udp |
| US | 13.248.169.48:443 | webify.life | tcp |
| US | 8.8.8.8:53 | rehberforex.xyz | udp |
| US | 8.8.8.8:53 | talesvibe.life | udp |
| DE | 81.169.145.80:443 | gruenderpreis-speckguertel.de | tcp |
| GB | 35.177.64.229:443 | sortd.life | tcp |
| SG | 217.21.74.229:443 | alogod.life | tcp |
| US | 8.8.8.8:53 | lcbasuplementos.life | udp |
| US | 8.8.8.8:53 | 9movis1.space | udp |
| US | 8.8.8.8:53 | badmood.fun | udp |
| US | 8.8.8.8:53 | shevent.fun | udp |
| US | 8.8.8.8:53 | 14.86.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.140.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.97.77.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.155.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.188.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.254.106.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.137.132.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bonitas.fun | udp |
| US | 172.67.207.83:443 | rehberforex.xyz | tcp |
| US | 191.101.13.33:443 | talesvibe.life | tcp |
| SG | 184.168.115.88:443 | trustpack.store | tcp |
| US | 104.21.72.158:443 | athletix.life | tcp |
| US | 8.8.8.8:53 | newsgab.fun | udp |
| US | 8.8.8.8:53 | newstabe.fun | udp |
| FR | 91.234.195.212:443 | badmood.fun | tcp |
| US | 8.8.8.8:53 | stoffxwert.com | udp |
| US | 8.8.8.8:53 | sudtyresrl.com | udp |
| US | 8.8.8.8:53 | sundancebg.com | udp |
| US | 8.8.8.8:53 | superecogo.com | udp |
| US | 8.8.8.8:53 | swiss-reps.com | udp |
| US | 104.21.60.119:443 | 9movis1.space | tcp |
| US | 8.8.8.8:53 | swissdufts.com | udp |
| US | 172.67.190.83:443 | bonitas.fun | tcp |
| US | 172.67.143.111:443 | steviescot.com | tcp |
| VN | 202.92.7.103:80 | shevent.fun | tcp |
| US | 8.8.8.8:53 | syairchina.com | udp |
| US | 8.8.8.8:53 | www.divergenttherapysolutions.info | udp |
| BG | 185.45.66.98:443 | sundancebg.com | tcp |
| DE | 212.8.207.13:80 | stoffxwert.com | tcp |
| DE | 92.118.160.3:443 | swiss-reps.com | tcp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.145.169.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.64.177.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.157.132.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.207.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.72.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.195.234.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.13.101.191.in-addr.arpa | udp |
| NL | 153.92.220.133:443 | sudtyresrl.com | tcp |
| US | 50.63.178.0:80 | superecogo.com | tcp |
| US | 8.8.8.8:53 | rehberforex.us | udp |
| US | 8.8.8.8:53 | sytaglobal.com | udp |
| US | 8.8.8.8:53 | www.syliciment.com | udp |
| LT | 84.32.84.32:443 | newstabe.fun | tcp |
| US | 86.38.202.47:443 | newsgab.fun | tcp |
| US | 8.8.8.8:53 | 9moviz48.top | udp |
| US | 8.8.8.8:53 | tabojagodj.com | udp |
| SG | 95.111.200.39:443 | syairchina.com | tcp |
| US | 173.201.180.24:443 | swissdufts.com | tcp |
| US | 104.21.85.156:443 | rehberforex.us | tcp |
| US | 162.0.215.195:443 | www.divergenttherapysolutions.info | tcp |
| FR | 109.234.164.205:443 | www.syliciment.com | tcp |
| US | 34.120.137.41:443 | sytaglobal.com | tcp |
| US | 8.8.8.8:53 | tahlkanews.com | udp |
| US | 104.21.21.65:443 | 9moviz48.top | tcp |
| US | 8.8.8.8:53 | tajiegroup.com | udp |
| US | 8.8.8.8:53 | tahzglobal.com | udp |
| US | 172.67.214.175:443 | tahlkanews.com | tcp |
| US | 198.54.119.222:443 | tahzglobal.com | tcp |
| US | 8.8.8.8:53 | 119.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.190.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.143.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.160.118.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.207.8.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.220.92.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.66.45.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.202.38.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.85.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.137.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.21.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.164.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.200.111.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rehberforex.info | udp |
| US | 8.8.8.8:53 | 9moviz55.top | udp |
| US | 8.8.8.8:53 | www.tajmahal48.com | udp |
| KR | 183.111.183.75:80 | tabojagodj.com | tcp |
| US | 8.8.8.8:53 | www.tamaradrew.com | udp |
| SG | 139.99.124.237:443 | tajiegroup.com | tcp |
| US | 8.8.8.8:53 | tariksukmo.com | udp |
| US | 172.67.146.32:443 | 9moviz55.top | tcp |
| US | 8.8.8.8:53 | techinnepa.com | udp |
| US | 8.8.8.8:53 | technoaria.com | udp |
| US | 8.8.8.8:53 | tektoplist.com | udp |
| US | 8.8.8.8:53 | tekytrends.com | udp |
| US | 8.8.8.8:53 | www.tahlkanews.com | udp |
| US | 8.8.8.8:53 | tengsu-4th.com | udp |
| US | 8.8.8.8:53 | teracolabo.com | udp |
| US | 8.8.8.8:53 | syairchina.org | udp |
| BR | 185.211.7.220:443 | talyariart.com | tcp |
| NL | 45.82.188.249:443 | www.tamaradrew.com | tcp |
| FR | 51.91.236.193:443 | www.tajmahal48.com | tcp |
| US | 8.8.8.8:53 | ternhealth.com | udp |
| US | 104.21.77.81:443 | rehberforex.info | tcp |
| US | 8.8.8.8:53 | 175.214.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.119.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.183.111.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | thaikkhome.com | udp |
| VN | 202.92.7.103:443 | shevent.fun | tcp |
| US | 8.8.8.8:53 | thatwaxguy.com | udp |
| IR | 5.144.131.246:443 | technoaria.com | tcp |
| US | 66.198.240.50:443 | techinnepa.com | tcp |
| US | 8.8.8.8:53 | www.steviescot.com | udp |
| US | 104.21.37.232:443 | www.tahlkanews.com | tcp |
| US | 8.8.8.8:53 | 9moviz56.top | udp |
| SG | 151.106.119.207:443 | tariksukmo.com | tcp |
| SG | 45.32.114.226:443 | tengsu-4th.com | tcp |
| US | 74.208.236.191:443 | tekytrends.com | tcp |
| US | 68.65.123.232:443 | tektoplist.com | tcp |
| US | 8.8.8.8:53 | thebgrowth.com | udp |
| JP | 163.44.177.17:443 | teracolabo.com | tcp |
| US | 62.72.50.168:443 | thaikkhome.com | tcp |
| US | 8.8.8.8:53 | thebriller.com | udp |
| SG | 95.111.200.39:443 | syairchina.org | tcp |
| US | 8.8.8.8:53 | rehberforex.one | udp |
| US | 8.8.8.8:53 | thebygroup.com | udp |
| US | 104.21.58.246:443 | ternhealth.com | tcp |
| US | 208.109.59.203:80 | thatwaxguy.com | tcp |
| US | 104.21.71.53:443 | www.steviescot.com | tcp |
| US | 8.8.8.8:53 | 32.146.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.124.99.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.188.82.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.236.91.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.7.211.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.77.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | imunify-alert.com | udp |
| IN | 149.100.147.101:443 | thebriller.com | tcp |
| US | 104.21.68.75:443 | thebgrowth.com | tcp |
| US | 66.29.132.31:443 | thebygroup.com | tcp |
| US | 172.67.183.42:443 | rehberforex.one | tcp |
| US | 172.67.165.4:443 | 9moviz56.top | tcp |
| US | 8.8.8.8:53 | thecrazelb.com | udp |
| US | 8.8.8.8:53 | theelsa807.com | udp |
| US | 8.8.8.8:53 | thedocdoor.com | udp |
| US | 8.8.8.8:53 | tajmahal48.com | udp |
| US | 8.8.8.8:53 | thefaxpack.com | udp |
| US | 8.8.8.8:53 | themenedge.com | udp |
| US | 8.8.8.8:53 | thewerbung.com | udp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 8.8.8.8:53 | theseacafe.com | udp |
| US | 8.8.8.8:53 | timhorsley.com | udp |
| US | 172.67.132.217:443 | thecrazelb.com | tcp |
| US | 8.8.8.8:53 | rehberforex.wiki | udp |
| US | 160.153.0.147:443 | theelsa807.com | tcp |
| US | 8.8.8.8:53 | 246.131.144.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.37.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.240.198.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.236.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.58.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.123.65.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.50.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.71.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.114.32.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.177.44.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.119.106.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.68.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.147.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.165.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.132.29.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9moviz57.top | udp |
| FR | 92.205.48.162:80 | thedocdoor.com | tcp |
| US | 162.213.251.93:443 | thefaxpack.com | tcp |
| FR | 51.91.236.193:443 | tajmahal48.com | tcp |
| US | 8.8.8.8:53 | www.thebgrowth.com | udp |
| US | 8.8.8.8:53 | sixtiescinema.com | udp |
| DE | 217.160.0.177:443 | thewerbung.com | tcp |
| IN | 154.41.233.29:443 | theseacafe.com | tcp |
| US | 8.8.8.8:53 | tondesunde.com | udp |
| US | 8.8.8.8:53 | tooltechie.com | udp |
| US | 8.8.8.8:53 | syairchina.biz | udp |
| US | 8.8.8.8:53 | traveltokr.com | udp |
| US | 8.8.8.8:53 | truck-ford.com | udp |
| US | 8.8.8.8:53 | truckrapid.com | udp |
| JP | 182.48.49.163:443 | tondesunde.com | tcp |
| US | 8.8.8.8:53 | 47.176.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.132.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.0.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.233.41.154.in-addr.arpa | udp |
| US | 104.21.15.181:443 | 9moviz57.top | tcp |
| US | 104.21.7.202:443 | timhorsley.com | tcp |
| US | 172.96.186.179:443 | sixtiescinema.com | tcp |
| US | 104.21.17.198:443 | rehberforex.wiki | tcp |
| US | 104.21.68.75:443 | www.thebgrowth.com | tcp |
| US | 8.8.8.8:53 | trumquanhe.com | udp |
| US | 8.8.8.8:53 | karat.com | udp |
| SG | 95.111.200.39:443 | syairchina.biz | tcp |
| US | 160.153.0.187:443 | trovagatto.com | tcp |
| RU | 37.46.133.21:80 | truck-ford.com | tcp |
| US | 20.15.106.60:443 | truckrapid.com | tcp |
| US | 23.105.170.37:443 | tooltechie.com | tcp |
| US | 8.8.8.8:53 | trywidgets.com | udp |
| US | 8.8.8.8:53 | tskf-group.com | udp |
| US | 8.8.8.8:53 | djto.mycafe24.com | udp |
| SG | 143.198.85.181:443 | traveltokr.com | tcp |
| US | 8.8.8.8:53 | usafi-bora.com | udp |
| US | 8.8.8.8:53 | usexplains.com | udp |
| US | 141.193.213.10:443 | karat.com | tcp |
| HK | 172.96.185.222:443 | trumquanhe.com | tcp |
| US | 8.8.8.8:53 | rehberforex.vip | udp |
| US | 8.8.8.8:53 | cheermaster.org | udp |
| US | 8.8.8.8:53 | 9moviz58.top | udp |
| US | 74.208.236.232:443 | tskf-group.com | tcp |
| US | 8.8.8.8:53 | 181.15.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.7.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.17.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.186.96.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.133.46.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.49.48.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.170.105.23.in-addr.arpa | udp |
| US | 23.21.157.88:443 | trywidgets.com | tcp |
| US | 8.8.8.8:53 | petricoraventuras.org | udp |
| FR | 46.105.204.23:80 | usafi-bora.com | tcp |
| US | 104.21.68.61:443 | rehberforex.vip | tcp |
| KR | 183.111.183.75:80 | djto.mycafe24.com | tcp |
| DE | 81.169.145.144:443 | cheermaster.org | tcp |
| US | 172.67.215.141:443 | 9moviz58.top | tcp |
| US | 31.170.161.140:443 | usexplains.com | tcp |
| US | 8.8.8.8:53 | ezzocards.xyz | udp |
| US | 8.8.8.8:53 | edgetechasia.xyz | udp |
| DE | 81.169.145.105:80 | petricoraventuras.org | tcp |
| US | 8.8.8.8:53 | portfoliobyus.xyz | udp |
| US | 8.8.8.8:53 | doctorstechltd.xyz | udp |
| US | 8.8.8.8:53 | goldenpaper.online | udp |
| US | 8.8.8.8:53 | makooidcorp.online | udp |
| US | 162.0.229.243:443 | ezzocards.xyz | tcp |
| US | 8.8.8.8:53 | rehberforex.live | udp |
| US | 8.8.8.8:53 | temangaming.online | udp |
| US | 8.8.8.8:53 | 9moviz60.top | udp |
| US | 8.8.8.8:53 | syairchina.info | udp |
| US | 67.20.115.120:80 | goldenpaper.online | tcp |
| DE | 138.201.140.197:443 | doctorstechltd.xyz | tcp |
| DE | 138.201.140.197:443 | doctorstechltd.xyz | tcp |
| US | 8.8.8.8:53 | 10.213.193.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.236.208.74.in-addr.arpa | udp |
| DE | 138.201.140.197:443 | doctorstechltd.xyz | tcp |
| US | 8.8.8.8:53 | 88.157.21.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.185.96.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.204.105.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.68.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.215.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.145.169.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.145.169.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.161.170.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | conectimoveis.online | udp |
| US | 8.8.8.8:53 | www.usafi-bora.com | udp |
| US | 172.67.169.80:443 | 9moviz60.top | tcp |
| US | 172.67.202.116:443 | rehberforex.live | tcp |
| US | 162.254.39.15:443 | temangaming.online | tcp |
| SG | 95.111.200.39:443 | syairchina.info | tcp |
| FR | 46.105.204.23:80 | www.usafi-bora.com | tcp |
| US | 108.181.92.74:80 | conectimoveis.online | tcp |
| US | 8.8.8.8:53 | filmecrestine.online | udp |
| US | 8.8.8.8:53 | faramarzsakhi.online | udp |
| US | 8.8.8.8:53 | rehber-forex.xyz | udp |
| US | 8.8.8.8:53 | 9moviz61.top | udp |
| IR | 5.144.130.53:443 | faramarzsakhi.online | tcp |
| US | 8.8.8.8:53 | www.clinicadelvalle.online | udp |
| US | 8.8.8.8:53 | forumdialektika.online | udp |
| US | 8.8.8.8:53 | produtotopagora.online | udp |
| US | 8.8.8.8:53 | sleeplesscalmth.online | udp |
| US | 8.8.8.8:53 | 197.140.201.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.229.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.115.20.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.169.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.39.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.92.181.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jiofibersamalkot.online | udp |
| US | 8.8.8.8:53 | designsodebrancelhas.online | udp |
| US | 8.8.8.8:53 | bebtida.shop | udp |
| US | 8.8.8.8:53 | www.timhorsley.com | udp |
| US | 8.8.8.8:53 | ahwstore.shop | udp |
| US | 172.67.162.136:443 | 9moviz61.top | tcp |
| US | 198.187.31.236:80 | bebtida.shop | tcp |
| US | 213.190.6.233:443 | designsodebrancelhas.online | tcp |
| US | 8.8.8.8:53 | fitalica.shop | udp |
| US | 199.231.166.83:443 | jiofibersamalkot.online | tcp |
| US | 172.67.212.1:443 | rehber-forex.xyz | tcp |
| BR | 92.38.150.138:443 | www.clinicadelvalle.online | tcp |
| US | 103.168.172.37:443 | sleeplesscalmth.online | tcp |
| US | 8.8.8.8:53 | gamebuild.shop | udp |
| US | 8.8.8.8:53 | metaagame.shop | udp |
| BR | 45.224.128.177:443 | seducaoeficaz.online | tcp |
| ID | 103.247.8.66:443 | forumdialektika.online | tcp |
| US | 8.8.8.8:53 | babyshoppe.shop | udp |
| US | 172.67.188.1:443 | www.timhorsley.com | tcp |
| BR | 177.234.152.251:443 | produtotopagora.online | tcp |
| US | 8.8.8.8:53 | soldsimple.shop | udp |
| US | 8.8.8.8:53 | 136.162.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.130.144.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | storklasnd.shop | udp |
| US | 8.8.8.8:53 | syairchina.us | udp |
| US | 8.8.8.8:53 | bl3ckplayy.shop | udp |
| US | 8.8.8.8:53 | 9moviz62.top | udp |
| US | 8.8.8.8:53 | budgetrush.shop | udp |
| US | 8.8.8.8:53 | waterboyzh.shop | udp |
| US | 8.8.8.8:53 | clearpatch.shop | udp |
| US | 8.8.8.8:53 | dpsmembers.online | udp |
| ID | 153.92.13.68:443 | ahwstore.shop | tcp |
| US | 8.8.8.8:53 | storeshoes.shop | udp |
| US | 8.8.8.8:53 | crewstanby.shop | udp |
| US | 8.8.8.8:53 | commodityi.shop | udp |
| SG | 5.181.216.35:443 | fitalica.shop | tcp |
| SG | 95.111.200.39:443 | syairchina.us | tcp |
| US | 172.67.148.10:443 | 9moviz62.top | tcp |
| FR | 15.188.180.10:443 | budgetrush.shop | tcp |
| US | 8.8.8.8:53 | dibamovie11.pw | udp |
| US | 104.21.31.36:80 | dpsmembers.online | tcp |
| US | 172.67.220.108:80 | storklasnd.shop | tcp |
| US | 104.21.80.30:80 | babyshoppe.shop | tcp |
| US | 104.21.6.86:80 | waterboyzh.shop | tcp |
| BR | 154.49.247.63:443 | bl3ckplayy.shop | tcp |
| US | 8.8.8.8:53 | rehber-fx.xyz | udp |
| US | 8.8.8.8:53 | 233.6.190.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.31.187.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.212.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.150.38.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.188.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.172.168.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.128.224.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.8.247.103.in-addr.arpa | udp |
| US | 63.250.43.138:443 | clearpatch.shop | tcp |
| US | 8.8.8.8:53 | calmth.blog | udp |
| US | 104.21.82.222:80 | soldsimple.shop | tcp |
| US | 8.8.8.8:53 | digiestore.shop | udp |
| US | 8.8.8.8:53 | dronesplus.shop | udp |
| US | 8.8.8.8:53 | escandaloo.shop | udp |
| KR | 183.111.183.76:80 | crewstanby.shop | tcp |
| US | 8.8.8.8:53 | tesingshop.shop | udp |
| US | 172.67.204.209:443 | rehber-fx.xyz | tcp |
| US | 8.8.8.8:53 | exoticpoph.shop | udp |
| US | 104.21.19.101:443 | dibamovie11.pw | tcp |
| NL | 213.249.67.48:443 | calmth.blog | tcp |
| US | 8.8.8.8:53 | flexi-view.shop | udp |
| US | 8.8.8.8:53 | 9moviz63.top | udp |
| US | 8.8.8.8:53 | storelinks.shop | udp |
| US | 8.8.8.8:53 | karenbravo.shop | udp |
| US | 8.8.8.8:53 | koashouseh.shop | udp |
| US | 8.8.8.8:53 | 68.13.92.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.148.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.188.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.31.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.220.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.6.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.216.181.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.166.231.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.247.49.154.in-addr.arpa | udp |
| US | 172.67.172.106:80 | exoticpoph.shop | tcp |
| US | 63.250.43.11:443 | dronesplus.shop | tcp |
| US | 154.49.142.199:443 | flexi-view.shop | tcp |
| US | 8.8.8.8:53 | korea-boxh.shop | udp |
| US | 8.8.8.8:53 | lamariposa.shop | udp |
| BR | 154.49.247.73:443 | escandaloo.shop | tcp |
| US | 8.8.8.8:53 | sleek-list.shop | udp |
| US | 34.120.137.41:443 | karenbravo.shop | tcp |
| US | 104.21.19.67:80 | koashouseh.shop | tcp |
| US | 104.21.31.36:443 | dpsmembers.online | tcp |
| US | 8.8.8.8:53 | dibamovie17.pw | udp |
| US | 8.8.8.8:53 | lovinglane.shop | udp |
| US | 8.8.8.8:53 | lovemyswag.shop | udp |
| US | 8.8.8.8:53 | mymuscleup.shop | udp |
| US | 8.8.8.8:53 | forumchina.org | udp |
| US | 8.8.8.8:53 | metagamess.shop | udp |
| US | 8.8.8.8:53 | webcreativ.shop | udp |
| US | 8.8.8.8:53 | petittippi.shop | udp |
| US | 8.8.8.8:53 | planetholo.shop | udp |
| US | 104.21.88.204:443 | 9moviz63.top | tcp |
| US | 104.21.93.129:443 | dibamovie17.pw | tcp |
| US | 8.8.8.8:53 | 209.204.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.19.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.183.111.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.142.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.19.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.247.49.154.in-addr.arpa | udp |
| US | 104.21.17.29:80 | lovinglane.shop | tcp |
| US | 208.109.188.113:443 | lamariposa.shop | tcp |
| US | 8.8.8.8:53 | quickfixer.shop | udp |
| FR | 15.236.6.191:443 | mymuscleup.shop | tcp |
| US | 104.21.46.31:80 | lovemyswag.shop | tcp |
| US | 104.21.85.233:443 | storelinks.shop | tcp |
| KR | 183.111.183.108:443 | gogoreview.shop | tcp |
| US | 104.21.51.70:80 | korea-boxh.shop | tcp |
| KR | 158.247.199.35:443 | sleek-list.shop | tcp |
| SG | 178.128.58.201:443 | forumchina.org | tcp |
| US | 8.8.8.8:53 | threadsadi.shop | udp |
| US | 8.8.8.8:53 | aerobicstee.shop | udp |
| US | 8.8.8.8:53 | audreyandme.shop | udp |
| US | 8.8.8.8:53 | aingrowth.site | udp |
| US | 8.8.8.8:53 | 9moviz64.top | udp |
| US | 8.8.8.8:53 | springbok.site | udp |
| US | 8.8.8.8:53 | dibamovie19.pw | udp |
| US | 8.8.8.8:53 | arutility.site | udp |
| US | 8.8.8.8:53 | xtweeteth.site | udp |
| US | 8.8.8.8:53 | 204.88.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.17.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.152.234.177.in-addr.arpa | udp |
| US | 104.21.7.102:80 | petittippi.shop | tcp |
| US | 195.35.15.7:443 | quickfixer.shop | tcp |
| US | 8.8.8.8:53 | 191.6.236.15.in-addr.arpa | udp |
| US | 167.172.155.91:443 | planetholo.shop | tcp |
| US | 172.67.200.167:80 | audreyandme.shop | tcp |
| US | 172.67.216.244:80 | threadsadi.shop | tcp |
| NL | 109.106.246.76:443 | webcreativ.shop | tcp |
| DE | 52.29.42.177:443 | aerobicstee.shop | tcp |
| SE | 194.9.94.85:443 | businesslife-lounge.com | tcp |
| US | 172.67.165.60:443 | dibamovie19.pw | tcp |
| US | 162.0.232.65:443 | xtweeteth.site | tcp |
| US | 104.21.24.39:443 | springbok.site | tcp |
| US | 8.8.8.8:53 | trendwear.site | udp |
| CA | 51.161.6.45:443 | aingrowth.site | tcp |
| US | 8.8.8.8:53 | flokixerc.site | udp |
| US | 203.161.61.246:443 | arutility.site | tcp |
| US | 8.8.8.8:53 | rdbbrasil.site | udp |
| US | 104.21.42.102:443 | 9moviz64.top | tcp |
| SG | 156.67.222.7:443 | flokixerc.site | tcp |
| US | 8.8.8.8:53 | kabi-live.site | udp |
| US | 8.8.8.8:53 | kaikyhotz.site | udp |
| US | 8.8.8.8:53 | dibamovie20.pw | udp |
| SG | 185.229.118.173:443 | trendwear.site | tcp |
| BR | 185.213.81.213:443 | rdbbrasil.site | tcp |
| US | 8.8.8.8:53 | 31.46.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.85.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.51.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.183.111.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.58.128.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.7.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.199.247.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.200.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.15.35.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.155.172.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.246.106.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.42.29.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.165.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.24.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.6.161.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.232.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.61.161.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.42.21.104.in-addr.arpa | udp |
| US | 104.21.22.125:443 | dibamovie20.pw | tcp |
| US | 162.254.39.144:443 | kabi-live.site | tcp |
| US | 8.8.8.8:53 | linemedia.site | udp |
| US | 8.8.8.8:53 | dibamovie21.pw | udp |
| US | 8.8.8.8:53 | loggingin.site | udp |
| IN | 82.180.142.189:443 | linemedia.site | tcp |
| US | 104.21.73.182:443 | dibamovie21.pw | tcp |
| US | 8.8.8.8:53 | 1xbetjapan.site | udp |
| US | 8.8.8.8:53 | sedutorpro.site | udp |
| US | 8.8.8.8:53 | sharadloot.site | udp |
| US | 8.8.8.8:53 | sparkclean.site | udp |
| US | 172.67.176.106:443 | loggingin.site | tcp |
| US | 104.21.84.152:443 | 1xbetjapan.site | tcp |
| US | 63.250.38.98:443 | sparkclean.site | tcp |
| US | 8.8.8.8:53 | animacoeur.site | udp |
| IN | 82.180.140.79:443 | sharadloot.site | tcp |
| US | 172.67.197.64:443 | sedutorpro.site | tcp |
| US | 8.8.8.8:53 | dibamovie32.pw | udp |
| US | 8.8.8.8:53 | software.rdbbrasil.site | udp |
| US | 8.8.8.8:53 | 125.22.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.81.213.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.222.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.39.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.118.229.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.142.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.73.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.176.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | buenavibra.site | udp |
| US | 8.8.8.8:53 | cleversite.site | udp |
| US | 8.8.8.8:53 | insulgota1.site | udp |
| US | 8.8.8.8:53 | jainaverse.site | udp |
| US | 8.8.8.8:53 | ykzoe-4113.site | udp |
| US | 8.8.8.8:53 | livpureweb.site | udp |
| US | 8.8.8.8:53 | livewithyou.site | udp |
| FR | 154.49.245.200:443 | animacoeur.site | tcp |
| US | 8.8.8.8:53 | burancasino.site | udp |
| US | 8.8.8.8:53 | dagelantoto.site | udp |
| US | 172.67.150.157:443 | dibamovie32.pw | tcp |
| US | 108.167.188.84:443 | livewithyou.site | tcp |
| BR | 185.213.81.213:443 | software.rdbbrasil.site | tcp |
| BR | 45.152.46.134:443 | livpureweb.site | tcp |
| US | 8.8.8.8:53 | evelynedeba.site | udp |
| IN | 217.21.87.38:443 | cleversite.site | tcp |
| BE | 213.158.94.166:443 | buenavibra.site | tcp |
| US | 104.21.74.214:443 | burancasino.site | tcp |
| US | 8.8.8.8:53 | howtogetfit.site | udp |
| US | 8.8.8.8:53 | news24daily.site | udp |
| JP | 153.127.141.167:443 | ykzoe-4113.site | tcp |
| US | 8.8.8.8:53 | 152.84.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.197.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.38.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.140.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.245.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.150.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.188.167.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | proextander.site | udp |
| US | 8.8.8.8:53 | www.projectzone.site | udp |
| US | 173.236.141.83:443 | www.projectzone.site | tcp |
| IN | 154.41.233.70:443 | howtogetfit.site | tcp |
| US | 172.67.152.106:443 | dibam.pw | tcp |
| US | 162.241.224.158:443 | proextander.site | tcp |
| US | 8.8.8.8:53 | studiomeble.site | udp |
| US | 8.8.8.8:53 | tigergaming.site | udp |
| US | 8.8.8.8:53 | www.ariansaaazeh.site | udp |
| US | 8.8.8.8:53 | marvelcasino.site | udp |
| US | 8.8.8.8:53 | montecryptos.site | udp |
| US | 208.97.186.136:443 | evelynedeba.site | tcp |
| US | 104.21.36.34:443 | marvelcasino.site | tcp |
| US | 172.67.177.141:443 | tigergaming.site | tcp |
| US | 8.8.8.8:53 | omaiorfeirao.site | udp |
| UA | 185.68.16.116:80 | studiomeble.site | tcp |
| US | 8.8.8.8:53 | scriptforest.site | udp |
| US | 104.21.19.47:443 | montecryptos.site | tcp |
| US | 8.8.8.8:53 | dibamovie17.fun | udp |
| US | 8.8.8.8:53 | 166.94.158.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.46.152.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.87.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.141.127.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.152.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.141.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.224.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.186.97.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.36.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.177.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | thesikhverse.site | udp |
| US | 8.8.8.8:53 | superlikeman.site | udp |
| US | 8.8.8.8:53 | www.komodoromarketing.com | udp |
| US | 8.8.8.8:53 | www.logisticoaparcana.com | udp |
| FI | 193.84.2.239:443 | scriptforest.site | tcp |
| US | 8.8.8.8:53 | tecnociencia.site | udp |
| FR | 154.49.245.41:443 | superlikeman.site | tcp |
| US | 8.8.8.8:53 | logodesignsmarvel.com | udp |
| US | 8.8.8.8:53 | autowin99.app | udp |
| US | 8.8.8.8:53 | meslot999.app | udp |
| US | 104.21.12.113:443 | dibamovie17.fun | tcp |
| FR | 178.33.161.194:443 | www.komodoromarketing.com | tcp |
| US | 8.8.8.8:53 | budgething.app | udp |
| US | 8.8.8.8:53 | mm88golden.app | udp |
| US | 8.8.8.8:53 | englishease.app | udp |
| US | 198.54.115.98:443 | www.logisticoaparcana.com | tcp |
| US | 104.21.9.220:443 | meslot999.app | tcp |
| US | 198.54.120.74:443 | logodesignsmarvel.com | tcp |
| US | 104.21.10.45:443 | autowin99.app | tcp |
| US | 8.8.8.8:53 | whatsappaero.app | udp |
| US | 8.8.8.8:53 | unitvoficial.app | udp |
| US | 8.8.8.8:53 | dibamovie18.fun | udp |
| US | 8.8.8.8:53 | photo-challenge.app | udp |
| US | 8.8.8.8:53 | 116.16.68.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.19.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.245.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.2.84.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.12.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.161.33.178.in-addr.arpa | udp |
| US | 173.236.240.22:443 | tecnociencia.site | tcp |
| US | 8.8.8.8:53 | pig8.club | udp |
| US | 172.67.131.23:443 | mm88golden.app | tcp |
| FR | 92.204.236.119:443 | budgething.app | tcp |
| US | 8.8.8.8:53 | www.lajava.club | udp |
| US | 8.8.8.8:53 | mc772.club | udp |
| US | 172.67.201.133:443 | whatsappaero.app | tcp |
| TR | 89.252.182.211:80 | englishease.app | tcp |
| DE | 142.132.146.93:443 | photo-challenge.app | tcp |
| CA | 51.222.109.160:443 | unitvoficial.app | tcp |
| US | 172.67.185.2:443 | 949s.club | tcp |
| US | 172.67.165.238:443 | dibamovie18.fun | tcp |
| US | 8.8.8.8:53 | 88gold.club | udp |
| US | 104.21.14.17:443 | mc772.club | tcp |
| FR | 51.83.97.110:443 | www.lajava.club | tcp |
| US | 8.8.8.8:53 | amb168.club | udp |
| US | 8.8.8.8:53 | zbet168.club | udp |
| US | 8.8.8.8:53 | binodon.club | udp |
| US | 8.8.8.8:53 | marble88.club | udp |
| US | 8.8.8.8:53 | dibamovie19.fun | udp |
| US | 8.8.8.8:53 | 98.115.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.240.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.131.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.120.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.201.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.185.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.146.132.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.165.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.14.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.182.252.89.in-addr.arpa | udp |
| US | 104.21.69.194:443 | amb168.club | tcp |
| US | 8.8.8.8:53 | 160.109.222.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.97.83.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 365betit.club | udp |
| US | 104.21.93.181:443 | marble88.club | tcp |
| US | 8.8.8.8:53 | hilo9999.club | udp |
| US | 104.21.61.79:443 | zbet168.club | tcp |
| US | 8.8.8.8:53 | aeternus.club | udp |
| US | 172.67.187.252:443 | dibamovie19.fun | tcp |
| US | 208.91.198.118:443 | binodon.club | tcp |
| US | 104.21.60.38:443 | 365betit.club | tcp |
| US | 8.8.8.8:53 | www.visathai.club | udp |
| US | 8.8.8.8:53 | dibamovie20.fun | udp |
| US | 8.8.8.8:53 | nexobet99.club | udp |
| US | 66.235.200.171:443 | aeternus.club | tcp |
| US | 104.21.74.58:443 | dibamovie20.fun | tcp |
| US | 8.8.8.8:53 | clicksuds.club | udp |
| US | 8.8.8.8:53 | converter.club | udp |
| US | 104.21.90.175:443 | clicksuds.club | tcp |
| US | 8.8.8.8:53 | nexobet88.club | udp |
| US | 8.8.8.8:53 | dibamovie21.fun | udp |
| US | 8.8.8.8:53 | 194.69.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.93.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.187.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.198.91.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.200.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.74.21.104.in-addr.arpa | udp |
| TH | 103.30.127.11:443 | www.visathai.club | tcp |
| US | 104.21.37.60:443 | dibamovie21.fun | tcp |
| US | 8.8.8.8:53 | sologirls.club | udp |
| US | 8.8.8.8:53 | saasbuyer.club | udp |
| US | 8.8.8.8:53 | vipdesign.club | udp |
| US | 8.8.8.8:53 | biendoapk.club | udp |
| FR | 51.83.97.110:443 | www.lajava.club | tcp |
| SG | 194.195.90.110:443 | converter.club | tcp |
| US | 8.8.8.8:53 | dibamovie23.fun | udp |
| US | 198.57.247.135:443 | sologirls.club | tcp |
| US | 172.67.184.131:443 | biendoapk.club | tcp |
| FR | 92.205.0.167:80 | vipdesign.club | tcp |
| US | 160.153.0.61:443 | saasbuyer.club | tcp |
| US | 104.21.90.51:443 | dibamovie23.fun | tcp |
| US | 8.8.8.8:53 | www.tecnociencia.site | udp |
| JP | 153.127.141.167:443 | ykzoe-4113.site | tcp |
| US | 8.8.8.8:53 | apkmodget.click | udp |
| US | 172.67.218.16:443 | apkmodget.click | tcp |
| US | 8.8.8.8:53 | 175.90.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.37.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.127.30.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.247.57.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.184.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.90.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.90.195.194.in-addr.arpa | udp |
| US | 173.236.240.22:443 | www.tecnociencia.site | tcp |
| US | 104.21.14.82:443 | dibamovie24.fun | tcp |
| US | 8.8.8.8:53 | taxitamky.click | udp |
| US | 8.8.8.8:53 | enfermera.click | udp |
| US | 8.8.8.8:53 | dibamovie25.fun | udp |
| US | 8.8.8.8:53 | jociandro.click | udp |
| US | 8.8.8.8:53 | amerstudio.click | udp |
| US | 104.21.22.60:443 | jociandro.click | tcp |
| US | 104.21.86.250:443 | dibamovie25.fun | tcp |
| VN | 103.255.237.203:443 | taxitamky.click | tcp |
| US | 8.8.8.8:53 | queregalar.click | udp |
| US | 185.206.162.246:443 | enfermera.click | tcp |
| US | 8.8.8.8:53 | razrabotka.click | udp |
| NL | 45.93.127.101:443 | amerstudio.click | tcp |
| US | 8.8.8.8:53 | taxigiare60.click | udp |
| US | 8.8.8.8:53 | tokomasagung.click | udp |
| US | 104.21.47.25:443 | razrabotka.click | tcp |
| US | 8.8.8.8:53 | dibamovie28.fun | udp |
| US | 8.8.8.8:53 | iptvsamarters.click | udp |
| SG | 45.77.35.142:443 | tokomasagung.click | tcp |
| US | 8.8.8.8:53 | 16.218.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.22.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.86.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.14.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.127.93.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.162.206.185.in-addr.arpa | udp |
| FR | 89.116.147.195:443 | queregalar.click | tcp |
| US | 8.8.8.8:53 | sparrowhousesph.click | udp |
| US | 104.21.80.137:443 | dibamovie28.fun | tcp |
| VN | 103.74.118.155:80 | taxigiare60.click | tcp |
| US | 82.180.138.58:443 | iptvsamarters.click | tcp |
| US | 8.8.8.8:53 | 2traff.link | udp |
| US | 8.8.8.8:53 | carbonatekhorshid.click | udp |
| US | 8.8.8.8:53 | greenteadecoration.click | udp |
| US | 8.8.8.8:53 | dibamovie1.top | udp |
| US | 8.8.8.8:53 | slotgacorterpercaya.click | udp |
| US | 8.8.8.8:53 | cr73.tech | udp |
| US | 8.8.8.8:53 | xbnb.tech | udp |
| US | 8.8.8.8:53 | 401x.tech | udp |
| SG | 45.77.171.38:443 | myfortunesbakery.click | tcp |
| US | 104.21.54.230:443 | 401x.tech | tcp |
| SG | 207.148.119.188:80 | greenteadecoration.click | tcp |
| US | 104.21.83.54:443 | dibamovie1.top | tcp |
| US | 8.8.8.8:53 | thevo.tech | udp |
| US | 192.185.193.142:443 | cr73.tech | tcp |
| US | 104.21.53.50:80 | 2traff.link | tcp |
| US | 8.8.8.8:53 | sexnx.tech | udp |
| IR | 5.63.13.179:443 | carbonatekhorshid.click | tcp |
| US | 8.8.8.8:53 | 25.47.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.237.255.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.147.116.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.138.180.82.in-addr.arpa | udp |
| US | 162.241.226.124:443 | slotgacorterpercaya.click | tcp |
| US | 8.8.8.8:53 | nettero.tech | udp |
| US | 8.8.8.8:53 | recaptcha.cloud | udp |
| US | 8.8.8.8:53 | propiya.tech | udp |
| LT | 84.32.84.32:443 | xmario.tech | tcp |
| US | 8.8.8.8:53 | aitimes.tech | udp |
| US | 8.8.8.8:53 | iptvsmarter.pro | udp |
| US | 8.8.8.8:53 | iprotics.tech | udp |
| US | 8.8.8.8:53 | dibamovie2.top | udp |
| US | 8.8.8.8:53 | iptv4you.tech | udp |
| US | 8.8.8.8:53 | www.amerstudio.click | udp |
| US | 104.21.90.238:443 | nettero.tech | tcp |
| US | 8.8.8.8:53 | netzones.tech | udp |
| IT | 212.237.6.70:443 | thevo.tech | tcp |
| US | 8.8.8.8:53 | 155.118.74.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.54.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.83.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.53.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.119.148.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.193.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.13.63.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.226.241.162.in-addr.arpa | udp |
| FI | 95.217.5.229:443 | recaptcha.cloud | tcp |
| ID | 153.92.13.233:443 | arahan.tech | tcp |
| US | 104.21.53.50:443 | 2traff.link | tcp |
| AR | 149.50.130.20:443 | propiya.tech | tcp |
| NL | 45.93.127.101:443 | www.amerstudio.click | tcp |
| NL | 141.138.169.205:443 | iprotics.tech | tcp |
| US | 8.8.8.8:53 | sageapps.tech | udp |
| US | 8.8.8.8:53 | testblog.tech | udp |
| US | 154.49.142.157:443 | aitimes.tech | tcp |
| US | 8.8.8.8:53 | carbeats.tech | udp |
| US | 8.8.8.8:53 | samadhaan.tech | udp |
| US | 172.67.162.112:443 | iptvsmarter.pro | tcp |
| US | 8.8.8.8:53 | waseryweb.tech | udp |
| US | 8.8.8.8:53 | bp-tmb.ru | udp |
| US | 104.21.82.114:443 | dibamovie2.top | tcp |
| US | 149.100.151.54:443 | netzones.tech | tcp |
| US | 8.8.8.8:53 | web3house.tech | udp |
| US | 8.8.8.8:53 | topstar888.com | udp |
| US | 8.8.8.8:53 | 238.90.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.6.237.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.5.217.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.169.138.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nossaloja.tech | udp |
| US | 156.67.77.169:443 | carbeats.tech | tcp |
| LT | 84.32.84.32:443 | nossaloja.tech | tcp |
| US | 149.100.151.246:443 | sageapps.tech | tcp |
| IN | 178.16.136.212:443 | waseryweb.tech | tcp |
| US | 8.8.8.8:53 | iprotics.eu | udp |
| US | 8.8.8.8:53 | ggbetpromo.com | udp |
| IN | 103.118.16.127:443 | samadhaan.tech | tcp |
| US | 8.8.8.8:53 | qaziqaiser.tech | udp |
| US | 8.8.8.8:53 | allsecret.tech | udp |
| US | 8.8.8.8:53 | dibamovie3.top | udp |
| US | 8.8.8.8:53 | querosaude.tech | udp |
| NL | 185.166.188.214:443 | testblog.tech | tcp |
Files
memory/4396-1-0x0000000001D20000-0x0000000001E20000-memory.dmp
memory/4396-2-0x0000000001C90000-0x0000000001C9B000-memory.dmp
memory/4396-3-0x0000000000400000-0x0000000001A2E000-memory.dmp
memory/3488-4-0x0000000002990000-0x00000000029A6000-memory.dmp
memory/4396-5-0x0000000000400000-0x0000000001A2E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BC2C.exe
| MD5 | 398ab69b1cdc624298fbc00526ea8aca |
| SHA1 | b2c76463ae08bb3a08accfcbf609ec4c2a9c0821 |
| SHA256 | ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be |
| SHA512 | 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739 |
memory/2932-16-0x00000000038E0000-0x0000000003AA3000-memory.dmp
memory/2932-17-0x0000000003AB0000-0x0000000003C67000-memory.dmp
memory/4704-18-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4704-21-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4704-23-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C303.dll
| MD5 | dc1426e7dd017041559c858755cc780d |
| SHA1 | 3a7422e0dfb734a55cbfddef2ab20ad1c20451d2 |
| SHA256 | 740a8baa7a93d6a7e1f515318d8f77fbed0606534b6666186da3f5395177461c |
| SHA512 | 05a237a6c3ab06397da8bda1a2eeee4af0bda1ad5083864af6d9b0e1b3a94ba0040561db16acdd78f497166cfe835d7ea32d368f752f58cccd1db7f4241790e4 |
memory/4704-25-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C303.dll
| MD5 | cc1d3fe7bb167fe18d8a40924e63dee9 |
| SHA1 | 317495a3d8c1fa6c8424e416327b941e6bf7947f |
| SHA256 | b48ca9c104c7415f3041524b8261f66dd7914257f1ebf3d80386e69cc79177e3 |
| SHA512 | e3057926ab3d8de6ffc8913c8de92bf1e5edaa16f4931c21b6180e70bfcda24f707cd1852fefb137d677cbba004d25905dfbba892226b1b4a7a1e45a12279d62 |
memory/1460-27-0x0000000000710000-0x0000000000716000-memory.dmp
memory/1460-29-0x0000000010000000-0x0000000010202000-memory.dmp
memory/4704-28-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4704-31-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C303.dll
| MD5 | 9b1697d40dfd386fdd7e9327844f301a |
| SHA1 | e75defb119e2c7b7d3f75ab70a100ec504af5ebf |
| SHA256 | 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d |
| SHA512 | 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69 |
memory/4704-33-0x0000000000B60000-0x0000000000B66000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\D5EF.exe
| MD5 | 848b1147d8236710ac109f4d231f46d8 |
| SHA1 | 9534ecb534f6eb327c160c203b57bb6b7e6b55ca |
| SHA256 | 791dcd000c5f65ddcf357898a806428d96e0c1a459797bcecea0314c529f7351 |
| SHA512 | 624160e20eeca9644e14fd0b107fc12540a37502314187a26bf8b4d3f37c0afbf83bdd0c62ddea3d0cf9f84184cd2ad5407d491247315e0f047d0778aea6d823 |
C:\Users\Admin\AppData\Local\Temp\D5EF.exe
| MD5 | 7d6ff218d036991e25d3e4addd1683a4 |
| SHA1 | a550ffc5db9985efbf385454893e8247b3093c6f |
| SHA256 | bdee967eefcefe7aa09b0b306816701d2c5844bad81eb9c30018c4443803c03b |
| SHA512 | 73c926a58da46807a6da5ffcafdb06c4a067d427cb5276a5f9795eaf8c227104658019b5d047e2c3146e8bf9c92b925f5041de491ad48cbd8d68e77411175216 |
C:\Users\Admin\AppData\Local\Temp\D8B0.exe
| MD5 | f2d9c4e85e5f9987c9762860e12fd804 |
| SHA1 | 16350d9eae3690e40303f60dd508384b049a4150 |
| SHA256 | f101090194e3e95bcca3cef9f25564a40c1dbb950729040ae03fef4a4db38315 |
| SHA512 | 71eda687f46e774197fe7fa2d630765b7139104fab348308577bd4cf52adcc56e0ffbc442e7683577aa84a144cc7ec97c28c8f7b43b1dc1881f311fb760157a8 |
C:\Users\Admin\AppData\Local\Temp\D8B0.exe
| MD5 | a1b5ee1b9649ab629a7ac257e2392f8d |
| SHA1 | dc1b14b6d57589440fb3021c9e06a3e3191968dc |
| SHA256 | 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65 |
| SHA512 | 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b |
memory/3052-45-0x0000000001AB0000-0x0000000001BB0000-memory.dmp
memory/3052-46-0x00000000036D0000-0x000000000373B000-memory.dmp
memory/3052-48-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/3052-47-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/440-49-0x0000000000280000-0x0000000000B71000-memory.dmp
memory/440-52-0x00000000010A0000-0x00000000010A1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E311.exe
| MD5 | dc223f6ce4c1d7ff421701a415e1cc76 |
| SHA1 | 2b5c193ad484287fd0a9897a06e4eb04dec6d2d7 |
| SHA256 | e326bae5f103f52cbc175b84b986fb9c3e279b60d1941369a17d7666972f145b |
| SHA512 | a0edf6527131a567c81d3a5d09d4691c5099126f84bf97727afbf93f733ec4ff7dbba81b3fc44945e097df5e170eaa7088596afb6b4a076a42eccf047548b67e |
C:\Users\Admin\AppData\Local\Temp\E311.exe
| MD5 | 23996f5917e939a08a336ce049b1a842 |
| SHA1 | 53b781cdee8a125c779959640a910a6f08908bd2 |
| SHA256 | 16815e667fa4115c008ffb57771b63ab2b594b12fb34d631508bfbe4da376f4c |
| SHA512 | 28a67f92bffa4fd4915a279156138e48fb5addbcf30290b13aec29a2cbfd65796760370c134d7a214c0b1191088ab28efc52428074edc97ab004229452a26d3e |
memory/1400-58-0x0000000000D30000-0x00000000011BC000-memory.dmp
memory/1400-59-0x0000000074020000-0x00000000747D0000-memory.dmp
memory/440-64-0x00000000010B0000-0x00000000010B1000-memory.dmp
memory/440-63-0x00000000010B0000-0x00000000010B1000-memory.dmp
memory/440-66-0x00000000010B0000-0x00000000010B1000-memory.dmp
memory/440-65-0x00000000010B0000-0x00000000010B1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EEBA.exe
| MD5 | 0c3f7f76be32866fafcf1b1d26b831c3 |
| SHA1 | d7bb7e9437e922de417ce9e9102d2ee6cba7e9e7 |
| SHA256 | 454e17045a7dd1a6a36dc0a8dcf5dfeebcd0ea36436c94d793de80bd9f150fe2 |
| SHA512 | a09084ab2dd088b85b2dbce2e4973c91a372898eda91419c1a79058a53742cced45d87b1c67b2e8c5528c333a2bf0e16d005edcdf33da40626c3c7b07933ad1d |
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
| MD5 | 0564a9bf638169a89ccb3820a6b9a58e |
| SHA1 | 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb |
| SHA256 | 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058 |
| SHA512 | 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6 |
memory/1460-79-0x0000000002350000-0x0000000002478000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | d435a1d6c92b350c824ace24f94d5b58 |
| SHA1 | 2de65c5665e7cfbc18e90a58e778d34948a54eca |
| SHA256 | 94add31e627e99dfba3c4abd0159c0a6fba7736eb925e0829b185e1d148261be |
| SHA512 | c3689a2a363277d5f57d6cd52de3e03a9add38a863d03f99ffce5769256d09c19bf5d0c10be7f5659b1bf0e95a7a5185dc37958d8e47a3fe04a57a067c037746 |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | a69d289e27bb41f53b03e7385747c0d6 |
| SHA1 | 77123493d8b4d4830fda005e853e89b65cafd13f |
| SHA256 | e03398b001bf897cb52e69d04d13c7ac1b7edbc2745f6ed9140fe3a8c7942357 |
| SHA512 | b600855e1080323aaf0c5ffb7913b8329adde7ef8b2441c6c07565b6d08cd0d6f6976db702aac992ca9ffe17af0a17bfa8ccd031a731557d1f6e8bf888195499 |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 621e14c27db223d3e37d71751c91f0e8 |
| SHA1 | 5d89969cfbbf2ce485b14d8fc3bb2699b8139bb9 |
| SHA256 | 32dc53571bc0971c09259932c4e53f7b0cd5493a029bc0ea9b1331a5126a6695 |
| SHA512 | e359e612d5ee593e8929992940e5514383ce42493eee923e9cae290d352e2abd696ee5d0cc6a7a702265556c61662562efc7f647542397991a06c17e076334bb |
memory/1392-91-0x0000000001B40000-0x0000000001C40000-memory.dmp
memory/1392-92-0x00000000035C0000-0x0000000003627000-memory.dmp
memory/1460-86-0x0000000010000000-0x0000000010202000-memory.dmp
memory/1400-93-0x0000000074020000-0x00000000747D0000-memory.dmp
memory/1392-94-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/1460-96-0x0000000002480000-0x000000000258D000-memory.dmp
memory/4352-98-0x0000000003C30000-0x0000000004037000-memory.dmp
memory/1460-100-0x0000000002480000-0x000000000258D000-memory.dmp
memory/4352-101-0x0000000004040000-0x000000000492B000-memory.dmp
memory/4704-103-0x0000000002EA0000-0x0000000002FC8000-memory.dmp
memory/3052-102-0x0000000000400000-0x0000000001A77000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\u12o.0.exe
| MD5 | d0de3ce247b4ebb9b0778563f7bb3a47 |
| SHA1 | 20259867152e73d0027da63f8c351c4e911690ca |
| SHA256 | de333c544b3def02e10b7a8d1c3677efbcbb010ecce2b601573dae1584b9cc1f |
| SHA512 | 3811fe4864c154ee020a6c158557e1d42e8ef954c836192acb19241343ad01a2c21e69960f4780b5e2404bf963de0e51cf01fe0ed2b012c8cbec95b36c21661d |
memory/1460-109-0x0000000002480000-0x000000000258D000-memory.dmp
memory/4352-110-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/4704-111-0x0000000002FD0000-0x00000000030DD000-memory.dmp
memory/4704-114-0x0000000002FD0000-0x00000000030DD000-memory.dmp
memory/4704-117-0x0000000002FD0000-0x00000000030DD000-memory.dmp
memory/4704-131-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\u12o.1.exe
| MD5 | 06246d5f1675d0680bccaa82ae2b26fd |
| SHA1 | a73d03970a916cfcd6108e042149eadc54b940eb |
| SHA256 | c8a160c92eda31a919466f81f8828eaaa9091f1d66830376e33b32dde7178579 |
| SHA512 | 57fa90a31f7f7e0cffc3b3e7f0dd23d240c1843cdf98da4e587efb8f0b9ab30649995a7dac4a2d57cac46a918f573402dab61d0d3d7fd89b474535ac8b644ad2 |
memory/3052-132-0x0000000001AB0000-0x0000000001BB0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\u12o.1.exe
| MD5 | 5b87828ea000c7111084d8beed17175e |
| SHA1 | e8aa3848e39c449051702a333e608fafd2e5330f |
| SHA256 | 1a557fae2d39d06392f4bea760fb72c87f0959a7c3ac66865e36f316866f57d3 |
| SHA512 | 56b0d0e5422b89a4659969f59570962dbb267fde913ed051fbedf3d66653c9c23d15c945a6ae8ce5570af010b3671eb0be085e8afb44c3088def9f423290f385 |
C:\Users\Admin\AppData\Local\Temp\u12o.1.exe
| MD5 | c5e7334ac8b8e435fa5b16fe87a8a2a5 |
| SHA1 | 4ad9b72f59400fcbb160433e274336a74639c644 |
| SHA256 | 9d57dc99061507df3c7bd4081a650cd0dbac6c10c8954f6b17ae97380d939432 |
| SHA512 | f4480e52d0aabdec94d2587acea030921085e2b3d7f2174aac65cf7cfe093a9ce17651303969372235558ff2469b4ba1f8edf736a02a9e75d2086785f8f90fb0 |
memory/3052-135-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/452-136-0x0000000000400000-0x0000000000930000-memory.dmp
memory/452-137-0x0000000000E00000-0x0000000000E01000-memory.dmp
memory/440-138-0x0000000000280000-0x0000000000B71000-memory.dmp
memory/1392-140-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/4352-142-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/4568-147-0x00000000023C0000-0x00000000024C0000-memory.dmp
memory/4568-148-0x0000000002360000-0x000000000236B000-memory.dmp
memory/4568-149-0x0000000000400000-0x00000000022D4000-memory.dmp
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
memory/4824-152-0x0000000000400000-0x00000000022DC000-memory.dmp
memory/4704-153-0x0000000000400000-0x0000000000848000-memory.dmp
memory/3488-155-0x0000000007F10000-0x0000000007F26000-memory.dmp
memory/4824-154-0x0000000002480000-0x0000000002580000-memory.dmp
memory/4824-156-0x00000000023F0000-0x0000000002417000-memory.dmp
memory/404-157-0x0000000002FE0000-0x0000000003016000-memory.dmp
memory/404-161-0x0000000005840000-0x0000000005E68000-memory.dmp
memory/4568-159-0x0000000000400000-0x00000000022D4000-memory.dmp
memory/4824-162-0x0000000000400000-0x00000000022DC000-memory.dmp
memory/404-163-0x00000000721D0000-0x0000000072980000-memory.dmp
memory/404-164-0x0000000003160000-0x0000000003170000-memory.dmp
memory/404-165-0x0000000003160000-0x0000000003170000-memory.dmp
memory/452-166-0x0000000000400000-0x0000000000930000-memory.dmp
memory/404-167-0x00000000054E0000-0x0000000005502000-memory.dmp
memory/404-168-0x0000000005790000-0x00000000057F6000-memory.dmp
memory/404-169-0x0000000005F70000-0x0000000005FD6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_klbl3ur4.koc.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/404-175-0x0000000005FE0000-0x0000000006334000-memory.dmp
memory/404-180-0x0000000005370000-0x000000000538E000-memory.dmp
memory/404-181-0x0000000006690000-0x00000000066DC000-memory.dmp
memory/4824-182-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/404-204-0x0000000006B60000-0x0000000006BA4000-memory.dmp
memory/4352-216-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/440-224-0x00000000010B0000-0x00000000010B1000-memory.dmp
memory/404-225-0x0000000003160000-0x0000000003170000-memory.dmp
memory/404-226-0x0000000007920000-0x0000000007996000-memory.dmp
memory/404-231-0x00000000079C0000-0x00000000079DA000-memory.dmp
memory/404-230-0x0000000008020000-0x000000000869A000-memory.dmp
C:\ProgramData\nss3.dll
| MD5 | 4df2bf0ae4cdb77998d0c70281d3ca12 |
| SHA1 | 935d164feabd42243aa34f96e8b6af39c93b6306 |
| SHA256 | e83d04c5b94f9228037452a4d98b9b495e9f0ccae61fd379bc6ca6819ce904d2 |
| SHA512 | bd8c22fbe054da820656e78eb1f00a2da810d99f31100efc47fc1182a24d014890a158fcd606a0beba011194620c4f9153f3be4b6acdd0c59858cd3d4a2c1138 |
C:\ProgramData\mozglue.dll
| MD5 | 3034aefffccf930e8cb12578cbd21d63 |
| SHA1 | 59005a981ad09abf45a6b0445d1cf6bd3d68b07d |
| SHA256 | e479913f262e8f78c3cc2d681fc5572ec618e864c1c12859c5b481dd4c8600c9 |
| SHA512 | 97dbac6b284851241e0b12f502b4c7b164b91cc2485cb51549d2d7022cc4c9079bcac6452568d5c70e1bfe5ac650558c49231308e74209b443673778d756458d |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/404-258-0x0000000007B80000-0x0000000007BB2000-memory.dmp
memory/404-260-0x0000000073360000-0x00000000733AC000-memory.dmp
memory/404-261-0x0000000071410000-0x0000000071764000-memory.dmp
memory/404-271-0x0000000007B40000-0x0000000007B5E000-memory.dmp
memory/404-275-0x0000000007BC0000-0x0000000007C63000-memory.dmp
memory/404-274-0x000000007F2B0000-0x000000007F2C0000-memory.dmp
memory/404-276-0x0000000007C90000-0x0000000007C9A000-memory.dmp
memory/404-280-0x0000000007D60000-0x0000000007DF6000-memory.dmp
memory/404-289-0x0000000007CE0000-0x0000000007CF1000-memory.dmp
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | 69272d604bcfc79a6cf9c8a117524e0a |
| SHA1 | 4c79237f6de3a3e0fb770157a83fb77923b43560 |
| SHA256 | 40632a2f3dca03b4d56b7e4c8db05c054079c6de44c26579f9f4722270840cdb |
| SHA512 | 8aa579a6e603288afeb757b85f5cf72ea32e88c24100820fd890ff7fb0e6edb7b043c1d9adea0667c7912029293d723fea51fbaea6bb26d6e2170aed4c9d5ee6 |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | d37ebc874a255f1f295974ba757650b5 |
| SHA1 | acd897a324ed3d5a881e8acb9950ed0f475051b4 |
| SHA256 | 228564164aac87f17e7ef3e4224073501870be47680b8722fdf3a530433fa7b6 |
| SHA512 | fe993d0823097d6ad135cd667d8f7b6db817779fed2b8ddba7a5ac76710bc38decbbe5ff7ffb6c2e5273fc5b9474df3c2b6c73e26016f35af2a03164b9cc88e7 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | 68ebfe26368a940eaef266d56903cb89 |
| SHA1 | 4d6c23115cc5e1c80ca6c3fccf65d1caf49993c1 |
| SHA256 | 54edfd8a8e37d3dc86818e62f3b5d1b78ec53f02a67942637dbf012a507f8e9a |
| SHA512 | 6a3a539d151695a952bec28a8c847b948259e04f6d89417cbb93b03fc3b1dcc40655cfa063c016f5afec10b60b14aef1f6331159ead268eab0e3e71cc7168041 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | 968cb9309758126772781b83adb8a28f |
| SHA1 | 8da30e71accf186b2ba11da1797cf67f8f78b47c |
| SHA256 | 92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a |
| SHA512 | 4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 6c9ba9f7fee02f83092260ba510a6bda |
| SHA1 | 062fb40a0d58e08c902f99b012636138547646c6 |
| SHA256 | 01f801f795ad666ddb17faaf36a8a56617b0d797d36479cb9fd5c294e4a0d5dc |
| SHA512 | b0ee7230ff661da3f850b1371a040d9b14812bf4b67ecde0093ffccd834390258476b6249bc95289f503f772cfff046374d5558af8eb92986a43ec45210b9866 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | dc8c2451eaeb60693d67b7c6a4a824eb |
| SHA1 | e0f5db63b54afe530a858f50550f209ac5d0150b |
| SHA256 | d06799dc1f60cc359a72462c5332437c9381cbd07e4bb8fa61e1e752d09d7d0d |
| SHA512 | 50b195cfd819a1cdd4d9d5f8962bc466232e9359c51ddb4302c2696d377be9e75d32cb0ec99947cad68e460dacf6081374a612158cee5f55f263940a4e3bc1e0 |
C:\Windows\rss\csrss.exe
| MD5 | 0c7b8daa9b09bcdf947a020bf28c2f19 |
| SHA1 | 738f89f4da5256d14fe11394cf79e42060a7e98b |
| SHA256 | ff0c709f06a8850794f2501c7dc9ce4ffc75f1ab3039218952cd87a067d3d3ff |
| SHA512 | b069ef6d30a5afafc4b4e2632cb4f9da65e58dcedb66706921d85a6be97a024c1e786ec51299ba52668a65fe948d499609aa2b4978fb20738dd0b643d84cbcf6 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 31ee428f8ec83113c318a3159fd712a4 |
| SHA1 | 19e4ec4235d44a45aa33fab528a9ae19afeab786 |
| SHA256 | 3da6f96dfbd08c9c9903bc7cc6c356b06853140ded272cb44177a99b56121994 |
| SHA512 | 7cc9999e4091398f537e499cd47e11cc2cac8d014255ae4e56b6ce80ac93177b2632836685c894a6f9a332269d4707953a8c34fb04bea0d7b86e3c9794b94f80 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | fcfb3e9117e6aabae05b38a8afd3943a |
| SHA1 | 2d2e95a76f11ba24fd0e88097c98e0a4dfcab0e4 |
| SHA256 | 5c915dcf6c56622d43c79aabeb40ecae4e2544312907c367adaa632b1972f21c |
| SHA512 | 12a48a786a9cb3a5fb083e111706abe426500adf0492a9dbfebe1907e4524e1e3dc0cbb82d9036d1f3b5a1e70dcd0ee709f2e9c22b3e15e4ee6f9c143b226f5a |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 7011eee5aae307248e34b80d8c0f47a8 |
| SHA1 | 5cc6e13e9a2673a30bd9547dac413b1586b57e5a |
| SHA256 | 090ec5cf802efbb5e8edc439f5a15d60572c341ae7ec5e03077a4781ebc69423 |
| SHA512 | 6a1f0322e1bf3337298fd6ff1591ebb16d935db0708728be30d13951af77b135be15ed43c805f45ee5cb97b98e363c9630c0dd275460e4474480a1d5252c9664 |
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
| MD5 | d98e33b66343e7c96158444127a117f6 |
| SHA1 | bb716c5509a2bf345c6c1152f6e3e1452d39d50d |
| SHA256 | 5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1 |
| SHA512 | 705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-29 05:55
Reported
2024-02-29 05:58
Platform
win7-20240221-en
Max time kernel
37s
Max time network
154s
Command Line
Signatures
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Detect binaries embedding considerable number of MFA browser extension IDs.
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects Windows executables referencing non-Windows User-Agents
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects executables Discord URL observed in first stage droppers
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects executables containing URLs to raw contents of a Github gist
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects executables containing artifacts associated with disabling Widnows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects executables referencing many varying, potentially fake Windows User-Agents
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\90EA.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\90EA.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B1A5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B760.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\90EA.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\90EA.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2600 set thread context of 2556 | N/A | C:\Users\Admin\AppData\Local\Temp\90EA.exe | C:\Users\Admin\AppData\Local\Temp\90EA.exe |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\B1A5.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe
"C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe"
C:\Users\Admin\AppData\Local\Temp\90EA.exe
C:\Users\Admin\AppData\Local\Temp\90EA.exe
C:\Users\Admin\AppData\Local\Temp\90EA.exe
C:\Users\Admin\AppData\Local\Temp\90EA.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9A8C.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\9A8C.dll
C:\Users\Admin\AppData\Local\Temp\B1A5.exe
C:\Users\Admin\AppData\Local\Temp\B1A5.exe
C:\Users\Admin\AppData\Local\Temp\B760.exe
C:\Users\Admin\AppData\Local\Temp\B760.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 124
C:\Users\Admin\AppData\Local\Temp\D51E.exe
C:\Users\Admin\AppData\Local\Temp\D51E.exe
C:\Users\Admin\AppData\Local\Temp\E46B.exe
C:\Users\Admin\AppData\Local\Temp\E46B.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\u198.0.exe
"C:\Users\Admin\AppData\Local\Temp\u198.0.exe"
C:\Users\Admin\AppData\Local\Temp\u198.1.exe
"C:\Users\Admin\AppData\Local\Temp\u198.1.exe"
C:\Windows\system32\makecab.exe
"C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20240229055649.log C:\Windows\Logs\CBS\CbsPersist_20240229055649.cab
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| IR | 151.233.51.166:80 | trmpc.com | tcp |
| SG | 209.58.180.90:443 | tcp | |
| DE | 5.181.51.52:9001 | tcp | |
| US | 8.8.8.8:53 | joly.bestsup.su | udp |
| US | 172.67.171.112:80 | joly.bestsup.su | tcp |
| DE | 185.220.101.1:30001 | tcp | |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| FR | 145.239.41.102:9100 | tcp | |
| LV | 94.140.120.130:443 | tcp | |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| FR | 145.239.41.102:9100 | tcp | |
| LV | 94.140.120.130:443 | tcp | |
| US | 8.8.8.8:53 | fashionluxemode.com | udp |
| US | 8.8.8.8:53 | fashiontrends15.com | udp |
| US | 8.8.8.8:53 | fastdelivery123.com | udp |
| US | 8.8.8.8:53 | featuredt-shirt.com | udp |
| US | 8.8.8.8:53 | financiallvoice.com | udp |
| US | 8.8.8.8:53 | fitnessfreaks45.com | udp |
| US | 8.8.8.8:53 | fitnessgymnasca.com | udp |
| US | 8.8.8.8:53 | floreriaykebana.com | udp |
| US | 8.8.8.8:53 | focuscompanymkt.com | udp |
| US | 8.8.8.8:53 | fornecedorambev.com | udp |
| US | 8.8.8.8:53 | frederic-bordet.com | udp |
| US | 8.8.8.8:53 | freehealthworld.com | udp |
| FR | 89.116.147.20:443 | frederic-bordet.com | tcp |
| US | 8.8.8.8:53 | freelandroofing.com | udp |
| US | 172.67.165.64:443 | freehealthworld.com | tcp |
| US | 8.8.8.8:53 | freethingsblogs.com | udp |
| US | 8.8.8.8:53 | frezarineventos.com | udp |
| US | 162.214.101.75:443 | freelandroofing.com | tcp |
| GB | 185.77.97.119:443 | fashionluxemode.com | tcp |
| BR | 149.100.155.196:443 | frezarineventos.com | tcp |
| US | 8.8.8.8:53 | friendfortravel.com | udp |
| US | 8.8.8.8:53 | fundrecoveryltd.com | udp |
| GB | 185.77.97.110:443 | freethingsblogs.com | tcp |
| SG | 191.101.230.83:443 | financiallvoice.com | tcp |
| BR | 154.41.224.205:443 | fastdelivery123.com | tcp |
| US | 8.8.8.8:53 | galaxymotorcars.com | udp |
| US | 8.8.8.8:53 | futurelitewater.com | udp |
| FR | 154.49.245.25:443 | friendfortravel.com | tcp |
| NL | 162.0.217.63:443 | fundrecoveryltd.com | tcp |
| IN | 89.117.27.100:443 | fitnessfreaks45.com | tcp |
| BR | 154.41.224.205:443 | fastdelivery123.com | tcp |
| US | 8.8.8.8:53 | gamifychallenge.com | udp |
| US | 104.21.68.230:443 | galaxymotorcars.com | tcp |
| US | 172.67.128.37:443 | featuredt-shirt.com | tcp |
| IN | 82.180.165.229:443 | futurelitewater.com | tcp |
| US | 8.8.8.8:53 | gardinergetaway.com | udp |
| US | 8.8.8.8:53 | germantownranch.com | udp |
| US | 8.8.8.8:53 | www.friendfortravel.com | udp |
| US | 8.8.8.8:53 | get77slotwallet.com | udp |
| US | 8.8.8.8:53 | giftswonderland.com | udp |
| US | 192.250.227.22:443 | fitnessgymnasca.com | tcp |
| LT | 84.32.84.32:443 | fornecedorambev.com | tcp |
| BR | 45.152.46.6:443 | focuscompanymkt.com | tcp |
| US | 8.8.8.8:53 | glambeautytouch.com | udp |
| US | 146.190.153.3:443 | gardinergetaway.com | tcp |
| US | 8.8.8.8:53 | gluteosperfecto.com | udp |
| US | 208.113.188.141:443 | giftswonderland.com | tcp |
| BE | 13.225.239.13:80 | www.friendfortravel.com | tcp |
| US | 192.64.119.204:80 | germantownranch.com | tcp |
| US | 172.67.204.240:443 | get77slotwallet.com | tcp |
| US | 23.239.27.53:443 | floreriaykebana.com | tcp |
| US | 172.67.206.174:443 | glambeautytouch.com | tcp |
| US | 185.212.70.44:443 | gluteosperfecto.com | tcp |
| US | 8.8.8.8:53 | golfparadise-au.com | udp |
| US | 8.8.8.8:53 | goldencointoken.com | udp |
| US | 8.8.8.8:53 | goutezlaqualite.com | udp |
| US | 104.21.0.135:443 | golfparadise-au.com | tcp |
| US | 8.8.8.8:53 | gradeadventures.com | udp |
| US | 8.8.8.8:53 | grandiosevision.com | udp |
| US | 8.8.8.8:53 | www.germantownranch.com | udp |
| US | 8.8.8.8:53 | gratefulpuzzles.com | udp |
| US | 8.8.8.8:53 | greencareagency.com | udp |
| US | 89.117.139.104:443 | goldencointoken.com | tcp |
| FR | 185.46.230.173:443 | goutezlaqualite.com | tcp |
| US | 8.8.8.8:53 | happyeventgroup.com | udp |
| US | 8.8.8.8:53 | handy-homeowner.com | udp |
| US | 185.212.71.169:443 | gradeadventures.com | tcp |
| US | 13.107.246.64:443 | www.germantownranch.com | tcp |
| GB | 81.27.92.75:443 | greencareagency.com | tcp |
| BE | 13.225.239.13:443 | www.friendfortravel.com | tcp |
| US | 8.8.8.8:53 | hatchbrandingco.com | udp |
| US | 8.8.8.8:53 | growthforinvest.com | udp |
| US | 8.8.8.8:53 | hightechwizards.com | udp |
| US | 8.8.8.8:53 | highstakeshaven.com | udp |
| US | 8.8.8.8:53 | hindisarkarijob.com | udp |
| US | 8.8.8.8:53 | hotelmanitarini.com | udp |
| US | 8.8.8.8:53 | www.giftswonderland.com | udp |
| US | 8.8.8.8:53 | houseofmandiyyc.com | udp |
| US | 160.153.0.188:443 | grandiosevision.com | tcp |
| US | 8.8.8.8:53 | www.1videoproduction.com | udp |
| US | 160.153.0.172:443 | gratefulpuzzles.com | tcp |
| IN | 217.21.91.155:443 | happyeventgroup.com | tcp |
| US | 162.159.137.9:443 | hatchbrandingco.com | tcp |
| IN | 89.117.27.165:443 | hindisarkarijob.com | tcp |
| US | 15.197.142.173:443 | hightechwizards.com | tcp |
| US | 3.142.207.209:80 | highstakeshaven.com | tcp |
| US | 160.153.0.190:443 | handy-homeowner.com | tcp |
| IN | 89.117.157.252:443 | hotelmanitarini.com | tcp |
| TR | 77.245.159.12:443 | www.1videoproduction.com | tcp |
| US | 208.113.188.141:443 | www.giftswonderland.com | tcp |
| FI | 65.108.111.241:443 | growthforinvest.com | tcp |
| US | 8.8.8.8:53 | 3cuerdasy1colgao.com | udp |
| US | 72.167.103.253:443 | houseofmandiyyc.com | tcp |
| US | 8.8.8.8:53 | 3dpersonalizados.com | udp |
| US | 8.8.8.8:53 | a2zsarkariyojana.com | udp |
| US | 8.8.8.8:53 | aaamarvelhosting.com | udp |
| US | 8.8.8.8:53 | accessoryaccents.com | udp |
| US | 8.8.8.8:53 | advancedwhispers.com | udp |
| CA | 51.222.47.205:443 | 3cuerdasy1colgao.com | tcp |
| US | 8.8.8.8:53 | albertomugnaiart.com | udp |
| US | 8.8.8.8:53 | www.agricolamengolin.com | udp |
| US | 8.8.8.8:53 | aceitesconestilo.com | udp |
| US | 8.8.8.8:53 | www.agrologisticsltd.com | udp |
| US | 8.8.8.8:53 | alfadigitalstore.com | udp |
| US | 8.8.8.8:53 | www.hatchbrandingco.com | udp |
| US | 8.8.8.8:53 | allsecuritydoors.com | udp |
| US | 8.8.8.8:53 | alpinehomeliving.com | udp |
| US | 8.8.8.8:53 | alhilalelevators.com | udp |
| US | 8.8.8.8:53 | allindiafootball.com | udp |
| ES | 89.248.105.40:443 | aceitesconestilo.com | tcp |
| US | 151.106.97.121:443 | a2zsarkariyojana.com | tcp |
| ES | 82.223.11.39:443 | 3dpersonalizados.com | tcp |
| US | 89.117.139.35:443 | www.agrologisticsltd.com | tcp |
| US | 104.21.30.233:443 | accessoryaccents.com | tcp |
| BG | 217.174.152.68:443 | aaamarvelhosting.com | tcp |
| IT | 62.149.166.75:443 | www.agricolamengolin.com | tcp |
| US | 62.72.54.181:443 | advancedwhispers.com | tcp |
| US | 86.38.202.248:443 | alfadigitalstore.com | tcp |
| US | 162.159.138.9:443 | www.hatchbrandingco.com | tcp |
| US | 154.56.47.174:443 | alhilalelevators.com | tcp |
| US | 104.255.170.81:443 | allsecuritydoors.com | tcp |
| IN | 82.180.143.220:443 | allindiafootball.com | tcp |
| IT | 86.107.32.169:443 | albertomugnaiart.com | tcp |
| US | 8.8.8.8:53 | www.junkcarremovalnearpleasanthill.com | udp |
| US | 8.8.8.8:53 | www.roadsideassistancenearriverton.com | udp |
| US | 8.8.8.8:53 | www.24hourmotorcycletowinghartford.com | udp |
| US | 8.8.8.8:53 | www.24hourroadsideassistancehobart.com | udp |
| US | 8.8.8.8:53 | www.24hourtireassistancewaynesboro.com | udp |
| DE | 148.251.89.61:443 | alpinehomeliving.com | tcp |
| US | 8.8.8.8:53 | www.24hrroadassistancesouthlebanon.com | udp |
| US | 8.8.8.8:53 | www.roadsidetireserviceforestville.com | udp |
| US | 8.8.8.8:53 | www.24hourroadsideassistancemuscoy.com | udp |
| US | 8.8.8.8:53 | www.24houroffroadrecoverycrestwood.com | udp |
| US | 8.8.8.8:53 | www.24hrroadassistancepingreegrove.com | udp |
| US | 8.8.8.8:53 | www.affordableboattowingalexandria.com | udp |
| US | 8.8.8.8:53 | pmc360.org | udp |
| US | 198.12.223.190:443 | www.24hourroadsideassistancehobart.com | tcp |
| US | 72.167.65.7:443 | www.junkcarremovalnearpleasanthill.com | tcp |
| US | 198.12.217.39:443 | www.affordableboattowingalexandria.com | tcp |
| US | 50.63.19.223:443 | www.roadsidetireserviceforestville.com | tcp |
| US | 216.69.166.50:443 | www.24hourmotorcycletowinghartford.com | tcp |
| US | 50.63.19.223:443 | www.roadsidetireserviceforestville.com | tcp |
| US | 198.12.210.211:443 | www.24hourroadsideassistancemuscoy.com | tcp |
| US | 72.167.210.101:443 | www.roadsideassistancenearriverton.com | tcp |
| US | 198.12.217.39:443 | www.affordableboattowingalexandria.com | tcp |
| US | 68.178.221.2:443 | www.24hrroadassistancepingreegrove.com | tcp |
| US | 162.246.19.91:443 | pmc360.org | tcp |
| US | 50.63.26.195:443 | www.24hourtireassistancewaynesboro.com | tcp |
| US | 68.178.246.137:443 | www.24houroffroadrecoverycrestwood.com | tcp |
| US | 8.8.8.8:53 | fapeza.org | udp |
| US | 8.8.8.8:53 | gricbgc.org | udp |
| US | 8.8.8.8:53 | benrati.org | udp |
| US | 8.8.8.8:53 | rcc-som.org | udp |
| US | 8.8.8.8:53 | wibatng.org | udp |
| US | 8.8.8.8:53 | www.alfadigitalstore.com | udp |
| US | 8.8.8.8:53 | bnw2024.org | udp |
| US | 8.8.8.8:53 | rademor.org | udp |
| US | 8.8.8.8:53 | www.seacmeq.org | udp |
| US | 8.8.8.8:53 | ihvider.org | udp |
| US | 8.8.8.8:53 | www.murales.org | udp |
| US | 8.8.8.8:53 | www.yourdex.net | udp |
| US | 8.8.8.8:53 | sambhog.org | udp |
| US | 8.8.8.8:53 | xrbible.org | udp |
| US | 8.8.8.8:53 | tintech.org | udp |
| US | 8.8.8.8:53 | www.gwelectric.com | udp |
| US | 8.8.8.8:53 | agrologisticsltd.com | udp |
| US | 8.8.8.8:53 | ufa007s.org | udp |
| US | 8.8.8.8:53 | avhs-ev.org | udp |
| US | 172.67.154.36:443 | fapeza.org | tcp |
| US | 104.21.72.13:443 | ufa007s.org | tcp |
| GB | 31.170.164.158:443 | rcc-som.org | tcp |
| US | 86.38.202.248:443 | www.alfadigitalstore.com | tcp |
| LT | 45.88.197.170:443 | ihvider.org | tcp |
| US | 104.21.28.175:443 | tintech.org | tcp |
| US | 63.250.43.3:443 | www.yourdex.net | tcp |
| IT | 89.46.108.13:443 | www.murales.org | tcp |
| IN | 119.18.49.6:443 | sambhog.org | tcp |
| US | 69.163.228.97:443 | avhs-ev.org | tcp |
| BW | 168.167.8.201:80 | www.seacmeq.org | tcp |
| US | 162.241.24.26:443 | rademor.org | tcp |
| US | 141.193.213.10:443 | gricbgc.org | tcp |
| US | 66.117.3.4:443 | benrati.org | tcp |
| US | 89.117.139.35:443 | agrologisticsltd.com | tcp |
| US | 162.241.24.227:443 | bnw2024.org | tcp |
| US | 104.20.117.128:443 | www.gwelectric.com | tcp |
| US | 8.8.8.8:53 | hanbagi.org | udp |
| US | 172.67.205.8:443 | hanbagi.org | tcp |
| US | 8.8.8.8:53 | upphaar.org | udp |
| US | 8.8.8.8:53 | ongasdn.org | udp |
| US | 8.8.8.8:53 | miburro.org | udp |
| US | 8.8.8.8:53 | sasiinc.org | udp |
| US | 8.8.8.8:53 | diyzone.org | udp |
| US | 8.8.8.8:53 | wptest.webspacekit.com | udp |
| US | 8.8.8.8:53 | www.kc13692.org | udp |
| US | 8.8.8.8:53 | murikaf.org | udp |
| US | 8.8.8.8:53 | esvicis.org | udp |
| US | 104.21.26.86:443 | wptest.webspacekit.com | tcp |
| IT | 81.88.52.146:443 | miburro.org | tcp |
| US | 173.201.180.210:443 | sasiinc.org | tcp |
| US | 8.8.8.8:53 | amorwatch.com | udp |
| US | 8.8.8.8:53 | fatpepe.org | udp |
| US | 8.8.8.8:53 | www.elsolmagazine.com | udp |
| US | 8.8.8.8:53 | pgvip86.org | udp |
| US | 8.8.8.8:53 | blog.huulc.com | udp |
| US | 8.8.8.8:53 | patnahost.net | udp |
| CH | 217.26.61.125:443 | esvicis.org | tcp |
| US | 191.101.79.191:443 | murikaf.org | tcp |
| US | 208.113.188.121:443 | www.kc13692.org | tcp |
| US | 207.174.213.181:443 | ongasdn.org | tcp |
| US | 162.214.81.23:443 | upphaar.org | tcp |
| US | 8.8.8.8:53 | studyacer.net | udp |
| US | 172.67.202.133:443 | pgvip86.org | tcp |
| US | 162.254.39.103:443 | amorwatch.com | tcp |
| US | 104.21.27.116:443 | blog.huulc.com | tcp |
| IN | 82.180.143.241:443 | patnahost.net | tcp |
| FR | 51.255.30.108:443 | www.elsolmagazine.com | tcp |
| LT | 84.32.84.32:443 | fatpepe.org | tcp |
| US | 8.8.8.8:53 | supplydiy.net | udp |
| US | 8.8.8.8:53 | tunalojas.net | udp |
| US | 8.8.8.8:53 | sindietas.net | udp |
| US | 8.8.8.8:53 | www.onoratidesign.com | udp |
| US | 8.8.8.8:53 | www.hanbagi.org | udp |
| US | 8.8.8.8:53 | whiitebit.net | udp |
| US | 8.8.8.8:53 | afkcooking.net | udp |
| US | 8.8.8.8:53 | b55-codes.com | udp |
| US | 8.8.8.8:53 | ufabet015.net | udp |
| US | 104.21.28.35:443 | supplydiy.net | tcp |
| US | 8.8.8.8:53 | xocdia123.net | udp |
| US | 8.8.8.8:53 | ahoravoley.com | udp |
| US | 8.8.8.8:53 | aiwisemind.net | udp |
| GB | 154.49.138.80:443 | studyacer.net | tcp |
| US | 8.8.8.8:53 | amoljadhav.net | udp |
| FR | 46.105.204.31:443 | sindietas.net | tcp |
| US | 104.21.22.189:443 | xocdia123.net | tcp |
| US | 66.117.3.4:443 | www.onoratidesign.com | tcp |
| US | 8.8.8.8:53 | celebrityz.net | udp |
| US | 8.8.8.8:53 | clubecoroa.net | udp |
| US | 8.8.8.8:53 | colacromos.net | udp |
| US | 8.8.8.8:53 | bluelifetc.net | udp |
| US | 8.8.8.8:53 | daniacosta.net | udp |
| US | 8.8.8.8:53 | mengueme.acesy.nl | udp |
| US | 8.8.8.8:53 | danlanpher.com | udp |
| US | 8.8.8.8:53 | darulasrar.net | udp |
| US | 149.100.151.200:443 | afkcooking.net | tcp |
| US | 8.8.8.8:53 | divorcemap.net | udp |
| US | 8.8.8.8:53 | franphenix.net | udp |
| US | 104.21.3.213:443 | ufabet015.net | tcp |
| US | 104.21.22.126:443 | www.hanbagi.org | tcp |
| RU | 194.67.193.111:443 | aiwisemind.net | tcp |
| US | 8.8.8.8:53 | donapaella.net | udp |
| US | 31.170.167.245:443 | amoljadhav.net | tcp |
| US | 8.8.8.8:53 | hanya-shop.net | udp |
| US | 8.8.8.8:53 | iptvchoice.net | udp |
| BR | 45.152.46.36:443 | bluelifetc.net | tcp |
| US | 104.21.26.170:443 | whiitebit.net | tcp |
| US | 8.8.8.8:53 | hscoaching.net | udp |
| DE | 54.38.152.208:443 | mengueme.acesy.nl | tcp |
| US | 8.8.8.8:53 | joniserver.net | udp |
| US | 8.8.8.8:53 | www.lambocloud.net | udp |
| ES | 185.209.60.38:443 | ahoravoley.com | tcp |
| US | 162.241.244.25:443 | divorcemap.net | tcp |
| SG | 166.62.10.185:80 | darulasrar.net | tcp |
| GB | 145.14.152.96:443 | daniacosta.net | tcp |
| US | 160.153.0.21:443 | danlanpher.com | tcp |
| US | 8.8.8.8:53 | www.bymarcpastor.com | udp |
| US | 50.31.160.220:80 | colacromos.net | tcp |
| US | 86.38.202.249:443 | hanya-shop.net | tcp |
| SG | 66.42.53.125:443 | joniserver.net | tcp |
| ES | 217.76.130.136:443 | donapaella.net | tcp |
| US | 162.241.61.124:443 | franphenix.net | tcp |
| HK | 148.66.54.2:443 | www.lambocloud.net | tcp |
| US | 157.245.243.145:443 | celebrityz.net | tcp |
| FR | 154.49.245.35:443 | hscoaching.net | tcp |
| GB | 141.136.33.15:443 | iptvchoice.net | tcp |
| ES | 185.140.32.29:443 | www.bymarcpastor.com | tcp |
| US | 8.8.8.8:53 | metroluwuk.net | udp |
| US | 8.8.8.8:53 | mondiocese.net | udp |
| US | 8.8.8.8:53 | mirainouen.net | udp |
| US | 8.8.8.8:53 | prasadtech.net | udp |
| US | 8.8.8.8:53 | premiumbmc.net | udp |
| US | 8.8.8.8:53 | purespices.net | udp |
| US | 8.8.8.8:53 | rehaltours.net | udp |
| US | 8.8.8.8:53 | nonukslots.net | udp |
| US | 8.8.8.8:53 | resourcers.net | udp |
| BE | 213.158.94.139:443 | premiumbmc.net | tcp |
| JP | 157.7.184.16:443 | mirainouen.net | tcp |
| IN | 89.117.188.242:443 | prasadtech.net | tcp |
| US | 162.241.217.225:443 | purespices.net | tcp |
| US | 8.8.8.8:53 | reise-reif.net | udp |
| US | 8.8.8.8:53 | sobrepadel.net | udp |
| ID | 202.52.146.246:443 | metroluwuk.net | tcp |
| FR | 89.117.169.80:443 | mondiocese.net | tcp |
| US | 8.8.8.8:53 | ufa345mall.net | udp |
| RU | 194.67.193.138:443 | rehaltours.net | tcp |
| US | 104.21.6.194:443 | nonukslots.net | tcp |
| US | 86.38.202.95:443 | sobrepadel.net | tcp |
| US | 195.35.15.82:443 | resourcers.net | tcp |
| DE | 85.13.129.160:80 | reise-reif.net | tcp |
| US | 8.8.8.8:53 | www.velacademy.net | udp |
| US | 172.67.222.174:443 | ufa345mall.net | tcp |
| US | 8.8.8.8:53 | tomatotest.net | udp |
| US | 8.8.8.8:53 | yaeldesign.net | udp |
| US | 8.8.8.8:53 | 24x7hosting.net | udp |
| US | 8.8.8.8:53 | arthurpools.net | udp |
| US | 8.8.8.8:53 | ayudaprompt.net | udp |
| US | 8.8.8.8:53 | tradeflowalgo.net | udp |
| US | 8.8.8.8:53 | betetrading.net | udp |
| US | 8.8.8.8:53 | websigorta.net | udp |
| US | 8.8.8.8:53 | bajrangbaan.net | udp |
| US | 8.8.8.8:53 | advantageva.net | udp |
| US | 8.8.8.8:53 | dealsonfire.net | udp |
| US | 8.8.8.8:53 | yousustain.net | udp |
| US | 8.8.8.8:53 | autarkstrom.net | udp |
| GB | 154.49.138.62:443 | yaeldesign.net | tcp |
| GB | 109.70.148.67:443 | betetrading.net | tcp |
| FR | 193.70.117.88:443 | www.velacademy.net | tcp |
| FR | 154.49.245.193:443 | ayudaprompt.net | tcp |
| CA | 107.161.32.206:80 | arthurpools.net | tcp |
| IN | 103.191.209.47:443 | 24x7hosting.net | tcp |
| US | 162.215.240.240:443 | dealsonfire.net | tcp |
| DE | 85.13.145.120:80 | autarkstrom.net | tcp |
| TR | 95.173.190.12:443 | websigorta.net | tcp |
| DE | 5.189.161.19:443 | yousustain.net | tcp |
| FR | 89.117.168.195:443 | tomatotest.net | tcp |
| US | 50.87.142.46:443 | tradeflowalgo.net | tcp |
| US | 8.8.8.8:53 | dellatreats.net | udp |
| US | 8.8.8.8:53 | e-pinmarket.net | udp |
| US | 8.8.8.8:53 | texxasjam.org | udp |
| US | 8.8.8.8:53 | enclavedefa.net | udp |
| US | 8.8.8.8:53 | ghdsportapp.net | udp |
| US | 8.8.8.8:53 | e-luxurybag.net | udp |
| US | 8.8.8.8:53 | eumodoturbo.net | udp |
| US | 8.8.8.8:53 | liriklagu.org | udp |
| SG | 156.67.222.38:443 | advantageva.net | tcp |
| IN | 45.79.122.222:443 | bajrangbaan.net | tcp |
| US | 89.117.139.91:443 | dellatreats.net | tcp |
| US | 172.67.135.14:80 | e-luxurybag.net | tcp |
| FR | 15.188.219.54:443 | eumodoturbo.net | tcp |
| FR | 51.178.1.180:80 | liriklagu.org | tcp |
| FR | 89.116.147.26:443 | enclavedefa.net | tcp |
| US | 8.8.8.8:53 | www.swissness.org | udp |
| US | 8.8.8.8:53 | techprobc.org | udp |
| US | 8.8.8.8:53 | lwconsult.org | udp |
| US | 104.21.27.40:443 | ghdsportapp.net | tcp |
| US | 8.8.8.8:53 | rami-levi.org | udp |
| US | 8.8.8.8:53 | plancrecer.org | udp |
| US | 8.8.8.8:53 | ketobites.org | udp |
| US | 8.8.8.8:53 | echoprojet.org | udp |
| US | 8.8.8.8:53 | koreanpepe.org | udp |
| US | 8.8.8.8:53 | leadcom.no | udp |
| US | 8.8.8.8:53 | www.samuelodoh.org | udp |
| US | 76.223.105.230:443 | techprobc.org | tcp |
| US | 162.241.226.175:443 | lwconsult.org | tcp |
| US | 8.8.8.8:53 | pedsiriraj.org | udp |
| US | 8.8.8.8:53 | devintage.org | udp |
| US | 8.8.8.8:53 | secardevez.org | udp |
| US | 162.241.24.110:443 | rami-levi.org | tcp |
| CH | 84.16.72.109:443 | echoprojet.org | tcp |
| US | 170.39.76.40:443 | www.swissness.org | tcp |
| NO | 104.37.38.121:443 | leadcom.no | tcp |
| US | 162.241.216.245:443 | koreanpepe.org | tcp |
| US | 131.153.147.34:443 | www.samuelodoh.org | tcp |
| US | 50.87.150.116:443 | ketobites.org | tcp |
| US | 162.241.30.65:80 | devintage.org | tcp |
| US | 8.8.8.8:53 | filabeograd.org | udp |
| US | 216.172.172.194:443 | secardevez.org | tcp |
| US | 3.33.152.147:443 | hightechwizards.com | tcp |
| US | 192.185.170.70:443 | plancrecer.org | tcp |
| NO | 104.37.38.121:443 | leadcom.no | tcp |
| TH | 147.50.227.16:443 | pedsiriraj.org | tcp |
| US | 8.8.8.8:53 | theqsource.org | udp |
| US | 8.8.8.8:53 | genesisketo.org | udp |
| US | 8.8.8.8:53 | hardsiedler.org | udp |
| US | 8.8.8.8:53 | www.mengueme.cm | udp |
| US | 8.8.8.8:53 | vigorignite.org | udp |
| US | 8.8.8.8:53 | conectaprome.org | udp |
| US | 8.8.8.8:53 | marcosoares.org | udp |
| US | 8.8.8.8:53 | rootedininc.org | udp |
| US | 8.8.8.8:53 | akriliklembaran.com | udp |
| US | 8.8.8.8:53 | www.itsthegirls.org | udp |
| RS | 195.252.110.154:443 | filabeograd.org | tcp |
| NO | 104.37.38.121:443 | leadcom.no | tcp |
| US | 192.185.41.37:443 | genesisketo.org | tcp |
| NO | 104.37.38.121:443 | leadcom.no | tcp |
| US | 192.254.224.20:443 | vigorignite.org | tcp |
| US | 8.8.8.8:53 | donoharm2022.org | udp |
| DE | 54.38.152.208:443 | www.mengueme.cm | tcp |
| NO | 104.37.38.121:443 | leadcom.no | tcp |
| ES | 217.76.130.125:80 | conectaprome.org | tcp |
| US | 162.144.13.179:443 | marcosoares.org | tcp |
| US | 8.8.8.8:53 | corpcomercio.org | udp |
| US | 8.8.8.8:53 | wtfact.xyz | udp |
| US | 8.8.8.8:53 | cityarchpro.com | udp |
| NO | 104.37.38.121:443 | leadcom.no | tcp |
| US | 66.81.203.198:443 | www.itsthegirls.org | tcp |
| US | 67.205.10.142:443 | theqsource.org | tcp |
| DE | 85.13.143.24:443 | hardsiedler.org | tcp |
| NO | 104.37.38.121:443 | leadcom.no | tcp |
| US | 8.8.8.8:53 | codehousekw.com | udp |
| SG | 103.145.227.123:443 | akriliklembaran.com | tcp |
| US | 8.8.8.8:53 | cocobigbell.com | udp |
| SG | 172.96.191.223:443 | wtfact.xyz | tcp |
| US | 8.8.8.8:53 | codetechrev.com | udp |
| US | 107.190.140.50:443 | rootedininc.org | tcp |
| UA | 185.68.16.159:443 | cityarchpro.com | tcp |
| US | 192.254.233.93:80 | donoharm2022.org | tcp |
| US | 8.8.8.8:53 | chocovanila.com | udp |
| US | 108.167.149.254:80 | corpcomercio.org | tcp |
| US | 165.227.80.39:443 | chocovanila.com | tcp |
| US | 8.8.8.8:53 | connect0501.com | udp |
| KR | 158.247.252.97:443 | cocobigbell.com | tcp |
| US | 8.8.8.8:53 | coke2kaufen.com | udp |
| US | 8.8.8.8:53 | www.construorti.com | udp |
| NL | 191.96.63.168:443 | codehousekw.com | tcp |
| US | 8.8.8.8:53 | www.construniva.com | udp |
| US | 50.87.239.132:443 | gministries.org | tcp |
| US | 8.8.8.8:53 | comasypunto.com | udp |
| US | 8.8.8.8:53 | covan-group.com | udp |
| US | 8.8.8.8:53 | cookeyworld.com | udp |
| US | 8.8.8.8:53 | cybersamuha.com | udp |
| US | 8.8.8.8:53 | craftedglow.com | udp |
| ES | 217.76.130.125:443 | conectaprome.org | tcp |
| US | 8.8.8.8:53 | cutenessing.com | udp |
| NL | 145.14.151.196:443 | coke2kaufen.com | tcp |
| US | 8.8.8.8:53 | dataglimmer.com | udp |
| JP | 133.242.220.117:443 | connect0501.com | tcp |
| US | 65.99.225.94:443 | www.construniva.com | tcp |
| US | 8.8.8.8:53 | cryptotevar.com | udp |
| US | 65.99.225.39:443 | www.construorti.com | tcp |
| US | 8.8.8.8:53 | dayouguoxue.com | udp |
| US | 104.21.49.196:443 | cutenessing.com | tcp |
| US | 8.8.8.8:53 | dcgwebsites.com | udp |
| US | 63.250.43.135:443 | dataglimmer.com | tcp |
| KR | 64.176.226.144:443 | cookeyworld.com | tcp |
| GB | 185.77.97.68:443 | cybersamuha.com | tcp |
| US | 8.8.8.8:53 | www.cityarchpro.com | udp |
| IN | 193.203.185.70:443 | cryptotevar.com | tcp |
| US | 8.8.8.8:53 | decodebuddy.com | udp |
| US | 50.31.174.101:443 | craftedglow.com | tcp |
| CN | 114.132.247.200:443 | dayouguoxue.com | tcp |
| US | 8.8.8.8:53 | dentaltossa.com | udp |
| UA | 185.68.16.159:443 | www.cityarchpro.com | tcp |
| US | 160.153.0.165:443 | comasypunto.com | tcp |
| US | 8.8.8.8:53 | deeppowerfm.com | udp |
| NL | 185.206.160.8:443 | covan-group.com | tcp |
| US | 216.137.178.195:443 | dentaltossa.com | tcp |
| FR | 54.36.145.173:443 | deeppowerfm.com | tcp |
| US | 8.8.8.8:53 | dfmshopping.com | udp |
| US | 8.8.8.8:53 | dhruvdtours.com | udp |
| DE | 116.202.221.212:80 | dhruvdtours.com | tcp |
| US | 8.8.8.8:53 | digicabletv.com | udp |
| GB | 141.136.33.49:443 | decodebuddy.com | tcp |
| DE | 38.242.151.118:443 | digicabletv.com | tcp |
| US | 8.8.8.8:53 | digiinfobuz.com | udp |
| US | 8.8.8.8:53 | digisenderr.com | udp |
| IN | 89.117.157.93:443 | digiinfobuz.com | tcp |
| US | 86.38.202.88:443 | codetechrev.com | tcp |
| US | 212.1.211.52:443 | digisenderr.com | tcp |
| IE | 91.210.235.23:443 | dcgwebsites.com | tcp |
| US | 8.8.8.8:53 | digisolstar.com | udp |
| US | 8.8.8.8:53 | donmazzella.com | udp |
| US | 8.8.8.8:53 | dosug-spb24.com | udp |
| US | 8.8.8.8:53 | www.dhruvdtours.com | udp |
| BR | 62.72.62.193:80 | digisolstar.com | tcp |
| US | 8.8.8.8:53 | imunify-alert.com | udp |
| US | 8.8.8.8:53 | djundercova.com | udp |
| US | 8.8.8.8:53 | imunify-alert.com | udp |
| US | 8.8.8.8:53 | dreamasiamy.com | udp |
| US | 8.8.8.8:53 | dogusagency.com | udp |
| US | 8.8.8.8:53 | dunaatacama.com | udp |
| US | 8.8.8.8:53 | www.codehousekw.com | udp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 8.8.8.8:53 | lineapopular.com | udp |
| US | 8.8.8.8:53 | pumpchinchin.com | udp |
| DE | 116.202.221.212:80 | www.dhruvdtours.com | tcp |
| US | 8.8.8.8:53 | rajavommangi.com | udp |
| US | 8.8.8.8:53 | dyedstudios.com | udp |
| US | 8.8.8.8:53 | roxyandmidna.com | udp |
| US | 8.8.8.8:53 | durra-store.com | udp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 8.8.8.8:53 | ecomtrusted.com | udp |
| US | 8.8.8.8:53 | r4conference.com | udp |
| US | 8.8.8.8:53 | rueanbutsaba.com | udp |
| US | 8.8.8.8:53 | easybike-br.com | udp |
| US | 8.8.8.8:53 | rumahscatter.com | udp |
| US | 8.8.8.8:53 | realyogabali.com | udp |
| US | 8.8.8.8:53 | samhatravels.com | udp |
| US | 8.8.8.8:53 | savanijewels.com | udp |
| US | 8.8.8.8:53 | saludcoqueta.com | udp |
| IN | 154.56.53.215:443 | durra-store.com | tcp |
| US | 154.56.47.14:443 | djundercova.com | tcp |
| TR | 95.173.177.114:443 | dogusagency.com | tcp |
| CL | 186.64.119.170:443 | dunaatacama.com | tcp |
| SG | 184.168.98.254:443 | dreamasiamy.com | tcp |
| NL | 191.96.63.168:443 | www.codehousekw.com | tcp |
| US | 162.254.39.7:443 | hightechwizards.com | tcp |
| US | 8.8.8.8:53 | michaelsonny.com | udp |
| US | 104.21.32.178:443 | easybike-br.com | tcp |
| TH | 103.80.48.28:443 | rueanbutsaba.com | tcp |
| US | 162.0.229.58:443 | rumahscatter.com | tcp |
| GB | 18.133.60.229:443 | dosug-spb24.com | tcp |
| US | 68.66.226.115:443 | r4conference.com | tcp |
| US | 204.93.224.121:443 | lineapopular.com | tcp |
| US | 146.71.86.235:443 | rajavommangi.com | tcp |
| US | 144.208.66.42:80 | donmazzella.com | tcp |
| CA | 144.217.111.51:443 | roxyandmidna.com | tcp |
| US | 8.8.8.8:53 | sarcasmscans.com | udp |
| US | 8.8.8.8:53 | saveytvideos.com | udp |
| US | 8.8.8.8:53 | sawasdeeplus.com | udp |
| US | 8.8.8.8:53 | savvyecmoney.com | udp |
| JP | 183.90.183.166:443 | pumpchinchin.com | tcp |
| US | 149.100.151.169:443 | samhatravels.com | tcp |
| ID | 153.92.13.10:80 | realyogabali.com | tcp |
| SG | 156.67.222.73:443 | dyedstudios.com | tcp |
| US | 216.239.32.21:443 | savanijewels.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 104.21.82.56:443 | sarcasmscans.com | tcp |
| US | 66.29.132.68:443 | michaelsonny.com | tcp |
| FR | 89.117.169.156:443 | ecomtrusted.com | tcp |
| US | 89.117.139.96:443 | saveytvideos.com | tcp |
| US | 162.241.225.108:443 | savvyecmoney.com | tcp |
| US | 8.8.8.8:53 | scenikacases.com | udp |
| BR | 154.49.247.193:443 | sawasdeeplus.com | tcp |
| US | 8.8.8.8:53 | sashimi-sp.com | udp |
| US | 8.8.8.8:53 | sehatsampada.com | udp |
| US | 8.8.8.8:53 | savanijewellery.com | udp |
| US | 8.8.8.8:53 | screenrantsr.com | udp |
| US | 8.8.8.8:53 | senorfitness.com | udp |
| US | 8.8.8.8:53 | shadygrovelc.com | udp |
| US | 8.8.8.8:53 | shahrebereng.com | udp |
| US | 8.8.8.8:53 | searchzillaa.com | udp |
| US | 8.8.8.8:53 | schloss-haus.com | udp |
| US | 8.8.8.8:53 | selectorellc.com | udp |
| US | 8.8.8.8:53 | seowitherica.com | udp |
| US | 8.8.8.8:53 | shiconneplus.com | udp |
| US | 8.8.8.8:53 | servicehubtz.com | udp |
| US | 8.8.8.8:53 | shaguftasoft.com | udp |
| US | 172.67.160.221:443 | scenikacases.com | tcp |
| US | 8.8.8.8:53 | shivangitech.com | udp |
| IN | 154.41.233.94:443 | sehatsampada.com | tcp |
| IR | 193.141.65.221:443 | shahrebereng.com | tcp |
| US | 104.21.76.79:443 | sashimi-sp.com | tcp |
| US | 86.38.202.61:443 | shaguftasoft.com | tcp |
| GB | 185.77.97.11:443 | screenrantsr.com | tcp |
| GB | 154.49.138.48:443 | shadygrovelc.com | tcp |
| DE | 217.160.0.60:80 | schloss-haus.com | tcp |
| CH | 149.126.4.21:443 | senorfitness.com | tcp |
| BR | 62.72.62.193:443 | digisolstar.com | tcp |
| DE | 136.243.4.172:443 | selectorellc.com | tcp |
| CA | 23.227.38.65:443 | savanijewellery.com | tcp |
| JP | 133.18.84.138:443 | shiconneplus.com | tcp |
| PL | 145.239.19.134:443 | servicehubtz.com | tcp |
| US | 50.87.179.90:443 | searchzillaa.com | tcp |
| US | 8.8.8.8:53 | www.shobitourism.com | udp |
| US | 172.67.199.71:443 | seowitherica.com | tcp |
| US | 8.8.8.8:53 | www.theqsource.org | udp |
| US | 8.8.8.8:53 | www.shuhari-tesa.com | udp |
| US | 8.8.8.8:53 | sirianehouty.com | udp |
| US | 8.8.8.8:53 | simple-bonus.com | udp |
| US | 8.8.8.8:53 | slahianolive.com | udp |
| US | 8.8.8.8:53 | smiling-mama.com | udp |
| US | 8.8.8.8:53 | showbiztales.com | udp |
| US | 8.8.8.8:53 | shopwithmigs.com | udp |
| US | 8.8.8.8:53 | sikhagobulls.com | udp |
| US | 8.8.8.8:53 | single-chain.com | udp |
| US | 8.8.8.8:53 | sixtyninelab.com | udp |
| US | 8.8.8.8:53 | www.slenderyouhq.com | udp |
| US | 8.8.8.8:53 | sol-casino14.com | udp |
| US | 8.8.8.8:53 | www.solo-pruebas.com | udp |
| US | 8.8.8.8:53 | sohohomes-me.com | udp |
| US | 69.163.184.239:443 | www.shobitourism.com | tcp |
| US | 8.8.8.8:53 | solneris-pol.com | udp |
| US | 8.8.8.8:53 | societythumb.com | udp |
| US | 172.67.158.93:443 | shopwithmigs.com | tcp |
| US | 173.236.201.19:443 | www.slenderyouhq.com | tcp |
| US | 162.241.225.117:443 | solneris-pol.com | tcp |
| US | 8.8.8.8:53 | somos-unidos.com | udp |
| US | 67.205.10.142:443 | www.theqsource.org | tcp |
| SG | 83.136.216.117:80 | sixtyninelab.com | tcp |
| FR | 213.186.33.5:443 | sirianehouty.com | tcp |
| US | 154.49.142.45:443 | slahianolive.com | tcp |
| US | 104.21.6.4:443 | sol-casino14.com | tcp |
| US | 67.227.175.29:443 | single-chain.com | tcp |
| RO | 188.241.222.254:443 | www.shuhari-tesa.com | tcp |
| US | 8.8.8.8:53 | soofarsogood.com | udp |
| NL | 162.0.217.117:443 | simple-bonus.com | tcp |
| JP | 133.18.84.137:443 | smiling-mama.com | tcp |
| US | 86.38.202.12:443 | showbiztales.com | tcp |
| US | 89.116.192.55:443 | societythumb.com | tcp |
| KR | 158.247.252.136:443 | sikhagobulls.com | tcp |
| US | 8.8.8.8:53 | spartacalcio.com | udp |
| US | 162.241.218.175:443 | sohohomes-me.com | tcp |
| US | 8.8.8.8:53 | www.soneelsports.com | udp |
| US | 8.8.8.8:53 | south-vision.com | udp |
| US | 8.8.8.8:53 | spottedabove.com | udp |
| FR | 213.186.33.4:80 | soofarsogood.com | tcp |
| US | 8.8.8.8:53 | stopshopeasy.com | udp |
| US | 8.8.8.8:53 | sstoursdelhi.com | udp |
| US | 8.8.8.8:53 | stellabluegc.com | udp |
| US | 8.8.8.8:53 | stellaassets.com | udp |
| US | 8.8.8.8:53 | storiesbycam.com | udp |
| US | 8.8.8.8:53 | storiesscoop.com | udp |
| US | 8.8.8.8:53 | stmarryjamon.com | udp |
| US | 8.8.8.8:53 | www.promedspharmaceuticals.com | udp |
| IT | 18.102.110.240:443 | spartacalcio.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 8.8.8.8:53 | butlerhumanservices.com | udp |
| US | 8.8.8.8:53 | psicologiadelacreencia.com | udp |
| US | 8.8.8.8:53 | quincaillerie-vente-fr.com | udp |
| DE | 157.90.36.220:443 | www.soneelsports.com | tcp |
| US | 64.20.40.251:443 | south-vision.com | tcp |
| US | 8.8.8.8:53 | storkashvand.com | udp |
| US | 104.131.118.97:443 | storiesbycam.com | tcp |
| US | 192.185.131.34:443 | somos-unidos.com | tcp |
| IN | 82.180.141.7:443 | stmarryjamon.com | tcp |
| US | 8.8.8.8:53 | rockettennisdebentures.com | udp |
| MD | 176.123.0.55:443 | stellaassets.com | tcp |
| US | 66.235.200.147:80 | spottedabove.com | tcp |
| US | 64.20.63.34:443 | stellabluegc.com | tcp |
| IN | 217.21.91.155:443 | sstoursdelhi.com | tcp |
| US | 165.140.70.174:443 | psicologiadelacreencia.com | tcp |
| US | 192.243.110.5:443 | www.promedspharmaceuticals.com | tcp |
| US | 8.8.8.8:53 | relojesinteligentespro.com | udp |
| IR | 185.165.116.18:443 | storkashvand.com | tcp |
| US | 8.8.8.8:53 | rosabellainternational.com | udp |
| US | 141.193.213.10:443 | butlerhumanservices.com | tcp |
| CA | 23.227.38.65:443 | ssomadigital.com | tcp |
| US | 104.21.77.89:443 | quincaillerie-vente-fr.com | tcp |
| GB | 185.77.97.97:443 | storiesscoop.com | tcp |
| US | 104.21.26.253:443 | rockettennisdebentures.com | tcp |
| US | 89.117.139.150:443 | stopshopeasy.com | tcp |
| US | 8.8.8.8:53 | rowanjetsetspublishing.com | udp |
| US | 8.8.8.8:53 | rotaryperugiatrasimeno.com | udp |
| US | 8.8.8.8:53 | salkantayhostelsociety.com | udp |
| US | 8.8.8.8:53 | ranchosperpetuosocorro.com | udp |
| US | 8.8.8.8:53 | signedvinylsweepstakes.com | udp |
| US | 8.8.8.8:53 | skychapelinternational.com | udp |
| US | 8.8.8.8:53 | soulrisetransformation.com | udp |
| US | 8.8.8.8:53 | savoir-weddings-events.com | udp |
| US | 8.8.8.8:53 | simbanamoralescleaning.com | udp |
| US | 8.8.8.8:53 | slpcustomsandcollision.com | udp |
| US | 8.8.8.8:53 | southfloridahomebuyers.com | udp |
| US | 8.8.8.8:53 | supersweets-forestslot.com | udp |
| US | 8.8.8.8:53 | www.ssomadigital.com | udp |
| US | 8.8.8.8:53 | ssviewconstructioncorp.com | udp |
| US | 8.8.8.8:53 | swimmingpoolservicepro.com | udp |
| US | 8.8.8.8:53 | summerlinfitness4women.com | udp |
| DE | 81.169.145.105:443 | savoir-weddings-events.com | tcp |
| US | 8.8.8.8:53 | stconsultantnassociate.com | udp |
| US | 141.193.213.10:443 | signedvinylsweepstakes.com | tcp |
| US | 103.195.100.122:443 | skychapelinternational.com | tcp |
| US | 8.8.8.8:53 | www.rockettennisdebentures.com | udp |
| RO | 89.44.139.135:443 | soulrisetransformation.com | tcp |
| US | 104.21.26.253:443 | www.rockettennisdebentures.com | tcp |
| US | 50.6.160.31:443 | southfloridahomebuyers.com | tcp |
| IN | 89.117.188.136:443 | rosabellainternational.com | tcp |
| US | 8.8.8.8:53 | technopowercontracting.com | udp |
| US | 8.8.8.8:53 | sydneychineseorchastry.com | udp |
| FR | 89.117.169.121:443 | relojesinteligentespro.com | tcp |
| US | 154.41.231.136:443 | simbanamoralescleaning.com | tcp |
| US | 154.49.142.148:443 | rowanjetsetspublishing.com | tcp |
| IN | 195.35.44.155:443 | stconsultantnassociate.com | tcp |
| US | 8.8.8.8:53 | advancebillingservices.com | udp |
| US | 8.8.8.8:53 | www.agroinversioneslievano.com | udp |
| US | 8.8.8.8:53 | thegingergarlickitchen.com | udp |
| CA | 23.227.38.74:443 | www.ssomadigital.com | tcp |
| MX | 216.238.68.82:443 | salkantayhostelsociety.com | tcp |
| US | 162.241.253.240:443 | swimmingpoolservicepro.com | tcp |
| US | 198.57.149.50:80 | summerlinfitness4women.com | tcp |
| US | 168.235.118.44:443 | slpcustomsandcollision.com | tcp |
| US | 8.8.8.8:53 | dthorpe.wpengine.com | udp |
| US | 8.8.8.8:53 | agforallcommunications.com | udp |
| US | 8.8.8.8:53 | alice-creation-energie.com | udp |
| DE | 217.160.0.61:80 | rotaryperugiatrasimeno.com | tcp |
| US | 66.235.200.147:443 | sydneychineseorchastry.com | tcp |
| DE | 161.97.74.126:443 | ranchosperpetuosocorro.com | tcp |
| US | 162.213.251.134:443 | advancebillingservices.com | tcp |
| US | 190.8.176.234:443 | www.agroinversioneslievano.com | tcp |
| US | 162.0.209.111:443 | technopowercontracting.com | tcp |
| US | 67.222.39.89:443 | ssviewconstructioncorp.com | tcp |
| US | 8.8.8.8:53 | www.storiesbycam.com | udp |
| IN | 89.117.157.81:443 | thegingergarlickitchen.com | tcp |
| US | 8.8.8.8:53 | amazonexplorersiquitos.com | udp |
| US | 8.8.8.8:53 | americansurplusfinders.com | udp |
| US | 172.67.140.244:443 | www.storiesbycam.com | tcp |
| US | 8.8.8.8:53 | www.asapautomobilemechanic.com | udp |
| US | 8.8.8.8:53 | animeglassmasterpieces.com | udp |
| CH | 83.166.138.217:443 | alice-creation-energie.com | tcp |
| US | 8.8.8.8:53 | azerbaijan-marathonbet.com | udp |
| BE | 13.225.239.39:443 | www.asapautomobilemechanic.com | tcp |
| US | 8.8.8.8:53 | antiquecenturyjapanese.com | udp |
| CL | 138.117.149.156:443 | amazonexplorersiquitos.com | tcp |
| US | 154.49.142.185:443 | americansurplusfinders.com | tcp |
| US | 8.8.8.8:53 | astellas401ksettlement.com | udp |
| US | 8.8.8.8:53 | blisslifehobibahceleri.com | udp |
| US | 50.62.172.132:443 | agforallcommunications.com | tcp |
| US | 66.235.200.113:443 | animeglassmasterpieces.com | tcp |
| US | 8.8.8.8:53 | bestpracticesprocesses.com | udp |
| US | 104.21.16.104:443 | azerbaijan-marathonbet.com | tcp |
| US | 8.8.8.8:53 | blossomandbloomdesigns.com | udp |
| US | 8.8.8.8:53 | bowmanplaystationhouse.com | udp |
| US | 8.8.8.8:53 | canafricaclimatesummit.com | udp |
| DE | 185.242.82.188:443 | antiquecenturyjapanese.com | tcp |
| US | 8.8.8.8:53 | bestdealsinelectronics.com | udp |
| US | 8.8.8.8:53 | carexshippinglogistics.com | udp |
| US | 8.8.8.8:53 | www.serratech.net | udp |
| US | 8.8.8.8:53 | buminusantaracommodity.com | udp |
| US | 8.8.8.8:53 | brandvisualadvertising.com | udp |
| US | 8.8.8.8:53 | carlosmorenoblockchain.com | udp |
| US | 8.8.8.8:53 | cableandinternetnearme.com | udp |
| US | 8.8.8.8:53 | www.chicagolandtaxiandlimo.com | udp |
| US | 8.8.8.8:53 | www.chattanoogastudyprogram.com | udp |
| US | 8.8.8.8:53 | clarvazatoareamarilena.com | udp |
| US | 8.8.8.8:53 | clinicadentalclinybest.com | udp |
| US | 141.193.213.10:443 | bestpracticesprocesses.com | tcp |
| US | 141.193.213.10:443 | bestpracticesprocesses.com | tcp |
| US | 172.67.152.186:443 | blossomandbloomdesigns.com | tcp |
| TR | 104.247.167.3:443 | blisslifehobibahceleri.com | tcp |
| US | 86.38.202.21:443 | bowmanplaystationhouse.com | tcp |
| FR | 46.105.204.31:443 | sindietas.net | tcp |
| US | 66.29.141.107:443 | brandvisualadvertising.com | tcp |
| US | 162.217.144.46:443 | canafricaclimatesummit.com | tcp |
| US | 74.208.236.208:443 | cableandinternetnearme.com | tcp |
| RO | 89.42.218.138:443 | clarvazatoareamarilena.com | tcp |
| RU | 91.215.85.51:443 | carexshippinglogistics.com | tcp |
| US | 154.49.142.247:443 | bestdealsinelectronics.com | tcp |
| US | 149.100.151.135:443 | carlosmorenoblockchain.com | tcp |
| US | 74.208.236.48:443 | www.serratech.net | tcp |
| ID | 103.229.73.226:443 | buminusantaracommodity.com | tcp |
| US | 50.63.8.200:80 | www.chicagolandtaxiandlimo.com | tcp |
| US | 8.8.8.8:53 | marinedealerseo.com | udp |
| US | 8.8.8.8:53 | completefitnesslibrary.com | udp |
| US | 130.211.29.77:443 | dthorpe.wpengine.com | tcp |
| US | 8.8.8.8:53 | comfortstarcoolsystems.com | udp |
| US | 8.8.8.8:53 | constellationlandgroup.com | udp |
| US | 8.8.8.8:53 | coverlettermasterclass.com | udp |
| US | 192.185.74.165:80 | www.chattanoogastudyprogram.com | tcp |
| US | 8.8.8.8:53 | cys-mefoninstalaciones.com | udp |
| US | 8.8.8.8:53 | desbidonsetdesampoules.com | udp |
| US | 8.8.8.8:53 | corycorrectrenovations.com | udp |
| US | 8.8.8.8:53 | creativemedicalservice.com | udp |
| ES | 82.223.34.222:443 | clinicadentalclinybest.com | tcp |
| US | 66.81.203.198:443 | completefitnesslibrary.com | tcp |
| US | 104.18.185.50:443 | marinedealerseo.com | tcp |
| IN | 217.21.95.246:443 | comfortstarcoolsystems.com | tcp |
| US | 66.29.132.101:443 | coverlettermasterclass.com | tcp |
| US | 76.223.67.189:443 | creativemedicalservice.com | tcp |
| CA | 76.74.235.180:443 | corycorrectrenovations.com | tcp |
| US | 162.241.218.184:443 | constellationlandgroup.com | tcp |
| ES | 82.98.175.33:443 | cys-mefoninstalaciones.com | tcp |
| FR | 51.91.236.193:80 | desbidonsetdesampoules.com | tcp |
| US | 8.8.8.8:53 | corporacionsolnaciente.com | udp |
| US | 8.8.8.8:53 | crowleyplumbingservice.com | udp |
| US | 8.8.8.8:53 | deccaninvestmentcentre.com | udp |
| US | 8.8.8.8:53 | escuelanomadadeturismo.com | udp |
| US | 8.8.8.8:53 | www.djakartalogisticcenter.com | udp |
| US | 8.8.8.8:53 | eduardopersonalshopper.com | udp |
| US | 8.8.8.8:53 | gazelles-en-roue-libre.com | udp |
| US | 8.8.8.8:53 | georgianavictorialazar.com | udp |
| US | 8.8.8.8:53 | growbusinesw-solutions.com | udp |
| US | 8.8.8.8:53 | fiveofmyfavoritethings.com | udp |
| US | 8.8.8.8:53 | hamalski-uslugi-raicho.com | udp |
| US | 8.8.8.8:53 | handymanservice-london.com | udp |
| US | 8.8.8.8:53 | healthandwealthbalance.com | udp |
| US | 8.8.8.8:53 | dnmaintenancesolutions.com | udp |
| US | 8.8.8.8:53 | www.diamondsfordevelopment.co.bw | udp |
| US | 8.8.8.8:53 | epicenterimplantturkey.com | udp |
| US | 8.8.8.8:53 | funanconsultingservice.com | udp |
| US | 8.8.8.8:53 | expertos-emprendedores.com | udp |
| US | 8.8.8.8:53 | gbestexcellenceacademy.com | udp |
| US | 8.8.8.8:53 | grupoamempreendimentos.com | udp |
| US | 8.8.8.8:53 | grandprix-khaledcharef.com | udp |
| US | 8.8.8.8:53 | handmadeforyouofficial.com | udp |
| US | 8.8.8.8:53 | www.hatchgreenchilefestival.com | udp |
| US | 141.193.213.21:443 | www.diamondsfordevelopment.co.bw | tcp |
| IN | 89.117.157.234:443 | deccaninvestmentcentre.com | tcp |
| FR | 89.117.169.58:443 | dnmaintenancesolutions.com | tcp |
| US | 149.100.151.153:443 | fiveofmyfavoritethings.com | tcp |
| DE | 64.190.63.222:443 | eduardopersonalshopper.com | tcp |
| SG | 149.28.143.5:443 | funanconsultingservice.com | tcp |
| US | 8.8.8.8:53 | herleilasilveiravendas.com | udp |
| PL | 188.210.221.83:443 | handmadeforyouofficial.com | tcp |
| US | 50.6.138.176:443 | grupoamempreendimentos.com | tcp |
| FR | 51.91.236.255:443 | gazelles-en-roue-libre.com | tcp |
| US | 106.0.62.83:443 | crowleyplumbingservice.com | tcp |
| US | 208.76.85.136:443 | handymanservice-london.com | tcp |
| RO | 95.214.134.222:443 | georgianavictorialazar.com | tcp |
| US | 216.246.47.24:443 | corporacionsolnaciente.com | tcp |
| FI | 65.109.99.96:443 | www.djakartalogisticcenter.com | tcp |
| US | 103.195.100.122:443 | gbestexcellenceacademy.com | tcp |
| US | 3.33.130.190:443 | www.hatchgreenchilefestival.com | tcp |
| US | 8.8.8.8:53 | houstonpartybusforrent.com | udp |
| US | 8.8.8.8:53 | www.5nine-seo-ads-marketing.com | udp |
| US | 65.99.252.207:443 | escuelanomadadeturismo.com | tcp |
| US | 8.8.8.8:53 | academiadecursosenlinea.com | udp |
| US | 8.8.8.8:53 | 1xbet-bangladesh-online.com | udp |
| BG | 78.128.43.182:443 | hamalski-uslugi-raicho.com | tcp |
| US | 104.21.19.42:443 | 1xbet-bangladesh-online.com | tcp |
| TR | 104.247.162.226:443 | www.5nine-seo-ads-marketing.com | tcp |
| US | 8.8.8.8:53 | acompanhantesvipfloripa.com | udp |
| US | 8.8.8.8:53 | 614ispanicroofersacacio.com | udp |
| US | 8.8.8.8:53 | amolikparkviewfaridabad.com | udp |
| US | 8.8.8.8:53 | amazingquestionsanswers.com | udp |
| US | 8.8.8.8:53 | www.apartamentosmadrid.info | udp |
| US | 8.8.8.8:53 | babybirdtoursandsafaris.com | udp |
| US | 8.8.8.8:53 | truongthinhexpress.com | udp |
| US | 8.8.8.8:53 | tryin2survivewith3.com | udp |
| US | 50.6.138.180:443 | herleilasilveiravendas.com | tcp |
| US | 8.8.8.8:53 | artisancreativeplumbing.com | udp |
| US | 8.8.8.8:53 | tsubakurame-travel.com | udp |
| US | 8.8.8.8:53 | traveldiscoverypro.com | udp |
| US | 162.241.225.66:443 | houstonpartybusforrent.com | tcp |
| BR | 149.100.155.234:443 | academiadecursosenlinea.com | tcp |
| US | 8.8.8.8:53 | udoctowerenij-vsem.com | udp |
| IN | 89.117.27.213:443 | amazingquestionsanswers.com | tcp |
| PL | 145.239.19.134:443 | babybirdtoursandsafaris.com | tcp |
| US | 132.148.77.58:443 | asbestossurveystockport.com | tcp |
| US | 8.8.8.8:53 | aldinewestfieldtso.com | udp |
| US | 173.252.167.20:443 | 614ispanicroofersacacio.com | tcp |
| IN | 89.117.27.55:443 | amolikparkviewfaridabad.com | tcp |
| US | 172.67.128.170:443 | udoctowerenij-vsem.com | tcp |
| SG | 103.21.221.27:443 | truongthinhexpress.com | tcp |
| US | 162.241.218.196:443 | tryin2survivewith3.com | tcp |
| US | 154.49.142.152:443 | traveldiscoverypro.com | tcp |
| US | 8.8.8.8:53 | tpsrinternationals.com | udp |
| US | 8.8.8.8:53 | asosemillerosdelibertad.com | udp |
| US | 8.8.8.8:53 | www.deccaninvestmentcentre.com | udp |
| US | 8.8.8.8:53 | trendyeyedefenders.com | udp |
| US | 8.8.8.8:53 | unaverdaderalocura.com | udp |
| US | 8.8.8.8:53 | unitedmaildelivery.com | udp |
| US | 8.8.8.8:53 | vacuumbagsuppliers.com | udp |
| US | 8.8.8.8:53 | vidabemequilibrada.com | udp |
| US | 8.8.8.8:53 | veterinariovirtual.com | udp |
| US | 8.8.8.8:53 | vitalcenter-kroker.de | udp |
| US | 8.8.8.8:53 | virndavanchemicals.com | udp |
| US | 8.8.8.8:53 | villaciaterbooking.com | udp |
| US | 8.8.8.8:53 | vintagedesignerhub.com | udp |
| US | 8.8.8.8:53 | vitalsenseproducts.com | udp |
| US | 8.8.8.8:53 | vitorcostaadvogado.com | udp |
| US | 8.8.8.8:53 | voxloreconsultancy.com | udp |
| BE | 13.225.239.61:443 | www.apartamentosmadrid.info | tcp |
| US | 160.153.0.143:443 | artisancreativeplumbing.com | tcp |
| IN | 89.117.157.234:443 | www.deccaninvestmentcentre.com | tcp |
| US | 162.241.253.180:443 | trendyeyedefenders.com | tcp |
| BR | 149.100.155.216:443 | asosemillerosdelibertad.com | tcp |
| US | 199.189.224.75:443 | aldinewestfieldtso.com | tcp |
| US | 132.148.77.219:80 | vacuumbagsuppliers.com | tcp |
| FR | 178.16.128.88:443 | voxloreconsultancy.com | tcp |
| IN | 68.178.154.1:443 | tpsrinternationals.com | tcp |
| SG | 217.21.74.164:443 | virndavanchemicals.com | tcp |
| JP | 160.251.71.125:443 | tsubakurame-travel.com | tcp |
| US | 162.241.2.126:443 | vitalsenseproducts.com | tcp |
| SG | 194.163.41.130:443 | villaciaterbooking.com | tcp |
| US | 195.179.239.116:443 | vintagedesignerhub.com | tcp |
| DE | 217.160.0.160:443 | vitalcenter-kroker.de | tcp |
| FR | 188.165.130.254:443 | veterinariovirtual.com | tcp |
| US | 50.116.112.251:443 | vidabemequilibrada.com | tcp |
| US | 66.45.232.107:443 | unitedmaildelivery.com | tcp |
| US | 108.167.164.130:443 | unaverdaderalocura.com | tcp |
| US | 162.241.63.81:443 | vitorcostaadvogado.com | tcp |
| US | 8.8.8.8:53 | www.jussihaikka.com | udp |
| US | 8.8.8.8:53 | webdesignbyjustina.com | udp |
| US | 8.8.8.8:53 | wahibaweddingdress.com | udp |
| US | 8.8.8.8:53 | www.wellfitsupplychain.com | udp |
| US | 8.8.8.8:53 | udoctowereniy-vsem.com | udp |
| US | 8.8.8.8:53 | writingforrainbows.com | udp |
| US | 8.8.8.8:53 | workpermitsolution.com | udp |
| US | 8.8.8.8:53 | webdesigndispenser.com | udp |
| US | 8.8.8.8:53 | westlandmeadowsllc.com | udp |
| US | 8.8.8.8:53 | whitelanelogistics.com | udp |
| US | 8.8.8.8:53 | wptemplateslibrary.com | udp |
| US | 8.8.8.8:53 | xedapdienquangngai.com | udp |
| US | 8.8.8.8:53 | youracademictutors.com | udp |
| US | 8.8.8.8:53 | yogavidaespiritual.com | udp |
| US | 8.8.8.8:53 | yokozunarestaurant.com | udp |
| US | 104.21.58.250:443 | udoctowereniy-vsem.com | tcp |
| FI | 31.217.196.224:443 | www.jussihaikka.com | tcp |
| GB | 109.228.50.194:443 | workpermitsolution.com | tcp |
| US | 172.67.175.62:443 | youracademictutors.com | tcp |
| DE | 49.12.214.248:443 | wptemplateslibrary.com | tcp |
| US | 50.87.178.156:443 | webdesigndispenser.com | tcp |
| US | 68.70.164.21:443 | writingforrainbows.com | tcp |
| US | 216.246.46.90:443 | yogavidaespiritual.com | tcp |
| SG | 156.67.222.46:443 | xedapdienquangngai.com | tcp |
| US | 162.241.252.215:443 | westlandmeadowsllc.com | tcp |
| NL | 162.0.217.162:443 | wahibaweddingdress.com | tcp |
| US | 192.232.251.156:80 | whitelanelogistics.com | tcp |
| NL | 45.87.81.203:443 | webdesignbyjustina.com | tcp |
| CN | 60.205.179.175:443 | www.wellfitsupplychain.com | tcp |
| US | 8.8.8.8:53 | yourexcellentoffer.com | udp |
| US | 8.8.8.8:53 | zafirosbluejewelry.com | udp |
| GB | 87.239.18.237:443 | yokozunarestaurant.com | tcp |
| US | 8.8.8.8:53 | zhejiangtrans-cont.com | udp |
| US | 8.8.8.8:53 | 201citycentredrive.com | udp |
| US | 8.8.8.8:53 | 10bestbettingdeals.com | udp |
| US | 8.8.8.8:53 | 30diaszerogorduras.com | udp |
| US | 8.8.8.8:53 | yourdigitaldesires.com | udp |
| US | 8.8.8.8:53 | zacharybergerondev.com | udp |
| US | 8.8.8.8:53 | zenterinteriorismo.com | udp |
| US | 8.8.8.8:53 | zypern-geheimtipps.com | udp |
| US | 8.8.8.8:53 | 20gladstoneave-501.com | udp |
| US | 8.8.8.8:53 | 12meterengineering.com | udp |
| US | 8.8.8.8:53 | acefoundationnepal.com | udp |
| US | 8.8.8.8:53 | www.agentdomainbrokers.com | udp |
| US | 8.8.8.8:53 | ahellofalotofglass.com | udp |
| US | 8.8.8.8:53 | alanbluntvoiceover.com | udp |
| US | 8.8.8.8:53 | algirdasjanilionis.com | udp |
| US | 8.8.8.8:53 | affirmfroticulture.com | udp |
| US | 8.8.8.8:53 | albentosatechnical.com | udp |
| US | 8.8.8.8:53 | alittlebitofrandom.com | udp |
| US | 8.8.8.8:53 | udoctowerenju-vsem.com | udp |
| US | 8.8.8.8:53 | aiwithfinancetoday.com | udp |
| US | 104.130.29.165:443 | algirdasjanilionis.com | tcp |
| US | 98.129.229.110:80 | 20gladstoneave-501.com | tcp |
| US | 154.49.142.109:443 | zacharybergerondev.com | tcp |
| DE | 185.30.32.5:443 | zypern-geheimtipps.com | tcp |
| US | 162.241.203.105:443 | zafirosbluejewelry.com | tcp |
| US | 107.180.57.8:80 | zenterinteriorismo.com | tcp |
| US | 173.236.140.199:443 | alanbluntvoiceover.com | tcp |
| US | 104.21.18.201:443 | 10bestbettingdeals.com | tcp |
| IN | 217.21.91.19:443 | acefoundationnepal.com | tcp |
| US | 149.100.151.241:443 | ahellofalotofglass.com | tcp |
| CA | 216.251.43.98:443 | 201citycentredrive.com | tcp |
| ES | 81.25.112.52:443 | albentosatechnical.com | tcp |
| US | 162.241.24.179:443 | alittlebitofrandom.com | tcp |
| ID | 103.241.192.17:443 | agrikulturblessing.com | tcp |
| US | 198.12.217.39:80 | affirmfroticulture.com | tcp |
| US | 162.241.225.216:443 | yourdigitaldesires.com | tcp |
| PL | 37.252.7.83:443 | zhejiangtrans-cont.com | tcp |
| IN | 43.225.54.40:443 | 12meterengineering.com | tcp |
| US | 66.235.200.113:443 | aiwithfinancetoday.com | tcp |
| US | 104.21.22.242:443 | udoctowerenju-vsem.com | tcp |
| US | 192.185.221.182:443 | 30diaszerogorduras.com | tcp |
| US | 108.167.169.83:443 | yourexcellentoffer.com | tcp |
| US | 192.232.216.171:443 | www.agentdomainbrokers.com | tcp |
| US | 8.8.8.8:53 | allpachaconsulperu.com | udp |
| US | 8.8.8.8:53 | amartinezmarketing.com | udp |
| US | 8.8.8.8:53 | almizancontracting.com | udp |
| US | 8.8.8.8:53 | www.amritafashionindia.com | udp |
| US | 8.8.8.8:53 | almanzahandymanllc.com | udp |
| US | 8.8.8.8:53 | alnada-landscaping.com | udp |
| US | 8.8.8.8:53 | www.antillawassociates.com | udp |
| US | 8.8.8.8:53 | amplificasolutions.com | udp |
| US | 8.8.8.8:53 | anjelbluerehearsal.com | udp |
| US | 8.8.8.8:53 | www.sultan-ul-faqr-publications.net | udp |
| US | 8.8.8.8:53 | arackazasitazminat.com | udp |
| US | 8.8.8.8:53 | arcapiplanejamento.com | udp |
| US | 8.8.8.8:53 | rdreboot.org | udp |
| US | 8.8.8.8:53 | pdi-k.org | udp |
| US | 8.8.8.8:53 | s3-c.org | udp |
| US | 8.8.8.8:53 | abcua.org | udp |
| US | 8.8.8.8:53 | kub77.org | udp |
| US | 8.8.8.8:53 | zdcc.org | udp |
| GB | 154.49.138.58:443 | alnada-landscaping.com | tcp |
| US | 8.8.8.8:53 | a41yb.org | udp |
| US | 8.8.8.8:53 | mynfc.org | udp |
| US | 8.8.8.8:53 | ci-ec.org | udp |
| US | 8.8.8.8:53 | zamob.org | udp |
| US | 8.8.8.8:53 | psaca.org | udp |
| US | 104.18.185.50:443 | amplificasolutions.com | tcp |
| US | 192.250.227.26:443 | allpachaconsulperu.com | tcp |
| US | 198.12.80.61:443 | www.sultan-ul-faqr-publications.net | tcp |
| US | 162.241.218.229:443 | amartinezmarketing.com | tcp |
| US | 134.209.116.175:443 | www.anjelbluerehearsal.com | tcp |
| US | 89.117.139.157:443 | almanzahandymanllc.com | tcp |
| US | 35.83.158.210:443 | vogelconstructiontreeremoval.net | tcp |
| US | 198.38.88.244:443 | allcountrycouriers.com | tcp |
| US | 205.196.220.194:443 | almizancontracting.com | tcp |
| TR | 104.247.167.3:443 | arackazasitazminat.com | tcp |
| US | 162.241.63.81:443 | arcapiplanejamento.com | tcp |
| DE | 178.162.206.251:443 | zdcc.org | tcp |
| IN | 89.117.157.163:443 | psaca.org | tcp |
| US | 172.67.209.195:443 | abcua.org | tcp |
| CA | 51.161.119.80:443 | pdi-k.org | tcp |
| US | 68.178.221.97:443 | a41yb.org | tcp |
| GB | 185.77.97.74:443 | ci-ec.org | tcp |
| US | 45.79.171.66:443 | www.amritafashionindia.com | tcp |
| IN | 103.133.214.219:443 | www.antillawassociates.com | tcp |
| DE | 75.119.140.183:443 | zamob.org | tcp |
| US | 8.8.8.8:53 | oavio.org | udp |
| US | 8.8.8.8:53 | palte.org | udp |
| US | 8.8.8.8:53 | all239.org | udp |
| DE | 217.11.48.198:443 | palte.org | tcp |
| US | 8.8.8.8:53 | admsrs.org | udp |
| US | 8.8.8.8:53 | lurnin.org | udp |
| US | 8.8.8.8:53 | www.alanbluntvoiceover.com | udp |
| US | 8.8.8.8:53 | r4camp.org | udp |
| US | 8.8.8.8:53 | komele.org | udp |
| US | 8.8.8.8:53 | bestrv.org | udp |
| VN | 202.92.7.54:443 | bestrv.org | tcp |
| US | 8.8.8.8:53 | bkb222.org | udp |
| US | 8.8.8.8:53 | www.inaven.org | udp |
| US | 184.106.55.136:443 | r4camp.org | tcp |
| US | 8.8.8.8:53 | mhorsc.org | udp |
| US | 8.8.8.8:53 | gaby-r.org | udp |
| US | 8.8.8.8:53 | nokari.org | udp |
| US | 8.8.8.8:53 | pgs168.org | udp |
| US | 8.8.8.8:53 | flgolf.org | udp |
| ZA | 169.1.24.167:80 | oavio.org | tcp |
| US | 8.8.8.8:53 | cvgspc.org | udp |
| IN | 195.35.44.237:443 | lurnin.org | tcp |
| US | 173.236.140.199:443 | www.alanbluntvoiceover.com | tcp |
| US | 8.8.8.8:53 | reilux.org | udp |
| BR | 154.49.247.54:443 | admsrs.org | tcp |
| US | 63.250.43.12:80 | komele.org | tcp |
| US | 50.62.223.8:80 | mhorsc.org | tcp |
| US | 34.202.155.123:443 | www.inaven.org | tcp |
| US | 104.21.24.33:443 | bkb222.org | tcp |
| US | 172.67.162.136:443 | pgs168.org | tcp |
| IN | 62.72.28.193:443 | nokari.org | tcp |
| US | 216.69.172.57:80 | reilux.org | tcp |
| US | 162.159.137.9:443 | s3-c.org | tcp |
| FR | 89.117.169.156:443 | gaby-r.org | tcp |
| US | 63.250.43.16:80 | flgolf.org | tcp |
| US | 104.21.15.195:443 | cvgspc.org | tcp |
| US | 8.8.8.8:53 | enhancemyrochestervisit.com | udp |
| US | 8.8.8.8:53 | gshousecleaningservices.com | udp |
| US | 8.8.8.8:53 | smoothoperatorexcavation.com | udp |
| US | 8.8.8.8:53 | produto-oficial-desconto.com | udp |
| US | 8.8.8.8:53 | strengthandstylemamalife.com | udp |
| US | 8.8.8.8:53 | energie-musik.online | udp |
| US | 8.8.8.8:53 | worldwebnews.org | udp |
| US | 8.8.8.8:53 | hilandosuenosinfrontera.com | udp |
| US | 8.8.8.8:53 | thisintentionalfarmhouse.com | udp |
| US | 198.185.159.145:80 | thisintentionalfarmhouse.com | tcp |
| US | 134.209.116.175:443 | www.anjelbluerehearsal.com | tcp |
| DE | 81.169.145.82:443 | energie-musik.online | tcp |
| US | 162.241.224.191:443 | enhancemyrochestervisit.com | tcp |
| US | 162.241.217.153:443 | gshousecleaningservices.com | tcp |
| US | 8.8.8.8:53 | www.almizancontracting.com | udp |
| US | 8.8.8.8:53 | albanianchefs.org | udp |
| US | 8.8.8.8:53 | dissertationconsultingcompany.com | udp |
| US | 8.8.8.8:53 | zunimakandai.org | udp |
| US | 8.8.8.8:53 | legalreliance.net | udp |
Files
memory/1456-1-0x0000000001AE0000-0x0000000001BE0000-memory.dmp
memory/1456-2-0x0000000000220000-0x000000000022B000-memory.dmp
memory/1456-3-0x0000000000400000-0x0000000001A2E000-memory.dmp
memory/1188-4-0x0000000002A00000-0x0000000002A16000-memory.dmp
memory/1456-5-0x0000000000400000-0x0000000001A2E000-memory.dmp
memory/1456-8-0x0000000000220000-0x000000000022B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\90EA.exe
| MD5 | 398ab69b1cdc624298fbc00526ea8aca |
| SHA1 | b2c76463ae08bb3a08accfcbf609ec4c2a9c0821 |
| SHA256 | ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be |
| SHA512 | 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739 |
memory/2600-18-0x0000000003500000-0x00000000036B8000-memory.dmp
memory/2600-19-0x0000000003500000-0x00000000036B8000-memory.dmp
memory/2600-20-0x00000000036C0000-0x0000000003877000-memory.dmp
memory/2556-23-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2556-25-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2556-28-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2600-29-0x0000000003500000-0x00000000036B8000-memory.dmp
memory/2556-30-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2556-31-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2556-33-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2556-34-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\9A8C.dll
| MD5 | 29eb6d30843e8be8868fa094be34ce1d |
| SHA1 | 9bfb7fa1d52b4747597c89fadbb2ed783955fcc2 |
| SHA256 | 5ef77adb0b5b0981d5c1f14c7a1623d5b49f38ef441ed7cd1f660ed675e17548 |
| SHA512 | 191b68119ab6388b5775d9981b8c2537e42306709ed4c33fe2463dca8015abc48fe90b66394d3f70ffe38200c1b211feb24e9df3c6136566b001488daf06e3e9 |
\Users\Admin\AppData\Local\Temp\9A8C.dll
| MD5 | 9b1697d40dfd386fdd7e9327844f301a |
| SHA1 | e75defb119e2c7b7d3f75ab70a100ec504af5ebf |
| SHA256 | 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d |
| SHA512 | 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69 |
memory/2556-38-0x00000000002F0000-0x00000000002F6000-memory.dmp
memory/2556-37-0x0000000010000000-0x0000000010202000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\B1A5.exe
| MD5 | a8fe670b3ab918eeccfdff60c25065d2 |
| SHA1 | d750ba304a3c8ae55a10ac3fcf9f453242f5f323 |
| SHA256 | 16ba9b1328a1a46dcdde254deeb606f75170de93d119625b6abff6a852a69073 |
| SHA512 | a0666b1731bfde9a46389fd3d66111965ea56ac4a830840216ed0e42b3251729a163a33c20615794a22184f4ac141b30eaddf71489d44bfa5aefb6c545c21250 |
C:\Users\Admin\AppData\Local\Temp\B1A5.exe
| MD5 | f91e6518af35079e630a8b201c535ce3 |
| SHA1 | 50dd76b16682b650abc74fa9b1ad44dabc4c9e94 |
| SHA256 | b03165a8b75d10756366d3f32af6f0a69e646ebfee6c0ab86f7f588e57276bf6 |
| SHA512 | 1e168dd37410dcd4348f53882243fe47c22c13b4a7e3e282a8082af202499e2138d4f7ba6b5c3e8fd5bef6f8f9e47bc16f332ef3060025df5ec3339fc6a11ecf |
memory/2516-45-0x0000000000100000-0x0000000000101000-memory.dmp
memory/2516-47-0x0000000000240000-0x0000000000B31000-memory.dmp
memory/2516-48-0x0000000000100000-0x0000000000101000-memory.dmp
memory/2516-50-0x0000000000100000-0x0000000000101000-memory.dmp
memory/2516-51-0x0000000077E20000-0x0000000077E21000-memory.dmp
memory/2516-61-0x0000000000240000-0x0000000000B31000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\B760.exe
| MD5 | a1b5ee1b9649ab629a7ac257e2392f8d |
| SHA1 | dc1b14b6d57589440fb3021c9e06a3e3191968dc |
| SHA256 | 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65 |
| SHA512 | 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b |
memory/2556-62-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2176-64-0x0000000001BF0000-0x0000000001CF0000-memory.dmp
memory/2176-65-0x0000000000220000-0x000000000028B000-memory.dmp
\Users\Admin\AppData\Local\Temp\9A8C.dll
| MD5 | 0012ac26bf504a2582054f6827a3cc05 |
| SHA1 | eddbffa5fc96bbe983e30edede7f127a96f1a281 |
| SHA256 | c99b4a3a0f343cb17953ec6fe0c9e2c7d4b1f5dd2e106a4fa57e53109d1ca7d2 |
| SHA512 | 7d4fe474fa0f2b320ce0800a15de6d8d6eeccb85de3b8a518a4b3a749119d8781f7a9467a7ef2d7d8cd30e72b127fcc36294b9c1c6b4d0f3af43502745a695d8 |
memory/2516-66-0x0000000000110000-0x0000000000111000-memory.dmp
memory/2176-71-0x0000000000400000-0x0000000001A77000-memory.dmp
memory/2580-72-0x0000000000140000-0x0000000000146000-memory.dmp
memory/2556-73-0x0000000002B80000-0x0000000002CA8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\D51E.exe
| MD5 | efcceadb41fc40a3084b944e29dbfaa5 |
| SHA1 | 34d3470e7be7858a6551f14343b6767f3f7c744a |
| SHA256 | 9b1826f9664db9883fa57ba6a4222d7128551d350fae5cb5656492788ac8d4f3 |
| SHA512 | 9f9963a926bda7ba171d70691c2f628e080e8213cd6e7461cd71e82d743518aac326637e3595239785f9956b08dd6ee51d30202b0b7eecbdf32b2f72ce6db90c |
C:\Users\Admin\AppData\Local\Temp\D51E.exe
| MD5 | a5eaee79c509203a64517196ac442e00 |
| SHA1 | 281737b370ff0c74c7e76dcb033d24d5521b87f2 |
| SHA256 | 27a5adfe8600f5762bb7dcb2faaed1b4ce71bbd7ff42979fba2cc37a1dc54bb8 |
| SHA512 | 15a4dc213be9251a3da8beb304cd1ff59cc0c2b3774a338acafe4c5c1c3905ecbd296c78139f0734bf171090f31431e62ebdfe90ee53498b8074a6c0090eda84 |
memory/2556-79-0x0000000002CB0000-0x0000000002DBD000-memory.dmp
memory/2556-82-0x0000000002CB0000-0x0000000002DBD000-memory.dmp
memory/2732-84-0x0000000000F90000-0x000000000141C000-memory.dmp
memory/2556-85-0x0000000002CB0000-0x0000000002DBD000-memory.dmp
\Users\Admin\AppData\Local\Temp\B1A5.exe
| MD5 | 422efd9ff9778c9680f637aa2863147a |
| SHA1 | 2b66d1241b8736a4afa744b9dcd12b4f168d277d |
| SHA256 | 210fe9bfce6d2d036add4c17468625ebf6b460fd03619f31cec40b740b368a9b |
| SHA512 | 3dc0c31ae885ecb6fce936fa6fbc608d05c86abaa4f0a992ebb294c7aefe9c537c2f9bb62a81a2bf72f08854e2430166efdaf01e05e9d259c5e09e76ff55b6d4 |
memory/2732-92-0x00000000746E0000-0x0000000074DCE000-memory.dmp
memory/2556-93-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E46B.exe
| MD5 | f5e7a68d787bec3ebc78d57260f657aa |
| SHA1 | 9368677802b53f15bcb17a4075fb186b4e425de2 |
| SHA256 | 64cd0f08180ca0d679bbfdc6ced6e936351e9353ef9cc10373b9ce370e35a7fd |
| SHA512 | 10768f4ef872791282fb54fedbecae86c086bbe0cad33f64ce2233ab4da4d4d0ad2847cfe2d0bc6db8be2dc1ecc6bea86327e803bc7f579f4d4559c687d0ecc7 |
C:\Users\Admin\AppData\Local\Temp\E46B.exe
| MD5 | 0c3f7f76be32866fafcf1b1d26b831c3 |
| SHA1 | d7bb7e9437e922de417ce9e9102d2ee6cba7e9e7 |
| SHA256 | 454e17045a7dd1a6a36dc0a8dcf5dfeebcd0ea36436c94d793de80bd9f150fe2 |
| SHA512 | a09084ab2dd088b85b2dbce2e4973c91a372898eda91419c1a79058a53742cced45d87b1c67b2e8c5528c333a2bf0e16d005edcdf33da40626c3c7b07933ad1d |
memory/2176-100-0x0000000000400000-0x0000000001A77000-memory.dmp
\Users\Admin\AppData\Local\Temp\B1A5.exe
| MD5 | f4d95f3fa721b01f0ae7a9171a450525 |
| SHA1 | eaee627ea23b2e7f6a575dcd687526b75ca62268 |
| SHA256 | 403f4b48f9214bba2d09061f6aa429c12c4f57c87dc3732be85af07f00a3cfa8 |
| SHA512 | 61632c18960d35c77a52b0e7c986839c115122bc4d255082083088ba4f4ab4aa35b642bfdb8fc03faa79edf38dd9d7ac59d7f43f8a74c7f870be880127dc805b |
memory/2696-105-0x00000000001B0000-0x00000000001BB000-memory.dmp
memory/2696-104-0x00000000002D0000-0x00000000003D0000-memory.dmp
memory/2696-106-0x0000000000400000-0x00000000022D4000-memory.dmp
\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
| MD5 | 0564a9bf638169a89ccb3820a6b9a58e |
| SHA1 | 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb |
| SHA256 | 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058 |
| SHA512 | 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6 |
memory/1628-113-0x0000000001B20000-0x0000000001C20000-memory.dmp
memory/1628-114-0x0000000000320000-0x0000000000387000-memory.dmp
memory/1628-115-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/2580-116-0x0000000002290000-0x00000000023B8000-memory.dmp
memory/2580-117-0x00000000023C0000-0x00000000024CD000-memory.dmp
memory/2580-122-0x00000000023C0000-0x00000000024CD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 6894f1afe9d8909dcd076eb7527878fc |
| SHA1 | 7f6eec59bb7cfe18003b14a6873140ddcc56cd44 |
| SHA256 | d1d81eb5c1cde60dd0c4162fb13c0e98c3a0f1abb574eb072c3375134b528c2f |
| SHA512 | 48ef9f22d577effe46ffa76bb86e413740bcb577676bdc00aaadab72322e17a2345384b08defdfe5ae1b4775b359ab84c5f7fef7a0d8a14ee462347437c50a4f |
memory/2280-130-0x0000000003710000-0x0000000003B08000-memory.dmp
memory/2732-131-0x00000000746E0000-0x0000000074DCE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 3a40d0aaff97ddb91ddc200778c24b97 |
| SHA1 | dfdbef7bcedfd689da7d976438b6b49edfa0dc32 |
| SHA256 | 9d734c38e56911d196f0aa0c7ce493384ef54c4879e148100edab79dd96fde08 |
| SHA512 | 150e9278d991d1524f9fac048c2bc8bb9bef15bb3be7ac9f9efad8ae8229b68442e367456de350a01f308caccdb35df20bf608cd00f41314eb55ae4c170fb1b1 |
\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | d077cbc21dea554f1b2cbfdb9a2ea481 |
| SHA1 | 9bf25014a66abbf9ed5bb91a36475e8c8a9771ea |
| SHA256 | 622ed5417d294d55e0c945c34b5c6dba7305cc145280b110ebd911aafcb405f1 |
| SHA512 | 3a40c28ef368ab2df3bafc4067c12249c18d9f4e6fa89e5d8fbc1bdc20fc9a80841a559b7398dd7cf5b7c738eee161802e49665343c09aabf02455261b0c08e1 |
memory/2580-132-0x00000000023C0000-0x00000000024CD000-memory.dmp
\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 10b09df13dddbcc156c967399864d3ec |
| SHA1 | ec7ace622ea96ecb6de89951da9f26989fa35361 |
| SHA256 | fe4809b89c1f54d742607b35bcfea34617ad653b37a2efd147f807d28f73c84c |
| SHA512 | 2a7e5696727d83f08d7d1a38983d3c7b3a2525a5ce2d65208065f5f8eccef918ac331f698ebecae762f13f4fec901e9402194dd411dd54910c2092f60a00c4fe |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | 10adb4a0d84304222b0a4da9e964ba2c |
| SHA1 | 14cdca80b9cd4472d4411a45f7e993bec5a0fd10 |
| SHA256 | 41b5bd2c1b61018ffea60fc69ce3d0eb6a4b17ebaac5670418e848c74bc61563 |
| SHA512 | 96d8e0dfa072b0f677927b2fe503def25d8675fe1183ceeb27205f6c21bffbcb2145a29a8b1bc5d722602869411921a6f929e9192cfa8df7895c981a6c941b57 |
memory/2280-142-0x0000000003710000-0x0000000003B08000-memory.dmp
memory/1188-141-0x0000000003F10000-0x0000000003F26000-memory.dmp
memory/2696-144-0x0000000000400000-0x00000000022D4000-memory.dmp
memory/2556-148-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2280-151-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/2516-152-0x0000000000240000-0x0000000000B31000-memory.dmp
memory/2280-153-0x0000000003B10000-0x00000000043FB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\u198.0.exe
| MD5 | 93be272e3acc80d58f54e0fba157395a |
| SHA1 | 3cccc20aff960e61d20e88d11abdb9b63028c52d |
| SHA256 | 62a50ab9c4d16e5985c9b0ef3576fb910a0369fba24eea163e07ddb5d8b8a715 |
| SHA512 | 0bc4b1f9601bc627d20984d6ed1a51fae325caba143063d957cd623b1f927843205521c89676c095c13bf8ae7d8ac7a68749ab71adaabd248d1a0bf33a92bfe4 |
\Users\Admin\AppData\Local\Temp\u198.0.exe
| MD5 | 3fa7093a3bae2761e710c2e1c5761d55 |
| SHA1 | 17c7c99f9b9a471a64595a3a25466a671f6474d2 |
| SHA256 | 67c6e3b24b560b18cb575c304519c2be79cbc5cd7fd951c53aecfd36225a0488 |
| SHA512 | 27bade553d8aaf312edbfdf9f55ed8cb8b7cfc414a55f7f60661dea3e455db23987ddb414d45108350486461ad3673b680dfefd84398175ac77bbe507e800154 |
\Users\Admin\AppData\Local\Temp\u198.0.exe
| MD5 | b54bc8b501dd458cb22576e843c84ea0 |
| SHA1 | 12fa6fe1678f38a0be2416b5a2b8ece5ee3a68dd |
| SHA256 | bf39cf190e603b7846806d5d20c36746b3436949ef938444dcaea3b5ec0d77d3 |
| SHA512 | 030dc3394ccbb013cb6a2b03023bc1b1b3361b1118a092487226cfb6781b96eb6447dfc7963f3c4e88ccbddc3960723482d2f46abb566fbdecffd89d16452bfe |
C:\Users\Admin\AppData\Local\Temp\u198.0.exe
| MD5 | 4ab635ea0d7f8ad4b954c466aa00b3a2 |
| SHA1 | 333b7d4a74f3d2a69a892a381d0379b805cf44b6 |
| SHA256 | cab368b149fec61257a74f85e39ddec9c5c687f88c4ba55213cd9be88d0ee825 |
| SHA512 | c1bdb157eb529aa03c6cd3f36564ffcdcad6fe7d1b35183916fc61b91115c199347cf65c427a5732412ab5cc8fe044189c0772555e96badf32ec970efb02fbcc |
\Users\Admin\AppData\Local\Temp\u198.0.exe
| MD5 | d0de3ce247b4ebb9b0778563f7bb3a47 |
| SHA1 | 20259867152e73d0027da63f8c351c4e911690ca |
| SHA256 | de333c544b3def02e10b7a8d1c3677efbcbb010ecce2b601573dae1584b9cc1f |
| SHA512 | 3811fe4864c154ee020a6c158557e1d42e8ef954c836192acb19241343ad01a2c21e69960f4780b5e2404bf963de0e51cf01fe0ed2b012c8cbec95b36c21661d |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 17f94068434b0aab075a9099c913d9c6 |
| SHA1 | 305ac6c5aba3519cc49991af8123919a36aeb809 |
| SHA256 | 2df85dcfdf77ced100f6278bd897f8c2b5bf2ad4cd883224cad6c2584feb479e |
| SHA512 | 1026d38a5f5d1a3949ce434749b0c4e73123e1a1bf7ab96e5fdc8e042699410f9a59875f6a03e4ca7ebc8b280e8b8cfb966bf7262e447d661ac264ac4d9b1183 |
memory/2132-174-0x00000000023C0000-0x00000000024C0000-memory.dmp
memory/2132-175-0x0000000000220000-0x0000000000247000-memory.dmp
memory/1628-189-0x0000000004690000-0x0000000004BC0000-memory.dmp
memory/1924-197-0x0000000000400000-0x0000000000930000-memory.dmp
memory/1628-196-0x0000000004690000-0x0000000004BC0000-memory.dmp
memory/2176-195-0x0000000001BF0000-0x0000000001CF0000-memory.dmp
memory/1924-200-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/1628-190-0x0000000000400000-0x0000000001A4B000-memory.dmp
memory/1628-193-0x0000000004690000-0x0000000004BC0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\u198.1.exe
| MD5 | 5b87828ea000c7111084d8beed17175e |
| SHA1 | e8aa3848e39c449051702a333e608fafd2e5330f |
| SHA256 | 1a557fae2d39d06392f4bea760fb72c87f0959a7c3ac66865e36f316866f57d3 |
| SHA512 | 56b0d0e5422b89a4659969f59570962dbb267fde913ed051fbedf3d66653c9c23d15c945a6ae8ce5570af010b3671eb0be085e8afb44c3088def9f423290f385 |
memory/1628-191-0x0000000004690000-0x0000000004BC0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | 3c1b44e28ca46891b574051d5a511a2b |
| SHA1 | cc1fc20d63928ee1d1bcca45435aa89739c8c85a |
| SHA256 | 4fc874a9518f4cce8abb64f84d3e940e47bb6eaea51ca596a0fec328520ab46a |
| SHA512 | 7f3f0e8c6f3c898a3ffe900e42fd414705b59369ad983b9933617e9a1fc22d1a721b236707ba9f7446e898974800ab1d882d19e43fbec01288a11a48819ec158 |
memory/2132-176-0x0000000000400000-0x00000000022DC000-memory.dmp
memory/2280-203-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/2556-206-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2132-213-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/2132-215-0x0000000000400000-0x00000000022DC000-memory.dmp
memory/1924-221-0x0000000000400000-0x0000000000930000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 33d74d115cc4191be2e44692a57be71f |
| SHA1 | 2a4305b4824b31b7cfdb453f59eaa2604fa68fd0 |
| SHA256 | 9f5f8f25b9e37a7dbf5187eab36eacdb6df5ef54b0aed9925215f4a107c1b652 |
| SHA512 | 3cd70b2f8ac3a6fb475314ff0a4499280535bf1e6342521cac942a07ae714a06d801352498ce1d8784aced57c4e38944eb510f65f14baf579f23a55cd2def493 |
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
memory/2280-278-0x0000000000400000-0x0000000001E0F000-memory.dmp
\ProgramData\nss3.dll
| MD5 | fada44e603802b3e1b55dfb05354a78d |
| SHA1 | 16520f1886797ab2a443425a2e51c0fcf24ebfaf |
| SHA256 | 49e110d9673e51ef929f986d7caf16d222581263af14153cd9a3caf390e6a9c3 |
| SHA512 | 3271434a5c0c34d519290888dd878b07c42e71971ad245d373ac923d3d1f1484c181fa2b69b154473ad48f25d7b4cfb904dab90d2d6ebdf3225871911c2a8ac6 |
memory/2632-304-0x00000000038B0000-0x0000000003CA8000-memory.dmp
\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/2632-319-0x0000000000400000-0x0000000001E0F000-memory.dmp
memory/2132-491-0x0000000000400000-0x00000000022DC000-memory.dmp