Malware Analysis Report

2024-11-30 05:03

Sample ID 240229-gmtb9agd2z
Target d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe
SHA256 d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910
Tags
dcrat glupteba lumma smokeloader pub1 backdoor bootkit discovery dropper evasion infostealer loader persistence rat spyware stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910

Threat Level: Known bad

The file d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe was found to be: Known bad.

Malicious Activity Summary

dcrat glupteba lumma smokeloader pub1 backdoor bootkit discovery dropper evasion infostealer loader persistence rat spyware stealer trojan upx

Lumma Stealer

SmokeLoader

Glupteba

Glupteba payload

DcRat

Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

Detects executables containing artifacts associated with disabling Widnows Defender

Detects executables Discord URL observed in first stage droppers

Detects Windows executables referencing non-Windows User-Agents

UPX dump on OEP (original entry point)

Detects executables referencing many varying, potentially fake Windows User-Agents

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Detect binaries embedding considerable number of MFA browser extension IDs.

Detects executables containing URLs to raw contents of a Github gist

Downloads MZ/PE file

Modifies Windows Firewall

UPX packed file

Unexpected DNS network traffic destination

Checks computer location settings

Executes dropped EXE

Reads user/profile data of web browsers

Deletes itself

Loads dropped DLL

Reads data files stored by FTP clients

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Writes to the Master Boot Record (MBR)

Suspicious use of SetThreadContext

Enumerates physical storage devices

Program crash

Unsigned PE

Uses Task Scheduler COM API

Checks SCSI registry key(s)

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: MapViewOfSection

Creates scheduled task(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-29 05:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-29 05:55

Reported

2024-02-29 05:58

Platform

win10v2004-20240226-en

Max time kernel

78s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe"

Signatures

DcRat

rat infostealer dcrat
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\BC2C.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

SmokeLoader

trojan backdoor smokeloader

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects Windows executables referencing non-Windows User-Agents

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects executables Discord URL observed in first stage droppers

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects executables containing URLs to raw contents of a Github gist

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects executables containing artifacts associated with disabling Widnows Defender

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects executables referencing many varying, potentially fake Windows User-Agents

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\E311.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 62.102.148.68 N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\BC2C.exe N/A

Checks installed software on the system

discovery

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\AppData\Local\Temp\D8B0.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2932 set thread context of 4704 N/A C:\Users\Admin\AppData\Local\Temp\BC2C.exe C:\Users\Admin\AppData\Local\Temp\BC2C.exe

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\EEBA.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\EEBA.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\EEBA.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\u12o.0.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\u12o.0.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-602 = "Taipei Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2592 = "Tocantins Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2142 = "Transbaikal Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-42 = "E. South America Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2872 = "Magallanes Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-211 = "Pacific Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-1931 = "Russia TZ 11 Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-562 = "SE Asia Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-591 = "Malay Peninsula Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-512 = "Central Asia Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-105 = "Central Brazilian Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-411 = "E. Africa Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-1472 = "Magadan Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-242 = "Samoa Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-181 = "Mountain Daylight Time (Mexico)" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-71 = "Newfoundland Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-961 = "Paraguay Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2492 = "Aus Central W. Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-291 = "Central European Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-262 = "GMT Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-432 = "Iran Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-192 = "Mountain Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-449 = "Azerbaijan Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2432 = "Cuba Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2411 = "Marquesas Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-542 = "Myanmar Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-92 = "Pacific SA Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-752 = "Tonga Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-541 = "Myanmar Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-215 = "Pacific Standard Time (Mexico)" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-402 = "Arabic Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-81 = "Atlantic Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-672 = "AUS Eastern Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-161 = "Central Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-891 = "Morocco Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-282 = "Central Europe Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-1842 = "Russia TZ 4 Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-151 = "Central America Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2512 = "Lord Howe Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-241 = "Samoa Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-692 = "Tasmania Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-281 = "Central Europe Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-682 = "E. Australia Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-435 = "Georgian Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-372 = "Jerusalem Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-214 = "Pacific Daylight Time (Mexico)" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-3142 = "South Sudan Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-2571 = "Turks and Caicos Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-261 = "GMT Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-32 = "Mid-Atlantic Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-962 = "Paraguay Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-382 = "South Africa Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-691 = "Tasmania Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-462 = "Afghanistan Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-104 = "Central Brazilian Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-171 = "Central Daylight Time (Mexico)" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32\,@tzres.dll,-1721 = "Libya Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\u12o.1.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3488 wrote to memory of 2932 N/A N/A C:\Users\Admin\AppData\Local\Temp\BC2C.exe
PID 3488 wrote to memory of 2932 N/A N/A C:\Users\Admin\AppData\Local\Temp\BC2C.exe
PID 3488 wrote to memory of 2932 N/A N/A C:\Users\Admin\AppData\Local\Temp\BC2C.exe
PID 2932 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\BC2C.exe C:\Users\Admin\AppData\Local\Temp\BC2C.exe
PID 2932 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\BC2C.exe C:\Users\Admin\AppData\Local\Temp\BC2C.exe
PID 2932 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\BC2C.exe C:\Users\Admin\AppData\Local\Temp\BC2C.exe
PID 2932 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\BC2C.exe C:\Users\Admin\AppData\Local\Temp\BC2C.exe
PID 2932 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\BC2C.exe C:\Users\Admin\AppData\Local\Temp\BC2C.exe
PID 2932 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\BC2C.exe C:\Users\Admin\AppData\Local\Temp\BC2C.exe
PID 2932 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\BC2C.exe C:\Users\Admin\AppData\Local\Temp\BC2C.exe
PID 2932 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\BC2C.exe C:\Users\Admin\AppData\Local\Temp\BC2C.exe
PID 3488 wrote to memory of 4616 N/A N/A C:\Windows\system32\regsvr32.exe
PID 3488 wrote to memory of 4616 N/A N/A C:\Windows\system32\regsvr32.exe
PID 4616 wrote to memory of 1460 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4616 wrote to memory of 1460 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4616 wrote to memory of 1460 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3488 wrote to memory of 440 N/A N/A C:\Users\Admin\AppData\Local\Temp\D5EF.exe
PID 3488 wrote to memory of 440 N/A N/A C:\Users\Admin\AppData\Local\Temp\D5EF.exe
PID 3488 wrote to memory of 440 N/A N/A C:\Users\Admin\AppData\Local\Temp\D5EF.exe
PID 3488 wrote to memory of 3052 N/A N/A C:\Users\Admin\AppData\Local\Temp\D8B0.exe
PID 3488 wrote to memory of 3052 N/A N/A C:\Users\Admin\AppData\Local\Temp\D8B0.exe
PID 3488 wrote to memory of 3052 N/A N/A C:\Users\Admin\AppData\Local\Temp\D8B0.exe
PID 3488 wrote to memory of 1400 N/A N/A C:\Users\Admin\AppData\Local\Temp\E311.exe
PID 3488 wrote to memory of 1400 N/A N/A C:\Users\Admin\AppData\Local\Temp\E311.exe
PID 3488 wrote to memory of 1400 N/A N/A C:\Users\Admin\AppData\Local\Temp\E311.exe
PID 3488 wrote to memory of 4568 N/A N/A C:\Users\Admin\AppData\Local\Temp\EEBA.exe
PID 3488 wrote to memory of 4568 N/A N/A C:\Users\Admin\AppData\Local\Temp\EEBA.exe
PID 3488 wrote to memory of 4568 N/A N/A C:\Users\Admin\AppData\Local\Temp\EEBA.exe
PID 1400 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\E311.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 1400 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\E311.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 1400 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\E311.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 1400 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\E311.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 1400 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\E311.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 1400 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\E311.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 1392 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u12o.0.exe
PID 1392 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u12o.0.exe
PID 1392 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u12o.0.exe
PID 1392 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u12o.1.exe
PID 1392 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u12o.1.exe
PID 1392 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u12o.1.exe
PID 452 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\u12o.1.exe C:\Windows\SysWOW64\cmd.exe
PID 452 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\u12o.1.exe C:\Windows\SysWOW64\cmd.exe
PID 452 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\u12o.1.exe C:\Windows\SysWOW64\cmd.exe
PID 3624 wrote to memory of 4084 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 3624 wrote to memory of 4084 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 3624 wrote to memory of 4084 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 3624 wrote to memory of 3852 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3624 wrote to memory of 3852 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3624 wrote to memory of 3852 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 4352 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4352 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4352 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4848 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4848 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4848 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe

"C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe"

C:\Users\Admin\AppData\Local\Temp\BC2C.exe

C:\Users\Admin\AppData\Local\Temp\BC2C.exe

C:\Users\Admin\AppData\Local\Temp\BC2C.exe

C:\Users\Admin\AppData\Local\Temp\BC2C.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\C303.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\C303.dll

C:\Users\Admin\AppData\Local\Temp\D5EF.exe

C:\Users\Admin\AppData\Local\Temp\D5EF.exe

C:\Users\Admin\AppData\Local\Temp\D8B0.exe

C:\Users\Admin\AppData\Local\Temp\D8B0.exe

C:\Users\Admin\AppData\Local\Temp\E311.exe

C:\Users\Admin\AppData\Local\Temp\E311.exe

C:\Users\Admin\AppData\Local\Temp\EEBA.exe

C:\Users\Admin\AppData\Local\Temp\EEBA.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Users\Admin\AppData\Local\Temp\u12o.0.exe

"C:\Users\Admin\AppData\Local\Temp\u12o.0.exe"

C:\Users\Admin\AppData\Local\Temp\u12o.1.exe

"C:\Users\Admin\AppData\Local\Temp\u12o.1.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 1392 -ip 1392

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 1580

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4824 -ip 4824

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 2148

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\system32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\rss\csrss.exe

C:\Windows\rss\csrss.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4848 -ip 4848

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 752

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SYSTEM32\schtasks.exe

schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F

C:\Windows\SYSTEM32\schtasks.exe

schtasks /delete /tn ScheduledUpdate /f

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll

Network

Country Destination Domain Proto
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
US 8.8.8.8:53 120.85.215.91.in-addr.arpa udp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 19.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 trmpc.com udp
IR 151.233.51.166:80 trmpc.com tcp
US 8.8.8.8:53 166.51.233.151.in-addr.arpa udp
US 8.8.8.8:53 joly.bestsup.su udp
US 104.21.29.103:80 joly.bestsup.su tcp
US 8.8.8.8:53 resergvearyinitiani.shop udp
US 172.67.217.100:443 resergvearyinitiani.shop tcp
DE 185.172.128.90:80 185.172.128.90 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 103.29.21.104.in-addr.arpa udp
US 8.8.8.8:53 100.217.67.172.in-addr.arpa udp
US 8.8.8.8:53 90.128.172.185.in-addr.arpa udp
DE 185.172.128.127:80 185.172.128.127 tcp
US 8.8.8.8:53 127.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
DE 185.172.128.127:80 185.172.128.127 tcp
DE 185.172.128.109:80 185.172.128.109 tcp
US 8.8.8.8:53 109.128.172.185.in-addr.arpa udp
DE 185.220.101.205:10205 tcp
US 199.249.230.115:443 tcp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
DE 88.198.112.25:9001 tcp
US 104.149.139.42:8080 tcp
DE 185.172.128.145:80 185.172.128.145 tcp
US 8.8.8.8:53 145.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 technologyenterdo.shop udp
US 172.67.180.132:443 technologyenterdo.shop tcp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
SE 62.102.148.68:53 tcp
DE 131.188.40.189:443 tcp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 detectordiscusser.shop udp
US 104.21.60.92:443 detectordiscusser.shop tcp
US 8.8.8.8:53 132.180.67.172.in-addr.arpa udp
US 8.8.8.8:53 189.40.188.131.in-addr.arpa udp
US 8.8.8.8:53 92.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 associationokeo.shop udp
US 104.21.10.242:443 associationokeo.shop tcp
US 23.141.40.7:443 tcp
US 162.251.116.10:443 tcp
US 8.8.8.8:53 191.202.67.172.in-addr.arpa udp
US 8.8.8.8:53 242.10.21.104.in-addr.arpa udp
US 8.8.8.8:53 10.116.251.162.in-addr.arpa udp
US 8.8.8.8:53 7.40.141.23.in-addr.arpa udp
N/A 127.0.0.1:50326 tcp
US 23.141.40.7:443 tcp
US 162.251.116.10:443 tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 kamsmad.com udp
KR 58.151.148.90:80 kamsmad.com tcp
US 8.8.8.8:53 c7a2a43c-2aa8-4947-9e3f-6083424d297b.uuid.localstats.org udp
KR 58.151.148.90:80 kamsmad.com tcp
US 8.8.8.8:53 90.148.151.58.in-addr.arpa udp
KR 58.151.148.90:80 kamsmad.com tcp
US 8.8.8.8:53 husngold.com udp
US 8.8.8.8:53 hyomblog.com udp
US 8.8.8.8:53 www.hypepeng.com udp
IN 217.21.84.90:443 husngold.com tcp
US 8.8.8.8:53 iammrroy.com udp
GB 91.238.162.87:443 www.hypepeng.com tcp
US 8.8.8.8:53 iamngugi.com udp
US 8.8.8.8:53 www.ibcollab.com udp
SG 165.22.103.167:443 hyomblog.com tcp
US 162.213.255.30:443 iamngugi.com tcp
US 8.8.8.8:53 idanoida.com udp
US 162.241.24.233:443 iammrroy.com tcp
US 8.8.8.8:53 iesnftjp.com udp
KR 58.151.148.90:80 kamsmad.com tcp
US 8.8.8.8:53 www.ilumifer.com udp
FR 109.234.165.176:443 www.ibcollab.com tcp
US 8.8.8.8:53 infohoya.com udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 90.84.21.217.in-addr.arpa udp
US 8.8.8.8:53 87.162.238.91.in-addr.arpa udp
US 8.8.8.8:53 ipaktech.com udp
US 8.8.8.8:53 irispola.com udp
GB 185.77.97.157:443 www.ilumifer.com tcp
US 8.8.8.8:53 isg-sady.com udp
KR 183.111.199.214:80 iesnftjp.com tcp
US 8.8.8.8:53 www.islayinn.com udp
US 8.8.8.8:53 www.issomode.com udp
US 162.241.217.24:443 irispola.com tcp
IN 103.92.235.18:443 idanoida.com tcp
JP 172.105.236.173:443 infohoya.com tcp
US 8.8.8.8:53 it-sonic.com udp
US 8.8.8.8:53 italysmo.com udp
US 8.8.8.8:53 itaxi786.com udp
US 8.8.8.8:53 itcloudb.com udp
GB 88.208.252.227:443 www.islayinn.com tcp
US 8.8.8.8:53 itsulbar.com udp
IT 89.46.226.31:443 www.issomode.com tcp
FI 135.181.4.163:443 it-sonic.com tcp
US 8.8.8.8:53 30.255.213.162.in-addr.arpa udp
US 8.8.8.8:53 176.165.234.109.in-addr.arpa udp
US 8.8.8.8:53 233.24.241.162.in-addr.arpa udp
US 8.8.8.8:53 24.217.241.162.in-addr.arpa udp
US 8.8.8.8:53 18.235.92.103.in-addr.arpa udp
US 8.8.8.8:53 iwcarver.com udp
CA 144.217.129.28:80 isg-sady.com tcp
FR 54.36.31.145:443 italysmo.com tcp
US 149.100.151.80:443 itaxi786.com tcp
US 8.8.8.8:53 javerbis.com udp
US 8.8.8.8:53 jagoraeg.com udp
ID 178.16.132.250:443 iwcarver.com tcp
US 8.8.8.8:53 jayccobi.com udp
KR 146.56.136.247:80 itcloudb.com tcp
IR 94.74.145.16:443 javerbis.com tcp
US 8.8.8.8:53 jheeblog.com udp
ID 153.92.11.40:80 itsulbar.com tcp
US 8.8.8.8:53 www.jimeidao.com udp
US 8.8.8.8:53 joddnews.com udp
US 8.8.8.8:53 jaygblog.com udp
US 8.8.8.8:53 johnmiko.com udp
US 154.49.143.32:443 jagoraeg.com tcp
KR 141.164.44.16:443 jayccobi.com tcp
US 8.8.8.8:53 jongamer.com udp
KR 58.151.148.90:80 kamsmad.com tcp
US 8.8.8.8:53 juanvico.com udp
US 8.8.8.8:53 214.199.111.183.in-addr.arpa udp
US 8.8.8.8:53 173.236.105.172.in-addr.arpa udp
US 8.8.8.8:53 227.252.208.88.in-addr.arpa udp
US 8.8.8.8:53 31.226.46.89.in-addr.arpa udp
US 8.8.8.8:53 163.4.181.135.in-addr.arpa udp
US 8.8.8.8:53 145.31.36.54.in-addr.arpa udp
US 8.8.8.8:53 28.129.217.144.in-addr.arpa udp
US 8.8.8.8:53 157.97.77.185.in-addr.arpa udp
US 8.8.8.8:53 80.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 jootella.com udp
HK 121.127.241.125:443 www.jiutubao.com tcp
US 8.8.8.8:53 just-nmn.com udp
US 8.8.8.8:53 ilumifer.com udp
US 8.8.8.8:53 kaidao55.com udp
JP 167.179.67.105:443 jheeblog.com tcp
US 173.254.28.213:443 johnmiko.com tcp
HK 121.127.241.30:443 www.jimeidao.com tcp
SG 143.198.209.132:443 jaygblog.com tcp
US 31.170.161.119:443 jongamer.com tcp
IN 62.72.28.22:443 joddnews.com tcp
US 8.8.8.8:53 kanominc.com udp
US 8.8.8.8:53 karenvob.com udp
US 8.8.8.8:53 kijairan.com udp
US 8.8.8.8:53 www.kite-fly.com udp
US 8.8.8.8:53 kokainet.com udp
SG 104.248.144.174:443 juanvico.com tcp
US 8.8.8.8:53 kriketti.com udp
US 104.21.63.87:443 kaidao55.com tcp
GB 154.49.138.48:443 ilumifer.com tcp
US 104.21.78.192:443 jootella.com tcp
US 8.8.8.8:53 krjungbo.com udp
US 8.8.8.8:53 250.132.16.178.in-addr.arpa udp
US 8.8.8.8:53 16.145.74.94.in-addr.arpa udp
US 8.8.8.8:53 32.143.49.154.in-addr.arpa udp
US 8.8.8.8:53 40.11.92.153.in-addr.arpa udp
US 8.8.8.8:53 16.44.164.141.in-addr.arpa udp
US 8.8.8.8:53 119.161.170.31.in-addr.arpa udp
US 8.8.8.8:53 213.28.254.173.in-addr.arpa udp
US 8.8.8.8:53 krknewsy.com udp
JP 152.70.97.21:443 kanominc.com tcp
US 8.8.8.8:53 www.kuaituku.com udp
US 8.8.8.8:53 kyunglog.com udp
US 8.8.8.8:53 labsagna.com udp
FR 51.255.110.12:80 kijairan.com tcp
US 8.8.8.8:53 lambocdn.com udp
MX 216.238.81.214:80 kriketti.com tcp
US 8.8.8.8:53 lannitae.com udp
US 8.8.8.8:53 lathaspa.com udp
US 8.8.8.8:53 lcp-auto.com udp
BD 103.159.37.24:443 karenvob.com tcp
US 8.8.8.8:53 leondjay.com udp
US 8.8.8.8:53 lgilaser.com udp
SG 167.71.205.27:443 krjungbo.com tcp
US 8.8.8.8:53 www.lingtuku.com udp
US 8.8.8.8:53 www.lionidia.com udp
GB 154.49.138.184:443 krknewsy.com tcp
IN 103.187.238.41:443 www.kite-fly.com tcp
US 8.8.8.8:53 lowthity.com udp
US 8.8.8.8:53 125.241.127.121.in-addr.arpa udp
US 8.8.8.8:53 22.28.72.62.in-addr.arpa udp
US 8.8.8.8:53 30.241.127.121.in-addr.arpa udp
US 8.8.8.8:53 87.63.21.104.in-addr.arpa udp
US 8.8.8.8:53 48.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 174.144.248.104.in-addr.arpa udp
US 8.8.8.8:53 192.78.21.104.in-addr.arpa udp
US 8.8.8.8:53 12.110.255.51.in-addr.arpa udp
LT 84.32.84.32:443 lathaspa.com tcp
US 8.8.8.8:53 macaluxe.com udp
US 8.8.8.8:53 luffytwo.com udp
US 8.8.8.8:53 maescort.com udp
HK 121.127.241.34:443 www.kuaituku.com tcp
KR 158.247.207.85:443 kyunglog.com tcp
US 104.21.91.131:443 lannitae.com tcp
IR 193.141.65.182:443 lgilaser.com tcp
KR 58.151.148.90:80 kamsmad.com tcp
US 8.8.8.8:53 www.tyck.co.uk udp
NL 212.107.17.226:443 labsagna.com tcp
VN 103.77.162.18:443 lcp-auto.com tcp
FR 109.234.165.172:443 www.lionidia.com tcp
US 8.8.8.8:53 mania-pc.com udp
US 51.81.213.64:443 leondjay.com tcp
HK 121.127.241.125:443 www.lingtuku.com tcp
US 8.8.8.8:53 mankenai.com udp
US 8.8.8.8:53 maretaga.com udp
US 8.8.8.8:53 matasoca.com udp
ID 154.41.240.234:443 luffytwo.com tcp
US 172.67.138.105:80 maescort.com tcp
US 172.67.222.98:443 www.tyck.co.uk tcp
US 104.21.41.66:443 lowthity.com tcp
US 8.8.8.8:53 mbkmedya.com udp
US 8.8.8.8:53 mbtisite.com udp
US 8.8.8.8:53 21.97.70.152.in-addr.arpa udp
US 8.8.8.8:53 214.81.238.216.in-addr.arpa udp
US 8.8.8.8:53 24.37.159.103.in-addr.arpa udp
US 8.8.8.8:53 184.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 27.205.71.167.in-addr.arpa udp
US 8.8.8.8:53 32.84.32.84.in-addr.arpa udp
US 8.8.8.8:53 41.238.187.103.in-addr.arpa udp
US 8.8.8.8:53 131.91.21.104.in-addr.arpa udp
US 8.8.8.8:53 34.241.127.121.in-addr.arpa udp
US 8.8.8.8:53 226.17.107.212.in-addr.arpa udp
US 8.8.8.8:53 182.65.141.193.in-addr.arpa udp
US 8.8.8.8:53 172.165.234.109.in-addr.arpa udp
US 8.8.8.8:53 medrcoin.com udp
VN 202.92.7.103:443 macaluxe.com tcp
US 8.8.8.8:53 medusawp.com udp
US 8.8.8.8:53 merkenit.com udp
DE 78.159.117.65:80 maretaga.com tcp
US 185.28.21.214:443 mankenai.com tcp
US 162.241.218.25:443 mania-pc.com tcp
US 8.8.8.8:53 metodo14.com udp
US 8.8.8.8:53 mianadri.com udp
US 8.8.8.8:53 minhathk.com udp
SG 156.67.222.121:443 matasoca.com tcp
US 8.8.8.8:53 misxvluz.com udp
US 8.8.8.8:53 mmcdtech.com udp
US 8.8.8.8:53 www.mitubang.com udp
US 8.8.8.8:53 www.maescort.com udp
DE 188.34.149.114:443 medrcoin.com tcp
FR 154.49.245.3:443 medusawp.com tcp
IN 82.180.143.209:443 minhathk.com tcp
FI 95.217.83.76:443 mianadri.com tcp
US 172.67.196.216:443 metodo14.com tcp
US 8.8.8.8:53 mnstaqar.com udp
US 8.8.8.8:53 momohi88.com udp
US 8.8.8.8:53 montagsp.com udp
US 8.8.8.8:53 motorizz.com udp
US 8.8.8.8:53 85.207.247.158.in-addr.arpa udp
US 8.8.8.8:53 64.213.81.51.in-addr.arpa udp
US 8.8.8.8:53 18.162.77.103.in-addr.arpa udp
US 8.8.8.8:53 105.138.67.172.in-addr.arpa udp
US 8.8.8.8:53 98.222.67.172.in-addr.arpa udp
US 8.8.8.8:53 66.41.21.104.in-addr.arpa udp
US 8.8.8.8:53 234.240.41.154.in-addr.arpa udp
US 160.153.0.14:443 merkenit.com tcp
US 8.8.8.8:53 mudarimo.com udp
US 8.8.8.8:53 mnawarly.com udp
US 8.8.8.8:53 tyck.co.uk udp
TR 94.199.206.15:443 mbkmedya.com tcp
US 50.6.138.170:443 misxvluz.com tcp
US 162.241.216.104:443 mbtisite.com tcp
US 8.8.8.8:53 muhniyas.com udp
US 3.90.232.64:443 mmcdtech.com tcp
US 172.67.138.105:443 www.maescort.com tcp
HK 121.127.241.67:443 www.mitubang.com tcp
US 8.8.8.8:53 mumu-two.com udp
SA 185.207.31.71:443 mnstaqar.com tcp
US 8.8.8.8:53 muskwatt.com udp
US 104.21.86.166:443 tyck.co.uk tcp
US 172.67.167.196:443 motorizz.com tcp
US 66.23.233.184:443 montagsp.com tcp
US 8.8.8.8:53 muyuren1.com udp
KR 58.151.148.90:80 kamsmad.com tcp
US 164.92.66.17:443 mudarimo.com tcp
US 8.8.8.8:53 myriaweb.com udp
KR 183.111.242.60:443 momohi88.com tcp
IN 82.180.143.209:443 muhniyas.com tcp
US 45.33.78.30:443 mnawarly.com tcp
US 8.8.8.8:53 121.222.67.156.in-addr.arpa udp
US 8.8.8.8:53 114.149.34.188.in-addr.arpa udp
US 8.8.8.8:53 76.83.217.95.in-addr.arpa udp
US 8.8.8.8:53 209.143.180.82.in-addr.arpa udp
US 8.8.8.8:53 170.138.6.50.in-addr.arpa udp
US 8.8.8.8:53 104.216.241.162.in-addr.arpa udp
US 8.8.8.8:53 64.232.90.3.in-addr.arpa udp
US 8.8.8.8:53 214.21.28.185.in-addr.arpa udp
US 8.8.8.8:53 25.218.241.162.in-addr.arpa udp
US 8.8.8.8:53 71.31.207.185.in-addr.arpa udp
US 8.8.8.8:53 166.86.21.104.in-addr.arpa udp
US 8.8.8.8:53 196.167.67.172.in-addr.arpa udp
SG 156.67.222.5:443 mumu-two.com tcp
US 8.8.8.8:53 nasirent.com udp
US 104.21.19.49:443 muskwatt.com tcp
US 8.8.8.8:53 nbsydzsw.com udp
US 8.8.8.8:53 nckutest.com udp
US 8.8.8.8:53 ncpparty.com udp
US 8.8.8.8:53 nebulico.com udp
US 8.8.8.8:53 negretta.com udp
US 8.8.8.8:53 netxwall.com udp
US 8.8.8.8:53 newstabe.com udp
US 8.8.8.8:53 newsvima.com udp
US 8.8.8.8:53 newswisa.com udp
US 8.8.8.8:53 vanmaken.com udp
US 206.72.195.93:443 nasirent.com tcp
US 8.8.8.8:53 vero-san.com udp
US 173.249.159.146:443 myriaweb.com tcp
US 8.8.8.8:53 maimai-otakujoho.com udp
US 185.212.71.198:443 newstabe.com tcp
US 8.8.8.8:53 mitratransmalang.com udp
N/A 172.20.10.2:443 nckutest.com tcp
GB 154.49.138.129:443 newsvima.com tcp
US 8.8.8.8:53 103.7.92.202.in-addr.arpa udp
US 8.8.8.8:53 67.241.127.121.in-addr.arpa udp
US 8.8.8.8:53 184.233.23.66.in-addr.arpa udp
US 8.8.8.8:53 216.196.67.172.in-addr.arpa udp
US 8.8.8.8:53 17.66.92.164.in-addr.arpa udp
US 8.8.8.8:53 3.245.49.154.in-addr.arpa udp
US 8.8.8.8:53 49.19.21.104.in-addr.arpa udp
US 8.8.8.8:53 14.0.153.160.in-addr.arpa udp
FR 213.32.43.13:443 netxwall.com tcp
US 149.100.151.68:443 newswisa.com tcp
US 162.241.225.210:443 vero-san.com tcp
JP 152.70.97.21:443 maimai-otakujoho.com tcp
US 8.8.8.8:53 morganamdesigner.com udp
US 8.8.8.8:53 siamcannabisguru.com udp
AU 163.47.72.161:80 ncpparty.com tcp
US 8.8.8.8:53 signalsforexgold.com udp
US 8.8.8.8:53 apexcds.com udp
US 8.8.8.8:53 www.sivascevhertaksi.com udp
SG 8.219.54.193:80 nbsydzsw.com tcp
US 8.8.8.8:53 www.skuhravamichaela.cz udp
US 8.8.8.8:53 slowflow-pottery.com udp
FR 185.221.182.22:443 vanmaken.com tcp
US 104.21.67.92:443 negretta.com tcp
US 8.8.8.8:53 significadosonar.com udp
US 8.8.8.8:53 smatarunalampung.com udp
US 8.8.8.8:53 sports-continent.com udp
US 8.8.8.8:53 siteonlineseguro.com udp
US 8.8.8.8:53 93.195.72.206.in-addr.arpa udp
US 8.8.8.8:53 146.159.249.173.in-addr.arpa udp
US 8.8.8.8:53 65.117.159.78.in-addr.arpa udp
US 8.8.8.8:53 30.78.33.45.in-addr.arpa udp
US 8.8.8.8:53 60.242.111.183.in-addr.arpa udp
US 8.8.8.8:53 129.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 5.222.67.156.in-addr.arpa udp
US 8.8.8.8:53 biancaejunior.com.br udp
US 8.8.8.8:53 stardacasino-vos.com udp
US 8.8.8.8:53 curioustomdigital.com udp
US 8.8.8.8:53 starbullcolombia.com udp
US 164.92.66.17:443 apexcds.com tcp
US 104.21.41.53:443 stardacasino-vos.com tcp
BR 149.100.155.242:443 siteonlineseguro.com tcp
ID 103.247.8.181:443 smatarunalampung.com tcp
US 8.8.8.8:53 papageien-luedtke.com udp
US 162.241.60.255:443 starbullcolombia.com tcp
SG 45.143.81.95:443 signalsforexgold.com tcp
US 66.198.240.47:443 sports-continent.com tcp
US 8.8.8.8:53 prenatalpackageng.com udp
SG 111.221.46.82:443 mitratransmalang.com tcp
US 8.8.8.8:53 omninetworkteamsas.com udp
US 8.8.8.8:53 onlinelingeriehome.com udp
US 8.8.8.8:53 superiorcleaningfl.com udp
US 8.8.8.8:53 onlinewriteressays.com udp
US 8.8.8.8:53 pornstarsbiography.com udp
US 8.8.8.8:53 sustaineurocluster.com udp
US 8.8.8.8:53 www.takemydissertation.com udp
US 8.8.8.8:53 tanaaccessoriesllc.com udp
US 172.67.183.109:443 biancaejunior.com.br tcp
US 8.8.8.8:53 thebeautyfreakroom.com udp
US 8.8.8.8:53 techtouchbuildings.com udp
US 8.8.8.8:53 13.43.32.213.in-addr.arpa udp
US 8.8.8.8:53 92.67.21.104.in-addr.arpa udp
US 8.8.8.8:53 210.225.241.162.in-addr.arpa udp
US 8.8.8.8:53 68.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 22.182.221.185.in-addr.arpa udp
US 8.8.8.8:53 161.72.47.163.in-addr.arpa udp
US 8.8.8.8:53 198.71.212.185.in-addr.arpa udp
FI 135.181.177.102:443 significadosonar.com tcp
US 162.241.216.170:443 curioustomdigital.com tcp
CZ 89.221.213.146:443 www.skuhravamichaela.cz tcp
TR 5.2.85.136:443 www.sivascevhertaksi.com tcp
US 162.241.24.152:443 slowflow-pottery.com tcp
US 162.144.14.150:443 siamcannabisguru.com tcp
BR 177.154.191.142:443 morganamdesigner.com tcp
US 8.8.8.8:53 thehappeeurologist.com udp
US 8.8.8.8:53 thelordoftheprints.com udp
US 8.8.8.8:53 weddingmatrimonybd.com udp
US 8.8.8.8:53 aparthotelportugal.com udp
US 8.8.8.8:53 askarotoyedekparca.com udp
US 8.8.8.8:53 www.ayadivineawakening.com udp
US 8.8.8.8:53 backtothepastvideo.com udp
US 8.8.8.8:53 balivolcanosunrise.com udp
DE 51.68.178.175:443 techtouchbuildings.com tcp
US 8.8.8.8:53 www.birdwatchingmadrid.com udp
US 140.82.20.22:443 tanaaccessoriesllc.com tcp
FI 65.109.93.229:443 www.takemydissertation.com tcp
US 162.254.39.112:443 prenatalpackageng.com tcp
US 67.223.118.156:443 pornstarsbiography.com tcp
US 162.254.39.18:443 omninetworkteamsas.com tcp
DE 81.169.145.158:80 papageien-luedtke.com tcp
US 162.0.215.178:443 onlinelingeriehome.com tcp
US 8.8.8.8:53 53.41.21.104.in-addr.arpa udp
US 8.8.8.8:53 193.54.219.8.in-addr.arpa udp
US 8.8.8.8:53 242.155.100.149.in-addr.arpa udp
US 8.8.8.8:53 255.60.241.162.in-addr.arpa udp
US 66.29.137.40:443 onlinewriteressays.com tcp
FR 89.117.169.43:443 thelordoftheprints.com tcp
US 8.8.8.8:53 47.240.198.66.in-addr.arpa udp
US 8.8.8.8:53 109.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 102.177.181.135.in-addr.arpa udp
US 8.8.8.8:53 181.8.247.103.in-addr.arpa udp
US 8.8.8.8:53 136.85.2.5.in-addr.arpa udp
US 8.8.8.8:53 bolboretamarketing.com udp
US 8.8.8.8:53 bogoradventurecamp.com udp
US 8.8.8.8:53 casacaribecolonial.com udp
US 8.8.8.8:53 coconutsurfeschool.com udp
US 8.8.8.8:53 camisetassudaderas.com udp
US 107.161.23.47:443 weddingmatrimonybd.com tcp
SG 156.67.213.86:443 balivolcanosunrise.com tcp
GB 154.49.138.65:443 www.ayadivineawakening.com tcp
US 208.113.188.124:443 www.birdwatchingmadrid.com tcp
US 149.100.151.165:443 thehappeeurologist.com tcp
ES 134.0.11.148:80 sustaineurocluster.com tcp
NL 213.249.67.36:443 aparthotelportugal.com tcp
CN 139.224.101.133:80 muyuren1.com tcp
US 74.208.236.75:443 backtothepastvideo.com tcp
US 8.8.8.8:53 congresoriadis2024.com udp
US 8.8.8.8:53 cyberzebconsulting.com udp
US 172.67.153.211:443 askarotoyedekparca.com tcp
US 8.8.8.8:53 82.46.221.111.in-addr.arpa udp
US 8.8.8.8:53 170.216.241.162.in-addr.arpa udp
US 8.8.8.8:53 152.24.241.162.in-addr.arpa udp
US 8.8.8.8:53 150.14.144.162.in-addr.arpa udp
US 8.8.8.8:53 142.191.154.177.in-addr.arpa udp
US 8.8.8.8:53 229.93.109.65.in-addr.arpa udp
US 8.8.8.8:53 112.39.254.162.in-addr.arpa udp
US 8.8.8.8:53 158.145.169.81.in-addr.arpa udp
US 8.8.8.8:53 156.118.223.67.in-addr.arpa udp
US 8.8.8.8:53 18.39.254.162.in-addr.arpa udp
US 8.8.8.8:53 178.215.0.162.in-addr.arpa udp
US 8.8.8.8:53 43.169.117.89.in-addr.arpa udp
US 8.8.8.8:53 40.137.29.66.in-addr.arpa udp
KR 58.151.148.90:80 kamsmad.com tcp
GB 185.151.30.204:443 bogoradventurecamp.com tcp
DE 157.90.91.29:443 casacaribecolonial.com tcp
US 8.8.8.8:53 dealerhondacilegon.com udp
ES 82.194.68.86:443 camisetassudaderas.com tcp
FR 178.33.118.36:443 bolboretamarketing.com tcp
GB 109.70.148.174:443 cyberzebconsulting.com tcp
US 8.8.8.8:53 www.negretta.com udp
US 8.8.8.8:53 digitalcreationsbd.com udp
US 8.8.8.8:53 fx-investor-trader.com udp
US 8.8.8.8:53 disnypluscombegins.com udp
US 8.8.8.8:53 elda-entertainment.com udp
US 8.8.8.8:53 francilienneenergy.com udp
US 8.8.8.8:53 fermionconsultants.com udp
US 8.8.8.8:53 flourishaudiodrama.com udp
US 8.8.8.8:53 ayadivineawakening.com udp
US 8.8.8.8:53 www.gardeningloveslife.com udp
US 8.8.8.8:53 gestorgastronomico.com udp
ID 103.131.51.22:443 coconutsurfeschool.com tcp
ES 217.76.130.136:443 congresoriadis2024.com tcp
US 8.8.8.8:53 globaldailyupdates.com udp
US 8.8.8.8:53 95.81.143.45.in-addr.arpa udp
US 8.8.8.8:53 65.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 36.67.249.213.in-addr.arpa udp
US 8.8.8.8:53 148.11.0.134.in-addr.arpa udp
US 8.8.8.8:53 211.153.67.172.in-addr.arpa udp
US 8.8.8.8:53 124.188.113.208.in-addr.arpa udp
US 8.8.8.8:53 204.30.151.185.in-addr.arpa udp
US 8.8.8.8:53 47.23.161.107.in-addr.arpa udp
US 8.8.8.8:53 75.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 175.178.68.51.in-addr.arpa udp
US 8.8.8.8:53 86.213.67.156.in-addr.arpa udp
US 8.8.8.8:53 29.91.90.157.in-addr.arpa udp
US 8.8.8.8:53 174.148.70.109.in-addr.arpa udp
US 8.8.8.8:53 36.118.33.178.in-addr.arpa udp
US 8.8.8.8:53 86.68.194.82.in-addr.arpa udp
US 104.21.67.92:443 www.negretta.com tcp
US 8.8.8.8:53 www.sustaineurocluster.com udp
GB 154.49.138.191:443 disnypluscombegins.com tcp
SG 45.143.81.40:443 dealerhondacilegon.com tcp
BD 103.161.46.26:443 digitalcreationsbd.com tcp
US 50.31.176.9:443 gestorgastronomico.com tcp
US 173.236.170.172:443 www.gardeningloveslife.com tcp
US 75.102.22.216:443 fermionconsultants.com tcp
US 66.29.137.44:443 globaldailyupdates.com tcp
CA 192.175.100.228:80 flourishaudiodrama.com tcp
FR 213.186.33.5:443 francilienneenergy.com tcp
GB 154.49.138.56:443 ayadivineawakening.com tcp
SE 193.42.159.250:443 elda-entertainment.com tcp
US 8.8.8.8:53 www.havenspapreetvihar.com udp
US 8.8.8.8:53 greenhomesbuilding.com udp
US 8.8.8.8:53 glorywabisabihotel.com udp
US 8.8.8.8:53 goldencitykomersil.com udp
US 8.8.8.8:53 haryanajobsnetwork.com udp
US 8.8.8.8:53 headlineshindinews.com udp
US 8.8.8.8:53 www.houstonhearthealth.com udp
US 8.8.8.8:53 i-ue.pl udp
US 8.8.8.8:53 icandoanything0000.com udp
JP 152.70.97.21:443 fx-investor-trader.com tcp
US 8.8.8.8:53 illya-and-angelika.com udp
US 8.8.8.8:53 iknowaguywebdesign.com udp
US 8.8.8.8:53 indygenousfashions.com udp
US 8.8.8.8:53 initiativesimpacts.com udp
US 8.8.8.8:53 22.20.82.140.in-addr.arpa udp
US 8.8.8.8:53 22.51.131.103.in-addr.arpa udp
KR 58.151.148.90:80 kamsmad.com tcp
SG 23.106.253.14:443 www.havenspapreetvihar.com tcp
ES 134.0.11.148:80 www.sustaineurocluster.com tcp
US 34.83.44.215:443 iknowaguywebdesign.com tcp
DE 159.69.241.192:443 i-ue.pl tcp
RU 193.109.85.11:443 haryanajobsnetwork.com tcp
IN 89.117.188.248:443 headlineshindinews.com tcp
US 50.62.222.52:443 www.houstonhearthealth.com tcp
US 8.8.8.8:53 innerstrengthwomen.com udp
US 8.8.8.8:53 innovamediadigital.com udp
TH 203.170.129.4:443 glorywabisabihotel.com tcp
FR 54.36.31.145:443 initiativesimpacts.com tcp
IN 89.117.157.110:443 indygenousfashions.com tcp
DE 81.169.204.196:443 illya-and-angelika.com tcp
US 8.8.8.8:53 insuranceallstates.com udp
ID 153.92.11.40:80 goldencitykomersil.com tcp
US 137.184.82.109:443 icandoanything0000.com tcp
US 198.252.98.112:443 greenhomesbuilding.com tcp
US 8.8.8.8:53 integratedbiopharm.com udp
US 8.8.8.8:53 irpaintingservices.com udp
US 8.8.8.8:53 191.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 5.33.186.213.in-addr.arpa udp
US 8.8.8.8:53 56.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 250.159.42.193.in-addr.arpa udp
US 8.8.8.8:53 172.170.236.173.in-addr.arpa udp
US 8.8.8.8:53 228.100.175.192.in-addr.arpa udp
US 8.8.8.8:53 216.22.102.75.in-addr.arpa udp
US 8.8.8.8:53 44.137.29.66.in-addr.arpa udp
US 8.8.8.8:53 26.46.161.103.in-addr.arpa udp
US 8.8.8.8:53 40.81.143.45.in-addr.arpa udp
US 8.8.8.8:53 www.italianluxurystyle.com udp
US 8.8.8.8:53 www.101vinaconstruction.com udp
US 8.8.8.8:53 abishnuhematologist.com udp
US 8.8.8.8:53 agriturismodaigobbi.com udp
US 8.8.8.8:53 aiautomationsagency.com udp
IT 89.46.106.68:443 www.italianluxurystyle.com tcp
US 8.8.8.8:53 ajwaspicesindonesia.com udp
IT 80.88.87.221:80 agriturismodaigobbi.com tcp
US 8.8.8.8:53 alivemusicayeventos.com udp
US 8.8.8.8:53 alemdoolharanapolis.com udp
US 8.8.8.8:53 ambaariaudiovisuals.com udp
FR 89.117.103.14:443 integratedbiopharm.com tcp
DE 5.189.128.66:443 abishnuhematologist.com tcp
CA 69.90.221.106:443 irpaintingservices.com tcp
US 173.236.253.237:443 www.101vinaconstruction.com tcp
US 8.8.8.8:53 angelaandradeballet.com udp
US 8.8.8.8:53 annonce-legale-eurl.com udp
US 8.8.8.8:53 192.241.69.159.in-addr.arpa udp
US 8.8.8.8:53 11.85.109.193.in-addr.arpa udp
US 8.8.8.8:53 196.204.169.81.in-addr.arpa udp
US 8.8.8.8:53 215.44.83.34.in-addr.arpa udp
US 8.8.8.8:53 14.253.106.23.in-addr.arpa udp
US 8.8.8.8:53 248.188.117.89.in-addr.arpa udp
US 8.8.8.8:53 110.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 112.98.252.198.in-addr.arpa udp
US 8.8.8.8:53 109.82.184.137.in-addr.arpa udp
US 8.8.8.8:53 4.129.170.203.in-addr.arpa udp
US 8.8.8.8:53 appliancecareriyadh.com udp
US 8.8.8.8:53 aprendotodoslosdias.com udp
US 8.8.8.8:53 www.elda-entertainment.com udp
US 8.8.8.8:53 artofficial-gallery.com udp
US 8.8.8.8:53 babyboutiqueldesing.com udp
US 8.8.8.8:53 www.headlineshindinews.com udp
US 8.8.8.8:53 batallaculturalcali.com udp
US 8.8.8.8:53 blankcanvasbranding.com udp
US 8.8.8.8:53 bourneepsomprotocol.com udp
US 72.167.255.86:443 alivemusicayeventos.com tcp
ID 103.229.73.226:443 ajwaspicesindonesia.com tcp
AU 221.121.144.149:443 aiautomationsagency.com tcp
US 8.8.8.8:53 bradwischproperties.com udp
US 8.8.8.8:53 brandscapemarketing.com udp
US 8.8.8.8:53 businesslife-lounge.com udp
TR 188.132.202.144:443 babyboutiqueldesing.com tcp
US 8.8.8.8:53 aurorasuitesjamaica.com udp
US 8.8.8.8:53 automekanicapremier.com udp
US 8.8.8.8:53 68.106.46.89.in-addr.arpa udp
US 8.8.8.8:53 221.87.88.80.in-addr.arpa udp
US 8.8.8.8:53 14.103.117.89.in-addr.arpa udp
US 8.8.8.8:53 66.128.189.5.in-addr.arpa udp
US 8.8.8.8:53 cancolakmuhendislik.com udp
US 8.8.8.8:53 canalretronostalgia.com udp
GB 31.170.164.205:443 alemdoolharanapolis.com tcp
US 193.160.64.21:443 ambaariaudiovisuals.com tcp
US 8.8.8.8:53 carinsuranceliberia.com udp
US 162.241.38.100:443 angelaandradeballet.com tcp
BE 34.76.145.169:443 annonce-legale-eurl.com tcp
ZA 156.38.230.159:80 artofficial-gallery.com tcp
FI 95.217.116.67:443 appliancecareriyadh.com tcp
GB 93.113.111.37:443 bourneepsomprotocol.com tcp
IN 89.117.188.248:443 www.headlineshindinews.com tcp
US 192.250.227.14:443 aprendotodoslosdias.com tcp
US 8.8.8.8:53 carlundergroundwrld.com udp
US 151.106.97.1:443 blankcanvasbranding.com tcp
CO 190.60.234.22:443 batallaculturalcali.com tcp
US 8.8.8.8:53 whatsappnumbers.info udp
US 8.8.8.8:53 cavedeshautesvignes.com udp
US 8.8.8.8:53 narc-casualties.info udp
SE 193.42.159.250:443 www.elda-entertainment.com tcp
US 192.250.227.12:443 aurorasuitesjamaica.com tcp
US 75.75.243.166:443 bradwischproperties.com tcp
US 208.109.35.76:443 brandscapemarketing.com tcp
DE 94.130.216.164:443 automekanicapremier.com tcp
SE 194.9.94.86:443 businesslife-lounge.com tcp
NL 185.166.188.2:443 canalretronostalgia.com tcp
US 8.8.8.8:53 237.253.236.173.in-addr.arpa udp
US 8.8.8.8:53 106.221.90.69.in-addr.arpa udp
US 8.8.8.8:53 205.164.170.31.in-addr.arpa udp
US 8.8.8.8:53 226.73.229.103.in-addr.arpa udp
US 8.8.8.8:53 21.64.160.193.in-addr.arpa udp
US 8.8.8.8:53 149.144.121.221.in-addr.arpa udp
TR 104.247.165.146:443 cancolakmuhendislik.com tcp
US 8.8.8.8:53 phongthuycantho.info udp
FR 37.187.88.46:443 cavedeshautesvignes.com tcp
US 63.250.43.134:443 carlundergroundwrld.com tcp
US 8.8.8.8:53 visitkarlskrona.info udp
ZA 41.203.18.2:80 carinsuranceliberia.com tcp
US 172.67.178.237:443 whatsappnumbers.info tcp
US 172.67.186.66:443 narc-casualties.info tcp
US 8.8.8.8:53 fairfoodprogram.org udp
US 198.54.126.75:443 visitkarlskrona.info tcp
US 8.8.8.8:53 powerwisesaver.com udp
US 8.8.8.8:53 besthealthfitness.info udp
US 8.8.8.8:53 www.cavedeshautesvignes.com udp
US 8.8.8.8:53 www.fairfoodstandards.org udp
US 8.8.8.8:53 fashioncollection.info udp
VN 115.75.96.102:80 phongthuycantho.info tcp
US 199.250.197.2:443 fairfoodprogram.org tcp
US 8.8.8.8:53 greatdealbusiness.info udp
US 8.8.8.8:53 169.145.76.34.in-addr.arpa udp
US 8.8.8.8:53 37.111.113.93.in-addr.arpa udp
US 8.8.8.8:53 100.38.241.162.in-addr.arpa udp
US 8.8.8.8:53 1.97.106.151.in-addr.arpa udp
US 8.8.8.8:53 14.227.250.192.in-addr.arpa udp
US 8.8.8.8:53 159.230.38.156.in-addr.arpa udp
US 8.8.8.8:53 164.216.130.94.in-addr.arpa udp
US 8.8.8.8:53 2.188.166.185.in-addr.arpa udp
US 8.8.8.8:53 12.227.250.192.in-addr.arpa udp
US 8.8.8.8:53 166.243.75.75.in-addr.arpa udp
US 8.8.8.8:53 146.165.247.104.in-addr.arpa udp
US 8.8.8.8:53 46.88.187.37.in-addr.arpa udp
US 8.8.8.8:53 237.178.67.172.in-addr.arpa udp
US 8.8.8.8:53 66.186.67.172.in-addr.arpa udp
US 8.8.8.8:53 134.43.250.63.in-addr.arpa udp
US 8.8.8.8:53 2.18.203.41.in-addr.arpa udp
US 8.8.8.8:53 hitta-golvslipare.info udp
US 8.8.8.8:53 verkehrsleiter-bw.info udp
US 8.8.8.8:53 cercademiubicacion.info udp
US 8.8.8.8:53 ubytovani-vysocina.info udp
US 8.8.8.8:53 www.agriturismodaigobbi.com udp
US 8.8.8.8:53 latifanobeldelapaix.info udp
US 8.8.8.8:53 freedesignresources.info udp
US 8.8.8.8:53 sentidosytecnologia.info udp
US 66.42.125.253:443 powerwisesaver.com tcp
FR 37.187.88.46:443 www.cavedeshautesvignes.com tcp
FR 154.49.245.86:443 greatdealbusiness.info tcp
US 209.51.163.199:443 www.fairfoodstandards.org tcp
FR 154.49.245.86:443 greatdealbusiness.info tcp
US 8.8.8.8:53 www.drakgargdentalclinic.info udp
US 8.8.8.8:53 beyondmentalwellbeing.info udp
US 104.21.80.69:443 fashioncollection.info tcp
DE 139.177.183.210:443 hitta-golvslipare.info tcp
US 8.8.8.8:53 redessocialessandrablas.info udp
US 8.8.8.8:53 75.126.54.198.in-addr.arpa udp
US 8.8.8.8:53 2.197.250.199.in-addr.arpa udp
US 8.8.8.8:53 102.96.75.115.in-addr.arpa udp
US 8.8.8.8:53 divergenttherapysolutions.info udp
US 174.138.182.157:443 cercademiubicacion.info tcp
IT 80.88.87.221:80 www.agriturismodaigobbi.com tcp
US 38.154.157.203:443 ubytovani-vysocina.info tcp
NL 64.225.80.191:443 sentidosytecnologia.info tcp
US 8.8.8.8:53 rptv.xyz udp
US 69.58.1.118:443 latifanobeldelapaix.info tcp
US 198.252.99.107:443 freedesignresources.info tcp
US 8.8.8.8:53 famousgamer.site udp
US 8.8.8.8:53 gruenderpreis-speckguertel.info udp
DE 217.160.0.165:80 verkehrsleiter-bw.info tcp
US 162.0.215.195:443 divergenttherapysolutions.info tcp
DE 116.203.199.186:443 rptv.xyz tcp
US 8.8.8.8:53 getamiclear.site udp
US 8.8.8.8:53 www.artofficial-gallery.com udp
US 8.8.8.8:53 indianforum.site udp
US 154.41.230.3:443 beyondmentalwellbeing.info tcp
US 8.8.8.8:53 kitafricano.site udp
US 8.8.8.8:53 metodoninja.site udp
US 8.8.8.8:53 lordserial4.site udp
US 8.8.8.8:53 253.125.42.66.in-addr.arpa udp
US 8.8.8.8:53 86.245.49.154.in-addr.arpa udp
US 8.8.8.8:53 69.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 199.163.51.209.in-addr.arpa udp
US 8.8.8.8:53 210.183.177.139.in-addr.arpa udp
US 8.8.8.8:53 191.80.225.64.in-addr.arpa udp
US 8.8.8.8:53 157.182.138.174.in-addr.arpa udp
US 8.8.8.8:53 203.157.154.38.in-addr.arpa udp
US 8.8.8.8:53 118.1.58.69.in-addr.arpa udp
US 8.8.8.8:53 107.99.252.198.in-addr.arpa udp
US 8.8.8.8:53 rehberforex.site udp
IN 103.133.214.219:443 www.drakgargdentalclinic.info tcp
US 8.8.8.8:53 truongdx.dev udp
US 8.8.8.8:53 viniamorim.dev udp
NL 185.166.188.248:443 redessocialessandrablas.info tcp
US 195.35.10.141:443 famousgamer.site tcp
US 8.8.8.8:53 socialeswap.dev udp
DE 81.169.145.70:443 gruenderpreis-speckguertel.info tcp
BR 149.100.155.152:443 getamiclear.site tcp
BR 45.132.157.69:443 metodoninja.site tcp
SG 109.106.254.112:443 truongdx.dev tcp
US 104.21.86.14:443 ziezmedia.dev tcp
US 8.8.8.8:53 tomaszjedrzejczyk.dev udp
US 8.8.8.8:53 sabz.life udp
US 172.67.140.203:443 rehberforex.site tcp
GB 185.77.97.184:443 viniamorim.dev tcp
US 216.239.36.21:443 socialeswap.dev tcp
ZA 156.38.230.159:80 www.artofficial-gallery.com tcp
US 8.8.8.8:53 sortd.life udp
US 8.8.8.8:53 webify.life udp
US 8.8.8.8:53 detran.life udp
US 8.8.8.8:53 165.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 186.199.203.116.in-addr.arpa udp
US 8.8.8.8:53 3.230.41.154.in-addr.arpa udp
US 8.8.8.8:53 248.188.166.185.in-addr.arpa udp
US 8.8.8.8:53 219.214.133.103.in-addr.arpa udp
US 8.8.8.8:53 141.10.35.195.in-addr.arpa udp
US 8.8.8.8:53 alogod.life udp
US 8.8.8.8:53 gruenderpreis-speckguertel.de udp
US 8.8.8.8:53 70.145.169.81.in-addr.arpa udp
IN 89.117.188.184:443 indianforum.site tcp
LT 84.32.84.32:443 kitafricano.site tcp
DE 142.132.137.115:443 tomaszjedrzejczyk.dev tcp
US 8.8.8.8:53 athletix.life udp
US 13.248.169.48:443 webify.life tcp
US 8.8.8.8:53 rehberforex.xyz udp
US 8.8.8.8:53 talesvibe.life udp
DE 81.169.145.80:443 gruenderpreis-speckguertel.de tcp
GB 35.177.64.229:443 sortd.life tcp
SG 217.21.74.229:443 alogod.life tcp
US 8.8.8.8:53 lcbasuplementos.life udp
US 8.8.8.8:53 9movis1.space udp
US 8.8.8.8:53 badmood.fun udp
US 8.8.8.8:53 shevent.fun udp
US 8.8.8.8:53 14.86.21.104.in-addr.arpa udp
US 8.8.8.8:53 203.140.67.172.in-addr.arpa udp
US 8.8.8.8:53 21.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 184.97.77.185.in-addr.arpa udp
US 8.8.8.8:53 152.155.100.149.in-addr.arpa udp
US 8.8.8.8:53 184.188.117.89.in-addr.arpa udp
US 8.8.8.8:53 112.254.106.109.in-addr.arpa udp
US 8.8.8.8:53 115.137.132.142.in-addr.arpa udp
US 8.8.8.8:53 bonitas.fun udp
US 172.67.207.83:443 rehberforex.xyz tcp
US 191.101.13.33:443 talesvibe.life tcp
SG 184.168.115.88:443 trustpack.store tcp
US 104.21.72.158:443 athletix.life tcp
US 8.8.8.8:53 newsgab.fun udp
US 8.8.8.8:53 newstabe.fun udp
FR 91.234.195.212:443 badmood.fun tcp
US 8.8.8.8:53 stoffxwert.com udp
US 8.8.8.8:53 sudtyresrl.com udp
US 8.8.8.8:53 sundancebg.com udp
US 8.8.8.8:53 superecogo.com udp
US 8.8.8.8:53 swiss-reps.com udp
US 104.21.60.119:443 9movis1.space tcp
US 8.8.8.8:53 swissdufts.com udp
US 172.67.190.83:443 bonitas.fun tcp
US 172.67.143.111:443 steviescot.com tcp
VN 202.92.7.103:80 shevent.fun tcp
US 8.8.8.8:53 syairchina.com udp
US 8.8.8.8:53 www.divergenttherapysolutions.info udp
BG 185.45.66.98:443 sundancebg.com tcp
DE 212.8.207.13:80 stoffxwert.com tcp
DE 92.118.160.3:443 swiss-reps.com tcp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 80.145.169.81.in-addr.arpa udp
US 8.8.8.8:53 229.64.177.35.in-addr.arpa udp
US 8.8.8.8:53 69.157.132.45.in-addr.arpa udp
US 8.8.8.8:53 83.207.67.172.in-addr.arpa udp
US 8.8.8.8:53 158.72.21.104.in-addr.arpa udp
US 8.8.8.8:53 212.195.234.91.in-addr.arpa udp
US 8.8.8.8:53 33.13.101.191.in-addr.arpa udp
NL 153.92.220.133:443 sudtyresrl.com tcp
US 50.63.178.0:80 superecogo.com tcp
US 8.8.8.8:53 rehberforex.us udp
US 8.8.8.8:53 sytaglobal.com udp
US 8.8.8.8:53 www.syliciment.com udp
LT 84.32.84.32:443 newstabe.fun tcp
US 86.38.202.47:443 newsgab.fun tcp
US 8.8.8.8:53 9moviz48.top udp
US 8.8.8.8:53 tabojagodj.com udp
SG 95.111.200.39:443 syairchina.com tcp
US 173.201.180.24:443 swissdufts.com tcp
US 104.21.85.156:443 rehberforex.us tcp
US 162.0.215.195:443 www.divergenttherapysolutions.info tcp
FR 109.234.164.205:443 www.syliciment.com tcp
US 34.120.137.41:443 sytaglobal.com tcp
US 8.8.8.8:53 tahlkanews.com udp
US 104.21.21.65:443 9moviz48.top tcp
US 8.8.8.8:53 tajiegroup.com udp
US 8.8.8.8:53 tahzglobal.com udp
US 172.67.214.175:443 tahlkanews.com tcp
US 198.54.119.222:443 tahzglobal.com tcp
US 8.8.8.8:53 119.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 83.190.67.172.in-addr.arpa udp
US 8.8.8.8:53 111.143.67.172.in-addr.arpa udp
US 8.8.8.8:53 3.160.118.92.in-addr.arpa udp
US 8.8.8.8:53 13.207.8.212.in-addr.arpa udp
US 8.8.8.8:53 133.220.92.153.in-addr.arpa udp
US 8.8.8.8:53 98.66.45.185.in-addr.arpa udp
US 8.8.8.8:53 47.202.38.86.in-addr.arpa udp
US 8.8.8.8:53 156.85.21.104.in-addr.arpa udp
US 8.8.8.8:53 41.137.120.34.in-addr.arpa udp
US 8.8.8.8:53 65.21.21.104.in-addr.arpa udp
US 8.8.8.8:53 205.164.234.109.in-addr.arpa udp
US 8.8.8.8:53 39.200.111.95.in-addr.arpa udp
US 8.8.8.8:53 rehberforex.info udp
US 8.8.8.8:53 9moviz55.top udp
US 8.8.8.8:53 www.tajmahal48.com udp
KR 183.111.183.75:80 tabojagodj.com tcp
US 8.8.8.8:53 www.tamaradrew.com udp
SG 139.99.124.237:443 tajiegroup.com tcp
US 8.8.8.8:53 tariksukmo.com udp
US 172.67.146.32:443 9moviz55.top tcp
US 8.8.8.8:53 techinnepa.com udp
US 8.8.8.8:53 technoaria.com udp
US 8.8.8.8:53 tektoplist.com udp
US 8.8.8.8:53 tekytrends.com udp
US 8.8.8.8:53 www.tahlkanews.com udp
US 8.8.8.8:53 tengsu-4th.com udp
US 8.8.8.8:53 teracolabo.com udp
US 8.8.8.8:53 syairchina.org udp
BR 185.211.7.220:443 talyariart.com tcp
NL 45.82.188.249:443 www.tamaradrew.com tcp
FR 51.91.236.193:443 www.tajmahal48.com tcp
US 8.8.8.8:53 ternhealth.com udp
US 104.21.77.81:443 rehberforex.info tcp
US 8.8.8.8:53 175.214.67.172.in-addr.arpa udp
US 8.8.8.8:53 222.119.54.198.in-addr.arpa udp
US 8.8.8.8:53 75.183.111.183.in-addr.arpa udp
US 8.8.8.8:53 thaikkhome.com udp
VN 202.92.7.103:443 shevent.fun tcp
US 8.8.8.8:53 thatwaxguy.com udp
IR 5.144.131.246:443 technoaria.com tcp
US 66.198.240.50:443 techinnepa.com tcp
US 8.8.8.8:53 www.steviescot.com udp
US 104.21.37.232:443 www.tahlkanews.com tcp
US 8.8.8.8:53 9moviz56.top udp
SG 151.106.119.207:443 tariksukmo.com tcp
SG 45.32.114.226:443 tengsu-4th.com tcp
US 74.208.236.191:443 tekytrends.com tcp
US 68.65.123.232:443 tektoplist.com tcp
US 8.8.8.8:53 thebgrowth.com udp
JP 163.44.177.17:443 teracolabo.com tcp
US 62.72.50.168:443 thaikkhome.com tcp
US 8.8.8.8:53 thebriller.com udp
SG 95.111.200.39:443 syairchina.org tcp
US 8.8.8.8:53 rehberforex.one udp
US 8.8.8.8:53 thebygroup.com udp
US 104.21.58.246:443 ternhealth.com tcp
US 208.109.59.203:80 thatwaxguy.com tcp
US 104.21.71.53:443 www.steviescot.com tcp
US 8.8.8.8:53 32.146.67.172.in-addr.arpa udp
US 8.8.8.8:53 237.124.99.139.in-addr.arpa udp
US 8.8.8.8:53 249.188.82.45.in-addr.arpa udp
US 8.8.8.8:53 193.236.91.51.in-addr.arpa udp
US 8.8.8.8:53 220.7.211.185.in-addr.arpa udp
US 8.8.8.8:53 81.77.21.104.in-addr.arpa udp
US 8.8.8.8:53 imunify-alert.com udp
IN 149.100.147.101:443 thebriller.com tcp
US 104.21.68.75:443 thebgrowth.com tcp
US 66.29.132.31:443 thebygroup.com tcp
US 172.67.183.42:443 rehberforex.one tcp
US 172.67.165.4:443 9moviz56.top tcp
US 8.8.8.8:53 thecrazelb.com udp
US 8.8.8.8:53 theelsa807.com udp
US 8.8.8.8:53 thedocdoor.com udp
US 8.8.8.8:53 tajmahal48.com udp
US 8.8.8.8:53 thefaxpack.com udp
US 8.8.8.8:53 themenedge.com udp
US 8.8.8.8:53 thewerbung.com udp
US 172.67.176.47:443 imunify-alert.com tcp
US 8.8.8.8:53 theseacafe.com udp
US 8.8.8.8:53 timhorsley.com udp
US 172.67.132.217:443 thecrazelb.com tcp
US 8.8.8.8:53 rehberforex.wiki udp
US 160.153.0.147:443 theelsa807.com tcp
US 8.8.8.8:53 246.131.144.5.in-addr.arpa udp
US 8.8.8.8:53 232.37.21.104.in-addr.arpa udp
US 8.8.8.8:53 50.240.198.66.in-addr.arpa udp
US 8.8.8.8:53 191.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 246.58.21.104.in-addr.arpa udp
US 8.8.8.8:53 232.123.65.68.in-addr.arpa udp
US 8.8.8.8:53 168.50.72.62.in-addr.arpa udp
US 8.8.8.8:53 53.71.21.104.in-addr.arpa udp
US 8.8.8.8:53 226.114.32.45.in-addr.arpa udp
US 8.8.8.8:53 17.177.44.163.in-addr.arpa udp
US 8.8.8.8:53 207.119.106.151.in-addr.arpa udp
US 8.8.8.8:53 75.68.21.104.in-addr.arpa udp
US 8.8.8.8:53 42.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 101.147.100.149.in-addr.arpa udp
US 8.8.8.8:53 4.165.67.172.in-addr.arpa udp
US 8.8.8.8:53 31.132.29.66.in-addr.arpa udp
US 8.8.8.8:53 9moviz57.top udp
FR 92.205.48.162:80 thedocdoor.com tcp
US 162.213.251.93:443 thefaxpack.com tcp
FR 51.91.236.193:443 tajmahal48.com tcp
US 8.8.8.8:53 www.thebgrowth.com udp
US 8.8.8.8:53 sixtiescinema.com udp
DE 217.160.0.177:443 thewerbung.com tcp
IN 154.41.233.29:443 theseacafe.com tcp
US 8.8.8.8:53 tondesunde.com udp
US 8.8.8.8:53 tooltechie.com udp
US 8.8.8.8:53 syairchina.biz udp
US 8.8.8.8:53 traveltokr.com udp
US 8.8.8.8:53 truck-ford.com udp
US 8.8.8.8:53 truckrapid.com udp
JP 182.48.49.163:443 tondesunde.com tcp
US 8.8.8.8:53 47.176.67.172.in-addr.arpa udp
US 8.8.8.8:53 217.132.67.172.in-addr.arpa udp
US 8.8.8.8:53 147.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 177.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 29.233.41.154.in-addr.arpa udp
US 104.21.15.181:443 9moviz57.top tcp
US 104.21.7.202:443 timhorsley.com tcp
US 172.96.186.179:443 sixtiescinema.com tcp
US 104.21.17.198:443 rehberforex.wiki tcp
US 104.21.68.75:443 www.thebgrowth.com tcp
US 8.8.8.8:53 trumquanhe.com udp
US 8.8.8.8:53 karat.com udp
SG 95.111.200.39:443 syairchina.biz tcp
US 160.153.0.187:443 trovagatto.com tcp
RU 37.46.133.21:80 truck-ford.com tcp
US 20.15.106.60:443 truckrapid.com tcp
US 23.105.170.37:443 tooltechie.com tcp
US 8.8.8.8:53 trywidgets.com udp
US 8.8.8.8:53 tskf-group.com udp
US 8.8.8.8:53 djto.mycafe24.com udp
SG 143.198.85.181:443 traveltokr.com tcp
US 8.8.8.8:53 usafi-bora.com udp
US 8.8.8.8:53 usexplains.com udp
US 141.193.213.10:443 karat.com tcp
HK 172.96.185.222:443 trumquanhe.com tcp
US 8.8.8.8:53 rehberforex.vip udp
US 8.8.8.8:53 cheermaster.org udp
US 8.8.8.8:53 9moviz58.top udp
US 74.208.236.232:443 tskf-group.com tcp
US 8.8.8.8:53 181.15.21.104.in-addr.arpa udp
US 8.8.8.8:53 202.7.21.104.in-addr.arpa udp
US 8.8.8.8:53 198.17.21.104.in-addr.arpa udp
US 8.8.8.8:53 187.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 179.186.96.172.in-addr.arpa udp
US 8.8.8.8:53 21.133.46.37.in-addr.arpa udp
US 8.8.8.8:53 163.49.48.182.in-addr.arpa udp
US 8.8.8.8:53 37.170.105.23.in-addr.arpa udp
US 23.21.157.88:443 trywidgets.com tcp
US 8.8.8.8:53 petricoraventuras.org udp
FR 46.105.204.23:80 usafi-bora.com tcp
US 104.21.68.61:443 rehberforex.vip tcp
KR 183.111.183.75:80 djto.mycafe24.com tcp
DE 81.169.145.144:443 cheermaster.org tcp
US 172.67.215.141:443 9moviz58.top tcp
US 31.170.161.140:443 usexplains.com tcp
US 8.8.8.8:53 ezzocards.xyz udp
US 8.8.8.8:53 edgetechasia.xyz udp
DE 81.169.145.105:80 petricoraventuras.org tcp
US 8.8.8.8:53 portfoliobyus.xyz udp
US 8.8.8.8:53 doctorstechltd.xyz udp
US 8.8.8.8:53 goldenpaper.online udp
US 8.8.8.8:53 makooidcorp.online udp
US 162.0.229.243:443 ezzocards.xyz tcp
US 8.8.8.8:53 rehberforex.live udp
US 8.8.8.8:53 temangaming.online udp
US 8.8.8.8:53 9moviz60.top udp
US 8.8.8.8:53 syairchina.info udp
US 67.20.115.120:80 goldenpaper.online tcp
DE 138.201.140.197:443 doctorstechltd.xyz tcp
DE 138.201.140.197:443 doctorstechltd.xyz tcp
US 8.8.8.8:53 10.213.193.141.in-addr.arpa udp
US 8.8.8.8:53 232.236.208.74.in-addr.arpa udp
DE 138.201.140.197:443 doctorstechltd.xyz tcp
US 8.8.8.8:53 88.157.21.23.in-addr.arpa udp
US 8.8.8.8:53 222.185.96.172.in-addr.arpa udp
US 8.8.8.8:53 23.204.105.46.in-addr.arpa udp
US 8.8.8.8:53 61.68.21.104.in-addr.arpa udp
US 8.8.8.8:53 141.215.67.172.in-addr.arpa udp
US 8.8.8.8:53 144.145.169.81.in-addr.arpa udp
US 8.8.8.8:53 105.145.169.81.in-addr.arpa udp
US 8.8.8.8:53 140.161.170.31.in-addr.arpa udp
US 8.8.8.8:53 conectimoveis.online udp
US 8.8.8.8:53 www.usafi-bora.com udp
US 172.67.169.80:443 9moviz60.top tcp
US 172.67.202.116:443 rehberforex.live tcp
US 162.254.39.15:443 temangaming.online tcp
SG 95.111.200.39:443 syairchina.info tcp
FR 46.105.204.23:80 www.usafi-bora.com tcp
US 108.181.92.74:80 conectimoveis.online tcp
US 8.8.8.8:53 filmecrestine.online udp
US 8.8.8.8:53 faramarzsakhi.online udp
US 8.8.8.8:53 rehber-forex.xyz udp
US 8.8.8.8:53 9moviz61.top udp
IR 5.144.130.53:443 faramarzsakhi.online tcp
US 8.8.8.8:53 www.clinicadelvalle.online udp
US 8.8.8.8:53 forumdialektika.online udp
US 8.8.8.8:53 produtotopagora.online udp
US 8.8.8.8:53 sleeplesscalmth.online udp
US 8.8.8.8:53 197.140.201.138.in-addr.arpa udp
US 8.8.8.8:53 243.229.0.162.in-addr.arpa udp
US 8.8.8.8:53 120.115.20.67.in-addr.arpa udp
US 8.8.8.8:53 80.169.67.172.in-addr.arpa udp
US 8.8.8.8:53 15.39.254.162.in-addr.arpa udp
US 8.8.8.8:53 74.92.181.108.in-addr.arpa udp
US 8.8.8.8:53 jiofibersamalkot.online udp
US 8.8.8.8:53 designsodebrancelhas.online udp
US 8.8.8.8:53 bebtida.shop udp
US 8.8.8.8:53 www.timhorsley.com udp
US 8.8.8.8:53 ahwstore.shop udp
US 172.67.162.136:443 9moviz61.top tcp
US 198.187.31.236:80 bebtida.shop tcp
US 213.190.6.233:443 designsodebrancelhas.online tcp
US 8.8.8.8:53 fitalica.shop udp
US 199.231.166.83:443 jiofibersamalkot.online tcp
US 172.67.212.1:443 rehber-forex.xyz tcp
BR 92.38.150.138:443 www.clinicadelvalle.online tcp
US 103.168.172.37:443 sleeplesscalmth.online tcp
US 8.8.8.8:53 gamebuild.shop udp
US 8.8.8.8:53 metaagame.shop udp
BR 45.224.128.177:443 seducaoeficaz.online tcp
ID 103.247.8.66:443 forumdialektika.online tcp
US 8.8.8.8:53 babyshoppe.shop udp
US 172.67.188.1:443 www.timhorsley.com tcp
BR 177.234.152.251:443 produtotopagora.online tcp
US 8.8.8.8:53 soldsimple.shop udp
US 8.8.8.8:53 136.162.67.172.in-addr.arpa udp
US 8.8.8.8:53 53.130.144.5.in-addr.arpa udp
US 8.8.8.8:53 storklasnd.shop udp
US 8.8.8.8:53 syairchina.us udp
US 8.8.8.8:53 bl3ckplayy.shop udp
US 8.8.8.8:53 9moviz62.top udp
US 8.8.8.8:53 budgetrush.shop udp
US 8.8.8.8:53 waterboyzh.shop udp
US 8.8.8.8:53 clearpatch.shop udp
US 8.8.8.8:53 dpsmembers.online udp
ID 153.92.13.68:443 ahwstore.shop tcp
US 8.8.8.8:53 storeshoes.shop udp
US 8.8.8.8:53 crewstanby.shop udp
US 8.8.8.8:53 commodityi.shop udp
SG 5.181.216.35:443 fitalica.shop tcp
SG 95.111.200.39:443 syairchina.us tcp
US 172.67.148.10:443 9moviz62.top tcp
FR 15.188.180.10:443 budgetrush.shop tcp
US 8.8.8.8:53 dibamovie11.pw udp
US 104.21.31.36:80 dpsmembers.online tcp
US 172.67.220.108:80 storklasnd.shop tcp
US 104.21.80.30:80 babyshoppe.shop tcp
US 104.21.6.86:80 waterboyzh.shop tcp
BR 154.49.247.63:443 bl3ckplayy.shop tcp
US 8.8.8.8:53 rehber-fx.xyz udp
US 8.8.8.8:53 233.6.190.213.in-addr.arpa udp
US 8.8.8.8:53 236.31.187.198.in-addr.arpa udp
US 8.8.8.8:53 1.212.67.172.in-addr.arpa udp
US 8.8.8.8:53 138.150.38.92.in-addr.arpa udp
US 8.8.8.8:53 1.188.67.172.in-addr.arpa udp
US 8.8.8.8:53 37.172.168.103.in-addr.arpa udp
US 8.8.8.8:53 177.128.224.45.in-addr.arpa udp
US 8.8.8.8:53 66.8.247.103.in-addr.arpa udp
US 63.250.43.138:443 clearpatch.shop tcp
US 8.8.8.8:53 calmth.blog udp
US 104.21.82.222:80 soldsimple.shop tcp
US 8.8.8.8:53 digiestore.shop udp
US 8.8.8.8:53 dronesplus.shop udp
US 8.8.8.8:53 escandaloo.shop udp
KR 183.111.183.76:80 crewstanby.shop tcp
US 8.8.8.8:53 tesingshop.shop udp
US 172.67.204.209:443 rehber-fx.xyz tcp
US 8.8.8.8:53 exoticpoph.shop udp
US 104.21.19.101:443 dibamovie11.pw tcp
NL 213.249.67.48:443 calmth.blog tcp
US 8.8.8.8:53 flexi-view.shop udp
US 8.8.8.8:53 9moviz63.top udp
US 8.8.8.8:53 storelinks.shop udp
US 8.8.8.8:53 karenbravo.shop udp
US 8.8.8.8:53 koashouseh.shop udp
US 8.8.8.8:53 68.13.92.153.in-addr.arpa udp
US 8.8.8.8:53 10.148.67.172.in-addr.arpa udp
US 8.8.8.8:53 10.180.188.15.in-addr.arpa udp
US 8.8.8.8:53 36.31.21.104.in-addr.arpa udp
US 8.8.8.8:53 108.220.67.172.in-addr.arpa udp
US 8.8.8.8:53 30.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 86.6.21.104.in-addr.arpa udp
US 8.8.8.8:53 35.216.181.5.in-addr.arpa udp
US 8.8.8.8:53 83.166.231.199.in-addr.arpa udp
US 8.8.8.8:53 138.43.250.63.in-addr.arpa udp
US 8.8.8.8:53 63.247.49.154.in-addr.arpa udp
US 172.67.172.106:80 exoticpoph.shop tcp
US 63.250.43.11:443 dronesplus.shop tcp
US 154.49.142.199:443 flexi-view.shop tcp
US 8.8.8.8:53 korea-boxh.shop udp
US 8.8.8.8:53 lamariposa.shop udp
BR 154.49.247.73:443 escandaloo.shop tcp
US 8.8.8.8:53 sleek-list.shop udp
US 34.120.137.41:443 karenbravo.shop tcp
US 104.21.19.67:80 koashouseh.shop tcp
US 104.21.31.36:443 dpsmembers.online tcp
US 8.8.8.8:53 dibamovie17.pw udp
US 8.8.8.8:53 lovinglane.shop udp
US 8.8.8.8:53 lovemyswag.shop udp
US 8.8.8.8:53 mymuscleup.shop udp
US 8.8.8.8:53 forumchina.org udp
US 8.8.8.8:53 metagamess.shop udp
US 8.8.8.8:53 webcreativ.shop udp
US 8.8.8.8:53 petittippi.shop udp
US 8.8.8.8:53 planetholo.shop udp
US 104.21.88.204:443 9moviz63.top tcp
US 104.21.93.129:443 dibamovie17.pw tcp
US 8.8.8.8:53 209.204.67.172.in-addr.arpa udp
US 8.8.8.8:53 101.19.21.104.in-addr.arpa udp
US 8.8.8.8:53 76.183.111.183.in-addr.arpa udp
US 8.8.8.8:53 199.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 11.43.250.63.in-addr.arpa udp
US 8.8.8.8:53 67.19.21.104.in-addr.arpa udp
US 8.8.8.8:53 73.247.49.154.in-addr.arpa udp
US 104.21.17.29:80 lovinglane.shop tcp
US 208.109.188.113:443 lamariposa.shop tcp
US 8.8.8.8:53 quickfixer.shop udp
FR 15.236.6.191:443 mymuscleup.shop tcp
US 104.21.46.31:80 lovemyswag.shop tcp
US 104.21.85.233:443 storelinks.shop tcp
KR 183.111.183.108:443 gogoreview.shop tcp
US 104.21.51.70:80 korea-boxh.shop tcp
KR 158.247.199.35:443 sleek-list.shop tcp
SG 178.128.58.201:443 forumchina.org tcp
US 8.8.8.8:53 threadsadi.shop udp
US 8.8.8.8:53 aerobicstee.shop udp
US 8.8.8.8:53 audreyandme.shop udp
US 8.8.8.8:53 aingrowth.site udp
US 8.8.8.8:53 9moviz64.top udp
US 8.8.8.8:53 springbok.site udp
US 8.8.8.8:53 dibamovie19.pw udp
US 8.8.8.8:53 arutility.site udp
US 8.8.8.8:53 xtweeteth.site udp
US 8.8.8.8:53 204.88.21.104.in-addr.arpa udp
US 8.8.8.8:53 29.17.21.104.in-addr.arpa udp
US 8.8.8.8:53 251.152.234.177.in-addr.arpa udp
US 104.21.7.102:80 petittippi.shop tcp
US 195.35.15.7:443 quickfixer.shop tcp
US 8.8.8.8:53 191.6.236.15.in-addr.arpa udp
US 167.172.155.91:443 planetholo.shop tcp
US 172.67.200.167:80 audreyandme.shop tcp
US 172.67.216.244:80 threadsadi.shop tcp
NL 109.106.246.76:443 webcreativ.shop tcp
DE 52.29.42.177:443 aerobicstee.shop tcp
SE 194.9.94.85:443 businesslife-lounge.com tcp
US 172.67.165.60:443 dibamovie19.pw tcp
US 162.0.232.65:443 xtweeteth.site tcp
US 104.21.24.39:443 springbok.site tcp
US 8.8.8.8:53 trendwear.site udp
CA 51.161.6.45:443 aingrowth.site tcp
US 8.8.8.8:53 flokixerc.site udp
US 203.161.61.246:443 arutility.site tcp
US 8.8.8.8:53 rdbbrasil.site udp
US 104.21.42.102:443 9moviz64.top tcp
SG 156.67.222.7:443 flokixerc.site tcp
US 8.8.8.8:53 kabi-live.site udp
US 8.8.8.8:53 kaikyhotz.site udp
US 8.8.8.8:53 dibamovie20.pw udp
SG 185.229.118.173:443 trendwear.site tcp
BR 185.213.81.213:443 rdbbrasil.site tcp
US 8.8.8.8:53 31.46.21.104.in-addr.arpa udp
US 8.8.8.8:53 233.85.21.104.in-addr.arpa udp
US 8.8.8.8:53 70.51.21.104.in-addr.arpa udp
US 8.8.8.8:53 108.183.111.183.in-addr.arpa udp
US 8.8.8.8:53 201.58.128.178.in-addr.arpa udp
US 8.8.8.8:53 102.7.21.104.in-addr.arpa udp
US 8.8.8.8:53 35.199.247.158.in-addr.arpa udp
US 8.8.8.8:53 167.200.67.172.in-addr.arpa udp
US 8.8.8.8:53 7.15.35.195.in-addr.arpa udp
US 8.8.8.8:53 91.155.172.167.in-addr.arpa udp
US 8.8.8.8:53 76.246.106.109.in-addr.arpa udp
US 8.8.8.8:53 177.42.29.52.in-addr.arpa udp
US 8.8.8.8:53 60.165.67.172.in-addr.arpa udp
US 8.8.8.8:53 39.24.21.104.in-addr.arpa udp
US 8.8.8.8:53 45.6.161.51.in-addr.arpa udp
US 8.8.8.8:53 65.232.0.162.in-addr.arpa udp
US 8.8.8.8:53 246.61.161.203.in-addr.arpa udp
US 8.8.8.8:53 102.42.21.104.in-addr.arpa udp
US 104.21.22.125:443 dibamovie20.pw tcp
US 162.254.39.144:443 kabi-live.site tcp
US 8.8.8.8:53 linemedia.site udp
US 8.8.8.8:53 dibamovie21.pw udp
US 8.8.8.8:53 loggingin.site udp
IN 82.180.142.189:443 linemedia.site tcp
US 104.21.73.182:443 dibamovie21.pw tcp
US 8.8.8.8:53 1xbetjapan.site udp
US 8.8.8.8:53 sedutorpro.site udp
US 8.8.8.8:53 sharadloot.site udp
US 8.8.8.8:53 sparkclean.site udp
US 172.67.176.106:443 loggingin.site tcp
US 104.21.84.152:443 1xbetjapan.site tcp
US 63.250.38.98:443 sparkclean.site tcp
US 8.8.8.8:53 animacoeur.site udp
IN 82.180.140.79:443 sharadloot.site tcp
US 172.67.197.64:443 sedutorpro.site tcp
US 8.8.8.8:53 dibamovie32.pw udp
US 8.8.8.8:53 software.rdbbrasil.site udp
US 8.8.8.8:53 125.22.21.104.in-addr.arpa udp
US 8.8.8.8:53 213.81.213.185.in-addr.arpa udp
US 8.8.8.8:53 7.222.67.156.in-addr.arpa udp
US 8.8.8.8:53 144.39.254.162.in-addr.arpa udp
US 8.8.8.8:53 173.118.229.185.in-addr.arpa udp
US 8.8.8.8:53 189.142.180.82.in-addr.arpa udp
US 8.8.8.8:53 182.73.21.104.in-addr.arpa udp
US 8.8.8.8:53 106.176.67.172.in-addr.arpa udp
US 8.8.8.8:53 buenavibra.site udp
US 8.8.8.8:53 cleversite.site udp
US 8.8.8.8:53 insulgota1.site udp
US 8.8.8.8:53 jainaverse.site udp
US 8.8.8.8:53 ykzoe-4113.site udp
US 8.8.8.8:53 livpureweb.site udp
US 8.8.8.8:53 livewithyou.site udp
FR 154.49.245.200:443 animacoeur.site tcp
US 8.8.8.8:53 burancasino.site udp
US 8.8.8.8:53 dagelantoto.site udp
US 172.67.150.157:443 dibamovie32.pw tcp
US 108.167.188.84:443 livewithyou.site tcp
BR 185.213.81.213:443 software.rdbbrasil.site tcp
BR 45.152.46.134:443 livpureweb.site tcp
US 8.8.8.8:53 evelynedeba.site udp
IN 217.21.87.38:443 cleversite.site tcp
BE 213.158.94.166:443 buenavibra.site tcp
US 104.21.74.214:443 burancasino.site tcp
US 8.8.8.8:53 howtogetfit.site udp
US 8.8.8.8:53 news24daily.site udp
JP 153.127.141.167:443 ykzoe-4113.site tcp
US 8.8.8.8:53 152.84.21.104.in-addr.arpa udp
US 8.8.8.8:53 64.197.67.172.in-addr.arpa udp
US 8.8.8.8:53 98.38.250.63.in-addr.arpa udp
US 8.8.8.8:53 79.140.180.82.in-addr.arpa udp
US 8.8.8.8:53 200.245.49.154.in-addr.arpa udp
US 8.8.8.8:53 157.150.67.172.in-addr.arpa udp
US 8.8.8.8:53 84.188.167.108.in-addr.arpa udp
US 8.8.8.8:53 proextander.site udp
US 8.8.8.8:53 www.projectzone.site udp
US 173.236.141.83:443 www.projectzone.site tcp
IN 154.41.233.70:443 howtogetfit.site tcp
US 172.67.152.106:443 dibam.pw tcp
US 162.241.224.158:443 proextander.site tcp
US 8.8.8.8:53 studiomeble.site udp
US 8.8.8.8:53 tigergaming.site udp
US 8.8.8.8:53 www.ariansaaazeh.site udp
US 8.8.8.8:53 marvelcasino.site udp
US 8.8.8.8:53 montecryptos.site udp
US 208.97.186.136:443 evelynedeba.site tcp
US 104.21.36.34:443 marvelcasino.site tcp
US 172.67.177.141:443 tigergaming.site tcp
US 8.8.8.8:53 omaiorfeirao.site udp
UA 185.68.16.116:80 studiomeble.site tcp
US 8.8.8.8:53 scriptforest.site udp
US 104.21.19.47:443 montecryptos.site tcp
US 8.8.8.8:53 dibamovie17.fun udp
US 8.8.8.8:53 166.94.158.213.in-addr.arpa udp
US 8.8.8.8:53 134.46.152.45.in-addr.arpa udp
US 8.8.8.8:53 38.87.21.217.in-addr.arpa udp
US 8.8.8.8:53 167.141.127.153.in-addr.arpa udp
US 8.8.8.8:53 106.152.67.172.in-addr.arpa udp
US 8.8.8.8:53 83.141.236.173.in-addr.arpa udp
US 8.8.8.8:53 70.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 158.224.241.162.in-addr.arpa udp
US 8.8.8.8:53 136.186.97.208.in-addr.arpa udp
US 8.8.8.8:53 34.36.21.104.in-addr.arpa udp
US 8.8.8.8:53 141.177.67.172.in-addr.arpa udp
US 8.8.8.8:53 thesikhverse.site udp
US 8.8.8.8:53 superlikeman.site udp
US 8.8.8.8:53 www.komodoromarketing.com udp
US 8.8.8.8:53 www.logisticoaparcana.com udp
FI 193.84.2.239:443 scriptforest.site tcp
US 8.8.8.8:53 tecnociencia.site udp
FR 154.49.245.41:443 superlikeman.site tcp
US 8.8.8.8:53 logodesignsmarvel.com udp
US 8.8.8.8:53 autowin99.app udp
US 8.8.8.8:53 meslot999.app udp
US 104.21.12.113:443 dibamovie17.fun tcp
FR 178.33.161.194:443 www.komodoromarketing.com tcp
US 8.8.8.8:53 budgething.app udp
US 8.8.8.8:53 mm88golden.app udp
US 8.8.8.8:53 englishease.app udp
US 198.54.115.98:443 www.logisticoaparcana.com tcp
US 104.21.9.220:443 meslot999.app tcp
US 198.54.120.74:443 logodesignsmarvel.com tcp
US 104.21.10.45:443 autowin99.app tcp
US 8.8.8.8:53 whatsappaero.app udp
US 8.8.8.8:53 unitvoficial.app udp
US 8.8.8.8:53 dibamovie18.fun udp
US 8.8.8.8:53 photo-challenge.app udp
US 8.8.8.8:53 116.16.68.185.in-addr.arpa udp
US 8.8.8.8:53 47.19.21.104.in-addr.arpa udp
US 8.8.8.8:53 41.245.49.154.in-addr.arpa udp
US 8.8.8.8:53 239.2.84.193.in-addr.arpa udp
US 8.8.8.8:53 113.12.21.104.in-addr.arpa udp
US 8.8.8.8:53 194.161.33.178.in-addr.arpa udp
US 173.236.240.22:443 tecnociencia.site tcp
US 8.8.8.8:53 pig8.club udp
US 172.67.131.23:443 mm88golden.app tcp
FR 92.204.236.119:443 budgething.app tcp
US 8.8.8.8:53 www.lajava.club udp
US 8.8.8.8:53 mc772.club udp
US 172.67.201.133:443 whatsappaero.app tcp
TR 89.252.182.211:80 englishease.app tcp
DE 142.132.146.93:443 photo-challenge.app tcp
CA 51.222.109.160:443 unitvoficial.app tcp
US 172.67.185.2:443 949s.club tcp
US 172.67.165.238:443 dibamovie18.fun tcp
US 8.8.8.8:53 88gold.club udp
US 104.21.14.17:443 mc772.club tcp
FR 51.83.97.110:443 www.lajava.club tcp
US 8.8.8.8:53 amb168.club udp
US 8.8.8.8:53 zbet168.club udp
US 8.8.8.8:53 binodon.club udp
US 8.8.8.8:53 marble88.club udp
US 8.8.8.8:53 dibamovie19.fun udp
US 8.8.8.8:53 98.115.54.198.in-addr.arpa udp
US 8.8.8.8:53 22.240.236.173.in-addr.arpa udp
US 8.8.8.8:53 23.131.67.172.in-addr.arpa udp
US 8.8.8.8:53 74.120.54.198.in-addr.arpa udp
US 8.8.8.8:53 133.201.67.172.in-addr.arpa udp
US 8.8.8.8:53 2.185.67.172.in-addr.arpa udp
US 8.8.8.8:53 93.146.132.142.in-addr.arpa udp
US 8.8.8.8:53 238.165.67.172.in-addr.arpa udp
US 8.8.8.8:53 17.14.21.104.in-addr.arpa udp
US 8.8.8.8:53 211.182.252.89.in-addr.arpa udp
US 104.21.69.194:443 amb168.club tcp
US 8.8.8.8:53 160.109.222.51.in-addr.arpa udp
US 8.8.8.8:53 110.97.83.51.in-addr.arpa udp
US 8.8.8.8:53 365betit.club udp
US 104.21.93.181:443 marble88.club tcp
US 8.8.8.8:53 hilo9999.club udp
US 104.21.61.79:443 zbet168.club tcp
US 8.8.8.8:53 aeternus.club udp
US 172.67.187.252:443 dibamovie19.fun tcp
US 208.91.198.118:443 binodon.club tcp
US 104.21.60.38:443 365betit.club tcp
US 8.8.8.8:53 www.visathai.club udp
US 8.8.8.8:53 dibamovie20.fun udp
US 8.8.8.8:53 nexobet99.club udp
US 66.235.200.171:443 aeternus.club tcp
US 104.21.74.58:443 dibamovie20.fun tcp
US 8.8.8.8:53 clicksuds.club udp
US 8.8.8.8:53 converter.club udp
US 104.21.90.175:443 clicksuds.club tcp
US 8.8.8.8:53 nexobet88.club udp
US 8.8.8.8:53 dibamovie21.fun udp
US 8.8.8.8:53 194.69.21.104.in-addr.arpa udp
US 8.8.8.8:53 181.93.21.104.in-addr.arpa udp
US 8.8.8.8:53 252.187.67.172.in-addr.arpa udp
US 8.8.8.8:53 38.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 118.198.91.208.in-addr.arpa udp
US 8.8.8.8:53 171.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 58.74.21.104.in-addr.arpa udp
TH 103.30.127.11:443 www.visathai.club tcp
US 104.21.37.60:443 dibamovie21.fun tcp
US 8.8.8.8:53 sologirls.club udp
US 8.8.8.8:53 saasbuyer.club udp
US 8.8.8.8:53 vipdesign.club udp
US 8.8.8.8:53 biendoapk.club udp
FR 51.83.97.110:443 www.lajava.club tcp
SG 194.195.90.110:443 converter.club tcp
US 8.8.8.8:53 dibamovie23.fun udp
US 198.57.247.135:443 sologirls.club tcp
US 172.67.184.131:443 biendoapk.club tcp
FR 92.205.0.167:80 vipdesign.club tcp
US 160.153.0.61:443 saasbuyer.club tcp
US 104.21.90.51:443 dibamovie23.fun tcp
US 8.8.8.8:53 www.tecnociencia.site udp
JP 153.127.141.167:443 ykzoe-4113.site tcp
US 8.8.8.8:53 apkmodget.click udp
US 172.67.218.16:443 apkmodget.click tcp
US 8.8.8.8:53 175.90.21.104.in-addr.arpa udp
US 8.8.8.8:53 60.37.21.104.in-addr.arpa udp
US 8.8.8.8:53 11.127.30.103.in-addr.arpa udp
US 8.8.8.8:53 135.247.57.198.in-addr.arpa udp
US 8.8.8.8:53 131.184.67.172.in-addr.arpa udp
US 8.8.8.8:53 61.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 51.90.21.104.in-addr.arpa udp
US 8.8.8.8:53 110.90.195.194.in-addr.arpa udp
US 173.236.240.22:443 www.tecnociencia.site tcp
US 104.21.14.82:443 dibamovie24.fun tcp
US 8.8.8.8:53 taxitamky.click udp
US 8.8.8.8:53 enfermera.click udp
US 8.8.8.8:53 dibamovie25.fun udp
US 8.8.8.8:53 jociandro.click udp
US 8.8.8.8:53 amerstudio.click udp
US 104.21.22.60:443 jociandro.click tcp
US 104.21.86.250:443 dibamovie25.fun tcp
VN 103.255.237.203:443 taxitamky.click tcp
US 8.8.8.8:53 queregalar.click udp
US 185.206.162.246:443 enfermera.click tcp
US 8.8.8.8:53 razrabotka.click udp
NL 45.93.127.101:443 amerstudio.click tcp
US 8.8.8.8:53 taxigiare60.click udp
US 8.8.8.8:53 tokomasagung.click udp
US 104.21.47.25:443 razrabotka.click tcp
US 8.8.8.8:53 dibamovie28.fun udp
US 8.8.8.8:53 iptvsamarters.click udp
SG 45.77.35.142:443 tokomasagung.click tcp
US 8.8.8.8:53 16.218.67.172.in-addr.arpa udp
US 8.8.8.8:53 60.22.21.104.in-addr.arpa udp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 250.86.21.104.in-addr.arpa udp
US 8.8.8.8:53 82.14.21.104.in-addr.arpa udp
US 8.8.8.8:53 101.127.93.45.in-addr.arpa udp
US 8.8.8.8:53 246.162.206.185.in-addr.arpa udp
FR 89.116.147.195:443 queregalar.click tcp
US 8.8.8.8:53 sparrowhousesph.click udp
US 104.21.80.137:443 dibamovie28.fun tcp
VN 103.74.118.155:80 taxigiare60.click tcp
US 82.180.138.58:443 iptvsamarters.click tcp
US 8.8.8.8:53 2traff.link udp
US 8.8.8.8:53 carbonatekhorshid.click udp
US 8.8.8.8:53 greenteadecoration.click udp
US 8.8.8.8:53 dibamovie1.top udp
US 8.8.8.8:53 slotgacorterpercaya.click udp
US 8.8.8.8:53 cr73.tech udp
US 8.8.8.8:53 xbnb.tech udp
US 8.8.8.8:53 401x.tech udp
SG 45.77.171.38:443 myfortunesbakery.click tcp
US 104.21.54.230:443 401x.tech tcp
SG 207.148.119.188:80 greenteadecoration.click tcp
US 104.21.83.54:443 dibamovie1.top tcp
US 8.8.8.8:53 thevo.tech udp
US 192.185.193.142:443 cr73.tech tcp
US 104.21.53.50:80 2traff.link tcp
US 8.8.8.8:53 sexnx.tech udp
IR 5.63.13.179:443 carbonatekhorshid.click tcp
US 8.8.8.8:53 25.47.21.104.in-addr.arpa udp
US 8.8.8.8:53 203.237.255.103.in-addr.arpa udp
US 8.8.8.8:53 195.147.116.89.in-addr.arpa udp
US 8.8.8.8:53 58.138.180.82.in-addr.arpa udp
US 162.241.226.124:443 slotgacorterpercaya.click tcp
US 8.8.8.8:53 nettero.tech udp
US 8.8.8.8:53 recaptcha.cloud udp
US 8.8.8.8:53 propiya.tech udp
LT 84.32.84.32:443 xmario.tech tcp
US 8.8.8.8:53 aitimes.tech udp
US 8.8.8.8:53 iptvsmarter.pro udp
US 8.8.8.8:53 iprotics.tech udp
US 8.8.8.8:53 dibamovie2.top udp
US 8.8.8.8:53 iptv4you.tech udp
US 8.8.8.8:53 www.amerstudio.click udp
US 104.21.90.238:443 nettero.tech tcp
US 8.8.8.8:53 netzones.tech udp
IT 212.237.6.70:443 thevo.tech tcp
US 8.8.8.8:53 155.118.74.103.in-addr.arpa udp
US 8.8.8.8:53 230.54.21.104.in-addr.arpa udp
US 8.8.8.8:53 54.83.21.104.in-addr.arpa udp
US 8.8.8.8:53 50.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 188.119.148.207.in-addr.arpa udp
US 8.8.8.8:53 142.193.185.192.in-addr.arpa udp
US 8.8.8.8:53 179.13.63.5.in-addr.arpa udp
US 8.8.8.8:53 124.226.241.162.in-addr.arpa udp
FI 95.217.5.229:443 recaptcha.cloud tcp
ID 153.92.13.233:443 arahan.tech tcp
US 104.21.53.50:443 2traff.link tcp
AR 149.50.130.20:443 propiya.tech tcp
NL 45.93.127.101:443 www.amerstudio.click tcp
NL 141.138.169.205:443 iprotics.tech tcp
US 8.8.8.8:53 sageapps.tech udp
US 8.8.8.8:53 testblog.tech udp
US 154.49.142.157:443 aitimes.tech tcp
US 8.8.8.8:53 carbeats.tech udp
US 8.8.8.8:53 samadhaan.tech udp
US 172.67.162.112:443 iptvsmarter.pro tcp
US 8.8.8.8:53 waseryweb.tech udp
US 8.8.8.8:53 bp-tmb.ru udp
US 104.21.82.114:443 dibamovie2.top tcp
US 149.100.151.54:443 netzones.tech tcp
US 8.8.8.8:53 web3house.tech udp
US 8.8.8.8:53 topstar888.com udp
US 8.8.8.8:53 238.90.21.104.in-addr.arpa udp
US 8.8.8.8:53 70.6.237.212.in-addr.arpa udp
US 8.8.8.8:53 229.5.217.95.in-addr.arpa udp
US 8.8.8.8:53 205.169.138.141.in-addr.arpa udp
US 8.8.8.8:53 nossaloja.tech udp
US 156.67.77.169:443 carbeats.tech tcp
LT 84.32.84.32:443 nossaloja.tech tcp
US 149.100.151.246:443 sageapps.tech tcp
IN 178.16.136.212:443 waseryweb.tech tcp
US 8.8.8.8:53 iprotics.eu udp
US 8.8.8.8:53 ggbetpromo.com udp
IN 103.118.16.127:443 samadhaan.tech tcp
US 8.8.8.8:53 qaziqaiser.tech udp
US 8.8.8.8:53 allsecret.tech udp
US 8.8.8.8:53 dibamovie3.top udp
US 8.8.8.8:53 querosaude.tech udp
NL 185.166.188.214:443 testblog.tech tcp

Files

memory/4396-1-0x0000000001D20000-0x0000000001E20000-memory.dmp

memory/4396-2-0x0000000001C90000-0x0000000001C9B000-memory.dmp

memory/4396-3-0x0000000000400000-0x0000000001A2E000-memory.dmp

memory/3488-4-0x0000000002990000-0x00000000029A6000-memory.dmp

memory/4396-5-0x0000000000400000-0x0000000001A2E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BC2C.exe

MD5 398ab69b1cdc624298fbc00526ea8aca
SHA1 b2c76463ae08bb3a08accfcbf609ec4c2a9c0821
SHA256 ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be
SHA512 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739

memory/2932-16-0x00000000038E0000-0x0000000003AA3000-memory.dmp

memory/2932-17-0x0000000003AB0000-0x0000000003C67000-memory.dmp

memory/4704-18-0x0000000000400000-0x0000000000848000-memory.dmp

memory/4704-21-0x0000000000400000-0x0000000000848000-memory.dmp

memory/4704-23-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\C303.dll

MD5 dc1426e7dd017041559c858755cc780d
SHA1 3a7422e0dfb734a55cbfddef2ab20ad1c20451d2
SHA256 740a8baa7a93d6a7e1f515318d8f77fbed0606534b6666186da3f5395177461c
SHA512 05a237a6c3ab06397da8bda1a2eeee4af0bda1ad5083864af6d9b0e1b3a94ba0040561db16acdd78f497166cfe835d7ea32d368f752f58cccd1db7f4241790e4

memory/4704-25-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\C303.dll

MD5 cc1d3fe7bb167fe18d8a40924e63dee9
SHA1 317495a3d8c1fa6c8424e416327b941e6bf7947f
SHA256 b48ca9c104c7415f3041524b8261f66dd7914257f1ebf3d80386e69cc79177e3
SHA512 e3057926ab3d8de6ffc8913c8de92bf1e5edaa16f4931c21b6180e70bfcda24f707cd1852fefb137d677cbba004d25905dfbba892226b1b4a7a1e45a12279d62

memory/1460-27-0x0000000000710000-0x0000000000716000-memory.dmp

memory/1460-29-0x0000000010000000-0x0000000010202000-memory.dmp

memory/4704-28-0x0000000000400000-0x0000000000848000-memory.dmp

memory/4704-31-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\C303.dll

MD5 9b1697d40dfd386fdd7e9327844f301a
SHA1 e75defb119e2c7b7d3f75ab70a100ec504af5ebf
SHA256 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d
SHA512 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69

memory/4704-33-0x0000000000B60000-0x0000000000B66000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D5EF.exe

MD5 848b1147d8236710ac109f4d231f46d8
SHA1 9534ecb534f6eb327c160c203b57bb6b7e6b55ca
SHA256 791dcd000c5f65ddcf357898a806428d96e0c1a459797bcecea0314c529f7351
SHA512 624160e20eeca9644e14fd0b107fc12540a37502314187a26bf8b4d3f37c0afbf83bdd0c62ddea3d0cf9f84184cd2ad5407d491247315e0f047d0778aea6d823

C:\Users\Admin\AppData\Local\Temp\D5EF.exe

MD5 7d6ff218d036991e25d3e4addd1683a4
SHA1 a550ffc5db9985efbf385454893e8247b3093c6f
SHA256 bdee967eefcefe7aa09b0b306816701d2c5844bad81eb9c30018c4443803c03b
SHA512 73c926a58da46807a6da5ffcafdb06c4a067d427cb5276a5f9795eaf8c227104658019b5d047e2c3146e8bf9c92b925f5041de491ad48cbd8d68e77411175216

C:\Users\Admin\AppData\Local\Temp\D8B0.exe

MD5 f2d9c4e85e5f9987c9762860e12fd804
SHA1 16350d9eae3690e40303f60dd508384b049a4150
SHA256 f101090194e3e95bcca3cef9f25564a40c1dbb950729040ae03fef4a4db38315
SHA512 71eda687f46e774197fe7fa2d630765b7139104fab348308577bd4cf52adcc56e0ffbc442e7683577aa84a144cc7ec97c28c8f7b43b1dc1881f311fb760157a8

C:\Users\Admin\AppData\Local\Temp\D8B0.exe

MD5 a1b5ee1b9649ab629a7ac257e2392f8d
SHA1 dc1b14b6d57589440fb3021c9e06a3e3191968dc
SHA256 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65
SHA512 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b

memory/3052-45-0x0000000001AB0000-0x0000000001BB0000-memory.dmp

memory/3052-46-0x00000000036D0000-0x000000000373B000-memory.dmp

memory/3052-48-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/3052-47-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/440-49-0x0000000000280000-0x0000000000B71000-memory.dmp

memory/440-52-0x00000000010A0000-0x00000000010A1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E311.exe

MD5 dc223f6ce4c1d7ff421701a415e1cc76
SHA1 2b5c193ad484287fd0a9897a06e4eb04dec6d2d7
SHA256 e326bae5f103f52cbc175b84b986fb9c3e279b60d1941369a17d7666972f145b
SHA512 a0edf6527131a567c81d3a5d09d4691c5099126f84bf97727afbf93f733ec4ff7dbba81b3fc44945e097df5e170eaa7088596afb6b4a076a42eccf047548b67e

C:\Users\Admin\AppData\Local\Temp\E311.exe

MD5 23996f5917e939a08a336ce049b1a842
SHA1 53b781cdee8a125c779959640a910a6f08908bd2
SHA256 16815e667fa4115c008ffb57771b63ab2b594b12fb34d631508bfbe4da376f4c
SHA512 28a67f92bffa4fd4915a279156138e48fb5addbcf30290b13aec29a2cbfd65796760370c134d7a214c0b1191088ab28efc52428074edc97ab004229452a26d3e

memory/1400-58-0x0000000000D30000-0x00000000011BC000-memory.dmp

memory/1400-59-0x0000000074020000-0x00000000747D0000-memory.dmp

memory/440-64-0x00000000010B0000-0x00000000010B1000-memory.dmp

memory/440-63-0x00000000010B0000-0x00000000010B1000-memory.dmp

memory/440-66-0x00000000010B0000-0x00000000010B1000-memory.dmp

memory/440-65-0x00000000010B0000-0x00000000010B1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\EEBA.exe

MD5 0c3f7f76be32866fafcf1b1d26b831c3
SHA1 d7bb7e9437e922de417ce9e9102d2ee6cba7e9e7
SHA256 454e17045a7dd1a6a36dc0a8dcf5dfeebcd0ea36436c94d793de80bd9f150fe2
SHA512 a09084ab2dd088b85b2dbce2e4973c91a372898eda91419c1a79058a53742cced45d87b1c67b2e8c5528c333a2bf0e16d005edcdf33da40626c3c7b07933ad1d

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

MD5 0564a9bf638169a89ccb3820a6b9a58e
SHA1 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb
SHA256 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058
SHA512 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6

memory/1460-79-0x0000000002350000-0x0000000002478000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 d435a1d6c92b350c824ace24f94d5b58
SHA1 2de65c5665e7cfbc18e90a58e778d34948a54eca
SHA256 94add31e627e99dfba3c4abd0159c0a6fba7736eb925e0829b185e1d148261be
SHA512 c3689a2a363277d5f57d6cd52de3e03a9add38a863d03f99ffce5769256d09c19bf5d0c10be7f5659b1bf0e95a7a5185dc37958d8e47a3fe04a57a067c037746

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 a69d289e27bb41f53b03e7385747c0d6
SHA1 77123493d8b4d4830fda005e853e89b65cafd13f
SHA256 e03398b001bf897cb52e69d04d13c7ac1b7edbc2745f6ed9140fe3a8c7942357
SHA512 b600855e1080323aaf0c5ffb7913b8329adde7ef8b2441c6c07565b6d08cd0d6f6976db702aac992ca9ffe17af0a17bfa8ccd031a731557d1f6e8bf888195499

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 621e14c27db223d3e37d71751c91f0e8
SHA1 5d89969cfbbf2ce485b14d8fc3bb2699b8139bb9
SHA256 32dc53571bc0971c09259932c4e53f7b0cd5493a029bc0ea9b1331a5126a6695
SHA512 e359e612d5ee593e8929992940e5514383ce42493eee923e9cae290d352e2abd696ee5d0cc6a7a702265556c61662562efc7f647542397991a06c17e076334bb

memory/1392-91-0x0000000001B40000-0x0000000001C40000-memory.dmp

memory/1392-92-0x00000000035C0000-0x0000000003627000-memory.dmp

memory/1460-86-0x0000000010000000-0x0000000010202000-memory.dmp

memory/1400-93-0x0000000074020000-0x00000000747D0000-memory.dmp

memory/1392-94-0x0000000000400000-0x0000000001A4B000-memory.dmp

memory/1460-96-0x0000000002480000-0x000000000258D000-memory.dmp

memory/4352-98-0x0000000003C30000-0x0000000004037000-memory.dmp

memory/1460-100-0x0000000002480000-0x000000000258D000-memory.dmp

memory/4352-101-0x0000000004040000-0x000000000492B000-memory.dmp

memory/4704-103-0x0000000002EA0000-0x0000000002FC8000-memory.dmp

memory/3052-102-0x0000000000400000-0x0000000001A77000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\u12o.0.exe

MD5 d0de3ce247b4ebb9b0778563f7bb3a47
SHA1 20259867152e73d0027da63f8c351c4e911690ca
SHA256 de333c544b3def02e10b7a8d1c3677efbcbb010ecce2b601573dae1584b9cc1f
SHA512 3811fe4864c154ee020a6c158557e1d42e8ef954c836192acb19241343ad01a2c21e69960f4780b5e2404bf963de0e51cf01fe0ed2b012c8cbec95b36c21661d

memory/1460-109-0x0000000002480000-0x000000000258D000-memory.dmp

memory/4352-110-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/4704-111-0x0000000002FD0000-0x00000000030DD000-memory.dmp

memory/4704-114-0x0000000002FD0000-0x00000000030DD000-memory.dmp

memory/4704-117-0x0000000002FD0000-0x00000000030DD000-memory.dmp

memory/4704-131-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\u12o.1.exe

MD5 06246d5f1675d0680bccaa82ae2b26fd
SHA1 a73d03970a916cfcd6108e042149eadc54b940eb
SHA256 c8a160c92eda31a919466f81f8828eaaa9091f1d66830376e33b32dde7178579
SHA512 57fa90a31f7f7e0cffc3b3e7f0dd23d240c1843cdf98da4e587efb8f0b9ab30649995a7dac4a2d57cac46a918f573402dab61d0d3d7fd89b474535ac8b644ad2

memory/3052-132-0x0000000001AB0000-0x0000000001BB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\u12o.1.exe

MD5 5b87828ea000c7111084d8beed17175e
SHA1 e8aa3848e39c449051702a333e608fafd2e5330f
SHA256 1a557fae2d39d06392f4bea760fb72c87f0959a7c3ac66865e36f316866f57d3
SHA512 56b0d0e5422b89a4659969f59570962dbb267fde913ed051fbedf3d66653c9c23d15c945a6ae8ce5570af010b3671eb0be085e8afb44c3088def9f423290f385

C:\Users\Admin\AppData\Local\Temp\u12o.1.exe

MD5 c5e7334ac8b8e435fa5b16fe87a8a2a5
SHA1 4ad9b72f59400fcbb160433e274336a74639c644
SHA256 9d57dc99061507df3c7bd4081a650cd0dbac6c10c8954f6b17ae97380d939432
SHA512 f4480e52d0aabdec94d2587acea030921085e2b3d7f2174aac65cf7cfe093a9ce17651303969372235558ff2469b4ba1f8edf736a02a9e75d2086785f8f90fb0

memory/3052-135-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/452-136-0x0000000000400000-0x0000000000930000-memory.dmp

memory/452-137-0x0000000000E00000-0x0000000000E01000-memory.dmp

memory/440-138-0x0000000000280000-0x0000000000B71000-memory.dmp

memory/1392-140-0x0000000000400000-0x0000000001A4B000-memory.dmp

memory/4352-142-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/4568-147-0x00000000023C0000-0x00000000024C0000-memory.dmp

memory/4568-148-0x0000000002360000-0x000000000236B000-memory.dmp

memory/4568-149-0x0000000000400000-0x00000000022D4000-memory.dmp

C:\Users\Admin\AppData\Roaming\Temp\Task.bat

MD5 11bb3db51f701d4e42d3287f71a6a43e
SHA1 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86
SHA256 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331
SHA512 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2

memory/4824-152-0x0000000000400000-0x00000000022DC000-memory.dmp

memory/4704-153-0x0000000000400000-0x0000000000848000-memory.dmp

memory/3488-155-0x0000000007F10000-0x0000000007F26000-memory.dmp

memory/4824-154-0x0000000002480000-0x0000000002580000-memory.dmp

memory/4824-156-0x00000000023F0000-0x0000000002417000-memory.dmp

memory/404-157-0x0000000002FE0000-0x0000000003016000-memory.dmp

memory/404-161-0x0000000005840000-0x0000000005E68000-memory.dmp

memory/4568-159-0x0000000000400000-0x00000000022D4000-memory.dmp

memory/4824-162-0x0000000000400000-0x00000000022DC000-memory.dmp

memory/404-163-0x00000000721D0000-0x0000000072980000-memory.dmp

memory/404-164-0x0000000003160000-0x0000000003170000-memory.dmp

memory/404-165-0x0000000003160000-0x0000000003170000-memory.dmp

memory/452-166-0x0000000000400000-0x0000000000930000-memory.dmp

memory/404-167-0x00000000054E0000-0x0000000005502000-memory.dmp

memory/404-168-0x0000000005790000-0x00000000057F6000-memory.dmp

memory/404-169-0x0000000005F70000-0x0000000005FD6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_klbl3ur4.koc.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/404-175-0x0000000005FE0000-0x0000000006334000-memory.dmp

memory/404-180-0x0000000005370000-0x000000000538E000-memory.dmp

memory/404-181-0x0000000006690000-0x00000000066DC000-memory.dmp

memory/4824-182-0x0000000061E00000-0x0000000061EF3000-memory.dmp

memory/404-204-0x0000000006B60000-0x0000000006BA4000-memory.dmp

memory/4352-216-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/440-224-0x00000000010B0000-0x00000000010B1000-memory.dmp

memory/404-225-0x0000000003160000-0x0000000003170000-memory.dmp

memory/404-226-0x0000000007920000-0x0000000007996000-memory.dmp

memory/404-231-0x00000000079C0000-0x00000000079DA000-memory.dmp

memory/404-230-0x0000000008020000-0x000000000869A000-memory.dmp

C:\ProgramData\nss3.dll

MD5 4df2bf0ae4cdb77998d0c70281d3ca12
SHA1 935d164feabd42243aa34f96e8b6af39c93b6306
SHA256 e83d04c5b94f9228037452a4d98b9b495e9f0ccae61fd379bc6ca6819ce904d2
SHA512 bd8c22fbe054da820656e78eb1f00a2da810d99f31100efc47fc1182a24d014890a158fcd606a0beba011194620c4f9153f3be4b6acdd0c59858cd3d4a2c1138

C:\ProgramData\mozglue.dll

MD5 3034aefffccf930e8cb12578cbd21d63
SHA1 59005a981ad09abf45a6b0445d1cf6bd3d68b07d
SHA256 e479913f262e8f78c3cc2d681fc5572ec618e864c1c12859c5b481dd4c8600c9
SHA512 97dbac6b284851241e0b12f502b4c7b164b91cc2485cb51549d2d7022cc4c9079bcac6452568d5c70e1bfe5ac650558c49231308e74209b443673778d756458d

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/404-258-0x0000000007B80000-0x0000000007BB2000-memory.dmp

memory/404-260-0x0000000073360000-0x00000000733AC000-memory.dmp

memory/404-261-0x0000000071410000-0x0000000071764000-memory.dmp

memory/404-271-0x0000000007B40000-0x0000000007B5E000-memory.dmp

memory/404-275-0x0000000007BC0000-0x0000000007C63000-memory.dmp

memory/404-274-0x000000007F2B0000-0x000000007F2C0000-memory.dmp

memory/404-276-0x0000000007C90000-0x0000000007C9A000-memory.dmp

memory/404-280-0x0000000007D60000-0x0000000007DF6000-memory.dmp

memory/404-289-0x0000000007CE0000-0x0000000007CF1000-memory.dmp

C:\ProgramData\Are.docx

MD5 a33e5b189842c5867f46566bdbf7a095
SHA1 e1c06359f6a76da90d19e8fd95e79c832edb3196
SHA256 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454
SHA512 f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 69272d604bcfc79a6cf9c8a117524e0a
SHA1 4c79237f6de3a3e0fb770157a83fb77923b43560
SHA256 40632a2f3dca03b4d56b7e4c8db05c054079c6de44c26579f9f4722270840cdb
SHA512 8aa579a6e603288afeb757b85f5cf72ea32e88c24100820fd890ff7fb0e6edb7b043c1d9adea0667c7912029293d723fea51fbaea6bb26d6e2170aed4c9d5ee6

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 d37ebc874a255f1f295974ba757650b5
SHA1 acd897a324ed3d5a881e8acb9950ed0f475051b4
SHA256 228564164aac87f17e7ef3e4224073501870be47680b8722fdf3a530433fa7b6
SHA512 fe993d0823097d6ad135cd667d8f7b6db817779fed2b8ddba7a5ac76710bc38decbbe5ff7ffb6c2e5273fc5b9474df3c2b6c73e26016f35af2a03164b9cc88e7

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 68ebfe26368a940eaef266d56903cb89
SHA1 4d6c23115cc5e1c80ca6c3fccf65d1caf49993c1
SHA256 54edfd8a8e37d3dc86818e62f3b5d1b78ec53f02a67942637dbf012a507f8e9a
SHA512 6a3a539d151695a952bec28a8c847b948259e04f6d89417cbb93b03fc3b1dcc40655cfa063c016f5afec10b60b14aef1f6331159ead268eab0e3e71cc7168041

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 968cb9309758126772781b83adb8a28f
SHA1 8da30e71accf186b2ba11da1797cf67f8f78b47c
SHA256 92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a
SHA512 4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 6c9ba9f7fee02f83092260ba510a6bda
SHA1 062fb40a0d58e08c902f99b012636138547646c6
SHA256 01f801f795ad666ddb17faaf36a8a56617b0d797d36479cb9fd5c294e4a0d5dc
SHA512 b0ee7230ff661da3f850b1371a040d9b14812bf4b67ecde0093ffccd834390258476b6249bc95289f503f772cfff046374d5558af8eb92986a43ec45210b9866

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 dc8c2451eaeb60693d67b7c6a4a824eb
SHA1 e0f5db63b54afe530a858f50550f209ac5d0150b
SHA256 d06799dc1f60cc359a72462c5332437c9381cbd07e4bb8fa61e1e752d09d7d0d
SHA512 50b195cfd819a1cdd4d9d5f8962bc466232e9359c51ddb4302c2696d377be9e75d32cb0ec99947cad68e460dacf6081374a612158cee5f55f263940a4e3bc1e0

C:\Windows\rss\csrss.exe

MD5 0c7b8daa9b09bcdf947a020bf28c2f19
SHA1 738f89f4da5256d14fe11394cf79e42060a7e98b
SHA256 ff0c709f06a8850794f2501c7dc9ce4ffc75f1ab3039218952cd87a067d3d3ff
SHA512 b069ef6d30a5afafc4b4e2632cb4f9da65e58dcedb66706921d85a6be97a024c1e786ec51299ba52668a65fe948d499609aa2b4978fb20738dd0b643d84cbcf6

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 31ee428f8ec83113c318a3159fd712a4
SHA1 19e4ec4235d44a45aa33fab528a9ae19afeab786
SHA256 3da6f96dfbd08c9c9903bc7cc6c356b06853140ded272cb44177a99b56121994
SHA512 7cc9999e4091398f537e499cd47e11cc2cac8d014255ae4e56b6ce80ac93177b2632836685c894a6f9a332269d4707953a8c34fb04bea0d7b86e3c9794b94f80

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 fcfb3e9117e6aabae05b38a8afd3943a
SHA1 2d2e95a76f11ba24fd0e88097c98e0a4dfcab0e4
SHA256 5c915dcf6c56622d43c79aabeb40ecae4e2544312907c367adaa632b1972f21c
SHA512 12a48a786a9cb3a5fb083e111706abe426500adf0492a9dbfebe1907e4524e1e3dc0cbb82d9036d1f3b5a1e70dcd0ee709f2e9c22b3e15e4ee6f9c143b226f5a

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 7011eee5aae307248e34b80d8c0f47a8
SHA1 5cc6e13e9a2673a30bd9547dac413b1586b57e5a
SHA256 090ec5cf802efbb5e8edc439f5a15d60572c341ae7ec5e03077a4781ebc69423
SHA512 6a1f0322e1bf3337298fd6ff1591ebb16d935db0708728be30d13951af77b135be15ed43c805f45ee5cb97b98e363c9630c0dd275460e4474480a1d5252c9664

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

MD5 d98e33b66343e7c96158444127a117f6
SHA1 bb716c5509a2bf345c6c1152f6e3e1452d39d50d
SHA256 5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1
SHA512 705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-29 05:55

Reported

2024-02-29 05:58

Platform

win7-20240221-en

Max time kernel

37s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe"

Signatures

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Detect binaries embedding considerable number of MFA browser extension IDs.

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects Windows executables referencing non-Windows User-Agents

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects executables Discord URL observed in first stage droppers

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects executables containing URLs to raw contents of a Github gist

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects executables containing artifacts associated with disabling Widnows Defender

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects executables referencing many varying, potentially fake Windows User-Agents

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\90EA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\90EA.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2600 set thread context of 2556 N/A C:\Users\Admin\AppData\Local\Temp\90EA.exe C:\Users\Admin\AppData\Local\Temp\90EA.exe

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\B1A5.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1188 wrote to memory of 2600 N/A N/A C:\Users\Admin\AppData\Local\Temp\90EA.exe
PID 1188 wrote to memory of 2600 N/A N/A C:\Users\Admin\AppData\Local\Temp\90EA.exe
PID 1188 wrote to memory of 2600 N/A N/A C:\Users\Admin\AppData\Local\Temp\90EA.exe
PID 1188 wrote to memory of 2600 N/A N/A C:\Users\Admin\AppData\Local\Temp\90EA.exe
PID 2600 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\90EA.exe C:\Users\Admin\AppData\Local\Temp\90EA.exe
PID 2600 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\90EA.exe C:\Users\Admin\AppData\Local\Temp\90EA.exe
PID 2600 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\90EA.exe C:\Users\Admin\AppData\Local\Temp\90EA.exe
PID 2600 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\90EA.exe C:\Users\Admin\AppData\Local\Temp\90EA.exe
PID 2600 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\90EA.exe C:\Users\Admin\AppData\Local\Temp\90EA.exe
PID 2600 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\90EA.exe C:\Users\Admin\AppData\Local\Temp\90EA.exe
PID 2600 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\90EA.exe C:\Users\Admin\AppData\Local\Temp\90EA.exe
PID 2600 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\90EA.exe C:\Users\Admin\AppData\Local\Temp\90EA.exe
PID 2600 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\90EA.exe C:\Users\Admin\AppData\Local\Temp\90EA.exe
PID 1188 wrote to memory of 2636 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1188 wrote to memory of 2636 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1188 wrote to memory of 2636 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1188 wrote to memory of 2636 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1188 wrote to memory of 2636 N/A N/A C:\Windows\system32\regsvr32.exe
PID 2636 wrote to memory of 2580 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2636 wrote to memory of 2580 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2636 wrote to memory of 2580 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2636 wrote to memory of 2580 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2636 wrote to memory of 2580 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2636 wrote to memory of 2580 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2636 wrote to memory of 2580 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1188 wrote to memory of 2516 N/A N/A C:\Users\Admin\AppData\Local\Temp\B1A5.exe
PID 1188 wrote to memory of 2516 N/A N/A C:\Users\Admin\AppData\Local\Temp\B1A5.exe
PID 1188 wrote to memory of 2516 N/A N/A C:\Users\Admin\AppData\Local\Temp\B1A5.exe
PID 1188 wrote to memory of 2516 N/A N/A C:\Users\Admin\AppData\Local\Temp\B1A5.exe
PID 1188 wrote to memory of 2176 N/A N/A C:\Users\Admin\AppData\Local\Temp\B760.exe
PID 1188 wrote to memory of 2176 N/A N/A C:\Users\Admin\AppData\Local\Temp\B760.exe
PID 1188 wrote to memory of 2176 N/A N/A C:\Users\Admin\AppData\Local\Temp\B760.exe
PID 1188 wrote to memory of 2176 N/A N/A C:\Users\Admin\AppData\Local\Temp\B760.exe

Processes

C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe

"C:\Users\Admin\AppData\Local\Temp\d6567cc8e6b82d69347065de9fa8c7d2441ee63185ac52fe0e5e4bc6b2642910.exe"

C:\Users\Admin\AppData\Local\Temp\90EA.exe

C:\Users\Admin\AppData\Local\Temp\90EA.exe

C:\Users\Admin\AppData\Local\Temp\90EA.exe

C:\Users\Admin\AppData\Local\Temp\90EA.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9A8C.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\9A8C.dll

C:\Users\Admin\AppData\Local\Temp\B1A5.exe

C:\Users\Admin\AppData\Local\Temp\B1A5.exe

C:\Users\Admin\AppData\Local\Temp\B760.exe

C:\Users\Admin\AppData\Local\Temp\B760.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 124

C:\Users\Admin\AppData\Local\Temp\D51E.exe

C:\Users\Admin\AppData\Local\Temp\D51E.exe

C:\Users\Admin\AppData\Local\Temp\E46B.exe

C:\Users\Admin\AppData\Local\Temp\E46B.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Users\Admin\AppData\Local\Temp\u198.0.exe

"C:\Users\Admin\AppData\Local\Temp\u198.0.exe"

C:\Users\Admin\AppData\Local\Temp\u198.1.exe

"C:\Users\Admin\AppData\Local\Temp\u198.1.exe"

C:\Windows\system32\makecab.exe

"C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20240229055649.log C:\Windows\Logs\CBS\CbsPersist_20240229055649.cab

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F

C:\Windows\system32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

Network

Country Destination Domain Proto
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 trmpc.com udp
IR 151.233.51.166:80 trmpc.com tcp
SG 209.58.180.90:443 tcp
DE 5.181.51.52:9001 tcp
US 8.8.8.8:53 joly.bestsup.su udp
US 172.67.171.112:80 joly.bestsup.su tcp
DE 185.220.101.1:30001 tcp
DE 185.172.128.90:80 185.172.128.90 tcp
FR 145.239.41.102:9100 tcp
LV 94.140.120.130:443 tcp
DE 185.172.128.127:80 185.172.128.127 tcp
DE 185.172.128.127:80 185.172.128.127 tcp
DE 185.172.128.109:80 185.172.128.109 tcp
DE 185.172.128.145:80 185.172.128.145 tcp
FR 145.239.41.102:9100 tcp
LV 94.140.120.130:443 tcp
US 8.8.8.8:53 fashionluxemode.com udp
US 8.8.8.8:53 fashiontrends15.com udp
US 8.8.8.8:53 fastdelivery123.com udp
US 8.8.8.8:53 featuredt-shirt.com udp
US 8.8.8.8:53 financiallvoice.com udp
US 8.8.8.8:53 fitnessfreaks45.com udp
US 8.8.8.8:53 fitnessgymnasca.com udp
US 8.8.8.8:53 floreriaykebana.com udp
US 8.8.8.8:53 focuscompanymkt.com udp
US 8.8.8.8:53 fornecedorambev.com udp
US 8.8.8.8:53 frederic-bordet.com udp
US 8.8.8.8:53 freehealthworld.com udp
FR 89.116.147.20:443 frederic-bordet.com tcp
US 8.8.8.8:53 freelandroofing.com udp
US 172.67.165.64:443 freehealthworld.com tcp
US 8.8.8.8:53 freethingsblogs.com udp
US 8.8.8.8:53 frezarineventos.com udp
US 162.214.101.75:443 freelandroofing.com tcp
GB 185.77.97.119:443 fashionluxemode.com tcp
BR 149.100.155.196:443 frezarineventos.com tcp
US 8.8.8.8:53 friendfortravel.com udp
US 8.8.8.8:53 fundrecoveryltd.com udp
GB 185.77.97.110:443 freethingsblogs.com tcp
SG 191.101.230.83:443 financiallvoice.com tcp
BR 154.41.224.205:443 fastdelivery123.com tcp
US 8.8.8.8:53 galaxymotorcars.com udp
US 8.8.8.8:53 futurelitewater.com udp
FR 154.49.245.25:443 friendfortravel.com tcp
NL 162.0.217.63:443 fundrecoveryltd.com tcp
IN 89.117.27.100:443 fitnessfreaks45.com tcp
BR 154.41.224.205:443 fastdelivery123.com tcp
US 8.8.8.8:53 gamifychallenge.com udp
US 104.21.68.230:443 galaxymotorcars.com tcp
US 172.67.128.37:443 featuredt-shirt.com tcp
IN 82.180.165.229:443 futurelitewater.com tcp
US 8.8.8.8:53 gardinergetaway.com udp
US 8.8.8.8:53 germantownranch.com udp
US 8.8.8.8:53 www.friendfortravel.com udp
US 8.8.8.8:53 get77slotwallet.com udp
US 8.8.8.8:53 giftswonderland.com udp
US 192.250.227.22:443 fitnessgymnasca.com tcp
LT 84.32.84.32:443 fornecedorambev.com tcp
BR 45.152.46.6:443 focuscompanymkt.com tcp
US 8.8.8.8:53 glambeautytouch.com udp
US 146.190.153.3:443 gardinergetaway.com tcp
US 8.8.8.8:53 gluteosperfecto.com udp
US 208.113.188.141:443 giftswonderland.com tcp
BE 13.225.239.13:80 www.friendfortravel.com tcp
US 192.64.119.204:80 germantownranch.com tcp
US 172.67.204.240:443 get77slotwallet.com tcp
US 23.239.27.53:443 floreriaykebana.com tcp
US 172.67.206.174:443 glambeautytouch.com tcp
US 185.212.70.44:443 gluteosperfecto.com tcp
US 8.8.8.8:53 golfparadise-au.com udp
US 8.8.8.8:53 goldencointoken.com udp
US 8.8.8.8:53 goutezlaqualite.com udp
US 104.21.0.135:443 golfparadise-au.com tcp
US 8.8.8.8:53 gradeadventures.com udp
US 8.8.8.8:53 grandiosevision.com udp
US 8.8.8.8:53 www.germantownranch.com udp
US 8.8.8.8:53 gratefulpuzzles.com udp
US 8.8.8.8:53 greencareagency.com udp
US 89.117.139.104:443 goldencointoken.com tcp
FR 185.46.230.173:443 goutezlaqualite.com tcp
US 8.8.8.8:53 happyeventgroup.com udp
US 8.8.8.8:53 handy-homeowner.com udp
US 185.212.71.169:443 gradeadventures.com tcp
US 13.107.246.64:443 www.germantownranch.com tcp
GB 81.27.92.75:443 greencareagency.com tcp
BE 13.225.239.13:443 www.friendfortravel.com tcp
US 8.8.8.8:53 hatchbrandingco.com udp
US 8.8.8.8:53 growthforinvest.com udp
US 8.8.8.8:53 hightechwizards.com udp
US 8.8.8.8:53 highstakeshaven.com udp
US 8.8.8.8:53 hindisarkarijob.com udp
US 8.8.8.8:53 hotelmanitarini.com udp
US 8.8.8.8:53 www.giftswonderland.com udp
US 8.8.8.8:53 houseofmandiyyc.com udp
US 160.153.0.188:443 grandiosevision.com tcp
US 8.8.8.8:53 www.1videoproduction.com udp
US 160.153.0.172:443 gratefulpuzzles.com tcp
IN 217.21.91.155:443 happyeventgroup.com tcp
US 162.159.137.9:443 hatchbrandingco.com tcp
IN 89.117.27.165:443 hindisarkarijob.com tcp
US 15.197.142.173:443 hightechwizards.com tcp
US 3.142.207.209:80 highstakeshaven.com tcp
US 160.153.0.190:443 handy-homeowner.com tcp
IN 89.117.157.252:443 hotelmanitarini.com tcp
TR 77.245.159.12:443 www.1videoproduction.com tcp
US 208.113.188.141:443 www.giftswonderland.com tcp
FI 65.108.111.241:443 growthforinvest.com tcp
US 8.8.8.8:53 3cuerdasy1colgao.com udp
US 72.167.103.253:443 houseofmandiyyc.com tcp
US 8.8.8.8:53 3dpersonalizados.com udp
US 8.8.8.8:53 a2zsarkariyojana.com udp
US 8.8.8.8:53 aaamarvelhosting.com udp
US 8.8.8.8:53 accessoryaccents.com udp
US 8.8.8.8:53 advancedwhispers.com udp
CA 51.222.47.205:443 3cuerdasy1colgao.com tcp
US 8.8.8.8:53 albertomugnaiart.com udp
US 8.8.8.8:53 www.agricolamengolin.com udp
US 8.8.8.8:53 aceitesconestilo.com udp
US 8.8.8.8:53 www.agrologisticsltd.com udp
US 8.8.8.8:53 alfadigitalstore.com udp
US 8.8.8.8:53 www.hatchbrandingco.com udp
US 8.8.8.8:53 allsecuritydoors.com udp
US 8.8.8.8:53 alpinehomeliving.com udp
US 8.8.8.8:53 alhilalelevators.com udp
US 8.8.8.8:53 allindiafootball.com udp
ES 89.248.105.40:443 aceitesconestilo.com tcp
US 151.106.97.121:443 a2zsarkariyojana.com tcp
ES 82.223.11.39:443 3dpersonalizados.com tcp
US 89.117.139.35:443 www.agrologisticsltd.com tcp
US 104.21.30.233:443 accessoryaccents.com tcp
BG 217.174.152.68:443 aaamarvelhosting.com tcp
IT 62.149.166.75:443 www.agricolamengolin.com tcp
US 62.72.54.181:443 advancedwhispers.com tcp
US 86.38.202.248:443 alfadigitalstore.com tcp
US 162.159.138.9:443 www.hatchbrandingco.com tcp
US 154.56.47.174:443 alhilalelevators.com tcp
US 104.255.170.81:443 allsecuritydoors.com tcp
IN 82.180.143.220:443 allindiafootball.com tcp
IT 86.107.32.169:443 albertomugnaiart.com tcp
US 8.8.8.8:53 www.junkcarremovalnearpleasanthill.com udp
US 8.8.8.8:53 www.roadsideassistancenearriverton.com udp
US 8.8.8.8:53 www.24hourmotorcycletowinghartford.com udp
US 8.8.8.8:53 www.24hourroadsideassistancehobart.com udp
US 8.8.8.8:53 www.24hourtireassistancewaynesboro.com udp
DE 148.251.89.61:443 alpinehomeliving.com tcp
US 8.8.8.8:53 www.24hrroadassistancesouthlebanon.com udp
US 8.8.8.8:53 www.roadsidetireserviceforestville.com udp
US 8.8.8.8:53 www.24hourroadsideassistancemuscoy.com udp
US 8.8.8.8:53 www.24houroffroadrecoverycrestwood.com udp
US 8.8.8.8:53 www.24hrroadassistancepingreegrove.com udp
US 8.8.8.8:53 www.affordableboattowingalexandria.com udp
US 8.8.8.8:53 pmc360.org udp
US 198.12.223.190:443 www.24hourroadsideassistancehobart.com tcp
US 72.167.65.7:443 www.junkcarremovalnearpleasanthill.com tcp
US 198.12.217.39:443 www.affordableboattowingalexandria.com tcp
US 50.63.19.223:443 www.roadsidetireserviceforestville.com tcp
US 216.69.166.50:443 www.24hourmotorcycletowinghartford.com tcp
US 50.63.19.223:443 www.roadsidetireserviceforestville.com tcp
US 198.12.210.211:443 www.24hourroadsideassistancemuscoy.com tcp
US 72.167.210.101:443 www.roadsideassistancenearriverton.com tcp
US 198.12.217.39:443 www.affordableboattowingalexandria.com tcp
US 68.178.221.2:443 www.24hrroadassistancepingreegrove.com tcp
US 162.246.19.91:443 pmc360.org tcp
US 50.63.26.195:443 www.24hourtireassistancewaynesboro.com tcp
US 68.178.246.137:443 www.24houroffroadrecoverycrestwood.com tcp
US 8.8.8.8:53 fapeza.org udp
US 8.8.8.8:53 gricbgc.org udp
US 8.8.8.8:53 benrati.org udp
US 8.8.8.8:53 rcc-som.org udp
US 8.8.8.8:53 wibatng.org udp
US 8.8.8.8:53 www.alfadigitalstore.com udp
US 8.8.8.8:53 bnw2024.org udp
US 8.8.8.8:53 rademor.org udp
US 8.8.8.8:53 www.seacmeq.org udp
US 8.8.8.8:53 ihvider.org udp
US 8.8.8.8:53 www.murales.org udp
US 8.8.8.8:53 www.yourdex.net udp
US 8.8.8.8:53 sambhog.org udp
US 8.8.8.8:53 xrbible.org udp
US 8.8.8.8:53 tintech.org udp
US 8.8.8.8:53 www.gwelectric.com udp
US 8.8.8.8:53 agrologisticsltd.com udp
US 8.8.8.8:53 ufa007s.org udp
US 8.8.8.8:53 avhs-ev.org udp
US 172.67.154.36:443 fapeza.org tcp
US 104.21.72.13:443 ufa007s.org tcp
GB 31.170.164.158:443 rcc-som.org tcp
US 86.38.202.248:443 www.alfadigitalstore.com tcp
LT 45.88.197.170:443 ihvider.org tcp
US 104.21.28.175:443 tintech.org tcp
US 63.250.43.3:443 www.yourdex.net tcp
IT 89.46.108.13:443 www.murales.org tcp
IN 119.18.49.6:443 sambhog.org tcp
US 69.163.228.97:443 avhs-ev.org tcp
BW 168.167.8.201:80 www.seacmeq.org tcp
US 162.241.24.26:443 rademor.org tcp
US 141.193.213.10:443 gricbgc.org tcp
US 66.117.3.4:443 benrati.org tcp
US 89.117.139.35:443 agrologisticsltd.com tcp
US 162.241.24.227:443 bnw2024.org tcp
US 104.20.117.128:443 www.gwelectric.com tcp
US 8.8.8.8:53 hanbagi.org udp
US 172.67.205.8:443 hanbagi.org tcp
US 8.8.8.8:53 upphaar.org udp
US 8.8.8.8:53 ongasdn.org udp
US 8.8.8.8:53 miburro.org udp
US 8.8.8.8:53 sasiinc.org udp
US 8.8.8.8:53 diyzone.org udp
US 8.8.8.8:53 wptest.webspacekit.com udp
US 8.8.8.8:53 www.kc13692.org udp
US 8.8.8.8:53 murikaf.org udp
US 8.8.8.8:53 esvicis.org udp
US 104.21.26.86:443 wptest.webspacekit.com tcp
IT 81.88.52.146:443 miburro.org tcp
US 173.201.180.210:443 sasiinc.org tcp
US 8.8.8.8:53 amorwatch.com udp
US 8.8.8.8:53 fatpepe.org udp
US 8.8.8.8:53 www.elsolmagazine.com udp
US 8.8.8.8:53 pgvip86.org udp
US 8.8.8.8:53 blog.huulc.com udp
US 8.8.8.8:53 patnahost.net udp
CH 217.26.61.125:443 esvicis.org tcp
US 191.101.79.191:443 murikaf.org tcp
US 208.113.188.121:443 www.kc13692.org tcp
US 207.174.213.181:443 ongasdn.org tcp
US 162.214.81.23:443 upphaar.org tcp
US 8.8.8.8:53 studyacer.net udp
US 172.67.202.133:443 pgvip86.org tcp
US 162.254.39.103:443 amorwatch.com tcp
US 104.21.27.116:443 blog.huulc.com tcp
IN 82.180.143.241:443 patnahost.net tcp
FR 51.255.30.108:443 www.elsolmagazine.com tcp
LT 84.32.84.32:443 fatpepe.org tcp
US 8.8.8.8:53 supplydiy.net udp
US 8.8.8.8:53 tunalojas.net udp
US 8.8.8.8:53 sindietas.net udp
US 8.8.8.8:53 www.onoratidesign.com udp
US 8.8.8.8:53 www.hanbagi.org udp
US 8.8.8.8:53 whiitebit.net udp
US 8.8.8.8:53 afkcooking.net udp
US 8.8.8.8:53 b55-codes.com udp
US 8.8.8.8:53 ufabet015.net udp
US 104.21.28.35:443 supplydiy.net tcp
US 8.8.8.8:53 xocdia123.net udp
US 8.8.8.8:53 ahoravoley.com udp
US 8.8.8.8:53 aiwisemind.net udp
GB 154.49.138.80:443 studyacer.net tcp
US 8.8.8.8:53 amoljadhav.net udp
FR 46.105.204.31:443 sindietas.net tcp
US 104.21.22.189:443 xocdia123.net tcp
US 66.117.3.4:443 www.onoratidesign.com tcp
US 8.8.8.8:53 celebrityz.net udp
US 8.8.8.8:53 clubecoroa.net udp
US 8.8.8.8:53 colacromos.net udp
US 8.8.8.8:53 bluelifetc.net udp
US 8.8.8.8:53 daniacosta.net udp
US 8.8.8.8:53 mengueme.acesy.nl udp
US 8.8.8.8:53 danlanpher.com udp
US 8.8.8.8:53 darulasrar.net udp
US 149.100.151.200:443 afkcooking.net tcp
US 8.8.8.8:53 divorcemap.net udp
US 8.8.8.8:53 franphenix.net udp
US 104.21.3.213:443 ufabet015.net tcp
US 104.21.22.126:443 www.hanbagi.org tcp
RU 194.67.193.111:443 aiwisemind.net tcp
US 8.8.8.8:53 donapaella.net udp
US 31.170.167.245:443 amoljadhav.net tcp
US 8.8.8.8:53 hanya-shop.net udp
US 8.8.8.8:53 iptvchoice.net udp
BR 45.152.46.36:443 bluelifetc.net tcp
US 104.21.26.170:443 whiitebit.net tcp
US 8.8.8.8:53 hscoaching.net udp
DE 54.38.152.208:443 mengueme.acesy.nl tcp
US 8.8.8.8:53 joniserver.net udp
US 8.8.8.8:53 www.lambocloud.net udp
ES 185.209.60.38:443 ahoravoley.com tcp
US 162.241.244.25:443 divorcemap.net tcp
SG 166.62.10.185:80 darulasrar.net tcp
GB 145.14.152.96:443 daniacosta.net tcp
US 160.153.0.21:443 danlanpher.com tcp
US 8.8.8.8:53 www.bymarcpastor.com udp
US 50.31.160.220:80 colacromos.net tcp
US 86.38.202.249:443 hanya-shop.net tcp
SG 66.42.53.125:443 joniserver.net tcp
ES 217.76.130.136:443 donapaella.net tcp
US 162.241.61.124:443 franphenix.net tcp
HK 148.66.54.2:443 www.lambocloud.net tcp
US 157.245.243.145:443 celebrityz.net tcp
FR 154.49.245.35:443 hscoaching.net tcp
GB 141.136.33.15:443 iptvchoice.net tcp
ES 185.140.32.29:443 www.bymarcpastor.com tcp
US 8.8.8.8:53 metroluwuk.net udp
US 8.8.8.8:53 mondiocese.net udp
US 8.8.8.8:53 mirainouen.net udp
US 8.8.8.8:53 prasadtech.net udp
US 8.8.8.8:53 premiumbmc.net udp
US 8.8.8.8:53 purespices.net udp
US 8.8.8.8:53 rehaltours.net udp
US 8.8.8.8:53 nonukslots.net udp
US 8.8.8.8:53 resourcers.net udp
BE 213.158.94.139:443 premiumbmc.net tcp
JP 157.7.184.16:443 mirainouen.net tcp
IN 89.117.188.242:443 prasadtech.net tcp
US 162.241.217.225:443 purespices.net tcp
US 8.8.8.8:53 reise-reif.net udp
US 8.8.8.8:53 sobrepadel.net udp
ID 202.52.146.246:443 metroluwuk.net tcp
FR 89.117.169.80:443 mondiocese.net tcp
US 8.8.8.8:53 ufa345mall.net udp
RU 194.67.193.138:443 rehaltours.net tcp
US 104.21.6.194:443 nonukslots.net tcp
US 86.38.202.95:443 sobrepadel.net tcp
US 195.35.15.82:443 resourcers.net tcp
DE 85.13.129.160:80 reise-reif.net tcp
US 8.8.8.8:53 www.velacademy.net udp
US 172.67.222.174:443 ufa345mall.net tcp
US 8.8.8.8:53 tomatotest.net udp
US 8.8.8.8:53 yaeldesign.net udp
US 8.8.8.8:53 24x7hosting.net udp
US 8.8.8.8:53 arthurpools.net udp
US 8.8.8.8:53 ayudaprompt.net udp
US 8.8.8.8:53 tradeflowalgo.net udp
US 8.8.8.8:53 betetrading.net udp
US 8.8.8.8:53 websigorta.net udp
US 8.8.8.8:53 bajrangbaan.net udp
US 8.8.8.8:53 advantageva.net udp
US 8.8.8.8:53 dealsonfire.net udp
US 8.8.8.8:53 yousustain.net udp
US 8.8.8.8:53 autarkstrom.net udp
GB 154.49.138.62:443 yaeldesign.net tcp
GB 109.70.148.67:443 betetrading.net tcp
FR 193.70.117.88:443 www.velacademy.net tcp
FR 154.49.245.193:443 ayudaprompt.net tcp
CA 107.161.32.206:80 arthurpools.net tcp
IN 103.191.209.47:443 24x7hosting.net tcp
US 162.215.240.240:443 dealsonfire.net tcp
DE 85.13.145.120:80 autarkstrom.net tcp
TR 95.173.190.12:443 websigorta.net tcp
DE 5.189.161.19:443 yousustain.net tcp
FR 89.117.168.195:443 tomatotest.net tcp
US 50.87.142.46:443 tradeflowalgo.net tcp
US 8.8.8.8:53 dellatreats.net udp
US 8.8.8.8:53 e-pinmarket.net udp
US 8.8.8.8:53 texxasjam.org udp
US 8.8.8.8:53 enclavedefa.net udp
US 8.8.8.8:53 ghdsportapp.net udp
US 8.8.8.8:53 e-luxurybag.net udp
US 8.8.8.8:53 eumodoturbo.net udp
US 8.8.8.8:53 liriklagu.org udp
SG 156.67.222.38:443 advantageva.net tcp
IN 45.79.122.222:443 bajrangbaan.net tcp
US 89.117.139.91:443 dellatreats.net tcp
US 172.67.135.14:80 e-luxurybag.net tcp
FR 15.188.219.54:443 eumodoturbo.net tcp
FR 51.178.1.180:80 liriklagu.org tcp
FR 89.116.147.26:443 enclavedefa.net tcp
US 8.8.8.8:53 www.swissness.org udp
US 8.8.8.8:53 techprobc.org udp
US 8.8.8.8:53 lwconsult.org udp
US 104.21.27.40:443 ghdsportapp.net tcp
US 8.8.8.8:53 rami-levi.org udp
US 8.8.8.8:53 plancrecer.org udp
US 8.8.8.8:53 ketobites.org udp
US 8.8.8.8:53 echoprojet.org udp
US 8.8.8.8:53 koreanpepe.org udp
US 8.8.8.8:53 leadcom.no udp
US 8.8.8.8:53 www.samuelodoh.org udp
US 76.223.105.230:443 techprobc.org tcp
US 162.241.226.175:443 lwconsult.org tcp
US 8.8.8.8:53 pedsiriraj.org udp
US 8.8.8.8:53 devintage.org udp
US 8.8.8.8:53 secardevez.org udp
US 162.241.24.110:443 rami-levi.org tcp
CH 84.16.72.109:443 echoprojet.org tcp
US 170.39.76.40:443 www.swissness.org tcp
NO 104.37.38.121:443 leadcom.no tcp
US 162.241.216.245:443 koreanpepe.org tcp
US 131.153.147.34:443 www.samuelodoh.org tcp
US 50.87.150.116:443 ketobites.org tcp
US 162.241.30.65:80 devintage.org tcp
US 8.8.8.8:53 filabeograd.org udp
US 216.172.172.194:443 secardevez.org tcp
US 3.33.152.147:443 hightechwizards.com tcp
US 192.185.170.70:443 plancrecer.org tcp
NO 104.37.38.121:443 leadcom.no tcp
TH 147.50.227.16:443 pedsiriraj.org tcp
US 8.8.8.8:53 theqsource.org udp
US 8.8.8.8:53 genesisketo.org udp
US 8.8.8.8:53 hardsiedler.org udp
US 8.8.8.8:53 www.mengueme.cm udp
US 8.8.8.8:53 vigorignite.org udp
US 8.8.8.8:53 conectaprome.org udp
US 8.8.8.8:53 marcosoares.org udp
US 8.8.8.8:53 rootedininc.org udp
US 8.8.8.8:53 akriliklembaran.com udp
US 8.8.8.8:53 www.itsthegirls.org udp
RS 195.252.110.154:443 filabeograd.org tcp
NO 104.37.38.121:443 leadcom.no tcp
US 192.185.41.37:443 genesisketo.org tcp
NO 104.37.38.121:443 leadcom.no tcp
US 192.254.224.20:443 vigorignite.org tcp
US 8.8.8.8:53 donoharm2022.org udp
DE 54.38.152.208:443 www.mengueme.cm tcp
NO 104.37.38.121:443 leadcom.no tcp
ES 217.76.130.125:80 conectaprome.org tcp
US 162.144.13.179:443 marcosoares.org tcp
US 8.8.8.8:53 corpcomercio.org udp
US 8.8.8.8:53 wtfact.xyz udp
US 8.8.8.8:53 cityarchpro.com udp
NO 104.37.38.121:443 leadcom.no tcp
US 66.81.203.198:443 www.itsthegirls.org tcp
US 67.205.10.142:443 theqsource.org tcp
DE 85.13.143.24:443 hardsiedler.org tcp
NO 104.37.38.121:443 leadcom.no tcp
US 8.8.8.8:53 codehousekw.com udp
SG 103.145.227.123:443 akriliklembaran.com tcp
US 8.8.8.8:53 cocobigbell.com udp
SG 172.96.191.223:443 wtfact.xyz tcp
US 8.8.8.8:53 codetechrev.com udp
US 107.190.140.50:443 rootedininc.org tcp
UA 185.68.16.159:443 cityarchpro.com tcp
US 192.254.233.93:80 donoharm2022.org tcp
US 8.8.8.8:53 chocovanila.com udp
US 108.167.149.254:80 corpcomercio.org tcp
US 165.227.80.39:443 chocovanila.com tcp
US 8.8.8.8:53 connect0501.com udp
KR 158.247.252.97:443 cocobigbell.com tcp
US 8.8.8.8:53 coke2kaufen.com udp
US 8.8.8.8:53 www.construorti.com udp
NL 191.96.63.168:443 codehousekw.com tcp
US 8.8.8.8:53 www.construniva.com udp
US 50.87.239.132:443 gministries.org tcp
US 8.8.8.8:53 comasypunto.com udp
US 8.8.8.8:53 covan-group.com udp
US 8.8.8.8:53 cookeyworld.com udp
US 8.8.8.8:53 cybersamuha.com udp
US 8.8.8.8:53 craftedglow.com udp
ES 217.76.130.125:443 conectaprome.org tcp
US 8.8.8.8:53 cutenessing.com udp
NL 145.14.151.196:443 coke2kaufen.com tcp
US 8.8.8.8:53 dataglimmer.com udp
JP 133.242.220.117:443 connect0501.com tcp
US 65.99.225.94:443 www.construniva.com tcp
US 8.8.8.8:53 cryptotevar.com udp
US 65.99.225.39:443 www.construorti.com tcp
US 8.8.8.8:53 dayouguoxue.com udp
US 104.21.49.196:443 cutenessing.com tcp
US 8.8.8.8:53 dcgwebsites.com udp
US 63.250.43.135:443 dataglimmer.com tcp
KR 64.176.226.144:443 cookeyworld.com tcp
GB 185.77.97.68:443 cybersamuha.com tcp
US 8.8.8.8:53 www.cityarchpro.com udp
IN 193.203.185.70:443 cryptotevar.com tcp
US 8.8.8.8:53 decodebuddy.com udp
US 50.31.174.101:443 craftedglow.com tcp
CN 114.132.247.200:443 dayouguoxue.com tcp
US 8.8.8.8:53 dentaltossa.com udp
UA 185.68.16.159:443 www.cityarchpro.com tcp
US 160.153.0.165:443 comasypunto.com tcp
US 8.8.8.8:53 deeppowerfm.com udp
NL 185.206.160.8:443 covan-group.com tcp
US 216.137.178.195:443 dentaltossa.com tcp
FR 54.36.145.173:443 deeppowerfm.com tcp
US 8.8.8.8:53 dfmshopping.com udp
US 8.8.8.8:53 dhruvdtours.com udp
DE 116.202.221.212:80 dhruvdtours.com tcp
US 8.8.8.8:53 digicabletv.com udp
GB 141.136.33.49:443 decodebuddy.com tcp
DE 38.242.151.118:443 digicabletv.com tcp
US 8.8.8.8:53 digiinfobuz.com udp
US 8.8.8.8:53 digisenderr.com udp
IN 89.117.157.93:443 digiinfobuz.com tcp
US 86.38.202.88:443 codetechrev.com tcp
US 212.1.211.52:443 digisenderr.com tcp
IE 91.210.235.23:443 dcgwebsites.com tcp
US 8.8.8.8:53 digisolstar.com udp
US 8.8.8.8:53 donmazzella.com udp
US 8.8.8.8:53 dosug-spb24.com udp
US 8.8.8.8:53 www.dhruvdtours.com udp
BR 62.72.62.193:80 digisolstar.com tcp
US 8.8.8.8:53 imunify-alert.com udp
US 8.8.8.8:53 djundercova.com udp
US 8.8.8.8:53 imunify-alert.com udp
US 8.8.8.8:53 dreamasiamy.com udp
US 8.8.8.8:53 dogusagency.com udp
US 8.8.8.8:53 dunaatacama.com udp
US 8.8.8.8:53 www.codehousekw.com udp
US 172.67.176.47:443 imunify-alert.com tcp
US 8.8.8.8:53 lineapopular.com udp
US 8.8.8.8:53 pumpchinchin.com udp
DE 116.202.221.212:80 www.dhruvdtours.com tcp
US 8.8.8.8:53 rajavommangi.com udp
US 8.8.8.8:53 dyedstudios.com udp
US 8.8.8.8:53 roxyandmidna.com udp
US 8.8.8.8:53 durra-store.com udp
US 172.67.176.47:443 imunify-alert.com tcp
US 8.8.8.8:53 ecomtrusted.com udp
US 8.8.8.8:53 r4conference.com udp
US 8.8.8.8:53 rueanbutsaba.com udp
US 8.8.8.8:53 easybike-br.com udp
US 8.8.8.8:53 rumahscatter.com udp
US 8.8.8.8:53 realyogabali.com udp
US 8.8.8.8:53 samhatravels.com udp
US 8.8.8.8:53 savanijewels.com udp
US 8.8.8.8:53 saludcoqueta.com udp
IN 154.56.53.215:443 durra-store.com tcp
US 154.56.47.14:443 djundercova.com tcp
TR 95.173.177.114:443 dogusagency.com tcp
CL 186.64.119.170:443 dunaatacama.com tcp
SG 184.168.98.254:443 dreamasiamy.com tcp
NL 191.96.63.168:443 www.codehousekw.com tcp
US 162.254.39.7:443 hightechwizards.com tcp
US 8.8.8.8:53 michaelsonny.com udp
US 104.21.32.178:443 easybike-br.com tcp
TH 103.80.48.28:443 rueanbutsaba.com tcp
US 162.0.229.58:443 rumahscatter.com tcp
GB 18.133.60.229:443 dosug-spb24.com tcp
US 68.66.226.115:443 r4conference.com tcp
US 204.93.224.121:443 lineapopular.com tcp
US 146.71.86.235:443 rajavommangi.com tcp
US 144.208.66.42:80 donmazzella.com tcp
CA 144.217.111.51:443 roxyandmidna.com tcp
US 8.8.8.8:53 sarcasmscans.com udp
US 8.8.8.8:53 saveytvideos.com udp
US 8.8.8.8:53 sawasdeeplus.com udp
US 8.8.8.8:53 savvyecmoney.com udp
JP 183.90.183.166:443 pumpchinchin.com tcp
US 149.100.151.169:443 samhatravels.com tcp
ID 153.92.13.10:80 realyogabali.com tcp
SG 156.67.222.73:443 dyedstudios.com tcp
US 216.239.32.21:443 savanijewels.com tcp
US 172.67.176.47:443 imunify-alert.com tcp
US 104.21.82.56:443 sarcasmscans.com tcp
US 66.29.132.68:443 michaelsonny.com tcp
FR 89.117.169.156:443 ecomtrusted.com tcp
US 89.117.139.96:443 saveytvideos.com tcp
US 162.241.225.108:443 savvyecmoney.com tcp
US 8.8.8.8:53 scenikacases.com udp
BR 154.49.247.193:443 sawasdeeplus.com tcp
US 8.8.8.8:53 sashimi-sp.com udp
US 8.8.8.8:53 sehatsampada.com udp
US 8.8.8.8:53 savanijewellery.com udp
US 8.8.8.8:53 screenrantsr.com udp
US 8.8.8.8:53 senorfitness.com udp
US 8.8.8.8:53 shadygrovelc.com udp
US 8.8.8.8:53 shahrebereng.com udp
US 8.8.8.8:53 searchzillaa.com udp
US 8.8.8.8:53 schloss-haus.com udp
US 8.8.8.8:53 selectorellc.com udp
US 8.8.8.8:53 seowitherica.com udp
US 8.8.8.8:53 shiconneplus.com udp
US 8.8.8.8:53 servicehubtz.com udp
US 8.8.8.8:53 shaguftasoft.com udp
US 172.67.160.221:443 scenikacases.com tcp
US 8.8.8.8:53 shivangitech.com udp
IN 154.41.233.94:443 sehatsampada.com tcp
IR 193.141.65.221:443 shahrebereng.com tcp
US 104.21.76.79:443 sashimi-sp.com tcp
US 86.38.202.61:443 shaguftasoft.com tcp
GB 185.77.97.11:443 screenrantsr.com tcp
GB 154.49.138.48:443 shadygrovelc.com tcp
DE 217.160.0.60:80 schloss-haus.com tcp
CH 149.126.4.21:443 senorfitness.com tcp
BR 62.72.62.193:443 digisolstar.com tcp
DE 136.243.4.172:443 selectorellc.com tcp
CA 23.227.38.65:443 savanijewellery.com tcp
JP 133.18.84.138:443 shiconneplus.com tcp
PL 145.239.19.134:443 servicehubtz.com tcp
US 50.87.179.90:443 searchzillaa.com tcp
US 8.8.8.8:53 www.shobitourism.com udp
US 172.67.199.71:443 seowitherica.com tcp
US 8.8.8.8:53 www.theqsource.org udp
US 8.8.8.8:53 www.shuhari-tesa.com udp
US 8.8.8.8:53 sirianehouty.com udp
US 8.8.8.8:53 simple-bonus.com udp
US 8.8.8.8:53 slahianolive.com udp
US 8.8.8.8:53 smiling-mama.com udp
US 8.8.8.8:53 showbiztales.com udp
US 8.8.8.8:53 shopwithmigs.com udp
US 8.8.8.8:53 sikhagobulls.com udp
US 8.8.8.8:53 single-chain.com udp
US 8.8.8.8:53 sixtyninelab.com udp
US 8.8.8.8:53 www.slenderyouhq.com udp
US 8.8.8.8:53 sol-casino14.com udp
US 8.8.8.8:53 www.solo-pruebas.com udp
US 8.8.8.8:53 sohohomes-me.com udp
US 69.163.184.239:443 www.shobitourism.com tcp
US 8.8.8.8:53 solneris-pol.com udp
US 8.8.8.8:53 societythumb.com udp
US 172.67.158.93:443 shopwithmigs.com tcp
US 173.236.201.19:443 www.slenderyouhq.com tcp
US 162.241.225.117:443 solneris-pol.com tcp
US 8.8.8.8:53 somos-unidos.com udp
US 67.205.10.142:443 www.theqsource.org tcp
SG 83.136.216.117:80 sixtyninelab.com tcp
FR 213.186.33.5:443 sirianehouty.com tcp
US 154.49.142.45:443 slahianolive.com tcp
US 104.21.6.4:443 sol-casino14.com tcp
US 67.227.175.29:443 single-chain.com tcp
RO 188.241.222.254:443 www.shuhari-tesa.com tcp
US 8.8.8.8:53 soofarsogood.com udp
NL 162.0.217.117:443 simple-bonus.com tcp
JP 133.18.84.137:443 smiling-mama.com tcp
US 86.38.202.12:443 showbiztales.com tcp
US 89.116.192.55:443 societythumb.com tcp
KR 158.247.252.136:443 sikhagobulls.com tcp
US 8.8.8.8:53 spartacalcio.com udp
US 162.241.218.175:443 sohohomes-me.com tcp
US 8.8.8.8:53 www.soneelsports.com udp
US 8.8.8.8:53 south-vision.com udp
US 8.8.8.8:53 spottedabove.com udp
FR 213.186.33.4:80 soofarsogood.com tcp
US 8.8.8.8:53 stopshopeasy.com udp
US 8.8.8.8:53 sstoursdelhi.com udp
US 8.8.8.8:53 stellabluegc.com udp
US 8.8.8.8:53 stellaassets.com udp
US 8.8.8.8:53 storiesbycam.com udp
US 8.8.8.8:53 storiesscoop.com udp
US 8.8.8.8:53 stmarryjamon.com udp
US 8.8.8.8:53 www.promedspharmaceuticals.com udp
IT 18.102.110.240:443 spartacalcio.com tcp
US 172.67.176.47:443 imunify-alert.com tcp
US 8.8.8.8:53 butlerhumanservices.com udp
US 8.8.8.8:53 psicologiadelacreencia.com udp
US 8.8.8.8:53 quincaillerie-vente-fr.com udp
DE 157.90.36.220:443 www.soneelsports.com tcp
US 64.20.40.251:443 south-vision.com tcp
US 8.8.8.8:53 storkashvand.com udp
US 104.131.118.97:443 storiesbycam.com tcp
US 192.185.131.34:443 somos-unidos.com tcp
IN 82.180.141.7:443 stmarryjamon.com tcp
US 8.8.8.8:53 rockettennisdebentures.com udp
MD 176.123.0.55:443 stellaassets.com tcp
US 66.235.200.147:80 spottedabove.com tcp
US 64.20.63.34:443 stellabluegc.com tcp
IN 217.21.91.155:443 sstoursdelhi.com tcp
US 165.140.70.174:443 psicologiadelacreencia.com tcp
US 192.243.110.5:443 www.promedspharmaceuticals.com tcp
US 8.8.8.8:53 relojesinteligentespro.com udp
IR 185.165.116.18:443 storkashvand.com tcp
US 8.8.8.8:53 rosabellainternational.com udp
US 141.193.213.10:443 butlerhumanservices.com tcp
CA 23.227.38.65:443 ssomadigital.com tcp
US 104.21.77.89:443 quincaillerie-vente-fr.com tcp
GB 185.77.97.97:443 storiesscoop.com tcp
US 104.21.26.253:443 rockettennisdebentures.com tcp
US 89.117.139.150:443 stopshopeasy.com tcp
US 8.8.8.8:53 rowanjetsetspublishing.com udp
US 8.8.8.8:53 rotaryperugiatrasimeno.com udp
US 8.8.8.8:53 salkantayhostelsociety.com udp
US 8.8.8.8:53 ranchosperpetuosocorro.com udp
US 8.8.8.8:53 signedvinylsweepstakes.com udp
US 8.8.8.8:53 skychapelinternational.com udp
US 8.8.8.8:53 soulrisetransformation.com udp
US 8.8.8.8:53 savoir-weddings-events.com udp
US 8.8.8.8:53 simbanamoralescleaning.com udp
US 8.8.8.8:53 slpcustomsandcollision.com udp
US 8.8.8.8:53 southfloridahomebuyers.com udp
US 8.8.8.8:53 supersweets-forestslot.com udp
US 8.8.8.8:53 www.ssomadigital.com udp
US 8.8.8.8:53 ssviewconstructioncorp.com udp
US 8.8.8.8:53 swimmingpoolservicepro.com udp
US 8.8.8.8:53 summerlinfitness4women.com udp
DE 81.169.145.105:443 savoir-weddings-events.com tcp
US 8.8.8.8:53 stconsultantnassociate.com udp
US 141.193.213.10:443 signedvinylsweepstakes.com tcp
US 103.195.100.122:443 skychapelinternational.com tcp
US 8.8.8.8:53 www.rockettennisdebentures.com udp
RO 89.44.139.135:443 soulrisetransformation.com tcp
US 104.21.26.253:443 www.rockettennisdebentures.com tcp
US 50.6.160.31:443 southfloridahomebuyers.com tcp
IN 89.117.188.136:443 rosabellainternational.com tcp
US 8.8.8.8:53 technopowercontracting.com udp
US 8.8.8.8:53 sydneychineseorchastry.com udp
FR 89.117.169.121:443 relojesinteligentespro.com tcp
US 154.41.231.136:443 simbanamoralescleaning.com tcp
US 154.49.142.148:443 rowanjetsetspublishing.com tcp
IN 195.35.44.155:443 stconsultantnassociate.com tcp
US 8.8.8.8:53 advancebillingservices.com udp
US 8.8.8.8:53 www.agroinversioneslievano.com udp
US 8.8.8.8:53 thegingergarlickitchen.com udp
CA 23.227.38.74:443 www.ssomadigital.com tcp
MX 216.238.68.82:443 salkantayhostelsociety.com tcp
US 162.241.253.240:443 swimmingpoolservicepro.com tcp
US 198.57.149.50:80 summerlinfitness4women.com tcp
US 168.235.118.44:443 slpcustomsandcollision.com tcp
US 8.8.8.8:53 dthorpe.wpengine.com udp
US 8.8.8.8:53 agforallcommunications.com udp
US 8.8.8.8:53 alice-creation-energie.com udp
DE 217.160.0.61:80 rotaryperugiatrasimeno.com tcp
US 66.235.200.147:443 sydneychineseorchastry.com tcp
DE 161.97.74.126:443 ranchosperpetuosocorro.com tcp
US 162.213.251.134:443 advancebillingservices.com tcp
US 190.8.176.234:443 www.agroinversioneslievano.com tcp
US 162.0.209.111:443 technopowercontracting.com tcp
US 67.222.39.89:443 ssviewconstructioncorp.com tcp
US 8.8.8.8:53 www.storiesbycam.com udp
IN 89.117.157.81:443 thegingergarlickitchen.com tcp
US 8.8.8.8:53 amazonexplorersiquitos.com udp
US 8.8.8.8:53 americansurplusfinders.com udp
US 172.67.140.244:443 www.storiesbycam.com tcp
US 8.8.8.8:53 www.asapautomobilemechanic.com udp
US 8.8.8.8:53 animeglassmasterpieces.com udp
CH 83.166.138.217:443 alice-creation-energie.com tcp
US 8.8.8.8:53 azerbaijan-marathonbet.com udp
BE 13.225.239.39:443 www.asapautomobilemechanic.com tcp
US 8.8.8.8:53 antiquecenturyjapanese.com udp
CL 138.117.149.156:443 amazonexplorersiquitos.com tcp
US 154.49.142.185:443 americansurplusfinders.com tcp
US 8.8.8.8:53 astellas401ksettlement.com udp
US 8.8.8.8:53 blisslifehobibahceleri.com udp
US 50.62.172.132:443 agforallcommunications.com tcp
US 66.235.200.113:443 animeglassmasterpieces.com tcp
US 8.8.8.8:53 bestpracticesprocesses.com udp
US 104.21.16.104:443 azerbaijan-marathonbet.com tcp
US 8.8.8.8:53 blossomandbloomdesigns.com udp
US 8.8.8.8:53 bowmanplaystationhouse.com udp
US 8.8.8.8:53 canafricaclimatesummit.com udp
DE 185.242.82.188:443 antiquecenturyjapanese.com tcp
US 8.8.8.8:53 bestdealsinelectronics.com udp
US 8.8.8.8:53 carexshippinglogistics.com udp
US 8.8.8.8:53 www.serratech.net udp
US 8.8.8.8:53 buminusantaracommodity.com udp
US 8.8.8.8:53 brandvisualadvertising.com udp
US 8.8.8.8:53 carlosmorenoblockchain.com udp
US 8.8.8.8:53 cableandinternetnearme.com udp
US 8.8.8.8:53 www.chicagolandtaxiandlimo.com udp
US 8.8.8.8:53 www.chattanoogastudyprogram.com udp
US 8.8.8.8:53 clarvazatoareamarilena.com udp
US 8.8.8.8:53 clinicadentalclinybest.com udp
US 141.193.213.10:443 bestpracticesprocesses.com tcp
US 141.193.213.10:443 bestpracticesprocesses.com tcp
US 172.67.152.186:443 blossomandbloomdesigns.com tcp
TR 104.247.167.3:443 blisslifehobibahceleri.com tcp
US 86.38.202.21:443 bowmanplaystationhouse.com tcp
FR 46.105.204.31:443 sindietas.net tcp
US 66.29.141.107:443 brandvisualadvertising.com tcp
US 162.217.144.46:443 canafricaclimatesummit.com tcp
US 74.208.236.208:443 cableandinternetnearme.com tcp
RO 89.42.218.138:443 clarvazatoareamarilena.com tcp
RU 91.215.85.51:443 carexshippinglogistics.com tcp
US 154.49.142.247:443 bestdealsinelectronics.com tcp
US 149.100.151.135:443 carlosmorenoblockchain.com tcp
US 74.208.236.48:443 www.serratech.net tcp
ID 103.229.73.226:443 buminusantaracommodity.com tcp
US 50.63.8.200:80 www.chicagolandtaxiandlimo.com tcp
US 8.8.8.8:53 marinedealerseo.com udp
US 8.8.8.8:53 completefitnesslibrary.com udp
US 130.211.29.77:443 dthorpe.wpengine.com tcp
US 8.8.8.8:53 comfortstarcoolsystems.com udp
US 8.8.8.8:53 constellationlandgroup.com udp
US 8.8.8.8:53 coverlettermasterclass.com udp
US 192.185.74.165:80 www.chattanoogastudyprogram.com tcp
US 8.8.8.8:53 cys-mefoninstalaciones.com udp
US 8.8.8.8:53 desbidonsetdesampoules.com udp
US 8.8.8.8:53 corycorrectrenovations.com udp
US 8.8.8.8:53 creativemedicalservice.com udp
ES 82.223.34.222:443 clinicadentalclinybest.com tcp
US 66.81.203.198:443 completefitnesslibrary.com tcp
US 104.18.185.50:443 marinedealerseo.com tcp
IN 217.21.95.246:443 comfortstarcoolsystems.com tcp
US 66.29.132.101:443 coverlettermasterclass.com tcp
US 76.223.67.189:443 creativemedicalservice.com tcp
CA 76.74.235.180:443 corycorrectrenovations.com tcp
US 162.241.218.184:443 constellationlandgroup.com tcp
ES 82.98.175.33:443 cys-mefoninstalaciones.com tcp
FR 51.91.236.193:80 desbidonsetdesampoules.com tcp
US 8.8.8.8:53 corporacionsolnaciente.com udp
US 8.8.8.8:53 crowleyplumbingservice.com udp
US 8.8.8.8:53 deccaninvestmentcentre.com udp
US 8.8.8.8:53 escuelanomadadeturismo.com udp
US 8.8.8.8:53 www.djakartalogisticcenter.com udp
US 8.8.8.8:53 eduardopersonalshopper.com udp
US 8.8.8.8:53 gazelles-en-roue-libre.com udp
US 8.8.8.8:53 georgianavictorialazar.com udp
US 8.8.8.8:53 growbusinesw-solutions.com udp
US 8.8.8.8:53 fiveofmyfavoritethings.com udp
US 8.8.8.8:53 hamalski-uslugi-raicho.com udp
US 8.8.8.8:53 handymanservice-london.com udp
US 8.8.8.8:53 healthandwealthbalance.com udp
US 8.8.8.8:53 dnmaintenancesolutions.com udp
US 8.8.8.8:53 www.diamondsfordevelopment.co.bw udp
US 8.8.8.8:53 epicenterimplantturkey.com udp
US 8.8.8.8:53 funanconsultingservice.com udp
US 8.8.8.8:53 expertos-emprendedores.com udp
US 8.8.8.8:53 gbestexcellenceacademy.com udp
US 8.8.8.8:53 grupoamempreendimentos.com udp
US 8.8.8.8:53 grandprix-khaledcharef.com udp
US 8.8.8.8:53 handmadeforyouofficial.com udp
US 8.8.8.8:53 www.hatchgreenchilefestival.com udp
US 141.193.213.21:443 www.diamondsfordevelopment.co.bw tcp
IN 89.117.157.234:443 deccaninvestmentcentre.com tcp
FR 89.117.169.58:443 dnmaintenancesolutions.com tcp
US 149.100.151.153:443 fiveofmyfavoritethings.com tcp
DE 64.190.63.222:443 eduardopersonalshopper.com tcp
SG 149.28.143.5:443 funanconsultingservice.com tcp
US 8.8.8.8:53 herleilasilveiravendas.com udp
PL 188.210.221.83:443 handmadeforyouofficial.com tcp
US 50.6.138.176:443 grupoamempreendimentos.com tcp
FR 51.91.236.255:443 gazelles-en-roue-libre.com tcp
US 106.0.62.83:443 crowleyplumbingservice.com tcp
US 208.76.85.136:443 handymanservice-london.com tcp
RO 95.214.134.222:443 georgianavictorialazar.com tcp
US 216.246.47.24:443 corporacionsolnaciente.com tcp
FI 65.109.99.96:443 www.djakartalogisticcenter.com tcp
US 103.195.100.122:443 gbestexcellenceacademy.com tcp
US 3.33.130.190:443 www.hatchgreenchilefestival.com tcp
US 8.8.8.8:53 houstonpartybusforrent.com udp
US 8.8.8.8:53 www.5nine-seo-ads-marketing.com udp
US 65.99.252.207:443 escuelanomadadeturismo.com tcp
US 8.8.8.8:53 academiadecursosenlinea.com udp
US 8.8.8.8:53 1xbet-bangladesh-online.com udp
BG 78.128.43.182:443 hamalski-uslugi-raicho.com tcp
US 104.21.19.42:443 1xbet-bangladesh-online.com tcp
TR 104.247.162.226:443 www.5nine-seo-ads-marketing.com tcp
US 8.8.8.8:53 acompanhantesvipfloripa.com udp
US 8.8.8.8:53 614ispanicroofersacacio.com udp
US 8.8.8.8:53 amolikparkviewfaridabad.com udp
US 8.8.8.8:53 amazingquestionsanswers.com udp
US 8.8.8.8:53 www.apartamentosmadrid.info udp
US 8.8.8.8:53 babybirdtoursandsafaris.com udp
US 8.8.8.8:53 truongthinhexpress.com udp
US 8.8.8.8:53 tryin2survivewith3.com udp
US 50.6.138.180:443 herleilasilveiravendas.com tcp
US 8.8.8.8:53 artisancreativeplumbing.com udp
US 8.8.8.8:53 tsubakurame-travel.com udp
US 8.8.8.8:53 traveldiscoverypro.com udp
US 162.241.225.66:443 houstonpartybusforrent.com tcp
BR 149.100.155.234:443 academiadecursosenlinea.com tcp
US 8.8.8.8:53 udoctowerenij-vsem.com udp
IN 89.117.27.213:443 amazingquestionsanswers.com tcp
PL 145.239.19.134:443 babybirdtoursandsafaris.com tcp
US 132.148.77.58:443 asbestossurveystockport.com tcp
US 8.8.8.8:53 aldinewestfieldtso.com udp
US 173.252.167.20:443 614ispanicroofersacacio.com tcp
IN 89.117.27.55:443 amolikparkviewfaridabad.com tcp
US 172.67.128.170:443 udoctowerenij-vsem.com tcp
SG 103.21.221.27:443 truongthinhexpress.com tcp
US 162.241.218.196:443 tryin2survivewith3.com tcp
US 154.49.142.152:443 traveldiscoverypro.com tcp
US 8.8.8.8:53 tpsrinternationals.com udp
US 8.8.8.8:53 asosemillerosdelibertad.com udp
US 8.8.8.8:53 www.deccaninvestmentcentre.com udp
US 8.8.8.8:53 trendyeyedefenders.com udp
US 8.8.8.8:53 unaverdaderalocura.com udp
US 8.8.8.8:53 unitedmaildelivery.com udp
US 8.8.8.8:53 vacuumbagsuppliers.com udp
US 8.8.8.8:53 vidabemequilibrada.com udp
US 8.8.8.8:53 veterinariovirtual.com udp
US 8.8.8.8:53 vitalcenter-kroker.de udp
US 8.8.8.8:53 virndavanchemicals.com udp
US 8.8.8.8:53 villaciaterbooking.com udp
US 8.8.8.8:53 vintagedesignerhub.com udp
US 8.8.8.8:53 vitalsenseproducts.com udp
US 8.8.8.8:53 vitorcostaadvogado.com udp
US 8.8.8.8:53 voxloreconsultancy.com udp
BE 13.225.239.61:443 www.apartamentosmadrid.info tcp
US 160.153.0.143:443 artisancreativeplumbing.com tcp
IN 89.117.157.234:443 www.deccaninvestmentcentre.com tcp
US 162.241.253.180:443 trendyeyedefenders.com tcp
BR 149.100.155.216:443 asosemillerosdelibertad.com tcp
US 199.189.224.75:443 aldinewestfieldtso.com tcp
US 132.148.77.219:80 vacuumbagsuppliers.com tcp
FR 178.16.128.88:443 voxloreconsultancy.com tcp
IN 68.178.154.1:443 tpsrinternationals.com tcp
SG 217.21.74.164:443 virndavanchemicals.com tcp
JP 160.251.71.125:443 tsubakurame-travel.com tcp
US 162.241.2.126:443 vitalsenseproducts.com tcp
SG 194.163.41.130:443 villaciaterbooking.com tcp
US 195.179.239.116:443 vintagedesignerhub.com tcp
DE 217.160.0.160:443 vitalcenter-kroker.de tcp
FR 188.165.130.254:443 veterinariovirtual.com tcp
US 50.116.112.251:443 vidabemequilibrada.com tcp
US 66.45.232.107:443 unitedmaildelivery.com tcp
US 108.167.164.130:443 unaverdaderalocura.com tcp
US 162.241.63.81:443 vitorcostaadvogado.com tcp
US 8.8.8.8:53 www.jussihaikka.com udp
US 8.8.8.8:53 webdesignbyjustina.com udp
US 8.8.8.8:53 wahibaweddingdress.com udp
US 8.8.8.8:53 www.wellfitsupplychain.com udp
US 8.8.8.8:53 udoctowereniy-vsem.com udp
US 8.8.8.8:53 writingforrainbows.com udp
US 8.8.8.8:53 workpermitsolution.com udp
US 8.8.8.8:53 webdesigndispenser.com udp
US 8.8.8.8:53 westlandmeadowsllc.com udp
US 8.8.8.8:53 whitelanelogistics.com udp
US 8.8.8.8:53 wptemplateslibrary.com udp
US 8.8.8.8:53 xedapdienquangngai.com udp
US 8.8.8.8:53 youracademictutors.com udp
US 8.8.8.8:53 yogavidaespiritual.com udp
US 8.8.8.8:53 yokozunarestaurant.com udp
US 104.21.58.250:443 udoctowereniy-vsem.com tcp
FI 31.217.196.224:443 www.jussihaikka.com tcp
GB 109.228.50.194:443 workpermitsolution.com tcp
US 172.67.175.62:443 youracademictutors.com tcp
DE 49.12.214.248:443 wptemplateslibrary.com tcp
US 50.87.178.156:443 webdesigndispenser.com tcp
US 68.70.164.21:443 writingforrainbows.com tcp
US 216.246.46.90:443 yogavidaespiritual.com tcp
SG 156.67.222.46:443 xedapdienquangngai.com tcp
US 162.241.252.215:443 westlandmeadowsllc.com tcp
NL 162.0.217.162:443 wahibaweddingdress.com tcp
US 192.232.251.156:80 whitelanelogistics.com tcp
NL 45.87.81.203:443 webdesignbyjustina.com tcp
CN 60.205.179.175:443 www.wellfitsupplychain.com tcp
US 8.8.8.8:53 yourexcellentoffer.com udp
US 8.8.8.8:53 zafirosbluejewelry.com udp
GB 87.239.18.237:443 yokozunarestaurant.com tcp
US 8.8.8.8:53 zhejiangtrans-cont.com udp
US 8.8.8.8:53 201citycentredrive.com udp
US 8.8.8.8:53 10bestbettingdeals.com udp
US 8.8.8.8:53 30diaszerogorduras.com udp
US 8.8.8.8:53 yourdigitaldesires.com udp
US 8.8.8.8:53 zacharybergerondev.com udp
US 8.8.8.8:53 zenterinteriorismo.com udp
US 8.8.8.8:53 zypern-geheimtipps.com udp
US 8.8.8.8:53 20gladstoneave-501.com udp
US 8.8.8.8:53 12meterengineering.com udp
US 8.8.8.8:53 acefoundationnepal.com udp
US 8.8.8.8:53 www.agentdomainbrokers.com udp
US 8.8.8.8:53 ahellofalotofglass.com udp
US 8.8.8.8:53 alanbluntvoiceover.com udp
US 8.8.8.8:53 algirdasjanilionis.com udp
US 8.8.8.8:53 affirmfroticulture.com udp
US 8.8.8.8:53 albentosatechnical.com udp
US 8.8.8.8:53 alittlebitofrandom.com udp
US 8.8.8.8:53 udoctowerenju-vsem.com udp
US 8.8.8.8:53 aiwithfinancetoday.com udp
US 104.130.29.165:443 algirdasjanilionis.com tcp
US 98.129.229.110:80 20gladstoneave-501.com tcp
US 154.49.142.109:443 zacharybergerondev.com tcp
DE 185.30.32.5:443 zypern-geheimtipps.com tcp
US 162.241.203.105:443 zafirosbluejewelry.com tcp
US 107.180.57.8:80 zenterinteriorismo.com tcp
US 173.236.140.199:443 alanbluntvoiceover.com tcp
US 104.21.18.201:443 10bestbettingdeals.com tcp
IN 217.21.91.19:443 acefoundationnepal.com tcp
US 149.100.151.241:443 ahellofalotofglass.com tcp
CA 216.251.43.98:443 201citycentredrive.com tcp
ES 81.25.112.52:443 albentosatechnical.com tcp
US 162.241.24.179:443 alittlebitofrandom.com tcp
ID 103.241.192.17:443 agrikulturblessing.com tcp
US 198.12.217.39:80 affirmfroticulture.com tcp
US 162.241.225.216:443 yourdigitaldesires.com tcp
PL 37.252.7.83:443 zhejiangtrans-cont.com tcp
IN 43.225.54.40:443 12meterengineering.com tcp
US 66.235.200.113:443 aiwithfinancetoday.com tcp
US 104.21.22.242:443 udoctowerenju-vsem.com tcp
US 192.185.221.182:443 30diaszerogorduras.com tcp
US 108.167.169.83:443 yourexcellentoffer.com tcp
US 192.232.216.171:443 www.agentdomainbrokers.com tcp
US 8.8.8.8:53 allpachaconsulperu.com udp
US 8.8.8.8:53 amartinezmarketing.com udp
US 8.8.8.8:53 almizancontracting.com udp
US 8.8.8.8:53 www.amritafashionindia.com udp
US 8.8.8.8:53 almanzahandymanllc.com udp
US 8.8.8.8:53 alnada-landscaping.com udp
US 8.8.8.8:53 www.antillawassociates.com udp
US 8.8.8.8:53 amplificasolutions.com udp
US 8.8.8.8:53 anjelbluerehearsal.com udp
US 8.8.8.8:53 www.sultan-ul-faqr-publications.net udp
US 8.8.8.8:53 arackazasitazminat.com udp
US 8.8.8.8:53 arcapiplanejamento.com udp
US 8.8.8.8:53 rdreboot.org udp
US 8.8.8.8:53 pdi-k.org udp
US 8.8.8.8:53 s3-c.org udp
US 8.8.8.8:53 abcua.org udp
US 8.8.8.8:53 kub77.org udp
US 8.8.8.8:53 zdcc.org udp
GB 154.49.138.58:443 alnada-landscaping.com tcp
US 8.8.8.8:53 a41yb.org udp
US 8.8.8.8:53 mynfc.org udp
US 8.8.8.8:53 ci-ec.org udp
US 8.8.8.8:53 zamob.org udp
US 8.8.8.8:53 psaca.org udp
US 104.18.185.50:443 amplificasolutions.com tcp
US 192.250.227.26:443 allpachaconsulperu.com tcp
US 198.12.80.61:443 www.sultan-ul-faqr-publications.net tcp
US 162.241.218.229:443 amartinezmarketing.com tcp
US 134.209.116.175:443 www.anjelbluerehearsal.com tcp
US 89.117.139.157:443 almanzahandymanllc.com tcp
US 35.83.158.210:443 vogelconstructiontreeremoval.net tcp
US 198.38.88.244:443 allcountrycouriers.com tcp
US 205.196.220.194:443 almizancontracting.com tcp
TR 104.247.167.3:443 arackazasitazminat.com tcp
US 162.241.63.81:443 arcapiplanejamento.com tcp
DE 178.162.206.251:443 zdcc.org tcp
IN 89.117.157.163:443 psaca.org tcp
US 172.67.209.195:443 abcua.org tcp
CA 51.161.119.80:443 pdi-k.org tcp
US 68.178.221.97:443 a41yb.org tcp
GB 185.77.97.74:443 ci-ec.org tcp
US 45.79.171.66:443 www.amritafashionindia.com tcp
IN 103.133.214.219:443 www.antillawassociates.com tcp
DE 75.119.140.183:443 zamob.org tcp
US 8.8.8.8:53 oavio.org udp
US 8.8.8.8:53 palte.org udp
US 8.8.8.8:53 all239.org udp
DE 217.11.48.198:443 palte.org tcp
US 8.8.8.8:53 admsrs.org udp
US 8.8.8.8:53 lurnin.org udp
US 8.8.8.8:53 www.alanbluntvoiceover.com udp
US 8.8.8.8:53 r4camp.org udp
US 8.8.8.8:53 komele.org udp
US 8.8.8.8:53 bestrv.org udp
VN 202.92.7.54:443 bestrv.org tcp
US 8.8.8.8:53 bkb222.org udp
US 8.8.8.8:53 www.inaven.org udp
US 184.106.55.136:443 r4camp.org tcp
US 8.8.8.8:53 mhorsc.org udp
US 8.8.8.8:53 gaby-r.org udp
US 8.8.8.8:53 nokari.org udp
US 8.8.8.8:53 pgs168.org udp
US 8.8.8.8:53 flgolf.org udp
ZA 169.1.24.167:80 oavio.org tcp
US 8.8.8.8:53 cvgspc.org udp
IN 195.35.44.237:443 lurnin.org tcp
US 173.236.140.199:443 www.alanbluntvoiceover.com tcp
US 8.8.8.8:53 reilux.org udp
BR 154.49.247.54:443 admsrs.org tcp
US 63.250.43.12:80 komele.org tcp
US 50.62.223.8:80 mhorsc.org tcp
US 34.202.155.123:443 www.inaven.org tcp
US 104.21.24.33:443 bkb222.org tcp
US 172.67.162.136:443 pgs168.org tcp
IN 62.72.28.193:443 nokari.org tcp
US 216.69.172.57:80 reilux.org tcp
US 162.159.137.9:443 s3-c.org tcp
FR 89.117.169.156:443 gaby-r.org tcp
US 63.250.43.16:80 flgolf.org tcp
US 104.21.15.195:443 cvgspc.org tcp
US 8.8.8.8:53 enhancemyrochestervisit.com udp
US 8.8.8.8:53 gshousecleaningservices.com udp
US 8.8.8.8:53 smoothoperatorexcavation.com udp
US 8.8.8.8:53 produto-oficial-desconto.com udp
US 8.8.8.8:53 strengthandstylemamalife.com udp
US 8.8.8.8:53 energie-musik.online udp
US 8.8.8.8:53 worldwebnews.org udp
US 8.8.8.8:53 hilandosuenosinfrontera.com udp
US 8.8.8.8:53 thisintentionalfarmhouse.com udp
US 198.185.159.145:80 thisintentionalfarmhouse.com tcp
US 134.209.116.175:443 www.anjelbluerehearsal.com tcp
DE 81.169.145.82:443 energie-musik.online tcp
US 162.241.224.191:443 enhancemyrochestervisit.com tcp
US 162.241.217.153:443 gshousecleaningservices.com tcp
US 8.8.8.8:53 www.almizancontracting.com udp
US 8.8.8.8:53 albanianchefs.org udp
US 8.8.8.8:53 dissertationconsultingcompany.com udp
US 8.8.8.8:53 zunimakandai.org udp
US 8.8.8.8:53 legalreliance.net udp

Files

memory/1456-1-0x0000000001AE0000-0x0000000001BE0000-memory.dmp

memory/1456-2-0x0000000000220000-0x000000000022B000-memory.dmp

memory/1456-3-0x0000000000400000-0x0000000001A2E000-memory.dmp

memory/1188-4-0x0000000002A00000-0x0000000002A16000-memory.dmp

memory/1456-5-0x0000000000400000-0x0000000001A2E000-memory.dmp

memory/1456-8-0x0000000000220000-0x000000000022B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\90EA.exe

MD5 398ab69b1cdc624298fbc00526ea8aca
SHA1 b2c76463ae08bb3a08accfcbf609ec4c2a9c0821
SHA256 ca827a18753cf8281d57b7dff32488c0701fe85af56b59eab5a619ae45b5f0be
SHA512 3b222a46a8260b7810e2e6686b7c67b690452db02ed1b1e75990f4ac1421ead9ddc21438a419010169258b1ae4b206fbfa22bb716b83788490b7737234e42739

memory/2600-18-0x0000000003500000-0x00000000036B8000-memory.dmp

memory/2600-19-0x0000000003500000-0x00000000036B8000-memory.dmp

memory/2600-20-0x00000000036C0000-0x0000000003877000-memory.dmp

memory/2556-23-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2556-25-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2556-28-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2600-29-0x0000000003500000-0x00000000036B8000-memory.dmp

memory/2556-30-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2556-31-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2556-33-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2556-34-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\9A8C.dll

MD5 29eb6d30843e8be8868fa094be34ce1d
SHA1 9bfb7fa1d52b4747597c89fadbb2ed783955fcc2
SHA256 5ef77adb0b5b0981d5c1f14c7a1623d5b49f38ef441ed7cd1f660ed675e17548
SHA512 191b68119ab6388b5775d9981b8c2537e42306709ed4c33fe2463dca8015abc48fe90b66394d3f70ffe38200c1b211feb24e9df3c6136566b001488daf06e3e9

\Users\Admin\AppData\Local\Temp\9A8C.dll

MD5 9b1697d40dfd386fdd7e9327844f301a
SHA1 e75defb119e2c7b7d3f75ab70a100ec504af5ebf
SHA256 69e7b08c127dde5fd1f85e1e8107d06aa686e94aef3fd48ff0bb092b38a0cb1d
SHA512 3e945bf24ed81fdc49e974d086a70f9758a17b8656bb0e460dca0be2a84fa0ba065b62b6dd5d55ca1dbe0b4f19ec4f164df84c115244f1cbfddd79611d013d69

memory/2556-38-0x00000000002F0000-0x00000000002F6000-memory.dmp

memory/2556-37-0x0000000010000000-0x0000000010202000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\B1A5.exe

MD5 a8fe670b3ab918eeccfdff60c25065d2
SHA1 d750ba304a3c8ae55a10ac3fcf9f453242f5f323
SHA256 16ba9b1328a1a46dcdde254deeb606f75170de93d119625b6abff6a852a69073
SHA512 a0666b1731bfde9a46389fd3d66111965ea56ac4a830840216ed0e42b3251729a163a33c20615794a22184f4ac141b30eaddf71489d44bfa5aefb6c545c21250

C:\Users\Admin\AppData\Local\Temp\B1A5.exe

MD5 f91e6518af35079e630a8b201c535ce3
SHA1 50dd76b16682b650abc74fa9b1ad44dabc4c9e94
SHA256 b03165a8b75d10756366d3f32af6f0a69e646ebfee6c0ab86f7f588e57276bf6
SHA512 1e168dd37410dcd4348f53882243fe47c22c13b4a7e3e282a8082af202499e2138d4f7ba6b5c3e8fd5bef6f8f9e47bc16f332ef3060025df5ec3339fc6a11ecf

memory/2516-45-0x0000000000100000-0x0000000000101000-memory.dmp

memory/2516-47-0x0000000000240000-0x0000000000B31000-memory.dmp

memory/2516-48-0x0000000000100000-0x0000000000101000-memory.dmp

memory/2516-50-0x0000000000100000-0x0000000000101000-memory.dmp

memory/2516-51-0x0000000077E20000-0x0000000077E21000-memory.dmp

memory/2516-61-0x0000000000240000-0x0000000000B31000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\B760.exe

MD5 a1b5ee1b9649ab629a7ac257e2392f8d
SHA1 dc1b14b6d57589440fb3021c9e06a3e3191968dc
SHA256 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65
SHA512 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b

memory/2556-62-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2176-64-0x0000000001BF0000-0x0000000001CF0000-memory.dmp

memory/2176-65-0x0000000000220000-0x000000000028B000-memory.dmp

\Users\Admin\AppData\Local\Temp\9A8C.dll

MD5 0012ac26bf504a2582054f6827a3cc05
SHA1 eddbffa5fc96bbe983e30edede7f127a96f1a281
SHA256 c99b4a3a0f343cb17953ec6fe0c9e2c7d4b1f5dd2e106a4fa57e53109d1ca7d2
SHA512 7d4fe474fa0f2b320ce0800a15de6d8d6eeccb85de3b8a518a4b3a749119d8781f7a9467a7ef2d7d8cd30e72b127fcc36294b9c1c6b4d0f3af43502745a695d8

memory/2516-66-0x0000000000110000-0x0000000000111000-memory.dmp

memory/2176-71-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/2580-72-0x0000000000140000-0x0000000000146000-memory.dmp

memory/2556-73-0x0000000002B80000-0x0000000002CA8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D51E.exe

MD5 efcceadb41fc40a3084b944e29dbfaa5
SHA1 34d3470e7be7858a6551f14343b6767f3f7c744a
SHA256 9b1826f9664db9883fa57ba6a4222d7128551d350fae5cb5656492788ac8d4f3
SHA512 9f9963a926bda7ba171d70691c2f628e080e8213cd6e7461cd71e82d743518aac326637e3595239785f9956b08dd6ee51d30202b0b7eecbdf32b2f72ce6db90c

C:\Users\Admin\AppData\Local\Temp\D51E.exe

MD5 a5eaee79c509203a64517196ac442e00
SHA1 281737b370ff0c74c7e76dcb033d24d5521b87f2
SHA256 27a5adfe8600f5762bb7dcb2faaed1b4ce71bbd7ff42979fba2cc37a1dc54bb8
SHA512 15a4dc213be9251a3da8beb304cd1ff59cc0c2b3774a338acafe4c5c1c3905ecbd296c78139f0734bf171090f31431e62ebdfe90ee53498b8074a6c0090eda84

memory/2556-79-0x0000000002CB0000-0x0000000002DBD000-memory.dmp

memory/2556-82-0x0000000002CB0000-0x0000000002DBD000-memory.dmp

memory/2732-84-0x0000000000F90000-0x000000000141C000-memory.dmp

memory/2556-85-0x0000000002CB0000-0x0000000002DBD000-memory.dmp

\Users\Admin\AppData\Local\Temp\B1A5.exe

MD5 422efd9ff9778c9680f637aa2863147a
SHA1 2b66d1241b8736a4afa744b9dcd12b4f168d277d
SHA256 210fe9bfce6d2d036add4c17468625ebf6b460fd03619f31cec40b740b368a9b
SHA512 3dc0c31ae885ecb6fce936fa6fbc608d05c86abaa4f0a992ebb294c7aefe9c537c2f9bb62a81a2bf72f08854e2430166efdaf01e05e9d259c5e09e76ff55b6d4

memory/2732-92-0x00000000746E0000-0x0000000074DCE000-memory.dmp

memory/2556-93-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E46B.exe

MD5 f5e7a68d787bec3ebc78d57260f657aa
SHA1 9368677802b53f15bcb17a4075fb186b4e425de2
SHA256 64cd0f08180ca0d679bbfdc6ced6e936351e9353ef9cc10373b9ce370e35a7fd
SHA512 10768f4ef872791282fb54fedbecae86c086bbe0cad33f64ce2233ab4da4d4d0ad2847cfe2d0bc6db8be2dc1ecc6bea86327e803bc7f579f4d4559c687d0ecc7

C:\Users\Admin\AppData\Local\Temp\E46B.exe

MD5 0c3f7f76be32866fafcf1b1d26b831c3
SHA1 d7bb7e9437e922de417ce9e9102d2ee6cba7e9e7
SHA256 454e17045a7dd1a6a36dc0a8dcf5dfeebcd0ea36436c94d793de80bd9f150fe2
SHA512 a09084ab2dd088b85b2dbce2e4973c91a372898eda91419c1a79058a53742cced45d87b1c67b2e8c5528c333a2bf0e16d005edcdf33da40626c3c7b07933ad1d

memory/2176-100-0x0000000000400000-0x0000000001A77000-memory.dmp

\Users\Admin\AppData\Local\Temp\B1A5.exe

MD5 f4d95f3fa721b01f0ae7a9171a450525
SHA1 eaee627ea23b2e7f6a575dcd687526b75ca62268
SHA256 403f4b48f9214bba2d09061f6aa429c12c4f57c87dc3732be85af07f00a3cfa8
SHA512 61632c18960d35c77a52b0e7c986839c115122bc4d255082083088ba4f4ab4aa35b642bfdb8fc03faa79edf38dd9d7ac59d7f43f8a74c7f870be880127dc805b

memory/2696-105-0x00000000001B0000-0x00000000001BB000-memory.dmp

memory/2696-104-0x00000000002D0000-0x00000000003D0000-memory.dmp

memory/2696-106-0x0000000000400000-0x00000000022D4000-memory.dmp

\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

MD5 0564a9bf638169a89ccb3820a6b9a58e
SHA1 57373f3b58f7cc2b9ea1808bdabb600d580a9ceb
SHA256 9e4b0556f698c9bc9a07c07bf13d60908d31995e0bd73510d9dd690b20b11058
SHA512 36b81c374529a9ba5fcbc6fcfebf145c27a7c30916814d63612c04372556d47994a8091cdc5f78dab460bb5296466ce0b284659c8b01883f7960ab08a1631ea6

memory/1628-113-0x0000000001B20000-0x0000000001C20000-memory.dmp

memory/1628-114-0x0000000000320000-0x0000000000387000-memory.dmp

memory/1628-115-0x0000000000400000-0x0000000001A4B000-memory.dmp

memory/2580-116-0x0000000002290000-0x00000000023B8000-memory.dmp

memory/2580-117-0x00000000023C0000-0x00000000024CD000-memory.dmp

memory/2580-122-0x00000000023C0000-0x00000000024CD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 6894f1afe9d8909dcd076eb7527878fc
SHA1 7f6eec59bb7cfe18003b14a6873140ddcc56cd44
SHA256 d1d81eb5c1cde60dd0c4162fb13c0e98c3a0f1abb574eb072c3375134b528c2f
SHA512 48ef9f22d577effe46ffa76bb86e413740bcb577676bdc00aaadab72322e17a2345384b08defdfe5ae1b4775b359ab84c5f7fef7a0d8a14ee462347437c50a4f

memory/2280-130-0x0000000003710000-0x0000000003B08000-memory.dmp

memory/2732-131-0x00000000746E0000-0x0000000074DCE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 3a40d0aaff97ddb91ddc200778c24b97
SHA1 dfdbef7bcedfd689da7d976438b6b49edfa0dc32
SHA256 9d734c38e56911d196f0aa0c7ce493384ef54c4879e148100edab79dd96fde08
SHA512 150e9278d991d1524f9fac048c2bc8bb9bef15bb3be7ac9f9efad8ae8229b68442e367456de350a01f308caccdb35df20bf608cd00f41314eb55ae4c170fb1b1

\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 d077cbc21dea554f1b2cbfdb9a2ea481
SHA1 9bf25014a66abbf9ed5bb91a36475e8c8a9771ea
SHA256 622ed5417d294d55e0c945c34b5c6dba7305cc145280b110ebd911aafcb405f1
SHA512 3a40c28ef368ab2df3bafc4067c12249c18d9f4e6fa89e5d8fbc1bdc20fc9a80841a559b7398dd7cf5b7c738eee161802e49665343c09aabf02455261b0c08e1

memory/2580-132-0x00000000023C0000-0x00000000024CD000-memory.dmp

\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 10b09df13dddbcc156c967399864d3ec
SHA1 ec7ace622ea96ecb6de89951da9f26989fa35361
SHA256 fe4809b89c1f54d742607b35bcfea34617ad653b37a2efd147f807d28f73c84c
SHA512 2a7e5696727d83f08d7d1a38983d3c7b3a2525a5ce2d65208065f5f8eccef918ac331f698ebecae762f13f4fec901e9402194dd411dd54910c2092f60a00c4fe

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 10adb4a0d84304222b0a4da9e964ba2c
SHA1 14cdca80b9cd4472d4411a45f7e993bec5a0fd10
SHA256 41b5bd2c1b61018ffea60fc69ce3d0eb6a4b17ebaac5670418e848c74bc61563
SHA512 96d8e0dfa072b0f677927b2fe503def25d8675fe1183ceeb27205f6c21bffbcb2145a29a8b1bc5d722602869411921a6f929e9192cfa8df7895c981a6c941b57

memory/2280-142-0x0000000003710000-0x0000000003B08000-memory.dmp

memory/1188-141-0x0000000003F10000-0x0000000003F26000-memory.dmp

memory/2696-144-0x0000000000400000-0x00000000022D4000-memory.dmp

memory/2556-148-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2280-151-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/2516-152-0x0000000000240000-0x0000000000B31000-memory.dmp

memory/2280-153-0x0000000003B10000-0x00000000043FB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\u198.0.exe

MD5 93be272e3acc80d58f54e0fba157395a
SHA1 3cccc20aff960e61d20e88d11abdb9b63028c52d
SHA256 62a50ab9c4d16e5985c9b0ef3576fb910a0369fba24eea163e07ddb5d8b8a715
SHA512 0bc4b1f9601bc627d20984d6ed1a51fae325caba143063d957cd623b1f927843205521c89676c095c13bf8ae7d8ac7a68749ab71adaabd248d1a0bf33a92bfe4

\Users\Admin\AppData\Local\Temp\u198.0.exe

MD5 3fa7093a3bae2761e710c2e1c5761d55
SHA1 17c7c99f9b9a471a64595a3a25466a671f6474d2
SHA256 67c6e3b24b560b18cb575c304519c2be79cbc5cd7fd951c53aecfd36225a0488
SHA512 27bade553d8aaf312edbfdf9f55ed8cb8b7cfc414a55f7f60661dea3e455db23987ddb414d45108350486461ad3673b680dfefd84398175ac77bbe507e800154

\Users\Admin\AppData\Local\Temp\u198.0.exe

MD5 b54bc8b501dd458cb22576e843c84ea0
SHA1 12fa6fe1678f38a0be2416b5a2b8ece5ee3a68dd
SHA256 bf39cf190e603b7846806d5d20c36746b3436949ef938444dcaea3b5ec0d77d3
SHA512 030dc3394ccbb013cb6a2b03023bc1b1b3361b1118a092487226cfb6781b96eb6447dfc7963f3c4e88ccbddc3960723482d2f46abb566fbdecffd89d16452bfe

C:\Users\Admin\AppData\Local\Temp\u198.0.exe

MD5 4ab635ea0d7f8ad4b954c466aa00b3a2
SHA1 333b7d4a74f3d2a69a892a381d0379b805cf44b6
SHA256 cab368b149fec61257a74f85e39ddec9c5c687f88c4ba55213cd9be88d0ee825
SHA512 c1bdb157eb529aa03c6cd3f36564ffcdcad6fe7d1b35183916fc61b91115c199347cf65c427a5732412ab5cc8fe044189c0772555e96badf32ec970efb02fbcc

\Users\Admin\AppData\Local\Temp\u198.0.exe

MD5 d0de3ce247b4ebb9b0778563f7bb3a47
SHA1 20259867152e73d0027da63f8c351c4e911690ca
SHA256 de333c544b3def02e10b7a8d1c3677efbcbb010ecce2b601573dae1584b9cc1f
SHA512 3811fe4864c154ee020a6c158557e1d42e8ef954c836192acb19241343ad01a2c21e69960f4780b5e2404bf963de0e51cf01fe0ed2b012c8cbec95b36c21661d

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 17f94068434b0aab075a9099c913d9c6
SHA1 305ac6c5aba3519cc49991af8123919a36aeb809
SHA256 2df85dcfdf77ced100f6278bd897f8c2b5bf2ad4cd883224cad6c2584feb479e
SHA512 1026d38a5f5d1a3949ce434749b0c4e73123e1a1bf7ab96e5fdc8e042699410f9a59875f6a03e4ca7ebc8b280e8b8cfb966bf7262e447d661ac264ac4d9b1183

memory/2132-174-0x00000000023C0000-0x00000000024C0000-memory.dmp

memory/2132-175-0x0000000000220000-0x0000000000247000-memory.dmp

memory/1628-189-0x0000000004690000-0x0000000004BC0000-memory.dmp

memory/1924-197-0x0000000000400000-0x0000000000930000-memory.dmp

memory/1628-196-0x0000000004690000-0x0000000004BC0000-memory.dmp

memory/2176-195-0x0000000001BF0000-0x0000000001CF0000-memory.dmp

memory/1924-200-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/1628-190-0x0000000000400000-0x0000000001A4B000-memory.dmp

memory/1628-193-0x0000000004690000-0x0000000004BC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\u198.1.exe

MD5 5b87828ea000c7111084d8beed17175e
SHA1 e8aa3848e39c449051702a333e608fafd2e5330f
SHA256 1a557fae2d39d06392f4bea760fb72c87f0959a7c3ac66865e36f316866f57d3
SHA512 56b0d0e5422b89a4659969f59570962dbb267fde913ed051fbedf3d66653c9c23d15c945a6ae8ce5570af010b3671eb0be085e8afb44c3088def9f423290f385

memory/1628-191-0x0000000004690000-0x0000000004BC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 3c1b44e28ca46891b574051d5a511a2b
SHA1 cc1fc20d63928ee1d1bcca45435aa89739c8c85a
SHA256 4fc874a9518f4cce8abb64f84d3e940e47bb6eaea51ca596a0fec328520ab46a
SHA512 7f3f0e8c6f3c898a3ffe900e42fd414705b59369ad983b9933617e9a1fc22d1a721b236707ba9f7446e898974800ab1d882d19e43fbec01288a11a48819ec158

memory/2132-176-0x0000000000400000-0x00000000022DC000-memory.dmp

memory/2280-203-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/2556-206-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2132-213-0x0000000061E00000-0x0000000061EF3000-memory.dmp

memory/2132-215-0x0000000000400000-0x00000000022DC000-memory.dmp

memory/1924-221-0x0000000000400000-0x0000000000930000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 33d74d115cc4191be2e44692a57be71f
SHA1 2a4305b4824b31b7cfdb453f59eaa2604fa68fd0
SHA256 9f5f8f25b9e37a7dbf5187eab36eacdb6df5ef54b0aed9925215f4a107c1b652
SHA512 3cd70b2f8ac3a6fb475314ff0a4499280535bf1e6342521cac942a07ae714a06d801352498ce1d8784aced57c4e38944eb510f65f14baf579f23a55cd2def493

C:\Users\Admin\AppData\Roaming\Temp\Task.bat

MD5 11bb3db51f701d4e42d3287f71a6a43e
SHA1 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86
SHA256 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331
SHA512 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2

memory/2280-278-0x0000000000400000-0x0000000001E0F000-memory.dmp

\ProgramData\nss3.dll

MD5 fada44e603802b3e1b55dfb05354a78d
SHA1 16520f1886797ab2a443425a2e51c0fcf24ebfaf
SHA256 49e110d9673e51ef929f986d7caf16d222581263af14153cd9a3caf390e6a9c3
SHA512 3271434a5c0c34d519290888dd878b07c42e71971ad245d373ac923d3d1f1484c181fa2b69b154473ad48f25d7b4cfb904dab90d2d6ebdf3225871911c2a8ac6

memory/2632-304-0x00000000038B0000-0x0000000003CA8000-memory.dmp

\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/2632-319-0x0000000000400000-0x0000000001E0F000-memory.dmp

memory/2132-491-0x0000000000400000-0x00000000022DC000-memory.dmp