Malware Analysis Report

2025-01-02 11:07

Sample ID 240314-fqx9yabc2w
Target 7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f
SHA256 7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f
Tags
amadey smokeloader zgrat pub1 backdoor bootkit evasion persistence rat trojan upx dcrat lumma discovery infostealer spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f

Threat Level: Known bad

The file 7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f was found to be: Known bad.

Malicious Activity Summary

amadey smokeloader zgrat pub1 backdoor bootkit evasion persistence rat trojan upx dcrat lumma discovery infostealer spyware stealer

SmokeLoader

Amadey

Detect ZGRat V1

Pitou

DcRat

Lumma Stealer

ZGRat

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Blocklisted process makes network request

Reads data files stored by FTP clients

UPX packed file

Deletes itself

Loads dropped DLL

Identifies Wine through registry keys

Executes dropped EXE

Reads user/profile data of web browsers

Reads WinSCP keys stored on the system

Checks BIOS information in registry

Reads local data of messenger clients

Checks installed software on the system

Adds Run key to start application

Writes to the Master Boot Record (MBR)

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Program crash

Checks processor information in registry

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Creates scheduled task(s)

Checks SCSI registry key(s)

Suspicious use of SetWindowsHookEx

Runs ping.exe

Uses Task Scheduler COM API

Suspicious behavior: MapViewOfSection

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-14 05:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-14 05:05

Reported

2024-03-14 05:10

Platform

win7-20240221-en

Max time kernel

318s

Max time network

330s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f.exe"

Signatures

Amadey

trojan amadey

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Pitou

Description Indicator Process Target
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\368B.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\368B.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\368B.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\368B.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5228.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5228.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\5228.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\AppData\Local\Temp\B9D2.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\368B.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1772 set thread context of 1648 N/A C:\Users\Admin\AppData\Local\Temp\5228.exe C:\Users\Admin\AppData\Local\Temp\5228.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorgu.job C:\Users\Admin\AppData\Local\Temp\368B.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7533.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\368B.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1380 wrote to memory of 2472 N/A N/A C:\Users\Admin\AppData\Local\Temp\368B.exe
PID 1380 wrote to memory of 2472 N/A N/A C:\Users\Admin\AppData\Local\Temp\368B.exe
PID 1380 wrote to memory of 2472 N/A N/A C:\Users\Admin\AppData\Local\Temp\368B.exe
PID 1380 wrote to memory of 2472 N/A N/A C:\Users\Admin\AppData\Local\Temp\368B.exe
PID 1380 wrote to memory of 2916 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1380 wrote to memory of 2916 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1380 wrote to memory of 2916 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1380 wrote to memory of 2916 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1380 wrote to memory of 2916 N/A N/A C:\Windows\system32\regsvr32.exe
PID 2916 wrote to memory of 1444 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2916 wrote to memory of 1444 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2916 wrote to memory of 1444 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2916 wrote to memory of 1444 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2916 wrote to memory of 1444 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2916 wrote to memory of 1444 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2916 wrote to memory of 1444 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1380 wrote to memory of 1772 N/A N/A C:\Users\Admin\AppData\Local\Temp\5228.exe
PID 1380 wrote to memory of 1772 N/A N/A C:\Users\Admin\AppData\Local\Temp\5228.exe
PID 1380 wrote to memory of 1772 N/A N/A C:\Users\Admin\AppData\Local\Temp\5228.exe
PID 1380 wrote to memory of 1772 N/A N/A C:\Users\Admin\AppData\Local\Temp\5228.exe
PID 1772 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\5228.exe C:\Users\Admin\AppData\Local\Temp\5228.exe
PID 1772 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\5228.exe C:\Users\Admin\AppData\Local\Temp\5228.exe
PID 1772 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\5228.exe C:\Users\Admin\AppData\Local\Temp\5228.exe
PID 1772 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\5228.exe C:\Users\Admin\AppData\Local\Temp\5228.exe
PID 1772 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\5228.exe C:\Users\Admin\AppData\Local\Temp\5228.exe
PID 1772 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\5228.exe C:\Users\Admin\AppData\Local\Temp\5228.exe
PID 1772 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\5228.exe C:\Users\Admin\AppData\Local\Temp\5228.exe
PID 1772 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\5228.exe C:\Users\Admin\AppData\Local\Temp\5228.exe
PID 1772 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\5228.exe C:\Users\Admin\AppData\Local\Temp\5228.exe
PID 1380 wrote to memory of 1376 N/A N/A C:\Users\Admin\AppData\Local\Temp\7533.exe
PID 1380 wrote to memory of 1376 N/A N/A C:\Users\Admin\AppData\Local\Temp\7533.exe
PID 1380 wrote to memory of 1376 N/A N/A C:\Users\Admin\AppData\Local\Temp\7533.exe
PID 1380 wrote to memory of 1376 N/A N/A C:\Users\Admin\AppData\Local\Temp\7533.exe
PID 1380 wrote to memory of 3036 N/A N/A C:\Users\Admin\AppData\Local\Temp\B2B0.exe
PID 1380 wrote to memory of 3036 N/A N/A C:\Users\Admin\AppData\Local\Temp\B2B0.exe
PID 1380 wrote to memory of 3036 N/A N/A C:\Users\Admin\AppData\Local\Temp\B2B0.exe
PID 1380 wrote to memory of 3036 N/A N/A C:\Users\Admin\AppData\Local\Temp\B2B0.exe
PID 1380 wrote to memory of 3048 N/A N/A C:\Users\Admin\AppData\Local\Temp\B9D2.exe
PID 1380 wrote to memory of 3048 N/A N/A C:\Users\Admin\AppData\Local\Temp\B9D2.exe
PID 1380 wrote to memory of 3048 N/A N/A C:\Users\Admin\AppData\Local\Temp\B9D2.exe
PID 1380 wrote to memory of 3048 N/A N/A C:\Users\Admin\AppData\Local\Temp\B9D2.exe
PID 1380 wrote to memory of 1560 N/A N/A C:\Users\Admin\AppData\Local\Temp\C613.exe
PID 1380 wrote to memory of 1560 N/A N/A C:\Users\Admin\AppData\Local\Temp\C613.exe
PID 1380 wrote to memory of 1560 N/A N/A C:\Users\Admin\AppData\Local\Temp\C613.exe
PID 1380 wrote to memory of 1560 N/A N/A C:\Users\Admin\AppData\Local\Temp\C613.exe
PID 1380 wrote to memory of 2376 N/A N/A C:\Users\Admin\AppData\Local\Temp\DBB6.exe
PID 1380 wrote to memory of 2376 N/A N/A C:\Users\Admin\AppData\Local\Temp\DBB6.exe
PID 1380 wrote to memory of 2376 N/A N/A C:\Users\Admin\AppData\Local\Temp\DBB6.exe
PID 1380 wrote to memory of 2376 N/A N/A C:\Users\Admin\AppData\Local\Temp\DBB6.exe
PID 1380 wrote to memory of 2376 N/A N/A C:\Users\Admin\AppData\Local\Temp\DBB6.exe
PID 1380 wrote to memory of 2376 N/A N/A C:\Users\Admin\AppData\Local\Temp\DBB6.exe
PID 1380 wrote to memory of 2376 N/A N/A C:\Users\Admin\AppData\Local\Temp\DBB6.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f.exe

"C:\Users\Admin\AppData\Local\Temp\7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f.exe"

C:\Users\Admin\AppData\Local\Temp\368B.exe

C:\Users\Admin\AppData\Local\Temp\368B.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\48A5.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\48A5.dll

C:\Users\Admin\AppData\Local\Temp\5228.exe

C:\Users\Admin\AppData\Local\Temp\5228.exe

C:\Users\Admin\AppData\Local\Temp\5228.exe

C:\Users\Admin\AppData\Local\Temp\5228.exe

C:\Users\Admin\AppData\Local\Temp\7533.exe

C:\Users\Admin\AppData\Local\Temp\7533.exe

C:\Users\Admin\AppData\Local\Temp\B2B0.exe

C:\Users\Admin\AppData\Local\Temp\B2B0.exe

C:\Users\Admin\AppData\Local\Temp\B9D2.exe

C:\Users\Admin\AppData\Local\Temp\B9D2.exe

C:\Users\Admin\AppData\Local\Temp\C613.exe

C:\Users\Admin\AppData\Local\Temp\C613.exe

C:\Users\Admin\AppData\Local\Temp\DBB6.exe

C:\Users\Admin\AppData\Local\Temp\DBB6.exe

C:\Users\Admin\AppData\Local\Temp\is-M25FA.tmp\DBB6.tmp

"C:\Users\Admin\AppData\Local\Temp\is-M25FA.tmp\DBB6.tmp" /SL5="$801F4,1678053,54272,C:\Users\Admin\AppData\Local\Temp\DBB6.exe"

C:\Users\Admin\AppData\Local\Temp\FD4B.exe

C:\Users\Admin\AppData\Local\Temp\FD4B.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"

C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe

"C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe" -i

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

"C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe"

C:\Users\Admin\AppData\Local\Temp\april.exe

"C:\Users\Admin\AppData\Local\Temp\april.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 580

C:\Users\Admin\AppData\Local\Temp\8A00.exe

C:\Users\Admin\AppData\Local\Temp\8A00.exe

C:\Users\Admin\AppData\Local\Temp\is-UBEUJ.tmp\april.tmp

"C:\Users\Admin\AppData\Local\Temp\is-UBEUJ.tmp\april.tmp" /SL5="$70160,1697899,56832,C:\Users\Admin\AppData\Local\Temp\april.exe"

C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe

"C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe" -s

C:\Users\Admin\AppData\Local\Temp\u19g.0.exe

"C:\Users\Admin\AppData\Local\Temp\u19g.0.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
RU 185.215.113.45:80 185.215.113.45 tcp
US 50.7.8.141:443 tcp
N/A 127.0.0.1:49293 tcp
FI 65.21.5.137:447 tcp
LU 107.189.14.106:9001 tcp
FR 62.210.97.21:443 tcp
FI 65.21.5.137:447 tcp
LU 107.189.14.106:9001 tcp
N/A 127.0.0.1:32677 tcp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 midnight.bestsup.su udp
US 104.21.29.103:80 midnight.bestsup.su tcp
US 8.8.8.8:53 recruiting.transnet.net udp
US 8.8.8.8:53 login.ihserc.com udp
US 8.8.8.8:53 backoffice.plexusworldwide.com udp
US 8.8.8.8:53 accounts.google.com udp
N/A 127.0.0.1:32677 tcp
N/A 127.0.0.1:32677 tcp
N/A 127.0.0.1:32677 tcp
N/A 127.0.0.1:32677 tcp
N/A 127.0.0.1:49386 tcp
N/A 127.0.0.1:49393 tcp
N/A 127.0.0.1:49397 tcp
N/A 127.0.0.1:49401 tcp
N/A 127.0.0.1:49406 tcp
N/A 127.0.0.1:49411 tcp
N/A 127.0.0.1:49417 tcp
N/A 127.0.0.1:49423 tcp
N/A 127.0.0.1:49430 tcp
N/A 127.0.0.1:49432 tcp
N/A 127.0.0.1:49438 tcp
US 8.8.8.8:53 login.ihserc.com udp
US 8.8.8.8:53 recruiting.transnet.net udp
US 8.8.8.8:53 recruiting.transnet.net udp
US 8.8.8.8:53 backoffice.plexusworldwide.com udp
US 8.8.8.8:53 muziekgallerij.biz udp
US 8.8.8.8:53 inloggen.centraalbeheer.nl udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 inloggen.centraalbeheer.nl udp
US 8.8.8.8:53 consumidorpositivo.com.br udp
US 8.8.8.8:53 muziekgallerij.biz udp
US 8.8.8.8:53 muziekgallerij.biz udp
US 8.8.8.8:53 consumidorpositivo.com.br udp
US 8.8.8.8:53 iptv4web.net udp
US 8.8.8.8:53 animeflv.net udp
US 8.8.8.8:53 alt3.gmr-smtp-in.l.google.com udp
US 8.8.8.8:53 iptv4web.net udp
US 8.8.8.8:53 renuevo.yoigo.com udp
US 8.8.8.8:53 iptv4web.net udp
US 8.8.8.8:53 renuevo.yoigo.com udp
US 8.8.8.8:53 animeflv.net udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 getpaidto.com udp
US 8.8.8.8:53 wifi.fbmi.cvut.cz udp
US 8.8.8.8:53 getpaidto.com udp
US 8.8.8.8:53 sammobile.com udp
US 8.8.8.8:53 driveandlife.mercedes-benz.de udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 gradapp.clarkson.edu udp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
US 8.8.8.8:53 wifi.fbmi.cvut.cz udp
US 8.8.8.8:53 wifi.fbmi.cvut.cz udp
US 8.8.8.8:53 sammobile.com udp
US 8.8.8.8:53 sammobile.com udp
US 8.8.8.8:53 getpaidto-com.mail.protection.outlook.com udp
US 8.8.8.8:53 driveandlife.mercedes-benz.de udp
US 8.8.8.8:53 driveandlife.mercedes-benz.de udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 srienlinea.sri.gob.ec udp
US 8.8.8.8:53 gradapp.clarkson.edu udp
US 8.8.8.8:53 srienlinea.sri.gob.ec udp
US 8.8.8.8:53 geometrinrete.it udp
US 8.8.8.8:53 portal.kenoby.com udp
US 8.8.8.8:53 secure01c.chase.com udp
US 8.8.8.8:53 geometrinrete.it udp
US 8.8.8.8:53 geometrinrete.it udp
US 8.8.8.8:53 us-smtp-inbound-1.mimecast.com udp
US 8.8.8.8:53 portal.kenoby.com udp
US 8.8.8.8:53 secure01c.chase.com udp
US 34.198.122.35:465 gradapp.clarkson.edu tcp
FR 52.222.169.58:21 portal.kenoby.com tcp
DE 85.115.23.186:995 driveandlife.mercedes-benz.de tcp
EC 190.152.216.14:143 srienlinea.sri.gob.ec tcp
US 159.53.232.29:22 secure01c.chase.com tcp
FR 52.222.169.58:443 portal.kenoby.com tcp
EC 190.152.216.14:465 srienlinea.sri.gob.ec tcp
US 34.198.122.35:995 gradapp.clarkson.edu tcp
US 8.8.8.8:53 sportdafa.net udp
US 8.8.8.8:53 mho.sutterhealth.org udp
US 8.8.8.8:53 lightxz.com udp
US 8.8.8.8:53 pvpro.com udp
US 8.8.8.8:53 mho.sutterhealth.org udp
US 8.8.8.8:53 sportdafa.net udp
US 8.8.8.8:53 mail.cassageometri.it udp
US 8.8.8.8:53 lightxz.com udp
US 8.8.8.8:53 sportdafa.net udp
FR 52.222.169.125:21 portal.kenoby.com tcp
US 198.217.74.193:22 mho.sutterhealth.org tcp
US 159.53.232.29:443 secure01c.chase.com tcp
US 8.8.8.8:53 pvpro.com udp
US 8.8.8.8:53 gupy.io udp
US 159.53.232.29:21 secure01c.chase.com tcp
EC 190.152.216.14:80 srienlinea.sri.gob.ec tcp
EC 190.152.216.14:995 srienlinea.sri.gob.ec tcp
IT 93.34.10.196:143 mail.cassageometri.it tcp
US 172.67.131.234:22 lightxz.com tcp
IT 93.34.10.196:465 mail.cassageometri.it tcp
TW 110.50.231.130:22 sportdafa.net tcp
NL 142.251.9.14:143 alt3.gmr-smtp-in.l.google.com tcp
TW 110.50.231.130:21 sportdafa.net tcp
US 198.217.74.193:21 mho.sutterhealth.org tcp
US 159.53.232.29:143 secure01c.chase.com tcp
FR 52.222.169.58:143 portal.kenoby.com tcp
EC 190.152.216.14:80 srienlinea.sri.gob.ec tcp
IT 93.34.10.196:995 mail.cassageometri.it tcp
US 159.53.232.29:465 secure01c.chase.com tcp
NL 142.251.9.14:465 alt3.gmr-smtp-in.l.google.com tcp
US 172.67.131.234:21 lightxz.com tcp
FR 52.222.169.58:465 portal.kenoby.com tcp
US 8.8.8.8:53 exaysro.com udp
US 8.8.8.8:53 imgflip.com udp
US 75.2.60.5:22 pvpro.com tcp
US 104.21.12.29:22 lightxz.com tcp
US 8.8.8.8:53 exaysro.com udp
US 8.8.8.8:53 vampire.rinetworks.org udp
FR 52.222.169.125:143 portal.kenoby.com tcp
US 104.21.12.29:21 lightxz.com tcp
US 159.53.232.29:995 secure01c.chase.com tcp
US 8.8.8.8:53 imgflip.com udp
US 8.8.8.8:53 _dc-mx.9d6b731d98a0.lightxz.com udp
US 8.8.8.8:53 websec01.esl-asia.com udp
FR 52.222.169.125:465 portal.kenoby.com tcp
EC 190.152.216.14:143 srienlinea.sri.gob.ec tcp
DE 88.99.26.79:22 exaysro.com tcp
US 8.8.8.8:53 elearning.esgee-oran.dz udp
US 8.8.8.8:53 ftp.inloggen.centraalbeheer.nl udp
US 8.8.8.8:53 platinum.lcfhc.com udp
DE 88.99.26.79:21 exaysro.com tcp
US 8.8.8.8:53 ftp.muziekgallerij.biz udp
US 8.8.8.8:53 elearning.esgee-oran.dz udp
US 8.8.8.8:53 secure03b.chase.com udp
US 8.8.8.8:53 vampire.rinetworks.org udp
US 8.8.8.8:53 ridgeattahoeresort.hotelwifi.com udp
US 8.8.8.8:53 trmpc.com udp
US 8.8.8.8:53 platinum.lcfhc.com udp
US 8.8.8.8:53 secure03b.chase.com udp
IT 93.34.10.228:80 geometrinrete.it tcp
US 8.8.8.8:53 games.ladbrokes.com udp
AR 190.220.21.28:80 trmpc.com tcp
FR 52.222.169.58:80 portal.kenoby.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 159.53.232.29:80 secure01c.chase.com tcp
GB 23.48.165.132:22 secure03b.chase.com tcp
US 172.67.131.234:80 lightxz.com tcp
US 198.217.74.193:80 mho.sutterhealth.org tcp
IE 209.85.203.84:443 accounts.google.com tcp
BE 108.177.15.26:143 aspmx.l.google.com tcp
NL 142.251.9.14:143 alt3.gmr-smtp-in.l.google.com tcp
FR 52.222.169.58:143 portal.kenoby.com tcp
US 8.8.8.8:53 ridgeattahoeresort.hotelwifi.com udp
US 8.8.8.8:53 secure03b.chase.com udp
US 8.8.8.8:53 vi-vn.facebook.com udp
US 8.8.8.8:53 yunpanjingling.com udp
US 8.8.8.8:53 docsity.com udp
US 8.8.8.8:53 srienlinea.sri.gob.ec udp
US 8.8.8.8:53 srienlinea.sri.gob.ec udp
US 8.8.8.8:53 games.ladbrokes.com udp
US 8.8.8.8:53 games.ladbrokes.com udp
US 8.8.8.8:53 www.geometrinrete.it udp
US 8.8.8.8:53 ssh.inloggen.centraalbeheer.nl udp
US 8.8.8.8:53 vi-vn.facebook.com udp
US 8.8.8.8:53 srienlinea.sri.gob.ec udp
US 8.8.8.8:53 ssh.muziekgallerij.biz udp
US 8.8.8.8:53 mail.inloggen.centraalbeheer.nl udp
US 8.8.8.8:53 mx156.hostedmxserver.com udp
US 8.8.8.8:53 yunpanjingling.com udp
US 8.8.8.8:53 recruiting.transnet.net udp
US 8.8.8.8:53 mail.muziekgallerij.biz udp
US 8.8.8.8:53 yunpanjingling.com udp
US 8.8.8.8:53 ftp.wifi.fbmi.cvut.cz udp
US 75.2.60.5:80 pvpro.com tcp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 secure03b.chase.com udp
US 8.8.8.8:53 docsity.com udp
US 8.8.8.8:53 discord.com udp
TW 110.50.231.130:80 sportdafa.net tcp
IT 93.34.10.228:443 www.geometrinrete.it tcp
IE 209.85.203.84:80 accounts.google.com tcp
IT 93.34.10.228:80 www.geometrinrete.it tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 104.18.255.14:80 imgflip.com tcp
US 198.217.74.193:443 mho.sutterhealth.org tcp
US 8.8.8.8:53 lootbits.io udp
US 8.8.8.8:53 quiubi.it udp
US 8.8.8.8:53 lootbits.io udp
FR 52.222.169.58:443 portal.kenoby.com tcp
DE 88.99.26.79:80 exaysro.com tcp
DE 88.99.26.79:80 exaysro.com tcp
US 172.67.131.234:443 lightxz.com tcp
EC 190.152.216.14:80 srienlinea.sri.gob.ec tcp
GB 23.48.165.132:80 secure03b.chase.com tcp
US 67.227.226.240:80 platinum.lcfhc.com tcp
US 75.140.39.18:80 ridgeattahoeresort.hotelwifi.com tcp
US 8.8.8.8:53 ad2prosper.com udp
US 8.8.8.8:53 ad2prosper.com udp
DE 161.97.135.201:80 elearning.esgee-oran.dz tcp
EC 190.152.216.14:80 srienlinea.sri.gob.ec tcp
US 159.53.232.29:80 secure01c.chase.com tcp
AT 195.72.134.91:80 games.ladbrokes.com tcp
US 8.8.8.8:53 secure03b.chase.com udp
US 8.8.8.8:53 quiubi.it udp
US 8.8.8.8:53 secure03b.chase.com udp
US 8.8.8.8:53 kwork.com udp
US 8.8.8.8:53 new.edmodo.com udp
US 8.8.8.8:53 papp.csps-efpc.gc.ca udp
US 8.8.8.8:53 kolabjar-asnpintar.lan.go.id udp
US 8.8.8.8:53 admission1cet2019.mahacet.org.in udp
US 8.8.8.8:53 na.wargaming.net udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 windscribe.com udp
US 8.8.8.8:53 login.uptobox.com udp
US 8.8.8.8:53 mail.wifi.fbmi.cvut.cz udp
US 8.8.8.8:53 kwork.com udp
US 8.8.8.8:53 sutterhealth.org udp
US 8.8.8.8:53 mx2.hc576-90.c3s2.iphmx.com udp
US 8.8.8.8:53 mx2.hc576-90.c3s2.iphmx.com udp
US 8.8.8.8:53 www.ladbrokes.com udp
US 8.8.8.8:53 papp.csps-efpc.gc.ca udp
US 8.8.8.8:53 mail.tokenrush.com udp
US 8.8.8.8:53 mail.tokenrush.com udp
US 8.8.8.8:53 ww7.lcfhc.com udp
US 8.8.8.8:53 new.edmodo.com udp
US 8.8.8.8:53 _dc-mx.1e0587fad4b6.ad2prosper.com udp
US 8.8.8.8:53 kolabjar-asnpintar.lan.go.id udp
US 8.8.8.8:53 _dc-mx.1e0587fad4b6.ad2prosper.com udp
US 8.8.8.8:53 na.wargaming.net udp
US 8.8.8.8:53 kolabjar-asnpintar.lan.go.id udp
US 8.8.8.8:53 admission1cet2019.mahacet.org.in udp
US 8.8.8.8:53 kolabjar-asnpintar.lan.go.id udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 windscribe.com udp
US 104.18.255.14:443 imgflip.com tcp
US 8.8.8.8:53 login.uptobox.com udp
US 8.8.8.8:53 login.uptobox.com udp
US 8.8.8.8:53 track.saferoad.net udp
US 8.8.8.8:53 supraforums.com udp
US 75.140.39.18:80 ridgeattahoeresort.hotelwifi.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 162.159.135.232:80 discord.com tcp
US 69.16.230.226:80 yunpanjingling.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 199.59.243.225:80 ww7.lcfhc.com tcp
DE 88.99.26.79:80 exaysro.com tcp
IT 193.41.205.114:80 quiubi.it tcp
IT 93.34.10.228:80 www.geometrinrete.it tcp
US 8.8.8.8:53 track.saferoad.net udp
US 8.8.8.8:53 supraforums.com udp
US 8.8.8.8:53 meine.sbk.org udp
US 8.8.8.8:53 equipodelideres.com udp
US 8.8.8.8:53 portaleargo.it udp
US 8.8.8.8:53 watchfaces.be udp
US 8.8.8.8:53 ftp.sportdafa.net udp
US 8.8.8.8:53 member.hide.me udp
US 8.8.8.8:53 persona.patria.org.ve udp
GB 23.48.165.149:80 secure03b.chase.com tcp
US 69.16.230.226:80 yunpanjingling.com tcp
BE 108.177.15.26:143 aspmx.l.google.com tcp
US 76.76.21.61:22 track.saferoad.net tcp
FR 52.222.149.46:80 docsity.com tcp
US 172.67.171.232:80 ad2prosper.com tcp
US 172.67.131.234:80 lightxz.com tcp
EC 190.152.216.14:80 srienlinea.sri.gob.ec tcp
GB 163.70.147.22:80 vi-vn.facebook.com tcp
US 198.217.74.193:443 mho.sutterhealth.org tcp
US 104.18.138.44:443 www.ladbrokes.com tcp
US 8.8.8.8:53 pokemon-planet.com udp
US 76.76.21.142:22 track.saferoad.net tcp
DE 161.97.135.201:80 elearning.esgee-oran.dz tcp
US 75.2.60.5:80 pvpro.com tcp
US 172.67.196.236:80 lootbits.io tcp
DE 88.99.26.79:80 exaysro.com tcp
AT 195.72.134.91:222 games.ladbrokes.com tcp
US 172.67.131.234:990 lightxz.com tcp
DE 161.97.135.201:443 elearning.esgee-oran.dz tcp
US 172.67.29.218:443 login.uptobox.com tcp
US 104.21.12.29:990 lightxz.com tcp
US 104.22.30.128:443 login.uptobox.com tcp
US 8.8.8.8:53 proxy-nl.hide.me udp
AT 195.72.135.91:222 games.ladbrokes.com tcp
US 67.227.226.240:80 platinum.lcfhc.com tcp
US 8.8.8.8:53 portal.kenoby.com udp
US 199.59.243.225:80 ww7.lcfhc.com tcp
US 8.8.8.8:53 meine.sbk.org udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 mailgw.mirafox.ru udp
US 8.8.8.8:53 linkomanija.net udp
US 8.8.8.8:53 kidsgetmoney.co udp
US 8.8.8.8:53 sigatuljamea.net udp
US 8.8.8.8:53 abacus.rblbank.com udp
US 8.8.8.8:53 snipe.games udp
US 8.8.8.8:53 util01.verticalscope.com udp
US 8.8.8.8:53 ftp.secure01c.chase.com udp
US 8.8.8.8:53 mail.driveandlife.mercedes-benz.de udp
US 8.8.8.8:53 secure03b.chase.com udp
US 8.8.8.8:53 watchfaces.be udp
US 8.8.8.8:53 mailgw.mirafox.ru udp
US 8.8.8.8:53 watchfaces.be udp
US 8.8.8.8:53 watchfaces.be udp
US 8.8.8.8:53 ftp.elearning.esgee-oran.dz udp
US 8.8.8.8:53 equipodelideres.com udp
US 8.8.8.8:53 persona.patria.org.ve udp
US 8.8.8.8:53 portaleargo.it udp
US 8.8.8.8:53 gupy.io udp
US 8.8.8.8:53 pokemon-planet.com udp
US 8.8.8.8:53 member.hide.me udp
US 8.8.8.8:53 srienlinea.sri.gob.ec udp
US 8.8.8.8:53 mail.srienlinea.sri.gob.ec udp
US 8.8.8.8:53 mail.gecomail.net udp
US 8.8.8.8:53 backoffice.plexusworldwide.com udp
US 8.8.8.8:53 portaleargo.it udp
US 8.8.8.8:53 alt1.gmr-smtp-in.l.google.com udp
US 8.8.8.8:53 mail.gecomail.net udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 ftp.portal.kenoby.com udp
US 8.8.8.8:53 proxy-nl.hide.me udp
IT 193.41.205.114:80 quiubi.it tcp
US 172.67.171.232:80 ad2prosper.com tcp
US 8.8.8.8:53 ssh.wifi.fbmi.cvut.cz udp
US 8.8.8.8:53 mail.secure01c.chase.com udp
US 8.8.8.8:53 vi-vn.facebook.com udp
US 8.8.8.8:53 mail.gradapp.clarkson.edu udp
US 8.8.8.8:53 alt3.gmr-smtp-in.l.google.com udp
US 8.8.8.8:53 snipe.games udp
US 8.8.8.8:53 ftp.mho.sutterhealth.org udp
US 8.8.8.8:53 secure03b.chase.com udp
US 8.8.8.8:53 abacus.rblbank.com udp
US 8.8.8.8:53 linkomanija.net udp
IE 209.85.203.84:80 accounts.google.com tcp
US 159.53.232.29:80 secure01c.chase.com tcp
TW 110.50.231.130:443 sportdafa.net tcp
US 172.67.29.218:80 login.uptobox.com tcp
US 104.20.93.59:80 windscribe.com tcp
ID 103.123.66.203:80 kolabjar-asnpintar.lan.go.id tcp
US 104.18.255.14:80 imgflip.com tcp
IT 93.34.10.228:80 www.geometrinrete.it tcp
US 76.76.21.61:80 track.saferoad.net tcp
NL 93.171.200.41:80 kwork.com tcp
US 92.223.56.72:80 na.wargaming.net tcp
US 151.101.65.91:80 supraforums.com tcp
US 159.53.232.29:80 secure01c.chase.com tcp
DE 192.248.187.111:80 member.hide.me tcp
US 8.8.8.8:53 sportybet.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 spool.mail.gandi.net udp
US 8.8.8.8:53 indihome.co.id udp
US 8.8.8.8:53 mail.gecomail.net udp
US 8.8.8.8:53 games.ladbrokes.com udp
US 8.8.8.8:53 sigatuljamea.net udp
ID 103.123.66.203:80 kolabjar-asnpintar.lan.go.id tcp
US 104.18.255.14:80 imgflip.com tcp
US 76.76.21.61:80 track.saferoad.net tcp
DE 192.248.187.111:80 member.hide.me tcp
DE 46.4.33.44:80 watchfaces.be tcp
DE 83.125.32.46:80 meine.sbk.org tcp
GB 92.123.241.50:80 store.steampowered.com tcp
GB 23.214.154.77:80 steamcommunity.com tcp
VE 190.205.112.69:80 persona.patria.org.ve tcp
US 67.227.226.240:80 platinum.lcfhc.com tcp
US 172.67.68.54:80 pokemon-planet.com tcp
US 8.8.8.8:53 leadlyf.in udp
US 8.8.8.8:53 shopee.co.id udp
US 8.8.8.8:53 zzcartoon.com udp
US 8.8.8.8:53 games.ladbrokes.com udp
US 8.8.8.8:53 patria.org.ve udp
US 8.8.8.8:53 kidsgetmoney.co udp
US 8.8.8.8:53 metin2alaska.ro udp
US 8.8.8.8:53 kidsgetmoney.co udp
US 8.8.8.8:53 secure03b.chase.com udp
US 8.8.8.8:53 abacus.rblbank.com udp
US 8.8.8.8:53 srienlinea.sri.gob.ec udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 docsity.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 leadlyf.in udp
US 8.8.8.8:53 kwork.com udp
US 8.8.8.8:53 ftp.vampire.rinetworks.org udp
US 8.8.8.8:53 shopee.co.id udp
US 8.8.8.8:53 ftp.platinum.lcfhc.com udp
US 8.8.8.8:53 ftp.pvpro.com udp
US 8.8.8.8:53 eforward5.registrar-servers.com udp
US 8.8.8.8:53 backoffice.plexusworldwide.com udp
US 8.8.8.8:53 ftp.secure03b.chase.com udp
US 8.8.8.8:53 ftp.accounts.google.com udp
US 67.227.226.240:80 ftp.platinum.lcfhc.com tcp
US 8.8.8.8:53 mail.portal.kenoby.com udp
US 8.8.8.8:53 ftp.ridgeattahoeresort.hotelwifi.com udp
US 8.8.8.8:53 mail.gecomail.net udp
US 8.8.8.8:53 park-mx.above.com udp
US 8.8.8.8:53 portal.kenoby.com udp
US 8.8.8.8:53 aspmx2.googlemail.com udp
US 8.8.8.8:53 ftp.exaysro.com udp
US 8.8.8.8:53 ftp.recruiting.transnet.net udp
US 8.8.8.8:53 mail.gecomail.net udp
US 8.8.8.8:53 ftp.yunpanjingling.com udp
US 8.8.8.8:53 zzcartoon.com udp
VE 190.205.112.68:80 persona.patria.org.ve tcp
US 8.8.8.8:53 secure03b.chase.com udp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
US 8.8.8.8:53 ftp.imgflip.com udp
US 8.8.8.8:53 mail.mho.sutterhealth.org udp
US 8.8.8.8:53 mail.gecomail.net udp
US 8.8.8.8:53 patria.org.ve udp
US 8.8.8.8:53 metin2alaska.ro udp
US 8.8.8.8:53 dashboard.aquicard.com.br udp
US 8.8.8.8:53 m.chaturbate.com udp
DE 185.172.128.90:80 185.172.128.90 tcp
US 92.223.56.72:80 na.wargaming.net tcp
US 75.140.39.18:80 ridgeattahoeresort.hotelwifi.com tcp
US 162.255.119.58:80 snipe.games tcp
TW 110.50.231.130:80 sportdafa.net tcp
SE 88.80.28.163:80 linkomanija.net tcp
US 8.8.8.8:53 nidoe.org udp
US 8.8.8.8:53 dashboard.aquicard.com.br udp
US 8.8.8.8:53 sportybet.com udp
FR 52.222.169.125:80 portal.kenoby.com tcp
TW 110.50.231.130:80 sportdafa.net tcp
US 8.8.8.8:53 casinovenetian.com udp
US 8.8.8.8:53 pnc.cnas.dz udp
US 8.8.8.8:53 ssh.pvpro.com udp
US 8.8.8.8:53 m.chaturbate.com udp
US 8.8.8.8:53 mxa-004fae02.gslb.pphosted.com udp
US 8.8.8.8:53 secure03b.chase.com udp
US 8.8.8.8:53 casinovenetian.com udp
US 8.8.8.8:53 abacus.rblbank.com udp
US 8.8.8.8:53 mail.zzcartoon.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 ftp.vi-vn.facebook.com udp
US 8.8.8.8:53 enlinea.sunarp.gob.pe udp
DE 88.99.26.79:80 ftp.exaysro.com tcp
US 172.67.171.232:80 ad2prosper.com tcp
DE 161.97.135.201:80 elearning.esgee-oran.dz tcp
US 162.255.119.58:80 snipe.games tcp
US 162.159.135.232:443 discord.com tcp
GB 163.70.147.22:443 vi-vn.facebook.com tcp
US 103.224.182.253:80 kidsgetmoney.co tcp
US 8.8.8.8:53 account.mojang.com udp
US 8.8.8.8:53 ssh.sportdafa.net udp
US 8.8.8.8:53 pnc.cnas.dz udp
US 8.8.8.8:53 mail.metin2alaska.ro udp
US 8.8.8.8:53 fr.socialclub.rockstargames.com udp
US 8.8.8.8:53 ssh.accounts.google.com udp
US 8.8.8.8:53 secure03b.chase.com udp
US 8.8.8.8:53 correo.patria.org.ve udp
US 8.8.8.8:53 mail.ridgeattahoeresort.hotelwifi.com udp
US 8.8.8.8:53 backoffice.plexusworldwide.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 ftp.lootbits.io udp
US 72.9.102.3:80 sigatuljamea.net tcp
IT 193.41.205.114:80 quiubi.it tcp
US 8.8.8.8:53 pop.inloggen.centraalbeheer.nl udp
US 75.2.60.5:80 pvpro.com tcp
GB 23.48.165.150:80 abacus.rblbank.com tcp
US 8.8.8.8:53 secure03b.chase.com udp
US 8.8.8.8:53 account.mojang.com udp
ID 180.250.116.205:80 indihome.co.id tcp
US 103.224.182.253:80 kidsgetmoney.co tcp
US 172.67.68.54:80 pokemon-planet.com tcp
ZA 66.22.96.44:80 recruiting.transnet.net tcp
DE 18.159.22.34:80 sportybet.com tcp
AT 195.72.135.91:80 games.ladbrokes.com tcp
US 198.217.74.193:80 mho.sutterhealth.org tcp
US 69.16.230.226:80 ftp.yunpanjingling.com tcp
NL 93.171.200.41:443 kwork.com tcp
US 151.101.65.91:80 supraforums.com tcp
US 104.20.93.59:443 windscribe.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 92.223.56.72:80 na.wargaming.net tcp
VE 190.205.112.69:80 persona.patria.org.ve tcp
US 172.67.196.236:443 lootbits.io tcp
US 8.8.8.8:53 oams.statefarm.com udp
ZA 66.22.96.44:80 recruiting.transnet.net tcp
FR 52.222.169.125:443 portal.kenoby.com tcp
SG 202.181.90.248:80 shopee.co.id tcp
US 198.217.74.193:80 mho.sutterhealth.org tcp
VE 190.205.112.69:80 persona.patria.org.ve tcp
DE 185.172.128.187:80 185.172.128.187 tcp
US 8.8.8.8:53 kacare.taleo.net udp
US 8.8.8.8:53 www.linkomanija.net udp
US 8.8.8.8:53 ssh.secure01c.chase.com udp
US 8.8.8.8:53 ftp.games.ladbrokes.com udp
US 8.8.8.8:53 mail.gecomail.net udp
US 8.8.8.8:53 mail.gecomail.net udp
US 8.8.8.8:53 ssh.mho.sutterhealth.org udp
US 8.8.8.8:53 enlinea.sunarp.gob.pe udp

Files

memory/2540-1-0x0000000000590000-0x0000000000690000-memory.dmp

memory/2540-2-0x0000000000220000-0x000000000022B000-memory.dmp

memory/2540-3-0x0000000000400000-0x0000000000474000-memory.dmp

memory/1380-4-0x00000000026F0000-0x0000000002706000-memory.dmp

memory/2540-8-0x0000000000220000-0x000000000022B000-memory.dmp

memory/2540-5-0x0000000000400000-0x0000000000474000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\368B.exe

MD5 b6297922e4d7e05d1b009613d201883e
SHA1 b6c739fd153f0078e115386bd0f87d784c1b5588
SHA256 91a101f00488af2027b7fee5bfe9a14f290bcc401d183d352c9de40625af3700
SHA512 ab503a34d096ba5b6695505054e12ddf16ddd1407c1737d0fb5655b21947bab4de49e546b0ee1bbc9cdd581b8f32522ec720d27fa0fe9b79796ea0e3a6e3be79

memory/2472-18-0x0000000000E10000-0x00000000012BE000-memory.dmp

memory/2472-19-0x00000000776F0000-0x00000000776F2000-memory.dmp

memory/2472-20-0x0000000000E10000-0x00000000012BE000-memory.dmp

memory/2472-23-0x0000000000550000-0x0000000000551000-memory.dmp

memory/2472-24-0x00000000027C0000-0x00000000027C1000-memory.dmp

memory/2472-32-0x00000000004E0000-0x00000000004E1000-memory.dmp

memory/2472-31-0x00000000003C0000-0x00000000003C1000-memory.dmp

memory/2472-30-0x0000000000D80000-0x0000000000D81000-memory.dmp

memory/2472-29-0x0000000000560000-0x0000000000561000-memory.dmp

memory/2472-28-0x0000000000500000-0x0000000000501000-memory.dmp

memory/2472-27-0x0000000000410000-0x0000000000411000-memory.dmp

memory/2472-26-0x00000000005B0000-0x00000000005B1000-memory.dmp

memory/2472-25-0x00000000003A0000-0x00000000003A1000-memory.dmp

memory/2472-22-0x00000000006E0000-0x00000000006E1000-memory.dmp

memory/2472-21-0x00000000006C0000-0x00000000006C1000-memory.dmp

memory/2472-34-0x0000000002820000-0x0000000002821000-memory.dmp

memory/2472-33-0x00000000004F0000-0x00000000004F1000-memory.dmp

memory/2472-36-0x00000000027D0000-0x00000000027D1000-memory.dmp

memory/2472-37-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2472-38-0x0000000002A60000-0x0000000002A61000-memory.dmp

memory/2472-43-0x0000000000E10000-0x00000000012BE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\48A5.dll

MD5 b0fb18cfcac1983582e7fd67b2843ce8
SHA1 ca29cf7cee80be38c5d667d5e8c00e6ea11b3294
SHA256 4132c2587cfe85b944d95835d8d0bf92a08a0f831ea26a45c826146048347f45
SHA512 4d9e1b14ef1a8adc15d38846c0a4e1d762e76fd944c76621ef6ac3a8482d14e40cfd4d7a14853d7a99cca2a99aa438eba996e842f1172f5f9a8f34ba1d97daf9

memory/1444-48-0x0000000010000000-0x00000000102CE000-memory.dmp

memory/1444-47-0x00000000000D0000-0x00000000000D6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5228.exe

MD5 1524fb466e4e5631c795cd9c2b245a26
SHA1 f2c08688e48f56c59a781895e3736d6ab8d85148
SHA256 c47d56f11a42325c13283b85f18af8354dfcfb3a27bb5de5035887cbf5d27686
SHA512 701992a982205c84fa1be4fc4aaaf62dcfdbe466825fe744667fc89209bdc476129cefccdcf0e5523543fa5370f38668b6381aec5bd919a8dddccbdadff3e89b

C:\Users\Admin\AppData\Local\Temp\5228.exe

MD5 996c2b1fb60f980ea6618aeefbe4cebf
SHA1 a8553f7f723132a1d35f7a57cae1a2e267cbc2ac
SHA256 f91c0a4753cdb98cce0ade020917fdefe7a8daf88d23b4c07595de741402ca50
SHA512 4af8fb921a332c5ac3d43b85bc23c859e431702e00852537bf1831c7af8b990d880808d044a1317873c77fbdecb1af7c97bed9edd9e2185bcbfa390c463f9056

memory/1772-56-0x0000000001F40000-0x00000000020F8000-memory.dmp

memory/1444-60-0x00000000022B0000-0x00000000023DB000-memory.dmp

memory/1772-62-0x0000000002100000-0x00000000022B7000-memory.dmp

memory/1648-61-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

\Users\Admin\AppData\Local\Temp\5228.exe

MD5 63d1f70922c62844b5856e85bafa7b67
SHA1 7d99bd240da3a671964cbda611f339c228c5d6bc
SHA256 5a82e42ffcee94f2298b5e054b875bdcbb15d41efde46b8bd8de56e0d79720c9
SHA512 5cf1ab9304868652bdbff3f46a37b07c4472e903ca2500633095daaafdf507d13d3292d1816af60d15c97ef8d74c77968619bff533460cc78c9e3933a83b6979

memory/1772-57-0x0000000001F40000-0x00000000020F8000-memory.dmp

memory/1444-63-0x00000000023E0000-0x00000000024EF000-memory.dmp

memory/1648-67-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1444-70-0x00000000023E0000-0x00000000024EF000-memory.dmp

memory/1648-72-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1648-71-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5228.exe

MD5 bd1c101a8f6ebea4d6a4ae14a78730eb
SHA1 198580a768815345d70b97c05f2c2af91e5ae5e5
SHA256 778e7f48509365fff760d55cd3ecdf67898ae7a8d5c69e93f8d4669e9a35b784
SHA512 a8985e69d89dc512bedbe80da236040d1fee42e1c3cfc830528568b0956c6a8c2616da27b4fc1bbb567e641b1680a2ff971013d385b04404ce4b6a6b41ed4a97

memory/1444-73-0x00000000023E0000-0x00000000024EF000-memory.dmp

memory/1648-74-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1648-75-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1648-76-0x0000000000400000-0x0000000000848000-memory.dmp

\Users\Admin\AppData\Local\Temp\48A5.dll

MD5 e4b2691c9225ae6705f1737a21be4ce6
SHA1 e1fe9879b90ce0a179c725b0b9edd7e4fa807960
SHA256 02439c5310339f090f35e6425652db389ca4f3663fef02706038457934011d33
SHA512 1fe36915a45f3c8a26ac08c5fd17fe69c42a103a3efcb8d45aefdf8c09a30153068a8ba9c4d4191cc933a347bfea8dc6c7f5e64a53a75cb1323dbe2f7d11c0fd

memory/1648-78-0x0000000000230000-0x0000000000236000-memory.dmp

memory/1648-81-0x0000000002B40000-0x0000000002C6B000-memory.dmp

memory/1648-82-0x0000000002C70000-0x0000000002D7F000-memory.dmp

memory/1648-85-0x0000000002C70000-0x0000000002D7F000-memory.dmp

memory/1648-86-0x0000000002C70000-0x0000000002D7F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7533.exe

MD5 68a9bf2ea7d3e606644b594a3420d9cc
SHA1 4366fbef31500ca265fad6f0a080802fc69c5465
SHA256 3b386b16dc4c9683d3c7a30270a133ed87c06675d8c76c2a9fb0cb77bb50448f
SHA512 dec7d0e2e6259b50f3971919e9492950a3392e7228827d3e879ed69d19d93e058c68f234728a2aa88f4ef1ad61788c027ac84a0126ca8a340707ff04587241e4

memory/1376-96-0x0000000000A30000-0x0000000000FCE000-memory.dmp

memory/1376-97-0x00000000741D0000-0x00000000748BE000-memory.dmp

memory/1376-98-0x00000000027E0000-0x0000000002820000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 0e82665af2b5fb32d0f44731689e4242
SHA1 3598cb67ba0ec0def68deb9306ac803390909c00
SHA256 6a8815b2dd74277d3c4cce7d277226602e381c73710c4bd37f071a602c2997e9
SHA512 73ed8ed727bc6cb779012380a9c24ccf964b2d6889b88badafd6c4adffb8a08bb96d94948294a581e14be4eb33b8139880beedd6381cf589a98a75f2853a635a

memory/1376-107-0x0000000005130000-0x000000000536A000-memory.dmp

memory/1648-108-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 4c4b85a2175bfe5d3ade50f148ca8782
SHA1 31dcace2496812ac1c02a0c70dc58820ae5d1d21
SHA256 39009cc8983254701dddd4a0b9ba097febcc5a407f1f07fb7fad470f808b22c5
SHA512 1ee6c604e20d482ae4a9a7daf5100cecadd5c33ed6e2412b626c717c929012401b1f506e679f0e9a83af84ed0830a39cf210c1ae1ab0c0893066e756c3739037

memory/1648-123-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\B2B0.exe

MD5 d8475e3eb1b8088c1b747799b20802be
SHA1 27727b8406dd18ae5ddc347257eac438f1dc08c2
SHA256 40201bb18c81921d55236144105f37012832f6e321f41f5f48f7469420df0990
SHA512 27bc79e9633f19f92efb72ae5e11603fe2ae0587cf532188b2bb8f2351123167556faf4ea347f0a394c6f3ab0d98374b9f9d7cecb4aa491117415fb9eed70726

memory/1648-130-0x0000000000400000-0x0000000000848000-memory.dmp

memory/3036-131-0x0000000000C90000-0x0000000001971000-memory.dmp

memory/3036-137-0x0000000000080000-0x0000000000081000-memory.dmp

memory/3036-139-0x0000000000C90000-0x0000000001971000-memory.dmp

memory/3036-140-0x0000000000080000-0x0000000000081000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\B9D2.exe

MD5 a1b5ee1b9649ab629a7ac257e2392f8d
SHA1 dc1b14b6d57589440fb3021c9e06a3e3191968dc
SHA256 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65
SHA512 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b

memory/3048-147-0x0000000001EE0000-0x0000000001FE0000-memory.dmp

memory/3048-148-0x0000000001CF0000-0x0000000001D5B000-memory.dmp

memory/1376-149-0x00000000741D0000-0x00000000748BE000-memory.dmp

memory/3048-150-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/1376-156-0x00000000027E0000-0x0000000002820000-memory.dmp

memory/1560-157-0x00000000741D0000-0x00000000748BE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\C613.exe

MD5 08c7993cba41d1e99087c7563d86acbb
SHA1 23c7393fe790acbeed959c6198c8c5657da1e7ef
SHA256 791146f020de235494a4d80045743b22dd12430a8fe20d90ddd89e95ec2deb5b
SHA512 623250d5e18f0324338d8fe5b86244982d10fa9a6302cb30102783646745373199012aa35df245dec1853044fc67165af2cf94666abcaad6ef8b321fe74db1a2

memory/1560-161-0x0000000000C90000-0x0000000000EE2000-memory.dmp

memory/1648-163-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1648-164-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1648-167-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1648-166-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1648-169-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1648-172-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1648-176-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2376-188-0x0000000000400000-0x0000000000414000-memory.dmp

memory/1648-182-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1648-190-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1648-186-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1648-189-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DBB6.exe

MD5 4735622a4d5d0771efbfb92ffc9fba61
SHA1 1731917ad5377e71016757197d9c07bfbf678aee
SHA256 e31a9f98aaa50eb3da3e33b6683602973d4ad3732a8db379338f55b74cd9a349
SHA512 7859a9cac724bf8b32fe3474c8cfb6ae42cc14c798d526640e06931e3e2f93206c74b40a8545a404c80655ba1e7741cc7bea5e718171c58cdced6abbfc867734

C:\Users\Admin\AppData\Local\Temp\DBB6.exe

MD5 40ecea626cfe1e64779a5ea2ceb518c4
SHA1 75799ebc2ce17392e4c0acde7c0ab436ad774822
SHA256 ed31f7dcf98513e14e25c0f22bd4a1497ed952fdc5711b857accbafceaa4f1c6
SHA512 7d8c31202253bb212ee1b57f02039f70ace45234fdf80980cc89c0c8b295c0b9a8e9be392aaaa3c5e0560391d115c9630e45c93509ed0579e498df6606882ae8

memory/1648-179-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1648-185-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1648-175-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1648-171-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1648-170-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1648-165-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-M25FA.tmp\DBB6.tmp

MD5 33da9dc521f467c0405d3ef5377ce04b
SHA1 5249d7ce5dfabe5ee6d2fc7d3f3eba1e866b7d1f
SHA256 dbab8a7b2b45fc7001d5e34d3d45ccbe93a7591f12910281acf2c32f8c4e631c
SHA512 a3093637e1d731eab58080e10706db1afbf6e79fbac6593733b61033f97875ecbe230311e9741d349625ec3a66a6435318846d35290db8cd00af76d692699a55

C:\Users\Admin\AppData\Local\Temp\FD4B.exe

MD5 b0e6bfe2af835722aca24eeacfa0954a
SHA1 8544c34b982719be70a3def063fb9066f1a5a191
SHA256 e9a0ef41ea783e19d37b4fac34ddf58371526af7bf6ff915a263b427da293fa7
SHA512 19227e1fc6854b5a983de63e91f1429d6e73c9581d06140729f348196363d0ca248a99000196b0aa3d3d4daab0dababac495846a1024ab687e9619b8f680b27b

\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

MD5 4f858826f9718b6e9e49ec1f194a736b
SHA1 bed8c04c74d341bf65ae183470662082f4eceb69
SHA256 43bd481bd77f8851b7f15d5a8715910173b2e8914f662d0c19469d01cac4c478
SHA512 799cd40eb1097d3cdb2bbccc09f14a16d85e15e82508b8e873539d0194a2b2c14e971af4c6189d7cd97be8721187993a0d2691188a4a255f232042ed48a0db71

\Users\Admin\AppData\Local\Temp\is-JA57J.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

memory/2672-346-0x0000000000240000-0x0000000000241000-memory.dmp

\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe

MD5 9e0470e1bd2b7c442279118061c19857
SHA1 2e6fa6784f8aaf89432b525e7b292172a27d7763
SHA256 25e248690151bad544174164ec0229ce661777fd15cd2ae5989711753e49d551
SHA512 de81e9b9a1231618ae0398bf7bc1fbc1fdef7c009827ae629a5fe05ec9b57a76b556ca1b6f417527b6fd2c79a376ad900451308f21b2cb25109bfa3ee1257082

memory/2828-419-0x00000000002C0000-0x000000000076E000-memory.dmp

C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe

MD5 c006470e81f5f36c23ec87c787235655
SHA1 5628eade71c424664965621dc447fc3a5ecff66a
SHA256 03185bbe42edbaa454e379c801c789135fa62d50d867230d5c62bf83cbf8126e
SHA512 add9def79546edca49a7573b08d5123bce8856cc4751d7e688802996c4c6d96f3b7845154d3432af9b3c9ebd84c664b6b6bafa877828e3379926d4b05d99ad72

memory/2828-429-0x00000000025F0000-0x00000000025F1000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-JA57J.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

memory/2828-447-0x0000000002650000-0x0000000002651000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

MD5 c7118610fefdaad90083c662bd4ef37f
SHA1 9c051ff43747b8b52032b3cbe4d5b9a1edf8b9a5
SHA256 333836d1c49ef069087f74844295e31ac2273b5337c2c2d70eb3c8f74901af14
SHA512 7afa9b4b623927dee5a46ce471eb73dfa295dd989f789accf274526c618e2996ed5bd0d0a1930d84395a01412ccd966eca51359187e5612d18a988206e09d256

memory/2828-472-0x00000000024C0000-0x00000000024C1000-memory.dmp

\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

MD5 7366f0044a6f6fce8d8b3adaa5838002
SHA1 b9757f241bd22b5cec7ad5311bdf6cc66692567d
SHA256 98636cfcc4c3808a366148983668d49f22a8865cc4a0dadc973292fe319951f1
SHA512 e800650e083286e7dceb26c5b2b09098d1d339a4c05e821f36d78426859d5d1ad363704e486028b505326d6919984f63797aba01461ffab346f26d936837aa35

memory/2672-557-0x00000000032F0000-0x00000000034C9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\april.exe

MD5 19ba43aa42c53451c975c06447a43df2
SHA1 781da85d380aba1a2cb05ba1de6e1ece48d5477f
SHA256 f5e837bdc79926049beff61498129e21941c3cf9da43638feb6154e6620287e0
SHA512 8746fcb8005e4533c02dd6f60ecff58e6a9013c8ae2a134380952b7465ccb24793530e5d2326495163d39536c84c4b1fe0542aed0d54613aaa2a45201c824442

memory/1560-626-0x00000000741D0000-0x00000000748BE000-memory.dmp

\Users\Admin\AppData\Local\Temp\7533.exe

MD5 24aaf9a318d245f08d87d583687cf458
SHA1 d26c2c180abb2ad2c153dc889face8afc8fa1521
SHA256 55f1c8bae65f385b7ccfb4d7628f73415aab9fbf4b691022e069af9fe9154d6b
SHA512 fb5b4522330003bb6d770728c3f188a9eb25bb22c15d533e2f6c9aa06913fd13db816a469cc4976f40d1d66d133a3f123c6b08dafdc40010cfafc1231c484f05

memory/2340-669-0x0000000000400000-0x00000000005D9000-memory.dmp

\Users\Admin\AppData\Local\Temp\7533.exe

MD5 b3674dd7c25b9820fe93139d212d8c88
SHA1 39130657f748b86d4a3dacd2740653471d6c7e55
SHA256 c5e29462361b9c0a62d9ca21faffa1fdcac44cf13f73f0ec5ab50e2aed904bf8
SHA512 45d2f044ab290c8296ed2c5dc98aab71a37ea3665b15cbacaa8d34b26c89465373aa570cc232cbdab6b9eb836e7e90731c929b32118098c7dd89e1cbc141cf6f

C:\Users\Admin\AppData\Local\Temp\april.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1844-769-0x00000000012C0000-0x000000000176E000-memory.dmp

\Users\Admin\AppData\Local\Temp\7533.exe

MD5 bfe987d9cdb4fdfc1258a2918890d7e8
SHA1 f8746f694d3ec972824e155c20866a0889edb92f
SHA256 75545e8b415438c2b466d9f59075f262a2932bffde9dbfe7788ba291befe35a3
SHA512 52a3ae5a5c8817bf61b5e042b82a2a4e48bc5cfc5f379719526325a26c50fbe46962b91ea3f2da1cb49ba9db4e3ef1ab23255851a8ff3fd5f37807be95555ef2

\Users\Admin\AppData\Local\Temp\7533.exe

MD5 f6e4c8cd26710fed940c182f9da0c9c1
SHA1 7458c638a33d79677e5f55d2108212779b55d06e
SHA256 69d3da358977a702c9cc23368430d5548bb72c199f31b2696a3a41c631578001
SHA512 b6055e9a3030a3600ad7f48e27fa69619524fcd2975cd9bbc04276609edee67cb9a9a8176ec5cdcca5c306d6f74c7d56d22bc7ba5e6015f81aa53d17e4cad936

\Users\Admin\AppData\Local\Temp\april.exe

MD5 f39dd4217ca407ca45ec79e43e1939a2
SHA1 c52b1e1f33008c38755f8aeebd91302bafb5ae20
SHA256 055a30c4c817c6d85dc96971bf974f47eec8a420a02084e02a40d05bfc1ff58a
SHA512 a2444bc348f4eb3ecf9cb1850559d2c3e4ec48e2ea3caefb7608ee88c92da40e7cf2ee2c187c929eaa90cc22ad4a8fa72eeda944fd9ecfcf658779d7aa9be307

memory/2828-540-0x00000000002C0000-0x000000000076E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

MD5 8e3d884097d2dad555573d99e916af96
SHA1 649d9267b6255240ce09c9f982e214b524b78648
SHA256 6b3d6c581a7a255fb198b15792cd67de204da441a7c757d2f8bf473837c36457
SHA512 7a9f99e2e9a56fb1858222ff7ba373ceea2016e6f718ddc0e4500a08baeeaae850c5d8fdf5c88eba33e8ba419d68767df24a88563e703001db826f025c54cb1b

C:\Users\Admin\AppData\Local\Temp\8A00.exe

MD5 5edc27f4fb945833e627a554407746a1
SHA1 ce0f744e2a827d7ba428562f7fd4932e6f144cbc
SHA256 608f8c358e578d87c5668673eff699f5bceb5a9fff9a9b51a0da6b1be51b1466
SHA512 4deea18efe3c586f7a7ceb240819b88fc17ea3ad1bef238eec9c7d4d2ab50e3b4040cf4cf544fd82e0607da41b83fde156205904faf5a3b329df461fcbbc3c50

\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

MD5 45c17dad6e6c98a98fb9dad9a590bf12
SHA1 321ce27cbd995ebf4afedce1c9cfde4bd0e6e988
SHA256 fd1b61ec759d7eafe3ec746a44efd266ee9ec60e5afeec244a745006ae3ad2ba
SHA512 991499094f80952ac766884c755beb65c76682f6b0628c7ba3aea0a28db33841bce68f6326bed42c08e0378134495fc3632edafb71bec174b9a1e4a0a16f5c20

C:\Windows\Tasks\explorgu.job

MD5 df656e5dad4286a2e4d65793a2191ffc
SHA1 e99f333f3b661164ef2f94a4ebd2cb90a456f1d6
SHA256 38f49113d3bbcdad0e7eed7a134a21c4355fe9379a70bc74092f2b6bad0558f5
SHA512 7eefbe4b48da2341c130fb7119764e7d9eec05e36c6360872b657f573f5cb6be94d2329af2339330d1ed0c037e73e43e1a0cdf812b9ce60dfd1eacb97626e31d

\??\c:\users\admin\appdata\local\temp\is-ubeuj.tmp\april.tmp

MD5 3f632e368fb2c86defcdebb66abc39eb
SHA1 cd515a69cc5f764ef605f4995854754a0eafdb7a
SHA256 71d82bd60c77a6939fc311c9dd16209291d5637e5919ce76280be849bc18fcf5
SHA512 12349b3407a192f34b15f393030877a98f0cf679522bfc3189af0989707d8dd49a21ed64d4238ab9493466fcbc4d368ccadc657a20aecf9a16404e306a81049f

memory/4860-1562-0x0000000000220000-0x000000000022B000-memory.dmp

memory/4860-1611-0x0000000000400000-0x0000000000724000-memory.dmp

memory/4860-1533-0x0000000000906000-0x000000000091B000-memory.dmp

C:\Users\Admin\AppData\Local\Email Box Organizer\is-O6512.tmp

MD5 6231b452e676ade27ca0ceb3a3cf874a
SHA1 f8236dbf9fa3b2835bbb5a8d08dab3a155f310d1
SHA256 9941eee1cafffad854ab2dfd49bf6e57b181efeb4e2d731ba7a28f5ab27e91cf
SHA512 f5882a3cded0a4e498519de5679ea12a0ea275c220e318af1762855a94bdac8dc5413d1c5d1a55a7cc31cfebcf4647dcf1f653195536ce1826a3002cf01aa12c

C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe

MD5 7a8f28fd05ccc91e836fd56251a4425d
SHA1 1d78fada34f0a1064bdb692c562be6c817fbaa7f
SHA256 a50c12cc04019fdcd0d9ca0c9cfc4e69bb988245444930ac3ba5fc7ae8d1df2f
SHA512 9a4253468e9bf3b88df9a0f2291df306125f1bdb79b53a4233ac7e5a07c440e9a0e6f2d5e9482bba1e269ed8548cd55eb6dc24970196e8c1d3c25029d40a7d83

memory/2340-2309-0x0000000000400000-0x00000000005D9000-memory.dmp

C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe

MD5 c876e5b3c07e5ad433d05681a04a94f5
SHA1 95bd9a7eec8de2190e039a6f82e187dcbacf478e
SHA256 f07877f4e0337e63f8ab4d02c7b46865e6c258a43fc9fa57bee80edbf96e965d
SHA512 d63bdc8c3f9c7c0ce846c8886c509c9567e394498bc3fc5bdd5eef0540ed993d8aab7cd3f19559be9ba5d41540124c53a8b68de2752ce12d43ba50f466eaa587

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-14 05:05

Reported

2024-03-14 05:10

Platform

win10-20240214-en

Max time kernel

300s

Max time network

301s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f.exe"

Signatures

Amadey

trojan amadey

DcRat

rat infostealer dcrat

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

Pitou

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\F4A1.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\E94A.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\E94A.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\E94A.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\F4A1.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\F4A1.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\F4A1.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\E94A.exe N/A

Reads WinSCP keys stored on the system

spyware stealer

Reads data files stored by FTP clients

spyware stealer

Reads local data of messenger clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\3381.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Windows\CurrentVersion\Run\Ledger-Live Updater = "C:\\Users\\Admin\\AppData\\Local\\Temp\\GCGHJEBGHJ.exe" C:\Users\Admin\AppData\Local\Temp\GCGHJEBGHJ.exe N/A

Checks installed software on the system

discovery

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\AppData\Local\Temp\BE7E.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\F4A1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E94A.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 948 set thread context of 216 N/A C:\Users\Admin\AppData\Local\Temp\3381.exe C:\Users\Admin\AppData\Local\Temp\3381.exe
PID 2836 set thread context of 4860 N/A C:\Users\Admin\AppData\Local\Temp\77BE.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorgu.job C:\Users\Admin\AppData\Local\Temp\F4A1.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\FD8E.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\furgrss N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\FD8E.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\FD8E.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\furgrss N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\furgrss N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\u1l0.0.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\u1l0.0.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-3E88D.tmp\april.tmp N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\u1l0.1.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3396 wrote to memory of 3496 N/A N/A C:\Users\Admin\AppData\Local\Temp\F4A1.exe
PID 3396 wrote to memory of 3496 N/A N/A C:\Users\Admin\AppData\Local\Temp\F4A1.exe
PID 3396 wrote to memory of 3496 N/A N/A C:\Users\Admin\AppData\Local\Temp\F4A1.exe
PID 3396 wrote to memory of 3188 N/A N/A C:\Windows\system32\regsvr32.exe
PID 3396 wrote to memory of 3188 N/A N/A C:\Windows\system32\regsvr32.exe
PID 3188 wrote to memory of 3888 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3188 wrote to memory of 3888 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3188 wrote to memory of 3888 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3396 wrote to memory of 948 N/A N/A C:\Users\Admin\AppData\Local\Temp\3381.exe
PID 3396 wrote to memory of 948 N/A N/A C:\Users\Admin\AppData\Local\Temp\3381.exe
PID 3396 wrote to memory of 948 N/A N/A C:\Users\Admin\AppData\Local\Temp\3381.exe
PID 948 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\3381.exe C:\Users\Admin\AppData\Local\Temp\3381.exe
PID 948 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\3381.exe C:\Users\Admin\AppData\Local\Temp\3381.exe
PID 948 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\3381.exe C:\Users\Admin\AppData\Local\Temp\3381.exe
PID 948 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\3381.exe C:\Users\Admin\AppData\Local\Temp\3381.exe
PID 948 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\3381.exe C:\Users\Admin\AppData\Local\Temp\3381.exe
PID 948 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\3381.exe C:\Users\Admin\AppData\Local\Temp\3381.exe
PID 948 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\3381.exe C:\Users\Admin\AppData\Local\Temp\3381.exe
PID 948 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\3381.exe C:\Users\Admin\AppData\Local\Temp\3381.exe
PID 4064 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\rundll32.exe
PID 4064 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\rundll32.exe
PID 4064 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\rundll32.exe
PID 1604 wrote to memory of 3560 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe
PID 1604 wrote to memory of 3560 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe
PID 3560 wrote to memory of 1284 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\netsh.exe
PID 3560 wrote to memory of 1284 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\netsh.exe
PID 3560 wrote to memory of 4580 N/A C:\Windows\system32\rundll32.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3560 wrote to memory of 4580 N/A C:\Windows\system32\rundll32.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4064 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\rundll32.exe
PID 4064 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\rundll32.exe
PID 4064 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\rundll32.exe
PID 3396 wrote to memory of 2836 N/A N/A C:\Users\Admin\AppData\Local\Temp\77BE.exe
PID 3396 wrote to memory of 2836 N/A N/A C:\Users\Admin\AppData\Local\Temp\77BE.exe
PID 3396 wrote to memory of 2836 N/A N/A C:\Users\Admin\AppData\Local\Temp\77BE.exe
PID 3396 wrote to memory of 2752 N/A N/A C:\Users\Admin\AppData\Local\Temp\B555.exe
PID 3396 wrote to memory of 2752 N/A N/A C:\Users\Admin\AppData\Local\Temp\B555.exe
PID 3396 wrote to memory of 2752 N/A N/A C:\Users\Admin\AppData\Local\Temp\B555.exe
PID 3396 wrote to memory of 3940 N/A N/A C:\Users\Admin\AppData\Local\Temp\BE7E.exe
PID 3396 wrote to memory of 3940 N/A N/A C:\Users\Admin\AppData\Local\Temp\BE7E.exe
PID 3396 wrote to memory of 3940 N/A N/A C:\Users\Admin\AppData\Local\Temp\BE7E.exe
PID 3396 wrote to memory of 2260 N/A N/A C:\Users\Admin\AppData\Local\Temp\C6EB.exe
PID 3396 wrote to memory of 2260 N/A N/A C:\Users\Admin\AppData\Local\Temp\C6EB.exe
PID 3396 wrote to memory of 2260 N/A N/A C:\Users\Admin\AppData\Local\Temp\C6EB.exe
PID 3396 wrote to memory of 1348 N/A N/A C:\Users\Admin\AppData\Local\Temp\CE4F.exe
PID 3396 wrote to memory of 1348 N/A N/A C:\Users\Admin\AppData\Local\Temp\CE4F.exe
PID 3396 wrote to memory of 1348 N/A N/A C:\Users\Admin\AppData\Local\Temp\CE4F.exe
PID 2260 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\C6EB.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 2260 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\C6EB.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 2260 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\C6EB.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
PID 2260 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\C6EB.exe C:\Users\Admin\AppData\Local\Temp\april.exe
PID 2260 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\C6EB.exe C:\Users\Admin\AppData\Local\Temp\april.exe
PID 2260 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\C6EB.exe C:\Users\Admin\AppData\Local\Temp\april.exe
PID 1348 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\CE4F.exe C:\Users\Admin\AppData\Local\Temp\is-E7JB1.tmp\CE4F.tmp
PID 1348 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\CE4F.exe C:\Users\Admin\AppData\Local\Temp\is-E7JB1.tmp\CE4F.tmp
PID 1348 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\CE4F.exe C:\Users\Admin\AppData\Local\Temp\is-E7JB1.tmp\CE4F.tmp
PID 5076 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\april.exe C:\Users\Admin\AppData\Local\Temp\is-3E88D.tmp\april.tmp
PID 5076 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\april.exe C:\Users\Admin\AppData\Local\Temp\is-3E88D.tmp\april.tmp
PID 5076 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\april.exe C:\Users\Admin\AppData\Local\Temp\is-3E88D.tmp\april.tmp
PID 3396 wrote to memory of 304 N/A N/A C:\Users\Admin\AppData\Local\Temp\E94A.exe
PID 3396 wrote to memory of 304 N/A N/A C:\Users\Admin\AppData\Local\Temp\E94A.exe
PID 3396 wrote to memory of 304 N/A N/A C:\Users\Admin\AppData\Local\Temp\E94A.exe
PID 2052 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u1l0.0.exe
PID 2052 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u1l0.0.exe
PID 2052 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe C:\Users\Admin\AppData\Local\Temp\u1l0.0.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f.exe

"C:\Users\Admin\AppData\Local\Temp\7159c4581077ad7284ade1d4236127150fd08cc7ece7692a86673092eb64416f.exe"

C:\Users\Admin\AppData\Local\Temp\F4A1.exe

C:\Users\Admin\AppData\Local\Temp\F4A1.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\D89.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\D89.dll

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

C:\Users\Admin\AppData\Local\Temp\3381.exe

C:\Users\Admin\AppData\Local\Temp\3381.exe

C:\Users\Admin\AppData\Local\Temp\3381.exe

C:\Users\Admin\AppData\Local\Temp\3381.exe

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main

C:\Windows\system32\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\356371483166_Desktop.zip' -CompressionLevel Optimal

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main

C:\Users\Admin\AppData\Local\Temp\77BE.exe

C:\Users\Admin\AppData\Local\Temp\77BE.exe

C:\Users\Admin\AppData\Local\Temp\B555.exe

C:\Users\Admin\AppData\Local\Temp\B555.exe

C:\Users\Admin\AppData\Local\Temp\BE7E.exe

C:\Users\Admin\AppData\Local\Temp\BE7E.exe

C:\Users\Admin\AppData\Local\Temp\C6EB.exe

C:\Users\Admin\AppData\Local\Temp\C6EB.exe

C:\Users\Admin\AppData\Local\Temp\CE4F.exe

C:\Users\Admin\AppData\Local\Temp\CE4F.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"

C:\Users\Admin\AppData\Local\Temp\april.exe

"C:\Users\Admin\AppData\Local\Temp\april.exe"

C:\Users\Admin\AppData\Local\Temp\is-E7JB1.tmp\CE4F.tmp

"C:\Users\Admin\AppData\Local\Temp\is-E7JB1.tmp\CE4F.tmp" /SL5="$11006A,1536393,54272,C:\Users\Admin\AppData\Local\Temp\CE4F.exe"

C:\Users\Admin\AppData\Local\Temp\is-3E88D.tmp\april.tmp

"C:\Users\Admin\AppData\Local\Temp\is-3E88D.tmp\april.tmp" /SL5="$100060,1697899,56832,C:\Users\Admin\AppData\Local\Temp\april.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 992

C:\Users\Admin\AppData\Local\Temp\E94A.exe

C:\Users\Admin\AppData\Local\Temp\E94A.exe

C:\Users\Admin\AppData\Local\Temp\u1l0.0.exe

"C:\Users\Admin\AppData\Local\Temp\u1l0.0.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Users\Admin\AppData\Local\Temp\u1l0.1.exe

"C:\Users\Admin\AppData\Local\Temp\u1l0.1.exe"

C:\Users\Admin\AppData\Local\Temp\FD8E.exe

C:\Users\Admin\AppData\Local\Temp\FD8E.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 944

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 944

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\GCGHJEBGHJ.exe"

C:\Users\Admin\AppData\Local\Temp\GCGHJEBGHJ.exe

"C:\Users\Admin\AppData\Local\Temp\GCGHJEBGHJ.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C ping 2.2.2.2 -n 1 -w 3000 > Nul & Del C:\Users\Admin\AppData\Local\Temp\GCGHJEBGHJ.exe

C:\Windows\SysWOW64\PING.EXE

ping 2.2.2.2 -n 1 -w 3000

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 216 -s 43060

C:\Users\Admin\AppData\Roaming\iwrgrss

C:\Users\Admin\AppData\Roaming\iwrgrss

C:\Users\Admin\AppData\Roaming\furgrss

C:\Users\Admin\AppData\Roaming\furgrss

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 9220 -s 480

Network

Country Destination Domain Proto
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
RU 185.215.113.45:80 185.215.113.45 tcp
US 8.8.8.8:53 45.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 120.85.215.91.in-addr.arpa udp
RU 185.215.113.32:80 185.215.113.32 tcp
US 8.8.8.8:53 32.113.215.185.in-addr.arpa udp
RU 185.215.113.32:80 185.215.113.32 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 19.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 midnight.bestsup.su udp
US 104.21.29.103:80 midnight.bestsup.su tcp
US 104.21.94.2:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 2.94.21.104.in-addr.arpa udp
US 8.8.8.8:53 wisemassiveharmonious.shop udp
US 172.67.181.250:443 tcp
US 8.8.8.8:53 250.181.67.172.in-addr.arpa udp
DE 185.172.128.90:80 185.172.128.90 tcp
US 8.8.8.8:53 90.128.172.185.in-addr.arpa udp
DE 185.172.128.187:80 185.172.128.187 tcp
US 8.8.8.8:53 187.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 trmpc.com udp
DE 185.172.128.187:80 185.172.128.187 tcp
DE 185.172.128.126:80 185.172.128.126 tcp
CO 186.112.12.181:80 trmpc.com tcp
US 8.8.8.8:53 126.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 181.12.112.186.in-addr.arpa udp
US 8.8.8.8:53 herdbescuitinjurywu.shop udp
US 172.67.206.194:443 herdbescuitinjurywu.shop tcp
DE 185.172.128.145:80 185.172.128.145 tcp
US 8.8.8.8:53 145.128.172.185.in-addr.arpa udp
US 172.67.181.250:443 wisemassiveharmonious.shop tcp
US 8.8.8.8:53 194.206.67.172.in-addr.arpa udp
RU 185.215.113.32:80 tcp
FI 95.216.154.139:9001 tcp
DE 188.68.53.92:443 tcp
US 199.249.230.155:443 tcp
DE 185.172.128.187:80 185.172.128.187 tcp
US 8.8.8.8:53 107.116.69.13.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
CA 198.100.149.77:443 tcp
US 8.8.8.8:53 nidoe.org udp
AR 186.13.17.220:80 nidoe.org tcp
US 8.8.8.8:53 220.17.13.186.in-addr.arpa udp
AR 186.13.17.220:80 nidoe.org tcp
AR 186.13.17.220:80 nidoe.org tcp
AR 186.13.17.220:80 nidoe.org tcp
AR 186.13.17.220:80 nidoe.org tcp
AR 186.13.17.220:80 nidoe.org tcp
AR 186.13.17.220:80 nidoe.org tcp
DE 8.209.79.125:9001 tcp
CA 199.58.81.140:443 tcp
AR 186.13.17.220:80 nidoe.org tcp
US 8.8.8.8:53 140.81.58.199.in-addr.arpa udp
AR 186.13.17.220:80 nidoe.org tcp
DE 94.130.185.68:9001 tcp
DE 109.123.242.121:443 tcp
AR 186.13.17.220:80 nidoe.org tcp
US 8.8.8.8:53 121.242.123.109.in-addr.arpa udp
US 8.8.8.8:53 68.185.130.94.in-addr.arpa udp
US 8.8.8.8:53 udp
N/A 127.0.0.1:50278 tcp
DE 204.10.194.74:443 tcp
US 8.8.8.8:53 74.194.10.204.in-addr.arpa udp
DE 109.123.242.121:443 tcp
N/A 127.0.0.1:31330 tcp
DE 94.130.185.68:9001 tcp
DE 204.10.194.74:443 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:31330 tcp
US 8.8.8.8:53 retail.onlinesbi.com udp
US 8.8.8.8:53 retail.onlinesbi.com udp
US 8.8.8.8:53 accounts.google.com udp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:50454 tcp
N/A 127.0.0.1:50459 tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 nhdsports.info udp
US 8.8.8.8:53 nhdsports.info udp
US 8.8.8.8:53 tplinkrepeater.net udp
US 8.8.8.8:53 tplinkrepeater.net udp
US 8.8.8.8:53 gamebanana.com udp
US 8.8.8.8:53 alt4.gmr-smtp-in.l.google.com udp
US 8.8.8.8:53 gamebanana.com udp
US 8.8.8.8:53 es-la.facebook.com udp
US 8.8.8.8:53 secure.wakfu.com udp
US 8.8.8.8:53 secure.wakfu.com udp
US 8.8.8.8:53 8591.com.tw udp
US 8.8.8.8:53 es-la.facebook.com udp
US 8.8.8.8:53 mx2.hostinger.vn udp
US 8.8.8.8:53 8591.com.tw udp
US 8.8.8.8:53 genymotion.com udp
US 8.8.8.8:53 isaac.mx.cloudflare.net udp
US 8.8.8.8:53 genymotion.com udp
US 8.8.8.8:53 discuss.howtogeek.com udp
US 8.8.8.8:53 discuss.howtogeek.com udp
N/A 127.0.0.1:50463 tcp
N/A 127.0.0.1:50469 tcp
N/A 127.0.0.1:50472 tcp
N/A 127.0.0.1:50476 tcp
N/A 127.0.0.1:50482 tcp
N/A 127.0.0.1:50485 tcp
N/A 127.0.0.1:50489 tcp
N/A 127.0.0.1:50496 tcp
N/A 127.0.0.1:50499 tcp
N/A 127.0.0.1:50502 tcp
N/A 127.0.0.1:50505 tcp
N/A 127.0.0.1:50512 tcp
N/A 127.0.0.1:50513 tcp
N/A 127.0.0.1:50517 tcp
N/A 127.0.0.1:50522 tcp
N/A 127.0.0.1:50526 tcp
N/A 127.0.0.1:50532 tcp
N/A 127.0.0.1:50537 tcp
N/A 127.0.0.1:50541 tcp
N/A 127.0.0.1:50543 tcp
N/A 127.0.0.1:50549 tcp
N/A 127.0.0.1:50553 tcp
N/A 127.0.0.1:50557 tcp
N/A 127.0.0.1:50560 tcp
N/A 127.0.0.1:50566 tcp
N/A 127.0.0.1:50569 tcp
N/A 127.0.0.1:50575 tcp
N/A 127.0.0.1:50578 tcp
N/A 127.0.0.1:50582 tcp
N/A 127.0.0.1:50584 tcp
N/A 127.0.0.1:50587 tcp
N/A 127.0.0.1:50591 tcp
N/A 127.0.0.1:50594 tcp
N/A 127.0.0.1:50597 tcp
N/A 127.0.0.1:50600 tcp
N/A 127.0.0.1:50603 tcp
N/A 127.0.0.1:50611 tcp
N/A 127.0.0.1:50615 tcp
N/A 127.0.0.1:50617 tcp
N/A 127.0.0.1:50622 tcp
N/A 127.0.0.1:50625 tcp
N/A 127.0.0.1:50628 tcp
N/A 127.0.0.1:50632 tcp
N/A 127.0.0.1:50635 tcp
N/A 127.0.0.1:50639 tcp
N/A 127.0.0.1:50643 tcp
N/A 127.0.0.1:50650 tcp
N/A 127.0.0.1:50653 tcp
N/A 127.0.0.1:50657 tcp
N/A 127.0.0.1:50662 tcp
N/A 127.0.0.1:50665 tcp
N/A 127.0.0.1:50669 tcp
N/A 127.0.0.1:50675 tcp
N/A 127.0.0.1:50678 tcp
N/A 127.0.0.1:50681 tcp
N/A 127.0.0.1:50684 tcp
US 8.8.8.8:53 koha.ekutuphane.gov.tr udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 iris.fbr.gov.pk udp
IE 52.214.111.170:80 secure.wakfu.com tcp
US 8.8.8.8:53 koha.ekutuphane.gov.tr udp
US 8.8.8.8:53 workplace.zoho.com udp
BE 74.125.71.84:21 accounts.google.com tcp
IE 52.214.111.170:465 secure.wakfu.com tcp
GB 163.70.147.22:995 es-la.facebook.com tcp
IE 172.253.116.27:143 aspmx.l.google.com tcp
NL 142.250.179.147:22 discuss.howtogeek.com tcp
NL 142.250.179.147:21 discuss.howtogeek.com tcp
US 8.8.8.8:53 workplace.zoho.com udp
US 8.8.8.8:53 iris.fbr.gov.pk udp
US 8.8.8.8:53 freefilefillableforms.com udp
IE 52.214.111.170:995 secure.wakfu.com tcp
IE 172.253.116.27:143 aspmx.l.google.com tcp
TW 203.69.66.10:80 8591.com.tw tcp
IE 172.253.116.27:465 aspmx.l.google.com tcp
N/A 127.0.0.1:50690 tcp
N/A 127.0.0.1:50694 tcp
N/A 127.0.0.1:50697 tcp
N/A 127.0.0.1:50701 tcp
N/A 127.0.0.1:50707 tcp
N/A 127.0.0.1:50709 tcp
N/A 127.0.0.1:50713 tcp
NL 142.250.179.147:443 discuss.howtogeek.com tcp
BE 74.125.71.84:443 accounts.google.com tcp
US 8.8.8.8:53 170.111.214.52.in-addr.arpa udp
US 8.8.8.8:53 freefilefillableforms.com udp
TR 88.255.66.202:22 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:21 koha.ekutuphane.gov.tr tcp
SG 74.125.200.14:143 alt4.gmr-smtp-in.l.google.com tcp
TR 88.255.66.202:443 koha.ekutuphane.gov.tr tcp
US 8.8.8.8:53 jiocontactcenter.jio.com udp
US 8.8.8.8:53 jiocontactcenter.jio.com udp
US 8.8.8.8:53 app.oss.go.id udp
IE 172.253.116.27:465 aspmx.l.google.com tcp
US 104.17.171.23:80 genymotion.com tcp
SG 74.125.200.14:465 alt4.gmr-smtp-in.l.google.com tcp
BE 74.125.71.84:80 accounts.google.com tcp
IE 52.214.111.170:80 secure.wakfu.com tcp
US 136.143.191.104:22 workplace.zoho.com tcp
US 136.143.191.104:21 workplace.zoho.com tcp
PK 103.125.60.77:21 iris.fbr.gov.pk tcp
US 216.66.74.140:22 freefilefillableforms.com tcp
PK 103.125.60.77:22 iris.fbr.gov.pk tcp
PK 103.125.60.77:443 iris.fbr.gov.pk tcp
US 8.8.8.8:53 www.howtogeek.com udp
US 8.8.8.8:53 app.oss.go.id udp
N/A 127.0.0.1:50717 tcp
N/A 127.0.0.1:50720 tcp
N/A 127.0.0.1:50725 tcp
N/A 127.0.0.1:50730 tcp
N/A 127.0.0.1:50735 tcp
N/A 127.0.0.1:50740 tcp
N/A 127.0.0.1:50742 tcp
N/A 127.0.0.1:50746 tcp
N/A 127.0.0.1:50751 tcp
N/A 127.0.0.1:50755 tcp
N/A 127.0.0.1:50757 tcp
N/A 127.0.0.1:50760 tcp
N/A 127.0.0.1:50774 tcp
N/A 127.0.0.1:50778 tcp
N/A 127.0.0.1:50780 tcp
N/A 127.0.0.1:50782 tcp
N/A 127.0.0.1:50788 tcp
N/A 127.0.0.1:50792 tcp
N/A 127.0.0.1:50795 tcp
N/A 127.0.0.1:50811 tcp
N/A 127.0.0.1:50817 tcp
N/A 127.0.0.1:50820 tcp
N/A 127.0.0.1:50831 tcp
N/A 127.0.0.1:50834 tcp
N/A 127.0.0.1:50840 tcp
N/A 127.0.0.1:50851 tcp
NL 142.250.179.147:143 discuss.howtogeek.com tcp
IE 172.253.116.27:995 aspmx.l.google.com tcp
US 8.8.8.8:53 mx.zoho.com udp
US 136.143.191.104:443 workplace.zoho.com tcp
US 216.66.74.140:21 freefilefillableforms.com tcp
IE 172.253.116.27:995 aspmx.l.google.com tcp
N/A 127.0.0.1:50853 tcp
SG 74.125.200.14:995 alt4.gmr-smtp-in.l.google.com tcp
NL 142.250.179.147:80 discuss.howtogeek.com tcp
US 8.8.8.8:53 147.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 202.66.255.88.in-addr.arpa udp
US 8.8.8.8:53 identity.sieltecloud.it udp
US 8.8.8.8:53 elabschool.net udp
US 8.8.8.8:53 elabschool.net udp
TR 88.255.66.202:143 koha.ekutuphane.gov.tr tcp
NL 142.250.179.147:465 discuss.howtogeek.com tcp
US 8.8.8.8:53 mail.freefilefillableforms.com udp
US 8.8.8.8:53 www.genymotion.com udp
US 8.8.8.8:53 identity.sieltecloud.it udp
IN 49.40.13.81:22 jiocontactcenter.jio.com tcp
IN 49.40.13.81:21 jiocontactcenter.jio.com tcp
US 216.66.74.140:443 freefilefillableforms.com tcp
BE 74.125.71.84:80 accounts.google.com tcp
US 3.222.102.97:443 www.howtogeek.com tcp
PK 103.125.60.77:143 iris.fbr.gov.pk tcp
NL 142.250.179.147:995 discuss.howtogeek.com tcp
US 8.8.8.8:53 vps4.ikame.vn udp
US 8.8.8.8:53 23.171.17.104.in-addr.arpa udp
US 8.8.8.8:53 77.60.125.103.in-addr.arpa udp
IE 52.31.102.54:465 secure.wakfu.com tcp
US 136.143.191.104:80 workplace.zoho.com tcp
US 136.143.191.44:465 mx.zoho.com tcp
PK 103.125.60.77:995 iris.fbr.gov.pk tcp
PK 103.125.60.77:465 iris.fbr.gov.pk tcp
PK 103.125.60.77:80 iris.fbr.gov.pk tcp
IE 52.31.102.54:995 secure.wakfu.com tcp
N/A 127.0.0.1:50856 tcp
N/A 127.0.0.1:50858 tcp
N/A 127.0.0.1:50862 tcp
N/A 127.0.0.1:50865 tcp
N/A 127.0.0.1:50873 tcp
N/A 127.0.0.1:50882 tcp
TR 88.255.66.202:465 koha.ekutuphane.gov.tr tcp
US 8.8.8.8:53 vps4.ikame.vn udp
US 8.8.8.8:53 mangadna.com udp
US 38.109.47.204:143 mail.freefilefillableforms.com tcp
SG 206.189.42.180:22 elabschool.net tcp
US 136.143.191.44:143 mx.zoho.com tcp
TR 88.255.66.202:80 koha.ekutuphane.gov.tr tcp
BE 74.125.71.84:443 accounts.google.com tcp
N/A 127.0.0.1:50897 tcp
US 104.17.171.23:443 www.genymotion.com tcp
IN 49.40.13.81:443 jiocontactcenter.jio.com tcp
US 8.8.8.8:53 104.191.143.136.in-addr.arpa udp
IT 185.107.185.52:22 identity.sieltecloud.it tcp
US 8.8.8.8:53 mangadna.com udp
TR 88.255.66.202:25056 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:64389 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:59114 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:34548 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:6714 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:57391 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:53593 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:32094 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:55722 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:464 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:61906 koha.ekutuphane.gov.tr tcp
IE 52.214.111.170:80 secure.wakfu.com tcp
SG 206.189.42.180:21 elabschool.net tcp
TR 88.255.66.202:31909 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:40884 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:32014 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:8867 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:12063 koha.ekutuphane.gov.tr tcp
US 38.109.47.204:465 mail.freefilefillableforms.com tcp
TR 88.255.66.202:995 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:27424 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:17453 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:16519 koha.ekutuphane.gov.tr tcp
US 216.66.74.140:80 freefilefillableforms.com tcp
US 136.143.191.44:995 mx.zoho.com tcp
TR 88.255.66.202:9243 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:51567 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:34410 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:37941 koha.ekutuphane.gov.tr tcp
IT 185.107.185.52:21 identity.sieltecloud.it tcp
TR 88.255.66.202:22656 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:48094 koha.ekutuphane.gov.tr tcp
US 8.8.8.8:53 newsbild.in udp
US 8.8.8.8:53 fivemtr.com udp
US 8.8.8.8:53 newsbild.in udp
TR 88.255.66.202:10360 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:14936 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:63044 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:38432 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:30261 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:50156 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:53937 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:52340 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:43166 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:51043 koha.ekutuphane.gov.tr tcp
US 8.8.8.8:53 97.102.222.3.in-addr.arpa udp
TR 88.255.66.202:22219 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:4677 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:18078 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:27062 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:43247 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:31260 koha.ekutuphane.gov.tr tcp
US 38.109.47.204:995 mail.freefilefillableforms.com tcp
US 3.222.102.97:443 www.howtogeek.com tcp
IT 185.107.185.52:443 identity.sieltecloud.it tcp
VN 123.31.17.39:22 vps4.ikame.vn tcp
TR 88.255.66.202:29494 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:47318 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:42470 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:10512 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:39704 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:1562 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:47348 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:29621 koha.ekutuphane.gov.tr tcp
IE 54.220.153.4:465 secure.wakfu.com tcp
VN 123.31.17.39:21 vps4.ikame.vn tcp
US 8.8.8.8:53 fivemtr.com udp
SG 206.189.42.180:443 elabschool.net tcp
IN 49.40.13.81:143 jiocontactcenter.jio.com tcp
IE 54.220.153.4:995 secure.wakfu.com tcp
BE 74.125.71.84:443 accounts.google.com tcp
US 8.8.8.8:53 academico.educarecuador.gob.ec udp
US 8.8.8.8:53 81.13.40.49.in-addr.arpa udp
US 8.8.8.8:53 140.74.66.216.in-addr.arpa udp
IN 49.40.13.81:443 jiocontactcenter.jio.com tcp
VN 123.31.17.39:443 vps4.ikame.vn tcp
US 172.67.137.97:22 mangadna.com tcp
US 172.67.137.97:21 mangadna.com tcp
IN 49.40.13.81:465 jiocontactcenter.jio.com tcp
IN 49.40.13.81:80 jiocontactcenter.jio.com tcp
US 8.8.8.8:53 academico.educarecuador.gob.ec udp
US 8.8.8.8:53 app.oss.go.id udp
IT 185.107.185.52:143 identity.sieltecloud.it tcp
PK 103.125.60.77:80 iris.fbr.gov.pk tcp
US 136.143.191.104:80 workplace.zoho.com tcp
SG 206.189.42.180:143 elabschool.net tcp
N/A 127.0.0.1:50900 tcp
US 136.143.191.104:443 workplace.zoho.com tcp
BE 74.125.71.84:80 accounts.google.com tcp
US 8.8.8.8:53 www.irs.gov udp
NL 185.107.56.58:22 fivemtr.com tcp
US 104.21.80.164:22 newsbild.in tcp
IN 49.40.13.81:443 jiocontactcenter.jio.com tcp
IN 49.40.13.81:995 jiocontactcenter.jio.com tcp
NL 142.250.179.147:80 discuss.howtogeek.com tcp
IE 52.214.111.170:80 secure.wakfu.com tcp
IT 185.107.185.52:465 identity.sieltecloud.it tcp
IT 185.107.185.52:80 identity.sieltecloud.it tcp
US 8.8.8.8:53 id.zalo.me udp
SG 206.189.42.180:80 elabschool.net tcp
SG 206.189.42.180:465 elabschool.net tcp
US 104.17.171.23:80 www.genymotion.com tcp
US 172.67.137.97:443 mangadna.com tcp
US 8.8.8.8:53 52.185.107.185.in-addr.arpa udp
US 216.66.74.140:80 freefilefillableforms.com tcp
US 104.21.80.164:21 newsbild.in tcp
US 8.8.8.8:53 id.zalo.me udp
N/A 127.0.0.1:50903 tcp
N/A 127.0.0.1:50906 tcp
N/A 127.0.0.1:50914 tcp
N/A 127.0.0.1:50917 tcp
N/A 127.0.0.1:50921 tcp
N/A 127.0.0.1:50924 tcp
N/A 127.0.0.1:50929 tcp
N/A 127.0.0.1:50933 tcp
N/A 127.0.0.1:50935 tcp
N/A 127.0.0.1:50945 tcp
N/A 127.0.0.1:50949 tcp
N/A 127.0.0.1:50952 tcp
N/A 127.0.0.1:50956 tcp
N/A 127.0.0.1:50958 tcp
VN 123.31.17.39:143 vps4.ikame.vn tcp
NL 185.107.56.58:21 fivemtr.com tcp
PK 103.125.60.77:443 iris.fbr.gov.pk tcp
IT 185.107.185.52:995 identity.sieltecloud.it tcp
US 104.21.26.165:22 mangadna.com tcp
TR 88.255.66.202:80 koha.ekutuphane.gov.tr tcp
US 8.8.8.8:53 mazmo.net udp
US 8.8.8.8:53 mx2.hostinger.in udp
TR 88.255.66.202:61611 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:11889 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:54352 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:43910 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:52514 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:2779 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:49149 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:32633 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:34326 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:59377 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:7 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:62481 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:50314 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:30658 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:33564 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:44881 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:65421 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:25546 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:36046 koha.ekutuphane.gov.tr tcp
US 104.21.80.164:443 newsbild.in tcp
TR 88.255.66.202:13703 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:12516 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:52288 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:3676 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:35769 koha.ekutuphane.gov.tr tcp
US 8.8.8.8:53 mazmo.net udp
EC 181.113.66.59:22 academico.educarecuador.gob.ec tcp
EC 181.113.66.59:21 academico.educarecuador.gob.ec tcp
SG 206.189.42.180:995 elabschool.net tcp
US 104.91.117.44:443 www.irs.gov tcp
US 104.21.26.165:21 mangadna.com tcp
IT 185.107.185.52:80 identity.sieltecloud.it tcp
VN 123.31.17.39:465 vps4.ikame.vn tcp
US 172.67.137.97:143 mangadna.com tcp
VN 123.31.17.39:80 vps4.ikame.vn tcp
US 172.67.151.144:22 newsbild.in tcp
BE 74.125.71.84:80 accounts.google.com tcp
US 8.8.8.8:53 m.moj.hrvatskitelekom.hr udp
US 8.8.8.8:53 97.137.67.172.in-addr.arpa udp
US 8.8.8.8:53 180.42.189.206.in-addr.arpa udp
TR 88.255.66.202:57757 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:46844 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:46272 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:8414 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:46878 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:39133 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:25493 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:19495 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:17397 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:4473 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:19123 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:54013 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:54755 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:52697 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:62878 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:34460 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:6504 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:49317 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:39083 koha.ekutuphane.gov.tr tcp
BE 74.125.71.84:21 accounts.google.com tcp
NL 185.107.56.58:443 fivemtr.com tcp
TR 88.255.66.202:52641 koha.ekutuphane.gov.tr tcp
EC 181.113.66.59:443 academico.educarecuador.gob.ec tcp
US 8.8.8.8:53 m.moj.hrvatskitelekom.hr udp
GB 163.70.147.22:995 es-la.facebook.com tcp
IE 172.253.116.27:143 aspmx.l.google.com tcp
VN 49.213.95.230:22 id.zalo.me tcp
NL 142.250.179.147:22 discuss.howtogeek.com tcp
NL 142.250.179.147:21 discuss.howtogeek.com tcp
IE 52.214.111.170:465 secure.wakfu.com tcp
VN 123.31.17.39:995 vps4.ikame.vn tcp
US 172.67.137.97:80 mangadna.com tcp
US 172.65.182.103:143 mx2.hostinger.in tcp
NL 185.107.56.58:143 fivemtr.com tcp
IE 172.253.116.27:143 aspmx.l.google.com tcp
IE 172.253.116.27:465 aspmx.l.google.com tcp
TR 88.255.66.202:22 koha.ekutuphane.gov.tr tcp
US 172.67.151.144:21 newsbild.in tcp
N/A 127.0.0.1:50961 tcp
TR 88.255.66.202:21 koha.ekutuphane.gov.tr tcp
IE 52.214.111.170:995 secure.wakfu.com tcp
US 216.66.74.140:80 freefilefillableforms.com tcp
US 8.8.8.8:53 164.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 44.117.91.104.in-addr.arpa udp
VN 49.213.95.230:21 id.zalo.me tcp
BE 74.125.71.84:443 accounts.google.com tcp
US 8.8.8.8:53 lisans.zulaoyun.com udp
US 172.67.137.97:465 mangadna.com tcp
US 76.76.21.123:22 mazmo.net tcp
SG 206.189.42.180:80 elabschool.net tcp
US 172.67.137.97:995 mangadna.com tcp
SG 74.125.200.14:143 alt4.gmr-smtp-in.l.google.com tcp
IE 172.253.116.27:995 aspmx.l.google.com tcp
US 172.65.182.103:465 mx2.hostinger.in tcp
US 104.21.80.164:80 newsbild.in tcp
PK 103.125.60.77:22 iris.fbr.gov.pk tcp
NL 185.107.56.58:80 fivemtr.com tcp
NL 185.107.56.58:465 fivemtr.com tcp
TR 88.255.66.202:80 koha.ekutuphane.gov.tr tcp
NL 142.250.179.147:80 discuss.howtogeek.com tcp
SG 74.125.200.14:995 alt4.gmr-smtp-in.l.google.com tcp
IE 52.214.111.170:80 secure.wakfu.com tcp
IE 172.253.116.27:995 aspmx.l.google.com tcp
US 136.143.191.104:80 workplace.zoho.com tcp
US 104.17.171.23:443 www.genymotion.com tcp
EC 181.113.66.59:143 academico.educarecuador.gob.ec tcp
NL 185.107.56.58:80 fivemtr.com tcp
N/A 127.0.0.1:50973 tcp
N/A 127.0.0.1:50976 tcp
N/A 127.0.0.1:50979 tcp
N/A 127.0.0.1:50983 tcp
N/A 127.0.0.1:50994 tcp
N/A 127.0.0.1:50999 tcp
US 136.143.191.104:22 workplace.zoho.com tcp
IN 49.40.13.81:80 jiocontactcenter.jio.com tcp
US 104.21.26.165:143 mangadna.com tcp
TR 88.255.66.202:3331 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:61265 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:25029 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:17178 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:20892 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:63292 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:45891 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:4296 koha.ekutuphane.gov.tr tcp
VN 49.213.95.230:443 id.zalo.me tcp
US 8.8.8.8:53 app.oss.go.id udp
TR 88.255.66.202:22204 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:32985 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:9792 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:44621 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:59767 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:2397 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:35213 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:38092 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:22656 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:49070 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:62707 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:4765 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:9549 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:29430 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:19942 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:194 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:11522 koha.ekutuphane.gov.tr tcp
NL 142.250.179.147:465 discuss.howtogeek.com tcp
US 76.76.21.123:21 mazmo.net tcp
PK 103.125.60.77:21 iris.fbr.gov.pk tcp
US 8.8.8.8:53 58.56.107.185.in-addr.arpa udp
US 8.8.8.8:53 59.66.113.181.in-addr.arpa udp
US 8.8.8.8:53 103.182.65.172.in-addr.arpa udp
US 104.21.26.165:465 mangadna.com tcp
US 76.76.21.9:22 mazmo.net tcp
IE 52.31.102.54:465 secure.wakfu.com tcp
US 136.143.191.104:21 workplace.zoho.com tcp
SG 74.125.200.14:465 alt4.gmr-smtp-in.l.google.com tcp
US 216.66.74.140:22 freefilefillableforms.com tcp
NL 185.107.56.58:995 fivemtr.com tcp
IN 49.40.13.81:22 jiocontactcenter.jio.com tcp
US 172.65.182.103:995 mx2.hostinger.in tcp
US 172.67.137.97:80 mangadna.com tcp
NL 142.250.179.147:143 discuss.howtogeek.com tcp
EC 181.113.66.59:465 academico.educarecuador.gob.ec tcp
EC 181.113.66.59:80 academico.educarecuador.gob.ec tcp
US 216.66.74.140:21 freefilefillableforms.com tcp
PK 103.125.60.77:465 iris.fbr.gov.pk tcp
IE 52.31.102.54:995 secure.wakfu.com tcp
US 8.8.8.8:53 remotedesktop.google.com udp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
IE 172.253.116.27:465 aspmx.l.google.com tcp
TR 88.255.66.202:143 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:465 koha.ekutuphane.gov.tr tcp
HR 195.29.149.38:22 m.moj.hrvatskitelekom.hr tcp
US 76.76.21.123:443 mazmo.net tcp
US 136.143.191.44:143 mx.zoho.com tcp
US 38.109.47.204:143 mail.freefilefillableforms.com tcp
SG 206.189.42.180:22 elabschool.net tcp
HR 195.29.149.38:21 m.moj.hrvatskitelekom.hr tcp
US 104.21.26.165:995 mangadna.com tcp
IN 49.40.13.81:21 jiocontactcenter.jio.com tcp
US 104.21.80.164:80 newsbild.in tcp
PK 103.125.60.77:143 iris.fbr.gov.pk tcp
EC 181.113.66.59:995 academico.educarecuador.gob.ec tcp
NL 142.250.179.147:995 discuss.howtogeek.com tcp
IT 185.107.185.52:22 identity.sieltecloud.it tcp
VN 49.213.95.230:143 id.zalo.me tcp
TR 88.255.66.202:80 koha.ekutuphane.gov.tr tcp
NL 185.107.56.58:80 fivemtr.com tcp
US 136.143.191.44:465 mx.zoho.com tcp
TR 88.255.66.202:995 koha.ekutuphane.gov.tr tcp
US 136.143.191.44:995 mx.zoho.com tcp
IT 185.107.185.52:21 identity.sieltecloud.it tcp
US 172.67.137.97:22 mangadna.com tcp
HR 195.29.149.38:443 m.moj.hrvatskitelekom.hr tcp
PK 103.125.60.77:995 iris.fbr.gov.pk tcp
US 76.76.21.9:21 mazmo.net tcp
TR 88.255.66.202:55230 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:42702 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:60951 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:39339 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:6866 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:27624 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:33471 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:25771 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:1600 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:50251 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:61845 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:32210 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:63033 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:35212 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:48252 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:44929 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:4533 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:285 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:37740 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:9919 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:6570 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:21206 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:24833 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:60794 koha.ekutuphane.gov.tr tcp
US 172.65.182.103:143 mx2.hostinger.in tcp
US 172.67.137.97:443 mangadna.com tcp
VN 123.31.17.39:22 vps4.ikame.vn tcp
US 38.109.47.204:995 mail.freefilefillableforms.com tcp
NL 142.251.9.26:143 alt3.aspmx.l.google.com tcp
VN 49.213.95.230:80 id.zalo.me tcp
VN 49.213.95.230:465 id.zalo.me tcp
N/A 127.0.0.1:51020 tcp
SG 206.189.42.180:21 elabschool.net tcp
US 172.67.137.97:21 mangadna.com tcp
VN 123.31.17.39:21 vps4.ikame.vn tcp
IT 185.107.185.52:143 identity.sieltecloud.it tcp
N/A 127.0.0.1:51024 tcp
N/A 127.0.0.1:51029 tcp
N/A 127.0.0.1:51032 tcp
N/A 127.0.0.1:51035 tcp
N/A 127.0.0.1:51039 tcp
N/A 127.0.0.1:51042 tcp
N/A 127.0.0.1:51047 tcp
US 104.21.26.165:22 mangadna.com tcp
US 8.8.8.8:53 elabs-smaraw.labschool-unj.sch.id udp
SG 206.189.42.180:143 elabschool.net tcp
TW 203.69.66.10:80 8591.com.tw tcp
US 136.143.191.104:80 workplace.zoho.com tcp
US 104.21.26.165:21 mangadna.com tcp
US 104.21.80.164:22 newsbild.in tcp
US 104.21.53.101:443 elabs-smaraw.labschool-unj.sch.id tcp
US 8.8.8.8:53 lisans.zulaoyun.com udp
BE 74.125.71.84:80 accounts.google.com tcp
N/A 127.0.0.1:51058 tcp
N/A 127.0.0.1:51084 tcp
N/A 127.0.0.1:51087 tcp
N/A 127.0.0.1:51090 tcp
N/A 127.0.0.1:51096 tcp
N/A 127.0.0.1:51099 tcp
N/A 127.0.0.1:51102 tcp
N/A 127.0.0.1:51106 tcp
N/A 127.0.0.1:51110 tcp
US 8.8.8.8:53 remotedesktop.google.com udp
US 104.22.43.162:21 lisans.zulaoyun.com tcp
US 172.67.151.144:22 newsbild.in tcp
US 8.8.8.8:53 transaccionesenlinea.com.co udp
PK 103.125.60.77:80 iris.fbr.gov.pk tcp
NL 142.250.179.206:22 remotedesktop.google.com tcp
N/A 127.0.0.1:51118 tcp
US 172.67.22.152:21 lisans.zulaoyun.com tcp
US 8.8.8.8:53 230.95.213.49.in-addr.arpa udp
N/A 127.0.0.1:51128 tcp
N/A 127.0.0.1:51131 tcp
N/A 127.0.0.1:51133 tcp
N/A 127.0.0.1:51135 tcp
N/A 127.0.0.1:51138 tcp
N/A 127.0.0.1:51144 tcp
N/A 127.0.0.1:51147 tcp
N/A 127.0.0.1:51150 tcp
N/A 127.0.0.1:51152 tcp
N/A 127.0.0.1:51154 tcp
N/A 127.0.0.1:51160 tcp
N/A 127.0.0.1:51164 tcp
N/A 127.0.0.1:51170 tcp
N/A 127.0.0.1:51173 tcp
US 8.8.8.8:53 app.oss.go.id udp
US 76.76.21.123:80 mazmo.net tcp
US 8.8.8.8:53 genymobile.cloudflareaccess.com udp
US 8.8.8.8:53 transaccionesenlinea.com.co udp
US 8.8.8.8:53 123.21.76.76.in-addr.arpa udp
US 8.8.8.8:53 eprs01.philhealth.gov.ph udp
US 8.8.8.8:53 eprs01.philhealth.gov.ph udp
US 8.8.8.8:53 v3m.gtarcade.com udp
US 8.8.8.8:53 ftp.app.oss.go.id udp
US 8.8.8.8:53 v3m.gtarcade.com udp
US 8.8.8.8:53 grab.tc udp
US 104.21.80.164:443 newsbild.in tcp
US 3.222.102.97:443 www.howtogeek.com tcp
IE 52.214.111.170:80 secure.wakfu.com tcp
NL 185.107.56.58:80 fivemtr.com tcp
US 104.19.194.29:443 genymobile.cloudflareaccess.com tcp
IN 49.40.13.81:80 jiocontactcenter.jio.com tcp
US 8.8.8.8:53 grab.tc udp
US 8.8.8.8:53 bdsmboard.org udp
US 8.8.8.8:53 bdsmboard.org udp
US 8.8.8.8:53 ruangguree.com udp
US 216.66.74.140:80 freefilefillableforms.com tcp
US 136.143.191.104:443 workplace.zoho.com tcp
HR 195.29.149.38:80 m.moj.hrvatskitelekom.hr tcp
NL 185.107.56.58:80 fivemtr.com tcp
N/A 127.0.0.1:51178 tcp
EC 181.113.66.59:443 academico.educarecuador.gob.ec tcp
TR 88.255.66.202:80 koha.ekutuphane.gov.tr tcp
US 104.22.43.162:80 lisans.zulaoyun.com tcp
TR 88.255.66.202:6392 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:61265 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:21579 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:9306 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:13578 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:38796 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:1565 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:51221 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:232 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:18276 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:43335 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:39989 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:65461 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:8113 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:16129 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:61398 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:253 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:51244 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:40360 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:31171 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:63610 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:17862 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:47659 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:52181 koha.ekutuphane.gov.tr tcp
US 172.67.137.97:80 mangadna.com tcp
NL 142.250.179.206:80 remotedesktop.google.com tcp
VN 123.31.17.39:80 vps4.ikame.vn tcp
IT 185.107.185.52:80 identity.sieltecloud.it tcp
EC 181.113.66.59:80 academico.educarecuador.gob.ec tcp
VN 49.213.95.230:443 id.zalo.me tcp
N/A 127.0.0.1:51181 tcp
N/A 127.0.0.1:51191 tcp
N/A 127.0.0.1:51195 tcp
N/A 127.0.0.1:51197 tcp
N/A 127.0.0.1:51204 tcp
N/A 127.0.0.1:51209 tcp
N/A 127.0.0.1:51214 tcp
N/A 127.0.0.1:51223 tcp
N/A 127.0.0.1:51227 tcp
N/A 127.0.0.1:51232 tcp
N/A 127.0.0.1:51238 tcp
US 8.8.8.8:53 ruangguree.com udp
US 8.8.8.8:53 hepsibahis886.com udp
N/A 127.0.0.1:51244 tcp
N/A 127.0.0.1:51249 tcp
N/A 127.0.0.1:51255 tcp
N/A 127.0.0.1:51257 tcp
N/A 127.0.0.1:51260 tcp
N/A 127.0.0.1:51263 tcp
N/A 127.0.0.1:51266 tcp
N/A 127.0.0.1:51270 tcp
N/A 127.0.0.1:51275 tcp
N/A 127.0.0.1:51282 tcp
N/A 127.0.0.1:51304 tcp
N/A 127.0.0.1:51309 tcp
N/A 127.0.0.1:51312 tcp
N/A 127.0.0.1:51317 tcp
N/A 127.0.0.1:51320 tcp
N/A 127.0.0.1:51324 tcp
N/A 127.0.0.1:51326 tcp
US 8.8.8.8:53 ferrepasa.com udp
US 8.8.8.8:53 hepsibahis886.com udp
N/A 127.0.0.1:51328 tcp
N/A 127.0.0.1:51331 tcp
US 8.8.8.8:53 ferrepasa.com udp
US 8.8.8.8:53 cadastro.trigg.com.br udp
US 8.8.8.8:53 ferrepasa.com udp
RU 185.215.113.32:80 185.215.113.32 tcp
US 8.8.8.8:53 cadastro.trigg.com.br udp
N/A 127.0.0.1:51335 tcp
BE 74.125.71.84:443 accounts.google.com tcp
US 8.8.8.8:53 windscribe.com udp
US 8.8.8.8:53 101.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 ferrepasa.com udp
N/A 127.0.0.1:51337 tcp
US 8.8.8.8:53 windscribe.com udp
N/A 127.0.0.1:51339 tcp
US 8.8.8.8:53 conta.uol.com.br udp
US 8.8.8.8:53 genshin.mihoyo.com udp
US 8.8.8.8:53 conta.uol.com.br udp
US 8.8.8.8:53 genshin.mihoyo.com udp
US 8.8.8.8:53 siakad-old.uns.ac.id udp
N/A 127.0.0.1:51342 tcp
US 8.8.8.8:53 siakad-old.uns.ac.id udp
US 8.8.8.8:53 my.hirezstudios.com udp
N/A 127.0.0.1:51344 tcp
N/A 127.0.0.1:51347 tcp
HR 195.29.149.38:80 m.moj.hrvatskitelekom.hr tcp
US 8.8.8.8:53 my.hirezstudios.com udp
US 8.8.8.8:53 list.zugehao.com udp
N/A 127.0.0.1:51352 tcp
US 8.8.8.8:53 list.zugehao.com udp
US 8.8.8.8:53 accounts.intuit.com udp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
N/A 127.0.0.1:51356 tcp
US 8.8.8.8:53 accounts.intuit.com udp
US 8.8.8.8:53 sim-monsters.com udp
N/A 127.0.0.1:51358 tcp
CO 190.144.155.91:80 transaccionesenlinea.com.co tcp
US 8.8.8.8:53 sim-monsters.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 76.76.21.123:80 mazmo.net tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 learning.nebosh.org.uk udp
SG 206.189.42.180:80 elabschool.net tcp
US 8.8.8.8:53 edofe.org udp
US 8.8.8.8:53 learning.nebosh.org.uk udp
US 8.8.8.8:53 29.194.19.104.in-addr.arpa udp
US 104.17.171.23:80 www.genymotion.com tcp
US 8.8.8.8:53 edofe.org udp
N/A 127.0.0.1:51366 tcp
CO 190.144.155.91:80 transaccionesenlinea.com.co tcp
US 8.8.8.8:53 maismedicos.saude.gov.br udp
US 8.8.8.8:53 iris.fbr.gov.pk udp
US 8.8.8.8:53 es-la.facebook.com udp
N/A 127.0.0.1:51369 tcp
N/A 127.0.0.1:51377 tcp
US 8.8.8.8:53 secure.wakfu.com udp
N/A 127.0.0.1:51380 tcp
N/A 127.0.0.1:51384 tcp
US 8.8.8.8:53 162.43.22.104.in-addr.arpa udp
US 8.8.8.8:53 v3m.gtarcade.com udp
US 8.8.8.8:53 linda.mx.cloudflare.net udp
NL 142.250.179.147:80 discuss.howtogeek.com tcp
US 8.8.8.8:53 ftp.app.oss.go.id udp
US 8.8.8.8:53 app.oss.go.id udp
US 8.8.8.8:53 maismedicos.saude.gov.br udp
US 8.8.8.8:53 www.irs.gov udp
US 8.8.8.8:53 community.vortal.biz udp
N/A 127.0.0.1:51392 tcp
N/A 127.0.0.1:51397 tcp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 eprs01.philhealth.gov.ph udp
US 8.8.8.8:53 mail.bdsmboard.org udp
US 8.8.8.8:53 ruangguree.com udp
US 8.8.8.8:53 community.vortal.biz udp
US 8.8.8.8:53 dps.phlpost.gov.ph udp
US 8.8.8.8:53 dps.phlpost.gov.ph udp
US 8.8.8.8:53 contribuyente.seniat.gob.ve udp
US 8.8.8.8:53 contribuyente.seniat.gob.ve udp
US 8.8.8.8:53 wmp.fuioupay.com udp
US 8.8.8.8:53 wmp.fuioupay.com udp
US 8.8.8.8:53 online.anidub.com udp
US 8.8.8.8:53 online.anidub.com udp
US 8.8.8.8:53 superfolls.com udp
US 8.8.8.8:53 scarlet-clicks.info udp
US 8.8.8.8:53 beritapolisi.com udp
US 8.8.8.8:53 beritapolisi.com udp
US 8.8.8.8:53 scarlet-clicks.info udp
US 8.8.8.8:53 play.martabak66.com udp
US 8.8.8.8:53 play.martabak66.com udp
US 8.8.8.8:53 www38.receita.fazenda.gov.br udp
US 8.8.8.8:53 www38.receita.fazenda.gov.br udp
BE 74.125.71.84:80 accounts.google.com tcp
TR 88.255.66.202:80 koha.ekutuphane.gov.tr tcp
GB 104.96.173.85:80 v3m.gtarcade.com tcp
US 136.143.191.104:80 workplace.zoho.com tcp
NL 45.88.106.192:80 mail.bdsmboard.org tcp
TR 88.255.66.202:8246 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:55132 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:62519 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:11986 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:21233 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:62697 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:53524 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:42352 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:34916 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:29997 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:61281 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:26772 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:61024 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:62787 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:53740 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:65246 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:35251 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:49548 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:13544 koha.ekutuphane.gov.tr tcp
US 8.8.8.8:53 cpanel.loatah.com udp
TR 88.255.66.202:24028 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:22047 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:53971 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:40675 koha.ekutuphane.gov.tr tcp
TR 88.255.66.202:12639 koha.ekutuphane.gov.tr tcp
US 8.8.8.8:53 cpanel.loatah.com udp
US 8.8.8.8:53 gsuite.google.com udp
US 8.8.8.8:53 certcollection.org udp
US 8.8.8.8:53 gsuite.google.com udp
US 8.8.8.8:53 certcollection.org udp
US 8.8.8.8:53 hookupgirlfriends.com udp
BE 74.125.71.84:80 accounts.google.com tcp
US 172.67.163.126:80 grab.tc tcp
NL 142.250.179.206:80 remotedesktop.google.com tcp
GB 104.96.173.85:80 v3m.gtarcade.com tcp
PH 122.3.229.138:80 eprs01.philhealth.gov.ph tcp
EC 181.113.66.59:80 academico.educarecuador.gob.ec tcp
US 216.66.74.140:80 freefilefillableforms.com tcp
N/A 127.0.0.1:51399 tcp
US 76.223.67.189:80 hepsibahis886.com tcp
US 8.8.8.8:53 hookupgirlfriends.com udp
US 8.8.8.8:53 idplr.com udp
US 8.8.8.8:53 ruangguree.com udp
US 8.8.8.8:53 idplr.com udp
US 8.8.8.8:53 cracked.io udp
US 8.8.8.8:53 cracked.io udp
US 8.8.8.8:53 authenticate.riotgames.com udp
US 8.8.8.8:53 authenticate.riotgames.com udp
US 8.8.8.8:53 videos.bookmarking.site udp
N/A 127.0.0.1:51401 tcp
N/A 127.0.0.1:51409 tcp
N/A 127.0.0.1:51412 tcp
US 8.8.8.8:53 ferrepasa.com udp
US 8.8.8.8:53 videos.bookmarking.site udp
US 8.8.8.8:53 ferrepasa.com udp
US 8.8.8.8:53 studenthub.hud.ac.uk udp
US 8.8.8.8:53 lgn.edu.gov.il udp
US 8.8.8.8:53 studenthub.hud.ac.uk udp
US 8.8.8.8:53 lgn.edu.gov.il udp
US 8.8.8.8:53 connectfss.cudenver.com udp
N/A 127.0.0.1:51416 tcp
N/A 127.0.0.1:51419 tcp
N/A 127.0.0.1:51423 tcp
N/A 127.0.0.1:51427 tcp
N/A 127.0.0.1:51429 tcp
N/A 127.0.0.1:51431 tcp
N/A 127.0.0.1:51434 tcp
N/A 127.0.0.1:51436 tcp
N/A 127.0.0.1:51441 tcp
N/A 127.0.0.1:51452 tcp
N/A 127.0.0.1:51456 tcp
N/A 127.0.0.1:51458 tcp
N/A 127.0.0.1:51462 tcp
N/A 127.0.0.1:51464 tcp
N/A 127.0.0.1:51466 tcp
N/A 127.0.0.1:51475 tcp
N/A 127.0.0.1:51479 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:51483 tcp
N/A 127.0.0.1:51487 tcp
N/A 127.0.0.1:51489 tcp
N/A 127.0.0.1:51491 tcp
N/A 127.0.0.1:51495 tcp
N/A 127.0.0.1:51498 tcp
US 8.8.8.8:53 connectfss.cudenver.com udp
US 8.8.8.8:53 pumpit.sk udp
US 8.8.8.8:53 ferrepasa.com udp
US 8.8.8.8:53 pumpit.sk udp
US 8.8.8.8:53 cadastro.trigg.com.br udp
US 8.8.8.8:53 orbis-bvdinfo-com.proxy.unimib.it udp
US 8.8.8.8:53 orbis-bvdinfo-com.proxy.unimib.it udp
US 8.8.8.8:53 upload.xvideos.com udp
US 8.8.8.8:53 ferrepasa.com udp
N/A 127.0.0.1:51501 tcp
US 8.8.8.8:53 upload.xvideos.com udp
US 8.8.8.8:53 account.91.com udp
US 8.8.8.8:53 savethecat.informe.com udp
US 8.8.8.8:53 account.91.com udp
US 8.8.8.8:53 savethecat.informe.com udp
US 8.8.8.8:53 vfun.valofe.com udp
US 8.8.8.8:53 app.ipay.com.bd udp
US 8.8.8.8:53 vfun.valofe.com udp
N/A 127.0.0.1:51506 tcp
US 8.8.8.8:53 app.ipay.com.bd udp
US 8.8.8.8:53 centrodemocraticoorellana.com udp
US 8.8.8.8:53 centrodemocraticoorellana.com udp
US 8.8.8.8:53 aries.elluel.net udp
US 8.8.8.8:53 aries.elluel.net udp
N/A 127.0.0.1:51511 tcp
N/A 127.0.0.1:51514 tcp
N/A 127.0.0.1:51516 tcp
N/A 127.0.0.1:51521 tcp
N/A 127.0.0.1:51534 tcp
N/A 127.0.0.1:51536 tcp
N/A 127.0.0.1:51538 tcp
N/A 127.0.0.1:51547 tcp
N/A 127.0.0.1:51556 tcp
N/A 127.0.0.1:51559 tcp
N/A 127.0.0.1:51562 tcp
N/A 127.0.0.1:51564 tcp
N/A 127.0.0.1:51570 tcp
N/A 127.0.0.1:51573 tcp
N/A 127.0.0.1:51580 tcp
N/A 127.0.0.1:51583 tcp
N/A 127.0.0.1:51586 tcp
N/A 127.0.0.1:51590 tcp
N/A 127.0.0.1:51592 tcp
N/A 127.0.0.1:51594 tcp
N/A 127.0.0.1:51596 tcp
N/A 127.0.0.1:51598 tcp
N/A 127.0.0.1:51608 tcp
N/A 127.0.0.1:51614 tcp
N/A 127.0.0.1:51616 tcp
N/A 127.0.0.1:51622 tcp
N/A 127.0.0.1:51629 tcp
N/A 127.0.0.1:51632 tcp
N/A 127.0.0.1:51645 tcp
N/A 127.0.0.1:51664 tcp
N/A 127.0.0.1:51667 tcp
N/A 127.0.0.1:51671 tcp
N/A 127.0.0.1:51673 tcp
N/A 127.0.0.1:51678 tcp
N/A 127.0.0.1:51684 tcp
N/A 127.0.0.1:51686 tcp
US 8.8.8.8:53 ferrepasa.com udp
US 8.8.8.8:53 accounts.mobisystems.com udp
US 8.8.8.8:53 accounts.mobisystems.com udp
US 8.8.8.8:53 m.enzocasino.com udp
US 8.8.8.8:53 m.enzocasino.com udp
US 8.8.8.8:53 cadastro.trigg.com.br udp
US 8.8.8.8:53 ccp.netcup.net udp
US 8.8.8.8:53 web.cdslindia.com udp
N/A 127.0.0.1:51688 tcp
US 8.8.8.8:53 ccp.netcup.net udp
US 8.8.8.8:53 web.cdslindia.com udp
US 8.8.8.8:53 login.oracle.com udp
N/A 127.0.0.1:51690 tcp
N/A 127.0.0.1:51692 tcp
N/A 127.0.0.1:51695 tcp
N/A 127.0.0.1:51700 tcp
N/A 127.0.0.1:51703 tcp
N/A 127.0.0.1:51706 tcp
N/A 127.0.0.1:51719 tcp
N/A 127.0.0.1:51729 tcp
N/A 127.0.0.1:51732 tcp
N/A 127.0.0.1:51734 tcp
N/A 127.0.0.1:51737 tcp
N/A 127.0.0.1:51740 tcp
N/A 127.0.0.1:51742 tcp
N/A 127.0.0.1:51758 tcp
N/A 127.0.0.1:51763 tcp
N/A 127.0.0.1:51777 tcp
N/A 127.0.0.1:51781 tcp
N/A 127.0.0.1:51786 tcp
N/A 127.0.0.1:51788 tcp
US 8.8.8.8:53 login.oracle.com udp
US 8.8.8.8:53 rpvoid.com udp
US 8.8.8.8:53 rpvoid.com udp
US 8.8.8.8:53 intranet.cousinoapps.com udp
US 8.8.8.8:53 eu1-ds-iam.3dexperience.3ds.com udp
US 8.8.8.8:53 intranet.cousinoapps.com udp
US 8.8.8.8:53 eu1-ds-iam.3dexperience.3ds.com udp
US 8.8.8.8:53 ztracker.cc udp
US 8.8.8.8:53 customer.comcast.com udp
US 8.8.8.8:53 ztracker.cc udp
US 8.8.8.8:53 customer.comcast.com udp
N/A 127.0.0.1:51793 tcp
N/A 127.0.0.1:51795 tcp
N/A 127.0.0.1:51797 tcp
N/A 127.0.0.1:51799 tcp
N/A 127.0.0.1:51804 tcp
N/A 127.0.0.1:51812 tcp
N/A 127.0.0.1:51814 tcp
N/A 127.0.0.1:51818 tcp
N/A 127.0.0.1:51820 tcp
N/A 127.0.0.1:51826 tcp
N/A 127.0.0.1:51829 tcp
N/A 127.0.0.1:51832 tcp
N/A 127.0.0.1:51850 tcp
N/A 127.0.0.1:51855 tcp
N/A 127.0.0.1:51864 tcp
N/A 127.0.0.1:51866 tcp
N/A 127.0.0.1:51868 tcp
N/A 127.0.0.1:51870 tcp
N/A 127.0.0.1:51875 tcp
N/A 127.0.0.1:51877 tcp
N/A 127.0.0.1:51879 tcp
N/A 127.0.0.1:51881 tcp
N/A 127.0.0.1:51884 tcp
N/A 127.0.0.1:51886 tcp
N/A 127.0.0.1:51897 tcp
N/A 127.0.0.1:51907 tcp
N/A 127.0.0.1:51910 tcp
N/A 127.0.0.1:51916 tcp
N/A 127.0.0.1:51929 tcp
N/A 127.0.0.1:51931 tcp
N/A 127.0.0.1:51940 tcp
N/A 127.0.0.1:51945 tcp
N/A 127.0.0.1:51948 tcp
N/A 127.0.0.1:51955 tcp
N/A 127.0.0.1:51960 tcp
N/A 127.0.0.1:51962 tcp
N/A 127.0.0.1:51964 tcp
N/A 127.0.0.1:51971 tcp
N/A 127.0.0.1:51976 tcp
N/A 127.0.0.1:51979 tcp
N/A 127.0.0.1:51991 tcp
N/A 127.0.0.1:51995 tcp
N/A 127.0.0.1:52002 tcp
N/A 127.0.0.1:52005 tcp
N/A 127.0.0.1:52007 tcp
N/A 127.0.0.1:52011 tcp
N/A 127.0.0.1:52024 tcp
N/A 127.0.0.1:52029 tcp
N/A 127.0.0.1:52031 tcp
N/A 127.0.0.1:52033 tcp
N/A 127.0.0.1:52035 tcp
N/A 127.0.0.1:52037 tcp
N/A 127.0.0.1:52039 tcp
N/A 127.0.0.1:52045 tcp
N/A 127.0.0.1:52056 tcp
N/A 127.0.0.1:52061 tcp
N/A 127.0.0.1:52064 tcp
N/A 127.0.0.1:52067 tcp
N/A 127.0.0.1:52069 tcp
N/A 127.0.0.1:52073 tcp
N/A 127.0.0.1:52078 tcp
N/A 127.0.0.1:52088 tcp
N/A 127.0.0.1:52095 tcp
N/A 127.0.0.1:52100 tcp
N/A 127.0.0.1:52105 tcp
N/A 127.0.0.1:52111 tcp
N/A 127.0.0.1:52115 tcp
N/A 127.0.0.1:52128 tcp
N/A 127.0.0.1:52137 tcp
N/A 127.0.0.1:52141 tcp
N/A 127.0.0.1:52143 tcp
N/A 127.0.0.1:52148 tcp
N/A 127.0.0.1:52151 tcp
N/A 127.0.0.1:52153 tcp
N/A 127.0.0.1:52155 tcp
N/A 127.0.0.1:52157 tcp
N/A 127.0.0.1:52160 tcp
N/A 127.0.0.1:52164 tcp
N/A 127.0.0.1:52167 tcp
N/A 127.0.0.1:52175 tcp
N/A 127.0.0.1:52179 tcp
N/A 127.0.0.1:52183 tcp
N/A 127.0.0.1:52186 tcp
N/A 127.0.0.1:52190 tcp
N/A 127.0.0.1:52195 tcp
N/A 127.0.0.1:52204 tcp
N/A 127.0.0.1:52207 tcp
N/A 127.0.0.1:52214 tcp
N/A 127.0.0.1:52219 tcp
N/A 127.0.0.1:52221 tcp
N/A 127.0.0.1:52224 tcp
N/A 127.0.0.1:52227 tcp
N/A 127.0.0.1:52229 tcp
N/A 127.0.0.1:52231 tcp
N/A 127.0.0.1:52233 tcp
N/A 127.0.0.1:52235 tcp
N/A 127.0.0.1:52238 tcp
N/A 127.0.0.1:52246 tcp
US 8.8.8.8:53 secure.eveonline.com udp
US 8.8.8.8:53 console.command.kw.com udp
US 8.8.8.8:53 conta.uol.com.br udp
US 8.8.8.8:53 secure.eveonline.com udp
US 8.8.8.8:53 console.command.kw.com udp
US 8.8.8.8:53 poppy.espianglobal.com udp
US 8.8.8.8:53 bb.ccmu.edu.cn udp
US 8.8.8.8:53 bb.ccmu.edu.cn udp
US 8.8.8.8:53 da.hostvn.net udp
US 8.8.8.8:53 da.hostvn.net udp
US 8.8.8.8:53 ru.wargaming.net udp
US 8.8.8.8:53 ru.wargaming.net udp
US 8.8.8.8:53 etherscan.io udp
US 8.8.8.8:53 etherscan.io udp
US 8.8.8.8:53 connect.secure.wellsfargo.com udp
US 8.8.8.8:53 connect.secure.wellsfargo.com udp
US 8.8.8.8:53 m.wyylde.com udp
US 8.8.8.8:53 m.wyylde.com udp
US 8.8.8.8:53 nicereview.asia udp
US 8.8.8.8:53 tplinkrepeater.net udp
US 8.8.8.8:53 nicereview.asia udp
US 8.8.8.8:53 baigiang.violet.vn udp
US 8.8.8.8:53 baigiang.violet.vn udp
US 8.8.8.8:53 id1.cloud.huawei.com udp
US 8.8.8.8:53 id1.cloud.huawei.com udp
US 8.8.8.8:53 cfe-metiers.com udp
US 8.8.8.8:53 cfe-metiers.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 sts.edustar.vic.edu.au udp
US 8.8.8.8:53 accounts.phoenixnetwork.net udp
US 8.8.8.8:53 accounts.phoenixnetwork.net udp
US 8.8.8.8:53 sts.edustar.vic.edu.au udp
US 8.8.8.8:53 ueinnovaschool.edu.ec udp
US 8.8.8.8:53 ueinnovaschool.edu.ec udp
US 8.8.8.8:53 connect.telenordigital.com udp
US 8.8.8.8:53 connect.telenordigital.com udp
US 8.8.8.8:53 catalogue-library-brocku-ca.proxy.library.brocku.ca udp
US 8.8.8.8:53 centrodiopinione.it udp
US 8.8.8.8:53 catalogue-library-brocku-ca.proxy.library.brocku.ca udp
US 8.8.8.8:53 centrodiopinione.it udp
US 8.8.8.8:53 platform.garena.vn udp
US 8.8.8.8:53 platform.garena.vn udp
US 8.8.8.8:53 accounts.intuit.com udp
US 8.8.8.8:53 condurbyalexandru.com udp
US 8.8.8.8:53 condurbyalexandru.com udp
US 8.8.8.8:53 alahlynet.com.eg udp
US 8.8.8.8:53 copasaatende.powerappsportals.com udp
US 8.8.8.8:53 alahlynet.com.eg udp
US 8.8.8.8:53 copasaatende.powerappsportals.com udp
US 8.8.8.8:53 minhaconta.levelupgames.com.br udp
US 8.8.8.8:53 olp.anb.com.sa udp
US 8.8.8.8:53 olp.anb.com.sa udp
US 8.8.8.8:53 sexysims.info udp
US 8.8.8.8:53 minhaconta.levelupgames.com.br udp
US 8.8.8.8:53 skycheats.com udp
US 8.8.8.8:53 skycheats.com udp
US 8.8.8.8:53 jeopardylabs.com udp
US 8.8.8.8:53 arcgames.com udp
US 8.8.8.8:53 arcgames.com udp
US 8.8.8.8:53 aolweb.aol.meb.gov.tr udp
US 8.8.8.8:53 aolweb.aol.meb.gov.tr udp
US 8.8.8.8:53 us-smtp-inbound-1.mimecast.com udp
US 8.8.8.8:53 secure.twitch.tv udp
US 8.8.8.8:53 portal.dim.com.ar udp
US 8.8.8.8:53 portal.dim.com.ar udp
US 8.8.8.8:53 clientes.pitucomputer.com.ar udp
US 8.8.8.8:53 clientes.pitucomputer.com.ar udp
US 8.8.8.8:53 secure.twitch.tv udp
US 8.8.8.8:53 razerid.razer.com udp
US 8.8.8.8:53 myaccount.vndirect.com.vn udp
US 8.8.8.8:53 razerid.razer.com udp
US 8.8.8.8:53 myaccount.vndirect.com.vn udp
US 8.8.8.8:53 eu-smtp-inbound-1.mimecast.com udp
US 8.8.8.8:53 mail.es-la.facebook.com udp
US 8.8.8.8:53 ftp.discuss.howtogeek.com udp
US 8.8.8.8:53 ftp.accounts.google.com udp
US 8.8.8.8:53 aspmx2.googlemail.com udp
US 8.8.8.8:53 mail.secure.wakfu.com udp
US 8.8.8.8:53 ftp.koha.ekutuphane.gov.tr udp
US 8.8.8.8:53 v3m.gtarcade.com udp
US 8.8.8.8:53 alt2.gmr-smtp-in.l.google.com udp
US 8.8.8.8:53 ftp.workplace.zoho.com udp
US 8.8.8.8:53 mail.app.oss.go.id udp
US 8.8.8.8:53 ssh.app.oss.go.id udp
US 8.8.8.8:53 app.oss.go.id udp
US 8.8.8.8:53 ftp.app.oss.go.id udp
US 8.8.8.8:53 ftp.iris.fbr.gov.pk udp
US 8.8.8.8:53 85.173.96.104.in-addr.arpa udp
US 8.8.8.8:53 126.163.67.172.in-addr.arpa udp
US 8.8.8.8:53 192.106.88.45.in-addr.arpa udp
US 8.8.8.8:53 ftp.jiocontactcenter.jio.com udp
US 8.8.8.8:53 ftp.freefilefillableforms.com udp
US 8.8.8.8:53 ruangguree.com udp
US 8.8.8.8:53 eprs01.philhealth.gov.ph udp
US 8.8.8.8:53 138.229.3.122.in-addr.arpa udp
US 8.8.8.8:53 _dc-mx.696e29cb38a5.scarlet-clicks.info udp
US 8.8.8.8:53 mx1.hostinger.co.id udp
US 8.8.8.8:53 cpanel.loatah.com udp
US 8.8.8.8:53 eagle.mxlogin.com udp
US 8.8.8.8:53 www.irs.gov udp
US 8.8.8.8:53 mail.discuss.howtogeek.com udp
US 8.8.8.8:53 189.67.223.76.in-addr.arpa udp
US 8.8.8.8:53 _dc-mx.a676a8b2959b.idplr.com udp
US 8.8.8.8:53 _dc-mx.7ccd47d3d4fa.cracked.io udp
US 8.8.8.8:53 ferrepasa.com udp
US 8.8.8.8:53 studenthub.hud.ac.uk udp
US 8.8.8.8:53 pumpit.sk udp
US 8.8.8.8:53 ftp.elabschool.net udp
US 8.8.8.8:53 orbis-bvdinfo-com.proxy.unimib.it udp
US 8.8.8.8:53 aspmx5.googlemail.com udp
US 8.8.8.8:53 account.91.com udp
US 8.8.8.8:53 savethecat.informe.com udp
US 8.8.8.8:53 mail.koha.ekutuphane.gov.tr udp
US 8.8.8.8:53 centrodemocraticoorellana.com udp
US 8.8.8.8:53 ftp.identity.sieltecloud.it udp
US 8.8.8.8:53 accounts-mobisystems-com.mail.protection.outlook.com udp
US 8.8.8.8:53 ftp.mangadna.com udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
N/A 127.0.0.1:52249 tcp
N/A 127.0.0.1:52254 tcp
N/A 127.0.0.1:52258 tcp
N/A 127.0.0.1:52263 tcp
N/A 127.0.0.1:52267 tcp
N/A 127.0.0.1:52269 tcp
N/A 127.0.0.1:52271 tcp
N/A 127.0.0.1:52273 tcp
N/A 127.0.0.1:52275 tcp
N/A 127.0.0.1:52277 tcp
N/A 127.0.0.1:52280 tcp
N/A 127.0.0.1:52283 tcp
N/A 127.0.0.1:52286 tcp
N/A 127.0.0.1:52288 tcp
N/A 127.0.0.1:52290 tcp
N/A 127.0.0.1:52293 tcp
N/A 127.0.0.1:52299 tcp
N/A 127.0.0.1:52302 tcp
N/A 127.0.0.1:52305 tcp
N/A 127.0.0.1:52312 tcp
N/A 127.0.0.1:52315 tcp
N/A 127.0.0.1:52318 tcp
N/A 127.0.0.1:52322 tcp
N/A 127.0.0.1:52325 tcp
N/A 127.0.0.1:52328 tcp
N/A 127.0.0.1:52332 tcp
N/A 127.0.0.1:52336 tcp
N/A 127.0.0.1:52346 tcp
N/A 127.0.0.1:52352 tcp
N/A 127.0.0.1:52355 tcp
N/A 127.0.0.1:52363 tcp
N/A 127.0.0.1:52368 tcp
N/A 127.0.0.1:52372 tcp
N/A 127.0.0.1:52374 tcp
N/A 127.0.0.1:52380 tcp
N/A 127.0.0.1:52386 tcp
N/A 127.0.0.1:52391 tcp
N/A 127.0.0.1:52393 tcp
N/A 127.0.0.1:52395 tcp
N/A 127.0.0.1:52399 tcp
N/A 127.0.0.1:52401 tcp
N/A 127.0.0.1:52405 tcp
N/A 127.0.0.1:52408 tcp
N/A 127.0.0.1:52410 tcp
N/A 127.0.0.1:52413 tcp
N/A 127.0.0.1:52421 tcp
N/A 127.0.0.1:52427 tcp
N/A 127.0.0.1:52429 tcp
N/A 127.0.0.1:52434 tcp
N/A 127.0.0.1:52438 tcp
N/A 127.0.0.1:52441 tcp
N/A 127.0.0.1:52444 tcp
N/A 127.0.0.1:52449 tcp
N/A 127.0.0.1:52455 tcp
N/A 127.0.0.1:52459 tcp
N/A 127.0.0.1:52463 tcp
N/A 127.0.0.1:52466 tcp
N/A 127.0.0.1:52470 tcp
N/A 127.0.0.1:52483 tcp
N/A 127.0.0.1:52487 tcp
N/A 127.0.0.1:52493 tcp
N/A 127.0.0.1:52495 tcp
N/A 127.0.0.1:52498 tcp
N/A 127.0.0.1:52501 tcp
N/A 127.0.0.1:52503 tcp
N/A 127.0.0.1:52505 tcp
N/A 127.0.0.1:52508 tcp
N/A 127.0.0.1:52512 tcp
N/A 127.0.0.1:52514 tcp
N/A 127.0.0.1:52519 tcp
N/A 127.0.0.1:52523 tcp
N/A 127.0.0.1:52525 tcp
N/A 127.0.0.1:52528 tcp
N/A 127.0.0.1:52530 tcp
N/A 127.0.0.1:52532 tcp
N/A 127.0.0.1:52548 tcp
N/A 127.0.0.1:52552 tcp
N/A 127.0.0.1:52555 tcp
N/A 127.0.0.1:52558 tcp
N/A 127.0.0.1:52562 tcp
N/A 127.0.0.1:52566 tcp
N/A 127.0.0.1:52570 tcp
N/A 127.0.0.1:52574 tcp
N/A 127.0.0.1:52585 tcp
N/A 127.0.0.1:52588 tcp
N/A 127.0.0.1:52591 tcp
N/A 127.0.0.1:52594 tcp
N/A 127.0.0.1:52597 tcp
N/A 127.0.0.1:52599 tcp
N/A 127.0.0.1:52606 tcp
N/A 127.0.0.1:52608 tcp
N/A 127.0.0.1:52611 tcp
N/A 127.0.0.1:52615 tcp
N/A 127.0.0.1:52619 tcp
N/A 127.0.0.1:52624 tcp
N/A 127.0.0.1:52630 tcp
N/A 127.0.0.1:52634 tcp
N/A 127.0.0.1:52638 tcp
N/A 127.0.0.1:52641 tcp
N/A 127.0.0.1:52643 tcp
N/A 127.0.0.1:52645 tcp
N/A 127.0.0.1:52650 tcp
N/A 127.0.0.1:52653 tcp
N/A 127.0.0.1:52662 tcp
N/A 127.0.0.1:52665 tcp
N/A 127.0.0.1:52667 tcp
N/A 127.0.0.1:52670 tcp
N/A 127.0.0.1:52677 tcp
N/A 127.0.0.1:52681 tcp
N/A 127.0.0.1:52687 tcp
N/A 127.0.0.1:52689 tcp
N/A 127.0.0.1:52691 tcp
N/A 127.0.0.1:52694 tcp
N/A 127.0.0.1:52700 tcp
N/A 127.0.0.1:52705 tcp
N/A 127.0.0.1:52709 tcp
N/A 127.0.0.1:52712 tcp
N/A 127.0.0.1:52718 tcp
N/A 127.0.0.1:52723 tcp
N/A 127.0.0.1:52726 tcp
N/A 127.0.0.1:52729 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:52819 tcp
N/A 127.0.0.1:52822 tcp
N/A 127.0.0.1:52826 tcp
N/A 127.0.0.1:52851 tcp
N/A 127.0.0.1:52854 tcp
N/A 127.0.0.1:52857 tcp
N/A 127.0.0.1:52859 tcp
N/A 127.0.0.1:52861 tcp
N/A 127.0.0.1:52864 tcp
N/A 127.0.0.1:52866 tcp
N/A 127.0.0.1:52868 tcp
N/A 127.0.0.1:52870 tcp
N/A 127.0.0.1:52872 tcp
N/A 127.0.0.1:52874 tcp
N/A 127.0.0.1:52877 tcp
N/A 127.0.0.1:52880 tcp
N/A 127.0.0.1:52882 tcp
N/A 127.0.0.1:52884 tcp
N/A 127.0.0.1:52886 tcp
N/A 127.0.0.1:52888 tcp
N/A 127.0.0.1:52890 tcp
N/A 127.0.0.1:52892 tcp
N/A 127.0.0.1:52894 tcp
N/A 127.0.0.1:52897 tcp
N/A 127.0.0.1:52899 tcp
N/A 127.0.0.1:52902 tcp
N/A 127.0.0.1:52904 tcp
N/A 127.0.0.1:52906 tcp
N/A 127.0.0.1:52908 tcp
N/A 127.0.0.1:52910 tcp
N/A 127.0.0.1:52912 tcp
N/A 127.0.0.1:52915 tcp
N/A 127.0.0.1:52917 tcp
N/A 127.0.0.1:52919 tcp
N/A 127.0.0.1:52922 tcp
N/A 127.0.0.1:52924 tcp
N/A 127.0.0.1:52926 tcp
N/A 127.0.0.1:52928 tcp
N/A 127.0.0.1:52930 tcp
N/A 127.0.0.1:52932 tcp
N/A 127.0.0.1:52934 tcp
N/A 127.0.0.1:52936 tcp
N/A 127.0.0.1:52938 tcp
N/A 127.0.0.1:52940 tcp
N/A 127.0.0.1:52943 tcp
N/A 127.0.0.1:52945 tcp
N/A 127.0.0.1:52947 tcp
N/A 127.0.0.1:52951 tcp
N/A 127.0.0.1:52949 tcp
N/A 127.0.0.1:52953 tcp
N/A 127.0.0.1:52955 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:52958 tcp
N/A 127.0.0.1:52960 tcp
N/A 127.0.0.1:52962 tcp
N/A 127.0.0.1:52964 tcp
N/A 127.0.0.1:52966 tcp
N/A 127.0.0.1:52968 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:52971 tcp
N/A 127.0.0.1:52973 tcp
N/A 127.0.0.1:52975 tcp
N/A 127.0.0.1:52977 tcp
N/A 127.0.0.1:52979 tcp
N/A 127.0.0.1:52981 tcp
N/A 127.0.0.1:52983 tcp
N/A 127.0.0.1:52985 tcp
N/A 127.0.0.1:52987 tcp
N/A 127.0.0.1:52989 tcp
N/A 127.0.0.1:52991 tcp
N/A 127.0.0.1:52993 tcp
N/A 127.0.0.1:52995 tcp
N/A 127.0.0.1:52997 tcp
N/A 127.0.0.1:53000 tcp
N/A 127.0.0.1:53002 tcp
N/A 127.0.0.1:53004 tcp
N/A 127.0.0.1:53009 tcp
N/A 127.0.0.1:53013 tcp
N/A 127.0.0.1:53016 tcp
N/A 127.0.0.1:53018 tcp
N/A 127.0.0.1:53020 tcp
N/A 127.0.0.1:53023 tcp
N/A 127.0.0.1:53025 tcp
N/A 127.0.0.1:53027 tcp
N/A 127.0.0.1:53029 tcp
N/A 127.0.0.1:53031 tcp
N/A 127.0.0.1:53033 tcp
N/A 127.0.0.1:53035 tcp
N/A 127.0.0.1:53037 tcp
N/A 127.0.0.1:53039 tcp
N/A 127.0.0.1:53057 tcp
N/A 127.0.0.1:53063 tcp
N/A 127.0.0.1:53065 tcp
N/A 127.0.0.1:53068 tcp
N/A 127.0.0.1:53070 tcp
N/A 127.0.0.1:53072 tcp
N/A 127.0.0.1:53074 tcp
N/A 127.0.0.1:53076 tcp
N/A 127.0.0.1:53084 tcp
N/A 127.0.0.1:53089 tcp
N/A 127.0.0.1:53097 tcp
N/A 127.0.0.1:53108 tcp
N/A 127.0.0.1:53127 tcp
N/A 127.0.0.1:53138 tcp
N/A 127.0.0.1:53142 tcp
N/A 127.0.0.1:53171 tcp
N/A 127.0.0.1:53175 tcp
N/A 127.0.0.1:53185 tcp
N/A 127.0.0.1:53187 tcp
N/A 127.0.0.1:53189 tcp
N/A 127.0.0.1:53192 tcp
N/A 127.0.0.1:53194 tcp
N/A 127.0.0.1:53204 tcp
N/A 127.0.0.1:53206 tcp
N/A 127.0.0.1:53208 tcp
N/A 127.0.0.1:53210 tcp
N/A 127.0.0.1:53212 tcp
N/A 127.0.0.1:53214 tcp
N/A 127.0.0.1:53216 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:53221 tcp
N/A 127.0.0.1:53223 tcp
N/A 127.0.0.1:53225 tcp
N/A 127.0.0.1:53227 tcp
N/A 127.0.0.1:53230 tcp
N/A 127.0.0.1:53232 tcp
N/A 127.0.0.1:53234 tcp
N/A 127.0.0.1:53236 tcp
N/A 127.0.0.1:53239 tcp
N/A 127.0.0.1:53242 tcp
N/A 127.0.0.1:53244 tcp
N/A 127.0.0.1:53246 tcp
N/A 127.0.0.1:53248 tcp
N/A 127.0.0.1:53255 tcp
N/A 127.0.0.1:53262 tcp
N/A 127.0.0.1:53265 tcp
N/A 127.0.0.1:53267 tcp
N/A 127.0.0.1:53269 tcp
N/A 127.0.0.1:53272 tcp
N/A 127.0.0.1:53276 tcp
N/A 127.0.0.1:53280 tcp
N/A 127.0.0.1:53287 tcp
N/A 127.0.0.1:53291 tcp
N/A 127.0.0.1:53297 tcp
N/A 127.0.0.1:53315 tcp
N/A 127.0.0.1:53319 tcp
N/A 127.0.0.1:53322 tcp
N/A 127.0.0.1:53326 tcp
N/A 127.0.0.1:53332 tcp
N/A 127.0.0.1:53334 tcp
N/A 127.0.0.1:53340 tcp
N/A 127.0.0.1:53343 tcp
N/A 127.0.0.1:53347 tcp
N/A 127.0.0.1:53351 tcp
N/A 127.0.0.1:53354 tcp
N/A 127.0.0.1:53363 tcp
N/A 127.0.0.1:53368 tcp
N/A 127.0.0.1:53373 tcp
N/A 127.0.0.1:53377 tcp
N/A 127.0.0.1:53383 tcp
N/A 127.0.0.1:53385 tcp
N/A 127.0.0.1:53389 tcp
N/A 127.0.0.1:53396 tcp
N/A 127.0.0.1:53402 tcp
N/A 127.0.0.1:53406 tcp
N/A 127.0.0.1:53410 tcp
N/A 127.0.0.1:53413 tcp
N/A 127.0.0.1:53420 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:53425 tcp
N/A 127.0.0.1:53430 tcp
N/A 127.0.0.1:53434 tcp
N/A 127.0.0.1:53437 tcp
N/A 127.0.0.1:53440 tcp
N/A 127.0.0.1:53443 tcp
N/A 127.0.0.1:53450 tcp
N/A 127.0.0.1:53457 tcp
N/A 127.0.0.1:53456 tcp
N/A 127.0.0.1:53463 tcp
N/A 127.0.0.1:53470 tcp
N/A 127.0.0.1:53472 tcp
N/A 127.0.0.1:53474 tcp
N/A 127.0.0.1:53478 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:53484 tcp
N/A 127.0.0.1:53489 tcp
N/A 127.0.0.1:53493 tcp
N/A 127.0.0.1:53498 tcp
N/A 127.0.0.1:53505 tcp
N/A 127.0.0.1:53508 tcp
N/A 127.0.0.1:53510 tcp
N/A 127.0.0.1:53512 tcp
N/A 127.0.0.1:53517 tcp
N/A 127.0.0.1:53523 tcp
N/A 127.0.0.1:53528 tcp
N/A 127.0.0.1:53532 tcp
N/A 127.0.0.1:53536 tcp
N/A 127.0.0.1:53541 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:53545 tcp
N/A 127.0.0.1:53550 tcp
N/A 127.0.0.1:53553 tcp
N/A 127.0.0.1:53558 tcp
N/A 127.0.0.1:53564 tcp
N/A 127.0.0.1:53567 tcp
N/A 127.0.0.1:53570 tcp
N/A 127.0.0.1:53574 tcp
N/A 127.0.0.1:53576 tcp
N/A 127.0.0.1:53580 tcp
N/A 127.0.0.1:53586 tcp
N/A 127.0.0.1:53589 tcp
N/A 127.0.0.1:53594 tcp
N/A 127.0.0.1:53597 tcp
N/A 127.0.0.1:53600 tcp
N/A 127.0.0.1:53602 tcp
N/A 127.0.0.1:53605 tcp
N/A 127.0.0.1:53614 tcp
N/A 127.0.0.1:53618 tcp
N/A 127.0.0.1:53622 tcp
N/A 127.0.0.1:53625 tcp
N/A 127.0.0.1:53629 tcp
N/A 127.0.0.1:53634 tcp
N/A 127.0.0.1:53638 tcp
N/A 127.0.0.1:53642 tcp
N/A 127.0.0.1:53646 tcp
N/A 127.0.0.1:53654 tcp
N/A 127.0.0.1:53657 tcp
N/A 127.0.0.1:53663 tcp
N/A 127.0.0.1:53668 tcp
N/A 127.0.0.1:53672 tcp
N/A 127.0.0.1:53674 tcp
N/A 127.0.0.1:53678 tcp
N/A 127.0.0.1:53680 tcp
N/A 127.0.0.1:53685 tcp
N/A 127.0.0.1:53687 tcp
N/A 127.0.0.1:53690 tcp
N/A 127.0.0.1:53694 tcp
N/A 127.0.0.1:53697 tcp
N/A 127.0.0.1:53701 tcp
N/A 127.0.0.1:53704 tcp
N/A 127.0.0.1:53712 tcp
N/A 127.0.0.1:53717 tcp
N/A 127.0.0.1:53721 tcp
N/A 127.0.0.1:53724 tcp
N/A 127.0.0.1:53728 tcp
N/A 127.0.0.1:53733 tcp
N/A 127.0.0.1:53736 tcp
N/A 127.0.0.1:53744 tcp
N/A 127.0.0.1:53749 tcp
N/A 127.0.0.1:53754 tcp
N/A 127.0.0.1:53756 tcp
N/A 127.0.0.1:53760 tcp
N/A 127.0.0.1:53763 tcp
N/A 127.0.0.1:53766 tcp
N/A 127.0.0.1:53771 tcp
N/A 127.0.0.1:53773 tcp
N/A 127.0.0.1:53777 tcp
N/A 127.0.0.1:53781 tcp
N/A 127.0.0.1:53785 tcp
N/A 127.0.0.1:53790 tcp
N/A 127.0.0.1:53794 tcp
N/A 127.0.0.1:53802 tcp
N/A 127.0.0.1:53805 tcp
N/A 127.0.0.1:53809 tcp
N/A 127.0.0.1:53813 tcp
N/A 127.0.0.1:53815 tcp
N/A 127.0.0.1:53821 tcp
N/A 127.0.0.1:53824 tcp
N/A 127.0.0.1:53827 tcp
N/A 127.0.0.1:53831 tcp
N/A 127.0.0.1:53833 tcp
N/A 127.0.0.1:53845 tcp
N/A 127.0.0.1:53849 tcp
N/A 127.0.0.1:53852 tcp
N/A 127.0.0.1:53859 tcp
N/A 127.0.0.1:53861 tcp
N/A 127.0.0.1:53864 tcp
N/A 127.0.0.1:53867 tcp
N/A 127.0.0.1:53870 tcp
N/A 127.0.0.1:53873 tcp
N/A 127.0.0.1:53877 tcp
N/A 127.0.0.1:53885 tcp
N/A 127.0.0.1:53890 tcp
N/A 127.0.0.1:53894 tcp
N/A 127.0.0.1:53897 tcp
N/A 127.0.0.1:53901 tcp
N/A 127.0.0.1:53904 tcp
N/A 127.0.0.1:53909 tcp
N/A 127.0.0.1:53918 tcp
N/A 127.0.0.1:53919 tcp
N/A 127.0.0.1:53924 tcp
N/A 127.0.0.1:53928 tcp
N/A 127.0.0.1:53932 tcp
N/A 127.0.0.1:53936 tcp
N/A 127.0.0.1:53940 tcp
N/A 127.0.0.1:53942 tcp
N/A 127.0.0.1:53945 tcp
N/A 127.0.0.1:53949 tcp
N/A 127.0.0.1:53955 tcp
N/A 127.0.0.1:53961 tcp
N/A 127.0.0.1:53963 tcp
N/A 127.0.0.1:53969 tcp
N/A 127.0.0.1:53974 tcp
N/A 127.0.0.1:53979 tcp
N/A 127.0.0.1:53982 tcp
N/A 127.0.0.1:53984 tcp
N/A 127.0.0.1:53988 tcp
N/A 127.0.0.1:53992 tcp
N/A 127.0.0.1:53997 tcp
N/A 127.0.0.1:54003 tcp
N/A 127.0.0.1:54005 tcp
N/A 127.0.0.1:54008 tcp
N/A 127.0.0.1:54017 tcp
N/A 127.0.0.1:54022 tcp
N/A 127.0.0.1:54025 tcp
N/A 127.0.0.1:54030 tcp
N/A 127.0.0.1:54033 tcp
N/A 127.0.0.1:54037 tcp
N/A 127.0.0.1:54039 tcp
N/A 127.0.0.1:54042 tcp
N/A 127.0.0.1:54045 tcp
N/A 127.0.0.1:54051 tcp
N/A 127.0.0.1:54058 tcp
N/A 127.0.0.1:54061 tcp
N/A 127.0.0.1:54069 tcp
N/A 127.0.0.1:54073 tcp
N/A 127.0.0.1:54075 tcp
N/A 127.0.0.1:54079 tcp
N/A 127.0.0.1:54082 tcp
N/A 127.0.0.1:54086 tcp
N/A 127.0.0.1:54092 tcp
N/A 127.0.0.1:54095 tcp
N/A 127.0.0.1:54098 tcp
N/A 127.0.0.1:54102 tcp
N/A 127.0.0.1:54108 tcp
N/A 127.0.0.1:54113 tcp
N/A 127.0.0.1:54116 tcp
N/A 127.0.0.1:54119 tcp
N/A 127.0.0.1:54124 tcp
N/A 127.0.0.1:54128 tcp
N/A 127.0.0.1:54133 tcp
N/A 127.0.0.1:54136 tcp
N/A 127.0.0.1:54142 tcp
N/A 127.0.0.1:54145 tcp
N/A 127.0.0.1:54155 tcp
N/A 127.0.0.1:54158 tcp
N/A 127.0.0.1:54160 tcp
N/A 127.0.0.1:54163 tcp
N/A 127.0.0.1:54167 tcp
N/A 127.0.0.1:54175 tcp
N/A 127.0.0.1:54180 tcp
N/A 127.0.0.1:54183 tcp
N/A 127.0.0.1:54186 tcp
N/A 127.0.0.1:54190 tcp
N/A 127.0.0.1:54194 tcp
N/A 127.0.0.1:54196 tcp
N/A 127.0.0.1:54199 tcp
N/A 127.0.0.1:54202 tcp
N/A 127.0.0.1:54207 tcp
N/A 127.0.0.1:54209 tcp
N/A 127.0.0.1:54214 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:54219 tcp
N/A 127.0.0.1:54224 tcp
N/A 127.0.0.1:54227 tcp
N/A 127.0.0.1:54232 tcp
N/A 127.0.0.1:54236 tcp
N/A 127.0.0.1:54239 tcp
N/A 127.0.0.1:54241 tcp
N/A 127.0.0.1:54247 tcp
N/A 127.0.0.1:54251 tcp
N/A 127.0.0.1:54253 tcp
N/A 127.0.0.1:54259 tcp
N/A 127.0.0.1:54261 tcp
N/A 127.0.0.1:54268 tcp
N/A 127.0.0.1:54274 tcp
N/A 127.0.0.1:54277 tcp
N/A 127.0.0.1:54281 tcp
N/A 127.0.0.1:54288 tcp
N/A 127.0.0.1:54292 tcp
N/A 127.0.0.1:54298 tcp
N/A 127.0.0.1:54301 tcp
N/A 127.0.0.1:54303 tcp
N/A 127.0.0.1:54307 tcp
N/A 127.0.0.1:54311 tcp
N/A 127.0.0.1:54314 tcp
N/A 127.0.0.1:54319 tcp
N/A 127.0.0.1:54322 tcp
N/A 127.0.0.1:54325 tcp
N/A 127.0.0.1:54328 tcp
N/A 127.0.0.1:54332 tcp
N/A 127.0.0.1:54336 tcp
N/A 127.0.0.1:54339 tcp
N/A 127.0.0.1:54348 tcp
N/A 127.0.0.1:54351 tcp
N/A 127.0.0.1:54353 tcp
N/A 127.0.0.1:54360 tcp
N/A 127.0.0.1:54369 tcp
N/A 127.0.0.1:54375 tcp
N/A 127.0.0.1:54379 tcp
N/A 127.0.0.1:54382 tcp
N/A 127.0.0.1:54386 tcp
N/A 127.0.0.1:54388 tcp
N/A 127.0.0.1:54390 tcp
N/A 127.0.0.1:54397 tcp
N/A 127.0.0.1:54401 tcp
N/A 127.0.0.1:54405 tcp
N/A 127.0.0.1:54409 tcp
N/A 127.0.0.1:54413 tcp
N/A 127.0.0.1:54415 tcp
N/A 127.0.0.1:54419 tcp
N/A 127.0.0.1:54422 tcp
N/A 127.0.0.1:54426 tcp
N/A 127.0.0.1:54431 tcp
N/A 127.0.0.1:54436 tcp
N/A 127.0.0.1:54440 tcp
N/A 127.0.0.1:54443 tcp
N/A 127.0.0.1:54454 tcp
N/A 127.0.0.1:54458 tcp
N/A 127.0.0.1:54460 tcp
N/A 127.0.0.1:54463 tcp
N/A 127.0.0.1:54467 tcp
N/A 127.0.0.1:54471 tcp
N/A 127.0.0.1:54478 tcp
N/A 127.0.0.1:54482 tcp
N/A 127.0.0.1:54490 tcp
N/A 127.0.0.1:54493 tcp
N/A 127.0.0.1:54496 tcp
N/A 127.0.0.1:54499 tcp
N/A 127.0.0.1:54503 tcp
N/A 127.0.0.1:54510 tcp
N/A 127.0.0.1:54515 tcp
N/A 127.0.0.1:54519 tcp
N/A 127.0.0.1:54522 tcp
N/A 127.0.0.1:54526 tcp
N/A 127.0.0.1:54529 tcp
N/A 127.0.0.1:54534 tcp
N/A 127.0.0.1:54538 tcp
N/A 127.0.0.1:54544 tcp
N/A 127.0.0.1:54547 tcp
N/A 127.0.0.1:54549 tcp
N/A 127.0.0.1:54553 tcp
N/A 127.0.0.1:54556 tcp
N/A 127.0.0.1:54558 tcp
N/A 127.0.0.1:54562 tcp
N/A 127.0.0.1:54567 tcp
N/A 127.0.0.1:54571 tcp
N/A 127.0.0.1:54575 tcp
N/A 127.0.0.1:54581 tcp
N/A 127.0.0.1:54584 tcp
N/A 127.0.0.1:54587 tcp
N/A 127.0.0.1:54594 tcp
N/A 127.0.0.1:54600 tcp
N/A 127.0.0.1:54602 tcp
N/A 127.0.0.1:54606 tcp
N/A 127.0.0.1:54609 tcp
N/A 127.0.0.1:54612 tcp
N/A 127.0.0.1:54617 tcp
N/A 127.0.0.1:54621 tcp
N/A 127.0.0.1:54627 tcp
N/A 127.0.0.1:54630 tcp
N/A 127.0.0.1:54637 tcp
N/A 127.0.0.1:54643 tcp
N/A 127.0.0.1:54645 tcp
N/A 127.0.0.1:54649 tcp
N/A 127.0.0.1:54658 tcp
N/A 127.0.0.1:54662 tcp
N/A 127.0.0.1:54666 tcp
N/A 127.0.0.1:54670 tcp
N/A 127.0.0.1:54674 tcp
N/A 127.0.0.1:54677 tcp
N/A 127.0.0.1:54681 tcp
N/A 127.0.0.1:54684 tcp
N/A 127.0.0.1:54686 tcp
N/A 127.0.0.1:54691 tcp
N/A 127.0.0.1:54693 tcp
N/A 127.0.0.1:54696 tcp
N/A 127.0.0.1:54698 tcp
N/A 127.0.0.1:54701 tcp
N/A 127.0.0.1:54711 tcp
N/A 127.0.0.1:54715 tcp
N/A 127.0.0.1:54720 tcp
N/A 127.0.0.1:54725 tcp
N/A 127.0.0.1:54728 tcp
N/A 127.0.0.1:54732 tcp
N/A 127.0.0.1:54736 tcp
N/A 127.0.0.1:54739 tcp
N/A 127.0.0.1:54743 tcp
N/A 127.0.0.1:54746 tcp
N/A 127.0.0.1:54750 tcp
N/A 127.0.0.1:54752 tcp
N/A 127.0.0.1:54755 tcp
N/A 127.0.0.1:54759 tcp
N/A 127.0.0.1:54766 tcp
N/A 127.0.0.1:54775 tcp
N/A 127.0.0.1:54778 tcp
N/A 127.0.0.1:54782 tcp
N/A 127.0.0.1:54788 tcp
N/A 127.0.0.1:54794 tcp
N/A 127.0.0.1:54798 tcp
N/A 127.0.0.1:54801 tcp
N/A 127.0.0.1:54809 tcp
N/A 127.0.0.1:54812 tcp
N/A 127.0.0.1:54815 tcp
N/A 127.0.0.1:54820 tcp
N/A 127.0.0.1:54824 tcp
N/A 127.0.0.1:54827 tcp
N/A 127.0.0.1:54830 tcp
N/A 127.0.0.1:54833 tcp
N/A 127.0.0.1:54838 tcp
N/A 127.0.0.1:54843 tcp
N/A 127.0.0.1:54845 tcp
N/A 127.0.0.1:54849 tcp
N/A 127.0.0.1:54858 tcp
N/A 127.0.0.1:54861 tcp
N/A 127.0.0.1:54865 tcp
N/A 127.0.0.1:54867 tcp
N/A 127.0.0.1:54871 tcp
N/A 127.0.0.1:54875 tcp
N/A 127.0.0.1:54878 tcp
N/A 127.0.0.1:54884 tcp
N/A 127.0.0.1:54889 tcp
N/A 127.0.0.1:54893 tcp
N/A 127.0.0.1:54898 tcp
N/A 127.0.0.1:54901 tcp
N/A 127.0.0.1:54903 tcp
N/A 127.0.0.1:54910 tcp
N/A 127.0.0.1:54914 tcp
N/A 127.0.0.1:54920 tcp
N/A 127.0.0.1:54923 tcp
N/A 127.0.0.1:54925 tcp
N/A 127.0.0.1:54936 tcp
N/A 127.0.0.1:54939 tcp
N/A 127.0.0.1:54942 tcp
N/A 127.0.0.1:54946 tcp
N/A 127.0.0.1:54950 tcp
N/A 127.0.0.1:54954 tcp
N/A 127.0.0.1:54962 tcp
N/A 127.0.0.1:54965 tcp
N/A 127.0.0.1:54967 tcp
N/A 127.0.0.1:54971 tcp
N/A 127.0.0.1:54976 tcp
N/A 127.0.0.1:54979 tcp
N/A 127.0.0.1:54982 tcp
N/A 127.0.0.1:54984 tcp
N/A 127.0.0.1:54986 tcp
N/A 127.0.0.1:54993 tcp
N/A 127.0.0.1:54997 tcp
N/A 127.0.0.1:54999 tcp
N/A 127.0.0.1:55001 tcp
N/A 127.0.0.1:55006 tcp
N/A 127.0.0.1:55009 tcp
N/A 127.0.0.1:55015 tcp
N/A 127.0.0.1:55020 tcp
N/A 127.0.0.1:55026 tcp
N/A 127.0.0.1:55028 tcp
N/A 127.0.0.1:55032 tcp
N/A 127.0.0.1:55040 tcp
N/A 127.0.0.1:55047 tcp
N/A 127.0.0.1:55050 tcp
N/A 127.0.0.1:55054 tcp
N/A 127.0.0.1:55059 tcp
N/A 127.0.0.1:55063 tcp
N/A 127.0.0.1:55068 tcp
N/A 127.0.0.1:55071 tcp
N/A 127.0.0.1:55076 tcp
N/A 127.0.0.1:55079 tcp
N/A 127.0.0.1:55081 tcp
N/A 127.0.0.1:55085 tcp
N/A 127.0.0.1:55088 tcp
N/A 127.0.0.1:55091 tcp
N/A 127.0.0.1:55095 tcp
N/A 127.0.0.1:55097 tcp
N/A 127.0.0.1:55102 tcp
N/A 127.0.0.1:55105 tcp
N/A 127.0.0.1:55109 tcp
N/A 127.0.0.1:55113 tcp
N/A 127.0.0.1:55117 tcp
N/A 127.0.0.1:55122 tcp
N/A 127.0.0.1:55126 tcp
N/A 127.0.0.1:55132 tcp
N/A 127.0.0.1:55136 tcp
N/A 127.0.0.1:55140 tcp
N/A 127.0.0.1:55144 tcp
N/A 127.0.0.1:55147 tcp
N/A 127.0.0.1:55151 tcp
N/A 127.0.0.1:55154 tcp
N/A 127.0.0.1:55157 tcp
N/A 127.0.0.1:55162 tcp
N/A 127.0.0.1:55165 tcp
N/A 127.0.0.1:55170 tcp
N/A 127.0.0.1:55174 tcp
N/A 127.0.0.1:55178 tcp
N/A 127.0.0.1:55183 tcp
N/A 127.0.0.1:55186 tcp
N/A 127.0.0.1:55189 tcp
N/A 127.0.0.1:55197 tcp
N/A 127.0.0.1:55199 tcp
N/A 127.0.0.1:55203 tcp
N/A 127.0.0.1:55208 tcp
N/A 127.0.0.1:55212 tcp
N/A 127.0.0.1:55216 tcp
N/A 127.0.0.1:55220 tcp
N/A 127.0.0.1:55224 tcp
N/A 127.0.0.1:55228 tcp
N/A 127.0.0.1:55231 tcp
N/A 127.0.0.1:55237 tcp
N/A 127.0.0.1:55240 tcp
N/A 127.0.0.1:55245 tcp
N/A 127.0.0.1:55248 tcp
N/A 127.0.0.1:55252 tcp
N/A 127.0.0.1:55256 tcp
N/A 127.0.0.1:55260 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:55266 tcp
N/A 127.0.0.1:55270 tcp
N/A 127.0.0.1:55273 tcp
N/A 127.0.0.1:55278 tcp
N/A 127.0.0.1:55281 tcp
N/A 127.0.0.1:55283 tcp
N/A 127.0.0.1:55287 tcp
N/A 127.0.0.1:55293 tcp
N/A 127.0.0.1:55297 tcp
N/A 127.0.0.1:55299 tcp
N/A 127.0.0.1:55303 tcp
N/A 127.0.0.1:55310 tcp
N/A 127.0.0.1:55312 tcp
N/A 127.0.0.1:55316 tcp
N/A 127.0.0.1:55320 tcp
N/A 127.0.0.1:55324 tcp
N/A 127.0.0.1:55328 tcp
N/A 127.0.0.1:55332 tcp
N/A 127.0.0.1:55336 tcp
N/A 127.0.0.1:55342 tcp
N/A 127.0.0.1:55346 tcp
N/A 127.0.0.1:55350 tcp
N/A 127.0.0.1:55354 tcp
N/A 127.0.0.1:55358 tcp
N/A 127.0.0.1:55362 tcp
N/A 127.0.0.1:55366 tcp
N/A 127.0.0.1:55371 tcp
N/A 127.0.0.1:55373 tcp
N/A 127.0.0.1:55378 tcp
N/A 127.0.0.1:55384 tcp
N/A 127.0.0.1:55386 tcp
N/A 127.0.0.1:55390 tcp
N/A 127.0.0.1:55393 tcp
N/A 127.0.0.1:55399 tcp
N/A 127.0.0.1:55403 tcp
N/A 127.0.0.1:55408 tcp
N/A 127.0.0.1:55410 tcp
N/A 127.0.0.1:55413 tcp
N/A 127.0.0.1:55419 tcp
N/A 127.0.0.1:55422 tcp
N/A 127.0.0.1:55427 tcp
N/A 127.0.0.1:55430 tcp
N/A 127.0.0.1:55435 tcp
N/A 127.0.0.1:55438 tcp
N/A 127.0.0.1:55442 tcp
N/A 127.0.0.1:55447 tcp
N/A 127.0.0.1:55450 tcp
N/A 127.0.0.1:55455 tcp
N/A 127.0.0.1:55458 tcp
N/A 127.0.0.1:55462 tcp
N/A 127.0.0.1:55466 tcp
N/A 127.0.0.1:55470 tcp
N/A 127.0.0.1:55473 tcp
N/A 127.0.0.1:55480 tcp
N/A 127.0.0.1:55483 tcp
N/A 127.0.0.1:55488 tcp
N/A 127.0.0.1:55490 tcp
N/A 127.0.0.1:55493 tcp
N/A 127.0.0.1:55499 tcp
N/A 127.0.0.1:55502 tcp
N/A 127.0.0.1:55505 tcp
N/A 127.0.0.1:55511 tcp
N/A 127.0.0.1:55515 tcp
N/A 127.0.0.1:55519 tcp
N/A 127.0.0.1:55522 tcp
N/A 127.0.0.1:55524 tcp
N/A 127.0.0.1:55530 tcp
N/A 127.0.0.1:55534 tcp
N/A 127.0.0.1:55538 tcp
N/A 127.0.0.1:55542 tcp
N/A 127.0.0.1:55547 tcp
N/A 127.0.0.1:55552 tcp
N/A 127.0.0.1:55555 tcp
N/A 127.0.0.1:55565 tcp
N/A 127.0.0.1:55567 tcp
N/A 127.0.0.1:55569 tcp
N/A 127.0.0.1:55571 tcp
N/A 127.0.0.1:55573 tcp
N/A 127.0.0.1:55575 tcp
N/A 127.0.0.1:55577 tcp
N/A 127.0.0.1:55622 tcp
N/A 127.0.0.1:55626 tcp
N/A 127.0.0.1:55628 tcp
N/A 127.0.0.1:55630 tcp
N/A 127.0.0.1:55634 tcp
N/A 127.0.0.1:55640 tcp
N/A 127.0.0.1:55646 tcp
N/A 127.0.0.1:55648 tcp
N/A 127.0.0.1:55653 tcp
N/A 127.0.0.1:55698 tcp
N/A 127.0.0.1:55700 tcp
N/A 127.0.0.1:55707 tcp
N/A 127.0.0.1:55713 tcp
N/A 127.0.0.1:55715 tcp
N/A 127.0.0.1:55719 tcp
N/A 127.0.0.1:55721 tcp
N/A 127.0.0.1:55723 tcp
N/A 127.0.0.1:55724 tcp
N/A 127.0.0.1:55727 tcp
N/A 127.0.0.1:55731 tcp
N/A 127.0.0.1:55733 tcp
N/A 127.0.0.1:55735 tcp
N/A 127.0.0.1:55738 tcp
N/A 127.0.0.1:55740 tcp
N/A 127.0.0.1:55742 tcp
N/A 127.0.0.1:55744 tcp
N/A 127.0.0.1:55746 tcp
N/A 127.0.0.1:55748 tcp
N/A 127.0.0.1:55750 tcp
N/A 127.0.0.1:55752 tcp
N/A 127.0.0.1:55754 tcp
N/A 127.0.0.1:55756 tcp
N/A 127.0.0.1:55758 tcp
N/A 127.0.0.1:55760 tcp
N/A 127.0.0.1:55762 tcp
N/A 127.0.0.1:55764 tcp
N/A 127.0.0.1:55766 tcp
N/A 127.0.0.1:55769 tcp
N/A 127.0.0.1:55772 tcp
N/A 127.0.0.1:55775 tcp
N/A 127.0.0.1:55777 tcp
N/A 127.0.0.1:55779 tcp
N/A 127.0.0.1:55781 tcp
N/A 127.0.0.1:55783 tcp
N/A 127.0.0.1:55785 tcp
N/A 127.0.0.1:55787 tcp
N/A 127.0.0.1:55789 tcp
N/A 127.0.0.1:55791 tcp
N/A 127.0.0.1:55793 tcp
N/A 127.0.0.1:55794 tcp
N/A 127.0.0.1:55797 tcp
N/A 127.0.0.1:55799 tcp
N/A 127.0.0.1:55801 tcp
N/A 127.0.0.1:55804 tcp
N/A 127.0.0.1:55806 tcp
N/A 127.0.0.1:55808 tcp
N/A 127.0.0.1:55810 tcp
N/A 127.0.0.1:55813 tcp
N/A 127.0.0.1:55814 tcp
N/A 127.0.0.1:55818 tcp
N/A 127.0.0.1:55820 tcp
N/A 127.0.0.1:55822 tcp
N/A 127.0.0.1:55824 tcp
N/A 127.0.0.1:55826 tcp
N/A 127.0.0.1:55828 tcp
N/A 127.0.0.1:55830 tcp
N/A 127.0.0.1:55833 tcp
N/A 127.0.0.1:55835 tcp
N/A 127.0.0.1:55838 tcp
N/A 127.0.0.1:55840 tcp
N/A 127.0.0.1:55842 tcp
N/A 127.0.0.1:55844 tcp
N/A 127.0.0.1:55845 tcp
N/A 127.0.0.1:55848 tcp
N/A 127.0.0.1:55850 tcp
N/A 127.0.0.1:55853 tcp
N/A 127.0.0.1:55855 tcp
N/A 127.0.0.1:55857 tcp
N/A 127.0.0.1:55860 tcp
N/A 127.0.0.1:55862 tcp
N/A 127.0.0.1:55882 tcp
N/A 127.0.0.1:55886 tcp
N/A 127.0.0.1:55889 tcp
N/A 127.0.0.1:55900 tcp
N/A 127.0.0.1:55905 tcp
N/A 127.0.0.1:55907 tcp
N/A 127.0.0.1:55916 tcp
N/A 127.0.0.1:55936 tcp
N/A 127.0.0.1:55940 tcp
N/A 127.0.0.1:55942 tcp
N/A 127.0.0.1:55949 tcp
N/A 127.0.0.1:55965 tcp
N/A 127.0.0.1:55969 tcp
N/A 127.0.0.1:55971 tcp
N/A 127.0.0.1:55982 tcp
N/A 127.0.0.1:55986 tcp
N/A 127.0.0.1:55991 tcp
N/A 127.0.0.1:55995 tcp
N/A 127.0.0.1:56004 tcp
N/A 127.0.0.1:56008 tcp
N/A 127.0.0.1:56011 tcp
N/A 127.0.0.1:56015 tcp
N/A 127.0.0.1:56017 tcp
N/A 127.0.0.1:56019 tcp
N/A 127.0.0.1:56021 tcp
N/A 127.0.0.1:56023 tcp
N/A 127.0.0.1:56025 tcp
N/A 127.0.0.1:56027 tcp
N/A 127.0.0.1:56029 tcp
N/A 127.0.0.1:56031 tcp
N/A 127.0.0.1:56033 tcp
N/A 127.0.0.1:56035 tcp
N/A 127.0.0.1:56115 tcp
N/A 127.0.0.1:56116 tcp
N/A 127.0.0.1:56114 tcp
N/A 127.0.0.1:56113 tcp
N/A 127.0.0.1:56121 tcp
N/A 127.0.0.1:56112 tcp
N/A 127.0.0.1:56110 tcp
N/A 127.0.0.1:56109 tcp
N/A 127.0.0.1:56107 tcp
N/A 127.0.0.1:56105 tcp
N/A 127.0.0.1:56104 tcp
N/A 127.0.0.1:56102 tcp
N/A 127.0.0.1:56101 tcp
N/A 127.0.0.1:56100 tcp
N/A 127.0.0.1:56098 tcp
N/A 127.0.0.1:56095 tcp
N/A 127.0.0.1:56134 tcp
N/A 127.0.0.1:56083 tcp
N/A 127.0.0.1:56076 tcp
N/A 127.0.0.1:56079 tcp
N/A 127.0.0.1:56073 tcp
N/A 127.0.0.1:56072 tcp
N/A 127.0.0.1:56070 tcp
N/A 127.0.0.1:56066 tcp
N/A 127.0.0.1:56062 tcp
N/A 127.0.0.1:56060 tcp
N/A 127.0.0.1:56145 tcp
N/A 127.0.0.1:56056 tcp
N/A 127.0.0.1:56148 tcp
N/A 127.0.0.1:56150 tcp
N/A 127.0.0.1:56152 tcp
N/A 127.0.0.1:56051 tcp
N/A 127.0.0.1:56155 tcp
N/A 127.0.0.1:56048 tcp
N/A 127.0.0.1:56158 tcp
N/A 127.0.0.1:56047 tcp
N/A 127.0.0.1:56161 tcp
N/A 127.0.0.1:56163 tcp
N/A 127.0.0.1:56045 tcp
N/A 127.0.0.1:56041 tcp
N/A 127.0.0.1:56167 tcp
N/A 127.0.0.1:56039 tcp
N/A 127.0.0.1:56170 tcp
N/A 127.0.0.1:56172 tcp
N/A 127.0.0.1:56174 tcp
N/A 127.0.0.1:56177 tcp
N/A 127.0.0.1:56037 tcp
N/A 127.0.0.1:56181 tcp
N/A 127.0.0.1:56183 tcp
N/A 127.0.0.1:56185 tcp
N/A 127.0.0.1:56187 tcp
N/A 127.0.0.1:56189 tcp
N/A 127.0.0.1:56191 tcp
N/A 127.0.0.1:56193 tcp
N/A 127.0.0.1:56246 tcp
N/A 127.0.0.1:56253 tcp
N/A 127.0.0.1:56255 tcp
N/A 127.0.0.1:56262 tcp
N/A 127.0.0.1:56265 tcp
N/A 127.0.0.1:56270 tcp
N/A 127.0.0.1:56275 tcp
N/A 127.0.0.1:56278 tcp
N/A 127.0.0.1:56281 tcp
N/A 127.0.0.1:56284 tcp
N/A 127.0.0.1:56286 tcp
N/A 127.0.0.1:56290 tcp
N/A 127.0.0.1:56297 tcp
N/A 127.0.0.1:56299 tcp
N/A 127.0.0.1:56307 tcp
N/A 127.0.0.1:56310 tcp
N/A 127.0.0.1:56312 tcp
N/A 127.0.0.1:56314 tcp
N/A 127.0.0.1:56322 tcp
N/A 127.0.0.1:56325 tcp
N/A 127.0.0.1:56329 tcp
N/A 127.0.0.1:56334 tcp
N/A 127.0.0.1:56337 tcp
N/A 127.0.0.1:56340 tcp
N/A 127.0.0.1:56343 tcp
N/A 127.0.0.1:56345 tcp
N/A 127.0.0.1:56349 tcp
N/A 127.0.0.1:56352 tcp
N/A 127.0.0.1:56355 tcp
N/A 127.0.0.1:56361 tcp
N/A 127.0.0.1:56366 tcp
N/A 127.0.0.1:56369 tcp
N/A 127.0.0.1:56373 tcp
N/A 127.0.0.1:56376 tcp
N/A 127.0.0.1:56378 tcp
N/A 127.0.0.1:56387 tcp
N/A 127.0.0.1:56390 tcp
N/A 127.0.0.1:56393 tcp
N/A 127.0.0.1:56397 tcp
N/A 127.0.0.1:56400 tcp
N/A 127.0.0.1:56406 tcp
N/A 127.0.0.1:56408 tcp
N/A 127.0.0.1:56416 tcp
N/A 127.0.0.1:56418 tcp
N/A 127.0.0.1:56422 tcp
N/A 127.0.0.1:56424 tcp
N/A 127.0.0.1:56427 tcp
N/A 127.0.0.1:56432 tcp
N/A 127.0.0.1:56439 tcp
N/A 127.0.0.1:56441 tcp
N/A 127.0.0.1:56443 tcp
N/A 127.0.0.1:56449 tcp
N/A 127.0.0.1:56453 tcp
N/A 127.0.0.1:56456 tcp
N/A 127.0.0.1:56460 tcp
N/A 127.0.0.1:56465 tcp
N/A 127.0.0.1:56470 tcp
N/A 127.0.0.1:56473 tcp
N/A 127.0.0.1:56476 tcp
N/A 127.0.0.1:56480 tcp
N/A 127.0.0.1:56484 tcp
N/A 127.0.0.1:56487 tcp
N/A 127.0.0.1:56490 tcp
N/A 127.0.0.1:56493 tcp
N/A 127.0.0.1:56496 tcp
N/A 127.0.0.1:56499 tcp
N/A 127.0.0.1:56504 tcp
N/A 127.0.0.1:56507 tcp
N/A 127.0.0.1:56515 tcp
N/A 127.0.0.1:56517 tcp
N/A 127.0.0.1:56520 tcp
N/A 127.0.0.1:56527 tcp
N/A 127.0.0.1:56529 tcp
N/A 127.0.0.1:56531 tcp
N/A 127.0.0.1:56535 tcp
N/A 127.0.0.1:56541 tcp
N/A 127.0.0.1:56544 tcp
N/A 127.0.0.1:56546 tcp
N/A 127.0.0.1:56553 tcp
N/A 127.0.0.1:56557 tcp
N/A 127.0.0.1:56561 tcp
N/A 127.0.0.1:56567 tcp
N/A 127.0.0.1:56569 tcp
N/A 127.0.0.1:56573 tcp
N/A 127.0.0.1:56575 tcp
N/A 127.0.0.1:56580 tcp
N/A 127.0.0.1:56584 tcp
N/A 127.0.0.1:56586 tcp
N/A 127.0.0.1:56589 tcp
N/A 127.0.0.1:56595 tcp
N/A 127.0.0.1:56599 tcp
N/A 127.0.0.1:56603 tcp
N/A 127.0.0.1:56608 tcp
N/A 127.0.0.1:56611 tcp
N/A 127.0.0.1:56614 tcp
N/A 127.0.0.1:56617 tcp
N/A 127.0.0.1:56621 tcp
N/A 127.0.0.1:56626 tcp
N/A 127.0.0.1:56628 tcp
N/A 127.0.0.1:56635 tcp
N/A 127.0.0.1:56639 tcp
N/A 127.0.0.1:56642 tcp
N/A 127.0.0.1:56650 tcp
N/A 127.0.0.1:56653 tcp
N/A 127.0.0.1:56659 tcp
N/A 127.0.0.1:56661 tcp
N/A 127.0.0.1:56664 tcp
N/A 127.0.0.1:56667 tcp
N/A 127.0.0.1:56674 tcp
N/A 127.0.0.1:56676 tcp
N/A 127.0.0.1:56680 tcp
N/A 127.0.0.1:56683 tcp
N/A 127.0.0.1:56685 tcp
N/A 127.0.0.1:56690 tcp
N/A 127.0.0.1:56693 tcp
N/A 127.0.0.1:56701 tcp
N/A 127.0.0.1:56707 tcp
N/A 127.0.0.1:56713 tcp
N/A 127.0.0.1:56715 tcp
N/A 127.0.0.1:56724 tcp
N/A 127.0.0.1:56726 tcp
N/A 127.0.0.1:56728 tcp
N/A 127.0.0.1:56730 tcp
N/A 127.0.0.1:56739 tcp
N/A 127.0.0.1:56742 tcp
N/A 127.0.0.1:56745 tcp
N/A 127.0.0.1:56748 tcp
N/A 127.0.0.1:56751 tcp
N/A 127.0.0.1:56755 tcp
N/A 127.0.0.1:56758 tcp
N/A 127.0.0.1:56761 tcp
N/A 127.0.0.1:56765 tcp
N/A 127.0.0.1:56769 tcp
N/A 127.0.0.1:56773 tcp
N/A 127.0.0.1:56776 tcp
N/A 127.0.0.1:56780 tcp
N/A 127.0.0.1:56785 tcp
N/A 127.0.0.1:56789 tcp
N/A 127.0.0.1:56794 tcp
N/A 127.0.0.1:56796 tcp
N/A 127.0.0.1:56799 tcp
N/A 127.0.0.1:56806 tcp
N/A 127.0.0.1:56809 tcp
N/A 127.0.0.1:56814 tcp
N/A 127.0.0.1:56818 tcp
N/A 127.0.0.1:56821 tcp
N/A 127.0.0.1:56823 tcp
N/A 127.0.0.1:56827 tcp
N/A 127.0.0.1:56830 tcp
N/A 127.0.0.1:56838 tcp
N/A 127.0.0.1:56841 tcp
N/A 127.0.0.1:56845 tcp
N/A 127.0.0.1:56849 tcp
N/A 127.0.0.1:56852 tcp
N/A 127.0.0.1:56857 tcp
N/A 127.0.0.1:56859 tcp
N/A 127.0.0.1:56861 tcp
N/A 127.0.0.1:56863 tcp
N/A 127.0.0.1:56865 tcp
N/A 127.0.0.1:56867 tcp
N/A 127.0.0.1:56869 tcp
N/A 127.0.0.1:56871 tcp
N/A 127.0.0.1:56873 tcp
N/A 127.0.0.1:56875 tcp
N/A 127.0.0.1:56877 tcp
N/A 127.0.0.1:56879 tcp
N/A 127.0.0.1:56881 tcp
N/A 127.0.0.1:56883 tcp
N/A 127.0.0.1:56885 tcp
N/A 127.0.0.1:56887 tcp
N/A 127.0.0.1:56889 tcp
N/A 127.0.0.1:56891 tcp
N/A 127.0.0.1:56893 tcp
N/A 127.0.0.1:56895 tcp
N/A 127.0.0.1:56897 tcp
N/A 127.0.0.1:56899 tcp
N/A 127.0.0.1:56901 tcp
N/A 127.0.0.1:56903 tcp
N/A 127.0.0.1:56905 tcp
N/A 127.0.0.1:56907 tcp
N/A 127.0.0.1:56909 tcp
N/A 127.0.0.1:56911 tcp
N/A 127.0.0.1:56913 tcp
N/A 127.0.0.1:56915 tcp
N/A 127.0.0.1:56917 tcp
N/A 127.0.0.1:56919 tcp
N/A 127.0.0.1:56921 tcp
N/A 127.0.0.1:56923 tcp
N/A 127.0.0.1:56925 tcp
N/A 127.0.0.1:56927 tcp
N/A 127.0.0.1:56929 tcp
N/A 127.0.0.1:56931 tcp
N/A 127.0.0.1:56933 tcp
N/A 127.0.0.1:56935 tcp
N/A 127.0.0.1:56937 tcp
N/A 127.0.0.1:56939 tcp
N/A 127.0.0.1:56941 tcp
N/A 127.0.0.1:56943 tcp
N/A 127.0.0.1:56945 tcp
N/A 127.0.0.1:56947 tcp
N/A 127.0.0.1:56949 tcp
N/A 127.0.0.1:56951 tcp
N/A 127.0.0.1:56953 tcp
N/A 127.0.0.1:56955 tcp
N/A 127.0.0.1:56957 tcp
N/A 127.0.0.1:56959 tcp
N/A 127.0.0.1:56961 tcp
N/A 127.0.0.1:56963 tcp
N/A 127.0.0.1:56965 tcp
N/A 127.0.0.1:56967 tcp
N/A 127.0.0.1:56969 tcp
N/A 127.0.0.1:56971 tcp
N/A 127.0.0.1:56973 tcp
N/A 127.0.0.1:56975 tcp
N/A 127.0.0.1:56977 tcp
N/A 127.0.0.1:56979 tcp
N/A 127.0.0.1:56981 tcp
N/A 127.0.0.1:56983 tcp
N/A 127.0.0.1:56985 tcp
N/A 127.0.0.1:56987 tcp
N/A 127.0.0.1:56989 tcp
N/A 127.0.0.1:56991 tcp
N/A 127.0.0.1:56993 tcp
N/A 127.0.0.1:56995 tcp
N/A 127.0.0.1:56997 tcp
N/A 127.0.0.1:56999 tcp
N/A 127.0.0.1:57001 tcp
N/A 127.0.0.1:57003 tcp
N/A 127.0.0.1:57005 tcp
N/A 127.0.0.1:57007 tcp
N/A 127.0.0.1:57009 tcp
N/A 127.0.0.1:57011 tcp
N/A 127.0.0.1:57013 tcp
N/A 127.0.0.1:57015 tcp
N/A 127.0.0.1:57017 tcp
N/A 127.0.0.1:57019 tcp
N/A 127.0.0.1:57021 tcp
N/A 127.0.0.1:57023 tcp
N/A 127.0.0.1:57025 tcp
N/A 127.0.0.1:57027 tcp
N/A 127.0.0.1:57029 tcp
N/A 127.0.0.1:57031 tcp
N/A 127.0.0.1:57033 tcp
N/A 127.0.0.1:57035 tcp
N/A 127.0.0.1:57037 tcp
N/A 127.0.0.1:57039 tcp
N/A 127.0.0.1:57041 tcp
N/A 127.0.0.1:57043 tcp
N/A 127.0.0.1:57045 tcp
N/A 127.0.0.1:57047 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:57051 tcp
N/A 127.0.0.1:57053 tcp
N/A 127.0.0.1:57055 tcp
N/A 127.0.0.1:57057 tcp
N/A 127.0.0.1:57059 tcp
N/A 127.0.0.1:57061 tcp
N/A 127.0.0.1:57063 tcp
N/A 127.0.0.1:57069 tcp
N/A 127.0.0.1:57072 tcp
N/A 127.0.0.1:57077 tcp
N/A 127.0.0.1:57083 tcp
N/A 127.0.0.1:57088 tcp
N/A 127.0.0.1:57091 tcp
N/A 127.0.0.1:57094 tcp
N/A 127.0.0.1:57098 tcp
N/A 127.0.0.1:57100 tcp
N/A 127.0.0.1:57102 tcp
N/A 127.0.0.1:57104 tcp
N/A 127.0.0.1:57106 tcp
N/A 127.0.0.1:57108 tcp
N/A 127.0.0.1:57110 tcp
N/A 127.0.0.1:57112 tcp
N/A 127.0.0.1:57114 tcp
N/A 127.0.0.1:57116 tcp
N/A 127.0.0.1:57118 tcp
N/A 127.0.0.1:57120 tcp
N/A 127.0.0.1:57122 tcp
N/A 127.0.0.1:57124 tcp
N/A 127.0.0.1:57126 tcp
N/A 127.0.0.1:57128 tcp
N/A 127.0.0.1:57130 tcp
N/A 127.0.0.1:57132 tcp
N/A 127.0.0.1:57134 tcp
N/A 127.0.0.1:57136 tcp
N/A 127.0.0.1:57139 tcp
N/A 127.0.0.1:57141 tcp
N/A 127.0.0.1:57143 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:57149 tcp
N/A 127.0.0.1:57152 tcp
N/A 127.0.0.1:57157 tcp
N/A 127.0.0.1:57159 tcp
N/A 127.0.0.1:57161 tcp
N/A 127.0.0.1:57163 tcp
N/A 127.0.0.1:57165 tcp
N/A 127.0.0.1:57167 tcp
N/A 127.0.0.1:57169 tcp
N/A 127.0.0.1:57171 tcp
N/A 127.0.0.1:57173 tcp
N/A 127.0.0.1:57175 tcp
N/A 127.0.0.1:57177 tcp
N/A 127.0.0.1:57179 tcp
N/A 127.0.0.1:57181 tcp
N/A 127.0.0.1:57183 tcp
N/A 127.0.0.1:57185 tcp
N/A 127.0.0.1:57187 tcp
N/A 127.0.0.1:57189 tcp
N/A 127.0.0.1:57191 tcp
N/A 127.0.0.1:57193 tcp
N/A 127.0.0.1:57195 tcp
N/A 127.0.0.1:57197 tcp
N/A 127.0.0.1:57199 tcp
N/A 127.0.0.1:57201 tcp
N/A 127.0.0.1:57203 tcp
N/A 127.0.0.1:57205 tcp
N/A 127.0.0.1:57207 tcp
N/A 127.0.0.1:57211 tcp
N/A 127.0.0.1:57213 tcp
N/A 127.0.0.1:57215 tcp
N/A 127.0.0.1:57217 tcp
N/A 127.0.0.1:57219 tcp
N/A 127.0.0.1:57221 tcp
N/A 127.0.0.1:57223 tcp
N/A 127.0.0.1:57225 tcp
N/A 127.0.0.1:57227 tcp
N/A 127.0.0.1:57229 tcp
N/A 127.0.0.1:57231 tcp
N/A 127.0.0.1:57233 tcp
N/A 127.0.0.1:57235 tcp
N/A 127.0.0.1:57237 tcp
N/A 127.0.0.1:57239 tcp
N/A 127.0.0.1:57241 tcp
N/A 127.0.0.1:57243 tcp
N/A 127.0.0.1:57245 tcp
N/A 127.0.0.1:57247 tcp
N/A 127.0.0.1:57249 tcp
N/A 127.0.0.1:57251 tcp
N/A 127.0.0.1:57253 tcp
N/A 127.0.0.1:57255 tcp
N/A 127.0.0.1:57257 tcp
N/A 127.0.0.1:57259 tcp
N/A 127.0.0.1:57261 tcp
N/A 127.0.0.1:57263 tcp
N/A 127.0.0.1:57265 tcp
N/A 127.0.0.1:57267 tcp
N/A 127.0.0.1:57269 tcp
N/A 127.0.0.1:57271 tcp
N/A 127.0.0.1:57273 tcp
N/A 127.0.0.1:57275 tcp
N/A 127.0.0.1:57277 tcp
N/A 127.0.0.1:57279 tcp
N/A 127.0.0.1:57281 tcp
N/A 127.0.0.1:57283 tcp
N/A 127.0.0.1:57285 tcp
N/A 127.0.0.1:57287 tcp
N/A 127.0.0.1:57289 tcp
N/A 127.0.0.1:57291 tcp
N/A 127.0.0.1:57293 tcp
N/A 127.0.0.1:57295 tcp
N/A 127.0.0.1:57303 tcp
N/A 127.0.0.1:57308 tcp
N/A 127.0.0.1:57310 tcp
N/A 127.0.0.1:57313 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:57322 tcp
N/A 127.0.0.1:57325 tcp
N/A 127.0.0.1:57327 tcp
N/A 127.0.0.1:57329 tcp
N/A 127.0.0.1:57331 tcp
N/A 127.0.0.1:57333 tcp
N/A 127.0.0.1:57335 tcp
N/A 127.0.0.1:57337 tcp
N/A 127.0.0.1:57339 tcp
N/A 127.0.0.1:57341 tcp
N/A 127.0.0.1:57343 tcp
N/A 127.0.0.1:57345 tcp
N/A 127.0.0.1:57347 tcp
N/A 127.0.0.1:57349 tcp
N/A 127.0.0.1:57351 tcp
N/A 127.0.0.1:57353 tcp
N/A 127.0.0.1:57355 tcp
N/A 127.0.0.1:57357 tcp
N/A 127.0.0.1:57359 tcp
N/A 127.0.0.1:57361 tcp
N/A 127.0.0.1:57363 tcp
N/A 127.0.0.1:57365 tcp
N/A 127.0.0.1:57367 tcp
N/A 127.0.0.1:57369 tcp
N/A 127.0.0.1:57371 tcp
N/A 127.0.0.1:57373 tcp
N/A 127.0.0.1:57375 tcp
N/A 127.0.0.1:57377 tcp
N/A 127.0.0.1:57379 tcp
N/A 127.0.0.1:57381 tcp
N/A 127.0.0.1:57383 tcp
N/A 127.0.0.1:57389 tcp
N/A 127.0.0.1:57391 tcp
N/A 127.0.0.1:57394 tcp
N/A 127.0.0.1:57396 tcp
N/A 127.0.0.1:57398 tcp
N/A 127.0.0.1:57400 tcp
N/A 127.0.0.1:57403 tcp
N/A 127.0.0.1:57405 tcp
N/A 127.0.0.1:57407 tcp
N/A 127.0.0.1:57409 tcp
N/A 127.0.0.1:57411 tcp
N/A 127.0.0.1:57413 tcp
N/A 127.0.0.1:57415 tcp
N/A 127.0.0.1:57417 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:57420 tcp
N/A 127.0.0.1:57426 tcp
N/A 127.0.0.1:57428 tcp
N/A 127.0.0.1:57430 tcp
N/A 127.0.0.1:57432 tcp
N/A 127.0.0.1:57434 tcp
N/A 127.0.0.1:57436 tcp
N/A 127.0.0.1:57438 tcp
N/A 127.0.0.1:57440 tcp
N/A 127.0.0.1:57442 tcp
N/A 127.0.0.1:57444 tcp
N/A 127.0.0.1:57446 tcp
N/A 127.0.0.1:57448 tcp
N/A 127.0.0.1:57450 tcp
N/A 127.0.0.1:57452 tcp
N/A 127.0.0.1:57454 tcp
N/A 127.0.0.1:57456 tcp
N/A 127.0.0.1:57458 tcp
N/A 127.0.0.1:57460 tcp
N/A 127.0.0.1:57462 tcp
N/A 127.0.0.1:57464 tcp
N/A 127.0.0.1:57466 tcp
N/A 127.0.0.1:57468 tcp
N/A 127.0.0.1:57470 tcp
N/A 127.0.0.1:57472 tcp
N/A 127.0.0.1:57474 tcp
N/A 127.0.0.1:57477 tcp
N/A 127.0.0.1:57479 tcp
N/A 127.0.0.1:57481 tcp
N/A 127.0.0.1:57483 tcp
N/A 127.0.0.1:57485 tcp
N/A 127.0.0.1:57487 tcp
N/A 127.0.0.1:57489 tcp
N/A 127.0.0.1:57495 tcp
N/A 127.0.0.1:57500 tcp
N/A 127.0.0.1:57503 tcp
N/A 127.0.0.1:57507 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:57513 tcp
N/A 127.0.0.1:57515 tcp
N/A 127.0.0.1:57517 tcp
N/A 127.0.0.1:57519 tcp
N/A 127.0.0.1:57521 tcp
N/A 127.0.0.1:57523 tcp
N/A 127.0.0.1:57525 tcp
N/A 127.0.0.1:57527 tcp
N/A 127.0.0.1:57529 tcp
N/A 127.0.0.1:57531 tcp
N/A 127.0.0.1:57533 tcp
N/A 127.0.0.1:57535 tcp
N/A 127.0.0.1:57537 tcp
N/A 127.0.0.1:57539 tcp
N/A 127.0.0.1:57541 tcp
N/A 127.0.0.1:57543 tcp
N/A 127.0.0.1:57545 tcp
N/A 127.0.0.1:57547 tcp
N/A 127.0.0.1:57549 tcp
N/A 127.0.0.1:57551 tcp
N/A 127.0.0.1:57553 tcp
N/A 127.0.0.1:57555 tcp
N/A 127.0.0.1:57557 tcp
N/A 127.0.0.1:57559 tcp
N/A 127.0.0.1:57561 tcp
N/A 127.0.0.1:57563 tcp
N/A 127.0.0.1:57565 tcp
N/A 127.0.0.1:57567 tcp
N/A 127.0.0.1:57569 tcp
N/A 127.0.0.1:57571 tcp
N/A 127.0.0.1:57576 tcp
N/A 127.0.0.1:57580 tcp
N/A 127.0.0.1:57582 tcp
N/A 127.0.0.1:57584 tcp
N/A 127.0.0.1:57586 tcp
N/A 127.0.0.1:57588 tcp
N/A 127.0.0.1:57590 tcp
N/A 127.0.0.1:57592 tcp
N/A 127.0.0.1:57594 tcp
N/A 127.0.0.1:57596 tcp
N/A 127.0.0.1:57598 tcp
N/A 127.0.0.1:57600 tcp
N/A 127.0.0.1:57602 tcp
N/A 127.0.0.1:57604 tcp
N/A 127.0.0.1:57608 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:57618 tcp
N/A 127.0.0.1:57621 tcp
N/A 127.0.0.1:57623 tcp
N/A 127.0.0.1:57625 tcp
N/A 127.0.0.1:57627 tcp
N/A 127.0.0.1:57635 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:57640 tcp
N/A 127.0.0.1:31330 tcp
N/A 127.0.0.1:57646 tcp
N/A 127.0.0.1:57651 tcp
N/A 127.0.0.1:57655 tcp
N/A 127.0.0.1:57658 tcp
N/A 127.0.0.1:57660 tcp
N/A 127.0.0.1:57662 tcp
N/A 127.0.0.1:57664 tcp
N/A 127.0.0.1:57666 tcp
N/A 127.0.0.1:57668 tcp
N/A 127.0.0.1:57670 tcp
N/A 127.0.0.1:57672 tcp
N/A 127.0.0.1:57674 tcp
N/A 127.0.0.1:57676 tcp
N/A 127.0.0.1:57678 tcp
N/A 127.0.0.1:57680 tcp
N/A 127.0.0.1:57682 tcp
N/A 127.0.0.1:57684 tcp
N/A 127.0.0.1:57686 tcp
N/A 127.0.0.1:57688 tcp
N/A 127.0.0.1:57690 tcp
N/A 127.0.0.1:57692 tcp
N/A 127.0.0.1:57694 tcp
N/A 127.0.0.1:57696 tcp
N/A 127.0.0.1:57698 tcp
N/A 127.0.0.1:57700 tcp
N/A 127.0.0.1:57702 tcp
N/A 127.0.0.1:57704 tcp
N/A 127.0.0.1:57706 tcp
N/A 127.0.0.1:57708 tcp
N/A 127.0.0.1:57710 tcp
N/A 127.0.0.1:57712 tcp
N/A 127.0.0.1:57714 tcp
N/A 127.0.0.1:57716 tcp
N/A 127.0.0.1:57718 tcp
N/A 127.0.0.1:57720 tcp
N/A 127.0.0.1:57722 tcp
N/A 127.0.0.1:57726 tcp
N/A 127.0.0.1:57734 tcp
N/A 127.0.0.1:57739 tcp
N/A 127.0.0.1:57741 tcp
N/A 127.0.0.1:57743 tcp
N/A 127.0.0.1:57745 tcp
N/A 127.0.0.1:57747 tcp
N/A 127.0.0.1:57749 tcp
N/A 127.0.0.1:57751 tcp
N/A 127.0.0.1:57753 tcp
N/A 127.0.0.1:57755 tcp
N/A 127.0.0.1:57757 tcp
N/A 127.0.0.1:57759 tcp
N/A 127.0.0.1:57761 tcp
N/A 127.0.0.1:57763 tcp
N/A 127.0.0.1:57765 tcp
N/A 127.0.0.1:57767 tcp
N/A 127.0.0.1:57769 tcp
N/A 127.0.0.1:57771 tcp
N/A 127.0.0.1:57773 tcp
N/A 127.0.0.1:57775 tcp
N/A 127.0.0.1:57777 tcp
N/A 127.0.0.1:57779 tcp
N/A 127.0.0.1:57781 tcp
N/A 127.0.0.1:57783 tcp
N/A 127.0.0.1:57785 tcp
N/A 127.0.0.1:57787 tcp
N/A 127.0.0.1:57789 tcp
N/A 127.0.0.1:57791 tcp
N/A 127.0.0.1:57793 tcp
N/A 127.0.0.1:57795 tcp
N/A 127.0.0.1:57797 tcp
N/A 127.0.0.1:57801 tcp
N/A 127.0.0.1:57804 tcp

Files

memory/2432-1-0x0000000000670000-0x0000000000770000-memory.dmp

memory/2432-2-0x00000000005C0000-0x00000000005CB000-memory.dmp

memory/2432-3-0x0000000000400000-0x0000000000474000-memory.dmp

memory/3396-4-0x0000000000680000-0x0000000000696000-memory.dmp

memory/2432-5-0x0000000000400000-0x0000000000474000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\F4A1.exe

MD5 b6297922e4d7e05d1b009613d201883e
SHA1 b6c739fd153f0078e115386bd0f87d784c1b5588
SHA256 91a101f00488af2027b7fee5bfe9a14f290bcc401d183d352c9de40625af3700
SHA512 ab503a34d096ba5b6695505054e12ddf16ddd1407c1737d0fb5655b21947bab4de49e546b0ee1bbc9cdd581b8f32522ec720d27fa0fe9b79796ea0e3a6e3be79

memory/3496-15-0x0000000000FA0000-0x000000000144E000-memory.dmp

memory/3496-16-0x0000000077614000-0x0000000077615000-memory.dmp

memory/3496-17-0x0000000000FA0000-0x000000000144E000-memory.dmp

memory/3496-18-0x0000000004B60000-0x0000000004B61000-memory.dmp

memory/3496-19-0x0000000004B70000-0x0000000004B71000-memory.dmp

memory/3496-20-0x0000000004B50000-0x0000000004B51000-memory.dmp

memory/3496-21-0x0000000004B90000-0x0000000004B91000-memory.dmp

memory/3496-22-0x00000000014A0000-0x00000000014A1000-memory.dmp

memory/3496-23-0x0000000004B40000-0x0000000004B41000-memory.dmp

memory/3496-24-0x0000000004B80000-0x0000000004B81000-memory.dmp

memory/3496-26-0x0000000004BB0000-0x0000000004BB1000-memory.dmp

memory/3496-27-0x0000000004BA0000-0x0000000004BA1000-memory.dmp

memory/3496-32-0x0000000000FA0000-0x000000000144E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D89.dll

MD5 b0fb18cfcac1983582e7fd67b2843ce8
SHA1 ca29cf7cee80be38c5d667d5e8c00e6ea11b3294
SHA256 4132c2587cfe85b944d95835d8d0bf92a08a0f831ea26a45c826146048347f45
SHA512 4d9e1b14ef1a8adc15d38846c0a4e1d762e76fd944c76621ef6ac3a8482d14e40cfd4d7a14853d7a99cca2a99aa438eba996e842f1172f5f9a8f34ba1d97daf9

memory/3888-37-0x0000000000C70000-0x0000000000C76000-memory.dmp

memory/3888-36-0x0000000010000000-0x00000000102CE000-memory.dmp

memory/4064-41-0x00000000000D0000-0x000000000057E000-memory.dmp

memory/4064-42-0x00000000000D0000-0x000000000057E000-memory.dmp

memory/4064-43-0x00000000053A0000-0x00000000053A1000-memory.dmp

memory/4064-44-0x00000000053B0000-0x00000000053B1000-memory.dmp

memory/4064-45-0x0000000005390000-0x0000000005391000-memory.dmp

memory/4064-46-0x00000000053D0000-0x00000000053D1000-memory.dmp

memory/4064-48-0x0000000005380000-0x0000000005381000-memory.dmp

memory/4064-47-0x0000000005370000-0x0000000005371000-memory.dmp

memory/4064-49-0x00000000053C0000-0x00000000053C1000-memory.dmp

memory/4064-50-0x00000000053F0000-0x00000000053F1000-memory.dmp

memory/4064-51-0x00000000053E0000-0x00000000053E1000-memory.dmp

memory/3888-52-0x0000000004D00000-0x0000000004E2B000-memory.dmp

memory/3888-53-0x0000000004E30000-0x0000000004F3F000-memory.dmp

memory/3888-56-0x0000000004E30000-0x0000000004F3F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3381.exe

MD5 9c82326b794d66cc844997c637141141
SHA1 dca040d356ffaedbc2f3b4ac96f053bac89dc425
SHA256 622e7db744a2f64e18840e5639355e3ffd56e869f1065ba4539e68ef9ae77827
SHA512 22da3fbdf5aa3fbee58bcbf38c2703eba691ed37b370d67ed2ebfd42c6fa2a45f53c6ce1f41d800e820e1a2a5501c1780c43a54671818050fda4e96d15120ea2

C:\Users\Admin\AppData\Local\Temp\3381.exe

MD5 6ae4ca1c7be2cf71b400e10cb7e4831f
SHA1 ed78eeb987b9c38fd29cca778c4b4614004dea87
SHA256 29288ba93ac38582c5a1248fa8115037e2983e3bc9bc2fd8816685fbbad79c8f
SHA512 1fb096cb9eacbe87fee3f6523d9a24346ba8fee7e16cd8e956fda3e4998a3407e1ff2c65e8d08f08aefa3c9954b514a06b4f88b6c8cdccc3e7f9e4965e5754e5

memory/3888-62-0x0000000010000000-0x00000000102CE000-memory.dmp

memory/4064-63-0x00000000000D0000-0x000000000057E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3381.exe

MD5 1537bc8951e9a634e77f9384fbdc34b7
SHA1 29def1624e976094f10d249f754feb88dab86085
SHA256 7fd01d51e4b359714597ca0456918dbb85243ad6ba76ed8636d6bf0ca2bb0085
SHA512 066ff7649eae1b42a781c8a408598b5826cd0c311d3e94aa421f2a88ac9556b3e4c972cebbf93190dbb3a087265405a226aeb47f9a9a1f0cf6c4e5ae77db9efd

memory/948-66-0x0000000002440000-0x00000000025F7000-memory.dmp

memory/216-69-0x0000000000400000-0x0000000000848000-memory.dmp

memory/216-65-0x0000000000400000-0x0000000000848000-memory.dmp

memory/216-70-0x0000000000400000-0x0000000000848000-memory.dmp

memory/948-64-0x0000000002280000-0x000000000243C000-memory.dmp

memory/216-71-0x0000000000400000-0x0000000000848000-memory.dmp

memory/216-72-0x0000000000400000-0x0000000000848000-memory.dmp

\Users\Admin\AppData\Local\Temp\D89.dll

MD5 1060fd39dd59beb40e14fe0e4ace2e31
SHA1 09e8919b412eabd289fde3bd96d58c78c9aa6d2c
SHA256 d8583c18b114d9588f9a18521da329af544142dc7a590405f9c0169e412c3b32
SHA512 8521abe5066426c3304a1dafd16c70c1bfeea360202d5a10c2c0ad394b4725314cbb8c4633d93a1e40d283226c8935d6b3e3ec972494082203d3da5856de942a

memory/216-73-0x0000000000400000-0x0000000000848000-memory.dmp

memory/216-76-0x0000000002BC0000-0x0000000002BC6000-memory.dmp

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 03eeff9b7a5e98e34a7763d55723f710
SHA1 a8b524e7b80e50b377c63d698875acef8fd1d452
SHA256 23099085f75f48a51fd8e434ddaf27aaa01f3d88511f83cc129fc8cdcb9e99a8
SHA512 23777a8f9294663a773ab840fc67f31abc874231e5cc47c59299a2b308afcadddad6411f2323ff3a9d8c1539e4cfacf95aebc857312211e7589daca40627a5d1

\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 110491d4525b395198eebbb782926211
SHA1 7d4f6f749b249a9029aa186c02e825df3fb13e60
SHA256 8b93023ae96aef0f40376b5299dbabe6bd41749c91a7a70abd685e87dead2ff4
SHA512 e25a8ee6544af321a9b0ca3dc462bd1b767371bbc25302fd9d5842fc701c7c720848b43958a6c09872bb03fdd4778f2118be51852dc6f73b2f720ddb4e6051fc

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 a21ba51320e246460cd10fd9d940ca1f
SHA1 253437834f3537debd72664218c2bb077f07b3a8
SHA256 85f872e7dc95829e4fb98c1932b1f704124ab476278e2c665978859236209a98
SHA512 02cc643f962517da3694e2e523eb7a552b18fcad9865cafa64ac6de6af55cf14cacc75d35caca5539a0405a4ca23cde662c56fa990e5b7adf096355a788025bb

\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 2b8a8ea6910f577975cb58798903be8f
SHA1 0e8323cdf239fa69b790b55086e7584c848942ca
SHA256 b158173d358e706986eb127a3ea6df1592e5d9a2f1c58973fed10ce4984ca015
SHA512 fea0eae7b639c42117ba2ad54770bf43925ec4778cccfcf66ae1641616f7f5f25f8d94fe60b37049c96434653f08998ce596c57b3c24a2dc44f99555a745c214

memory/216-90-0x0000000002D20000-0x0000000002E4B000-memory.dmp

memory/216-91-0x0000000002E60000-0x0000000002F6F000-memory.dmp

memory/216-94-0x0000000002E60000-0x0000000002F6F000-memory.dmp

memory/4064-98-0x00000000000D0000-0x000000000057E000-memory.dmp

memory/4580-100-0x00007FFAC3ED0000-0x00007FFAC48BC000-memory.dmp

memory/4580-102-0x000001E424F10000-0x000001E424F20000-memory.dmp

memory/4580-105-0x000001E424F10000-0x000001E424F20000-memory.dmp

memory/4580-106-0x000001E425030000-0x000001E425052000-memory.dmp

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll

MD5 2afdbe3b99a4736083066a13e4b5d11a
SHA1 4d4856cf02b3123ac16e63d4a448cdbcb1633546
SHA256 8d31b39170909595b518b1a03e9ec950540fabd545ed14817cac5c84b91599ee
SHA512 d89b3c46854153e60e3fa825b394344eee33936d7dbf186af9d95c9adae54428609e3bf21a18d38fce3d96f3e0b8e4e0ed25cb5004fbe288de3aef3a85b1d93f

memory/4580-109-0x000001E4250E0000-0x000001E425156000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jaybhaij.abi.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

C:\Users\Admin\AppData\Local\Temp\77BE.exe

MD5 a335c41b723ddd04dd87e06e01ced896
SHA1 457f31907867a9dcc6092cc8dba6792d35848025
SHA256 f9a872ab04dd12294d169510f5616ad204b08b2b89f3462ca175d648b6016ed0
SHA512 f4198f23c44b026a7311471b65951b26eae02935b73449b2c81283a575c43e3b2341f63f04351454f182cbf3866f0b21b8d13495e4dd24fbbb3354d4d536e0ae

C:\Users\Admin\AppData\Local\Temp\77BE.exe

MD5 e297eac588f5af1f623da454f781ccf4
SHA1 bfeca77f7a04021f2a49d110311c526600419c9e
SHA256 1ec2d639bb4a44cfbddbfc77abbfc42b6e32076f45945d6713791d86d5067ab4
SHA512 c20ebd1f366c385ce3a58f043fb8e4a6b4d3e16d4019fca73a760b1add70567de27d7fcc2b0aa83a5496f01020304fd88c7afab09caaa70cc156eafc871e9100

memory/2836-133-0x0000000072130000-0x000000007281E000-memory.dmp

memory/2836-134-0x0000000000BB0000-0x000000000114E000-memory.dmp

memory/4064-136-0x00000000000D0000-0x000000000057E000-memory.dmp

memory/2836-137-0x0000000005FD0000-0x00000000064FC000-memory.dmp

memory/2836-140-0x0000000005AA0000-0x0000000005AC0000-memory.dmp

memory/2836-139-0x0000000005950000-0x0000000005960000-memory.dmp

memory/2836-135-0x0000000005A00000-0x0000000005A9C000-memory.dmp

memory/2836-143-0x0000000005BC0000-0x0000000005DFA000-memory.dmp

memory/4580-155-0x000001E424F10000-0x000001E424F20000-memory.dmp

memory/4064-154-0x00000000000D0000-0x000000000057E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\B555.exe

MD5 96d67f280282e98728c0bcfab7c6ba66
SHA1 4b04f5f1c56cc47b2807820b29f16726079d1954
SHA256 ffbfff539a7a75ca7079d9f91c8ddca14ae371b83360ab482bce3168bc2859e5
SHA512 dd3f240cc3947fde508283c8a111493c9e3e8850541ba2aad5612cc6dad9aafb4ff733050fc1742b4374fa9589d9119ec61b7309565949745f75e630e962ab25

C:\Users\Admin\AppData\Local\Temp\B555.exe

MD5 abd805e888636cf4f52a7d59b93c7d72
SHA1 dbfa9e552301570f0a3785e4c41a372550644286
SHA256 5991dbefe05fba8882aa8c4053423ee0fc3fd458a632b10464725a62e67c7948
SHA512 95cf4525b8d391670c8a6beb77f3002a91844208d992f88d2dece1f774699a23d2e5ae3b9a3293356e238eb3be05595b9c95f3c38b013733b0bab1a0cf74c80b

memory/4064-161-0x00000000000D0000-0x000000000057E000-memory.dmp

memory/2752-166-0x0000000000D60000-0x0000000001A41000-memory.dmp

memory/2752-176-0x0000000000890000-0x0000000000891000-memory.dmp

memory/2752-178-0x00000000008A0000-0x00000000008A1000-memory.dmp

memory/3940-179-0x0000000001BF0000-0x0000000001CF0000-memory.dmp

memory/2752-180-0x00000000008B0000-0x00000000008B1000-memory.dmp

memory/3940-182-0x0000000003590000-0x00000000035FB000-memory.dmp

memory/2752-184-0x0000000000960000-0x0000000000961000-memory.dmp

memory/3940-181-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/2752-183-0x0000000000950000-0x0000000000951000-memory.dmp

memory/2752-177-0x0000000000D60000-0x0000000001A41000-memory.dmp

memory/2752-185-0x0000000000970000-0x0000000000971000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BE7E.exe

MD5 f1476375aad02d3b026e065d8c0a6030
SHA1 fb361b96971e0d481634cb43728ccc72deebeda6
SHA256 f0ecef7cc77d8d1195981cc513c27b5d1a8fba7ada6b0af5f503fa725cc87d56
SHA512 5c5b9ae530fe081ffcfac546c47e6a9d9444b30c9e6c368b6a33ba3c8accb3283139a2bdff4d688eaed94f28ba9bf2d5165e3388821c6af794d956b21d51eb20

C:\Users\Admin\AppData\Local\Temp\BE7E.exe

MD5 7b1154cc17b815fb519594bb08b774b1
SHA1 b46ba90dccbab308e94bb65dc84bdc19e2d31e11
SHA256 40bcd0f2dff5d0f3b57de6484c334417823157012199f26f014850c18ff89c46
SHA512 e8722970938c8a237c139c70cb5238485b9ff89f06b31dacf92b81c28e13b9b2ac3da8351c64eb300ea10c35cfcf0304b37208319d025fd661aa66121fafa24b

memory/2752-187-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/2752-190-0x0000000000400000-0x0000000001A77000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\C6EB.exe

MD5 d496d8d95417d98a79e218be42992eb4
SHA1 ae65fb606a91608c95e591a2ade4bdd423c00be0
SHA256 4be754f9d4366145c81740a503bc785f1cc6c9ada4d99425160c7c4726dcb868
SHA512 4bb5b116bfb7ab1ca5cfcff1a4e32ff27fdb64317fbbced2cf5fbab8136d9502b44bd30dd8a3db443bc5738217ed23f91f67d70850af2410730443882e68429f

memory/2260-194-0x0000000000480000-0x00000000006D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\C6EB.exe

MD5 f27aaaf8abd82370a0812bd6d3e83fe5
SHA1 8439ef9ee532b7603168ec6f53a2c7ea566134c4
SHA256 d39b949778354bb07d73db1b82c7d6c91adf6f3e5f76ce168e2906d6b9fc8e8b
SHA512 252b8f78827d284acbfc4a37c58babf0479d078fb534ec9a9373bf4faa3b30864d5161aae03b884fe74b6400b404c56906bb8f7b25899dcbfff0cdcf38b7b9f8

memory/2752-192-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/2752-196-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/2752-197-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/2752-198-0x0000000000400000-0x0000000001A77000-memory.dmp

memory/2260-201-0x0000000072130000-0x000000007281E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CE4F.exe

MD5 3d575663fc8da3ae70492d6617bb3d04
SHA1 d34ce14a6d170b3f2b690ac7a2030a8b7d7d10a6
SHA256 8bfaa1a88018b1815734b045c1fe78486bca95b57ca1d6c38fee3ecb340739ae
SHA512 76ded99466d32f6fe965b3c80b28ac5d9a9de21b7676a6aeed5573dc47f54637777269dd87032a07e470866017e3fdbc3db3a7f43defad5f7c9714a520a07469

C:\Users\Admin\AppData\Local\Temp\CE4F.exe

MD5 8d67b37df06bed7bcf517b0245a2b1ea
SHA1 df18ff0111f73d3686e3f3f45367abeca3536f1f
SHA256 d0516a386af7422a7eda8662e18777a78d0848ba527880b56d8b08638abbd8ca
SHA512 f0dfa57b41e7d151ccddc8def0f74a7e8099bd1ae9f73a8c80c2ec873e6ab229890251bf35bdd4f5535b84ba9b732c73ff8ca1e114bc2e721984181eff16b711

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

MD5 eaf2d1a50c7ffcc819b7aad942a30925
SHA1 93496ec96508cb2408b8710fe59a210071704236
SHA256 84df7a65d38cff9da6d33ef603a73dbebd4c8f16dd81f48d2ea99e00e0a7afc4
SHA512 232351f3233ddf541cf1c3cc9ef847de251c06b34b09e84e2983d7afc7d8749320a45204da77855a0a8fc2261c91b8d34be5e6ce02b842374c40bcaf0bfedf45

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

MD5 09ccfa4309ccbea2020715900d33f12c
SHA1 5f58e585a9eb92ab453c59e405866b8b5fafcce3
SHA256 18856d026d50d828af04a36bf42967ca9aba89ee9bf9b3140c7d40f13b5d7517
SHA512 0fd556f954a5136f2fd933053a8b1ac5cd5e5a0b0174a00529d552262993c166af1bf0ee80de9d56e1605fa34bc77b87641af27ff731ff5e21452daed76a7933

memory/4580-208-0x00007FFAC3ED0000-0x00007FFAC48BC000-memory.dmp

memory/1348-206-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\april.exe

MD5 1e894d416c7b7f67a2e352698183285f
SHA1 3d222daf7fe4a3d090b126a0cd174387bb7939ae
SHA256 c38f1f94f2836d80f04d18aea6dd83ef11eb3d91b9f599e61ecd0eb2f17c0207
SHA512 529cd884892b26b7f42a5367d8f6ff41cfe4684a7c63d12c889ed5e737bfa78d73ce4f51a9f133efc72f6434c66d681d085c40b3ed500df68d7fe2dd80b60931

memory/4580-225-0x000001E424F10000-0x000001E424F20000-memory.dmp

memory/2260-224-0x0000000072130000-0x000000007281E000-memory.dmp

memory/4580-221-0x000001E424F10000-0x000001E424F20000-memory.dmp

memory/5076-227-0x0000000000400000-0x0000000000414000-memory.dmp

memory/5076-219-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-E7JB1.tmp\CE4F.tmp

MD5 5b9c13d0dbe645d0d52b649d97f1ea19
SHA1 e95a97a3dcc308a975d8de24638f58a9cd298dba
SHA256 65c5872476be2fa27894249189b4f013d94cc5602528ceb88ecd74f91130329d
SHA512 4e7e20b4a7369adc0b2f6751bf380c5aa869cddadeb6505773e8b5086cefe38707a5a145240cf88078fe419e355ba103da06227ac4e26d0c90cbd22d74c54afb

C:\Users\Admin\AppData\Local\Temp\is-E7JB1.tmp\CE4F.tmp

MD5 dc0fe66bd72edeb9688cdd5cdd26d0aa
SHA1 ed34a2e54e0f39860170fd929bd544e9c0727be6
SHA256 d82f372dd0b9f699504cbbe370b7e7d6df55de0155fdcb6687e8e04ce889c36a
SHA512 5810097c1a29410547d6b406cbe75188e4443b0b2c36709ff1577b8b9527323012829f0dc584347688adc49230a06d2bebf7eb9d1c7f5522bf521a7f07b22314

C:\Users\Admin\AppData\Local\Temp\is-3E88D.tmp\april.tmp

MD5 d86ec70b2e4a0f4b4d94f22bd1e39d15
SHA1 692b19bec468d04bda14c50abd7a3f9f41383c2c
SHA256 7c80e078079000c28fb44dfc0c5ab5f0efb0658dd08bbf51bd6abb0bf9a69b87
SHA512 3dd0a5b8714fad00554460d9628971aa1fd6f9450c6f18cb41ec7ae428801a4c0c2305839d91126f0a439d2ff239bf89fa14589fd1714dd51c8905323cde38e4

C:\Users\Admin\AppData\Local\Temp\april.exe

MD5 8403dd5bdb3f77f365baa6f3f7735f1d
SHA1 778a01c51611da5329485e0b24a9130f50401ad2
SHA256 9c5b3501400e87715d53ae4ecd69aa9c8fb9a790e049771bbb676c3451a5bc7f
SHA512 9da213a6f56b0697f02216d409d5c37178bbc82b9f886901f4c19c421bd8f5b9ba4c26b5e0826b2e5f81422f7693d390f673e40fa37200d4fcb63cc19d89a5e5

C:\Users\Admin\AppData\Local\Temp\is-3E88D.tmp\april.tmp

MD5 beba3a95a8a89b5b7b8b17d634ccb91c
SHA1 9d3c0a54787fe70d9e3f79663829c10d0a5620ca
SHA256 e1db568f7c6018c246907bed9ace57b9f5840d58591af591499e788556424f06
SHA512 bf60c43403cbbab9838df5e7743ca767b5a40d2a35e0db86c9ff1d07c3f3ce9a51ae83ef33890d2a1a5beb4b4cd781346fcb689d164b0fe57361bdae76220093

memory/1348-216-0x0000000000400000-0x0000000000414000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-I6U4A.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

memory/2836-259-0x0000000072130000-0x000000007281E000-memory.dmp

C:\Users\Admin\AppData\Local\Text Ultra Edit\is-I60B6.tmp

MD5 df2c5006cbe65133a6d64269213acb0a
SHA1 56c4917ec197a70665c298955b1761026f9dd526
SHA256 00a418611975b98fe0460cf707cbca1b9c9831941fa81e6ba167f72fa9da7ee4
SHA512 fe92e6727eaf8426016e952a81573ad675d14b1820ddd28194169f973e860c6ddfa8a2b26459b23caf404106d4c58a565a5aeec562bbf3b32c616ff819bdfa20

memory/4064-250-0x00000000000D0000-0x000000000057E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-I6U49.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

memory/3940-278-0x0000000000400000-0x0000000001A77000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E94A.exe

MD5 d1c85ae1427ba62efb3aa3408c2632e7
SHA1 a820c794e1fd690d7eba288dc8c4438217b9fca2
SHA256 494b69f2db4fa7c42eb1a9f45c315519e4102c7eaa8e4f3ad8937a98d8779caa
SHA512 8e53140ee69f10756074b62532a4b95f1f29396aa823106847b1ec2903d2304cdbf2770d927377d8c0638d18bbf0c2dae5ba0aa57bc0f6dbf375224fc05c0663

C:\Users\Admin\AppData\Local\Temp\E94A.exe

MD5 d1ebeb602598d1978a67b6b49b8aeb18
SHA1 b6f7c55f4eee7ce1b3b940d5a0c16f24ab9fdfe7
SHA256 f3593a11977bdefc5b074f4b7c2ad376008607bc8030839f74720b094ecfc04b
SHA512 89b804e9fce6b33e3598e456f216e3c9c56666e20904c399a7b46a6b48f7fe0309bc41ae0510d7a68a6859c59ddf06cf457e214de5ef3d4c5d918f7a7f7b74b2

C:\Users\Admin\AppData\Local\Temp\u1l0.0.exe

MD5 3a15a9e69a1eb9cb66e956385a849fe7
SHA1 99c918c4cf0b0f2e2e89bdad0995f96dc4e3a4ce
SHA256 f7054f9a8a15807f8682a8c1d8bba6721d3c3e865c1b39cac2c8b53faf5cc342
SHA512 085d4e94f7de745014ff34ce7a8629fff74cc86d647eea1a964cafdb7777328212874f63bd0ac4ec114b541a8de8e64f72d7c84bc71201b2c01647c82ea67ff5

memory/304-297-0x0000000001150000-0x00000000015FE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\u1l0.0.exe

MD5 eae8f1cff410a54725527cd0e759ce41
SHA1 9537e90abd8c6da642f8c26b56fe35997add10f3
SHA256 415a23efec7414a0d75d07b7f57f4af8a3c92deafd35e61226b1efa12cf22f94
SHA512 2d735aac10c0638fc903aa073f12fa5346e1283c8463aa91371967c63047fac15deec8b4bf0f425eb63a9e1e75f6e7116e490c4677797551395b91e95167e5cc

\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll

MD5 5608ccac23b730a4d1cbae136484e301
SHA1 2305a947641782f4c51518a98ad838667fdec684
SHA256 fa7afc25b53b09a91583f5c8131498c32cbd2d1d2a7523ee9bc9ea57518e4ff1
SHA512 91989352a968be34d5951cbb77ada58b5b8b458a18131a7bd39a2f8740c650099dbeb8ae7ee5ed1d42a09ca2cc829955521ae8d15fb7db4ccf5b831ab0e09f7a

memory/4860-311-0x0000000000400000-0x0000000000448000-memory.dmp

memory/1348-312-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\u1l0.1.exe

MD5 333cac6bc88d2fa02da0c960022daacd
SHA1 21669d401b94b3ae221cae30954c5a52941bcd8c
SHA256 1729bf35f2631d38186d3abdb8be65bcd90610e0dd35bde8c2f25ce18da66ee2
SHA512 ea4305d2cac81346e5055be946359ad761b0329e3c6e29cf7145dedbfc4d1d885f5a8de5cc61bd274dd7b1365d73a7c1c574b6927ac2020acf263e95c485a3e6

C:\Users\Admin\AppData\Local\Temp\FD8E.exe

MD5 5edc27f4fb945833e627a554407746a1
SHA1 ce0f744e2a827d7ba428562f7fd4932e6f144cbc
SHA256 608f8c358e578d87c5668673eff699f5bceb5a9fff9a9b51a0da6b1be51b1466
SHA512 4deea18efe3c586f7a7ceb240819b88fc17ea3ad1bef238eec9c7d4d2ab50e3b4040cf4cf544fd82e0607da41b83fde156205904faf5a3b329df461fcbbc3c50

C:\Users\Admin\AppData\Local\Temp\FD8E.exe

MD5 60ef8fcca4f9da8cf89bb962773fc3f8
SHA1 71ed24e6683ee16e9914e00c06e53584ee7d1a4d
SHA256 e8b687535c0f3496609f5c2d8126865dcc8f260dc4cd52c8eb1f408e1eef5b87
SHA512 ffb400bc1419650c8fc73c9ae87e74309468274899254bc2908a144b7031c8d99ebd48cff9075d988aa5598b0b07d114726e8d21b39cfaf3a6cd05c104c33482

C:\Users\Admin\AppData\Roaming\Temp\Task.bat

MD5 11bb3db51f701d4e42d3287f71a6a43e
SHA1 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86
SHA256 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331
SHA512 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2

\ProgramData\nss3.dll

MD5 851d94fa37a2937beb3f401f4cc192df
SHA1 b701e94ab2f4d1fe948688a9e0adef6da200e113
SHA256 c1f3e1cf97a8bf4fb1ab7020b33921b7ab969ef681e2245e1cddf20180102466
SHA512 80e5bfbe79b440a2a8613c38fde8278d4feb9b0e1af576f2956fdcf8ffca0bfb96542acee5f1b20f8fe14d5613b74098c75845501dc370f024bfade1a14f825f

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

C:\ProgramData\Are.docx

MD5 a33e5b189842c5867f46566bdbf7a095
SHA1 e1c06359f6a76da90d19e8fd95e79c832edb3196
SHA256 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454
SHA512 f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

C:\Users\Admin\AppData\Local\Temp\GCGHJEBGHJ.exe

MD5 42b838cf8bdf67400525e128d917f6e0
SHA1 a578f6faec738912dba8c41e7abe1502c46d0cae
SHA256 0e4ffba62ce9a464aa1b7ff9f1e55ace8f51ff1e15102d856f801a81f8b4607d
SHA512 f64b39d885375251ab7db72c57dc5b5095f0c6412169f1035d1f6a25b8415a2a01004d06bfa0267cf683ef7dea7a9f969ad43fde5a4376f1fcb65a57403433c0

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 0e82665af2b5fb32d0f44731689e4242
SHA1 3598cb67ba0ec0def68deb9306ac803390909c00
SHA256 6a8815b2dd74277d3c4cce7d277226602e381c73710c4bd37f071a602c2997e9
SHA512 73ed8ed727bc6cb779012380a9c24ccf964b2d6889b88badafd6c4adffb8a08bb96d94948294a581e14be4eb33b8139880beedd6381cf589a98a75f2853a635a

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 2b0c509517d70082aa8a8eb58e47dfab
SHA1 635e112f4ece4c2dbe0f974facac4e0e7f6ba87a
SHA256 2d26939ea83bf1e0a2b0e4519c3c86b3ee804838c3800d46d44a719b581893d3
SHA512 c6919a0db28e1197818dbd4768cb02dc1f36103141611e5f38eb5bb9529cf1696629fa97aa6899eac06dd3328bab577480a8ab05ce2806e800972058f08a985b

C:\Users\Admin\AppData\Roaming\iwrgrss

MD5 dc17113b669a922924a7d74b6b3b6814
SHA1 d6c02f934a413443d69a4875aa66e0367fb67682
SHA256 4795d38884a4d7b44ce88a49ce66668b20d2c739164a7d8022660984787049cc
SHA512 6a3090dd28dfc9ae685c0eaeb9cf5b06c259de6ed2b3d3ce43226696be1911bbbad6586ec2fbf42e39649459f3d3e608e845405093283a0865ffb2a8c0d53f14

C:\Users\Admin\AppData\Roaming\iwrgrss

MD5 5b0cd690c67324baae906735b3441103
SHA1 88e458a022d016d6d6b6552d0a417a02a96fd339
SHA256 831a1e074b3485d33bcfd15e331989bb03c54def483b7b102f6fbbd7680ba05d
SHA512 2b1588023c71efc0fe7121d45cb2b62a566c65a7dc32b18bfde5844d2c33eb48c263e394046736498c2a78d28189928564301b87b7e9c0ae9f194cdffaf26ecd