Malware Analysis Report

2024-10-23 21:45

Sample ID 240314-nw4b5sbb5v
Target c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.bin
SHA256 c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0
Tags
amadey redline smokeloader zgrat livetraffic backdoor bootkit discovery evasion infostealer persistence rat spyware stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0

Threat Level: Known bad

The file c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.bin was found to be: Known bad.

Malicious Activity Summary

amadey redline smokeloader zgrat livetraffic backdoor bootkit discovery evasion infostealer persistence rat spyware stealer trojan upx

Amadey

RedLine payload

Modifies visiblity of hidden/system files in Explorer

Detect ZGRat V1

ZGRat

SmokeLoader

RedLine

Modifies visibility of file extensions in Explorer

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Deletes itself

Reads local data of messenger clients

Identifies Wine through registry keys

Unexpected DNS network traffic destination

Checks BIOS information in registry

Reads WinSCP keys stored on the system

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Looks up external IP address via web service

Adds Run key to start application

Enumerates connected drives

Writes to the Master Boot Record (MBR)

Suspicious use of SetThreadContext

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

Program crash

Enumerates physical storage devices

Unsigned PE

NSIS installer

Suspicious use of UnmapMainImage

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Uses Task Scheduler COM API

Enumerates system info in registry

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: AddClipboardFormatListener

Creates scheduled task(s)

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious behavior: MapViewOfSection

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-14 11:45

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-14 11:45

Reported

2024-03-14 11:56

Platform

win11-20240221-en

Max time kernel

213s

Max time network

658s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.exe"

Signatures

Amadey

trojan amadey

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "0" N/A N/A

Modifies visiblity of hidden/system files in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" N/A N/A

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\B44C.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\B44C.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\B44C.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\B44C.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe N/A

Reads WinSCP keys stored on the system

spyware stealer

Reads local data of messenger clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 91.211.247.248 N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Windows\CurrentVersion\Run\random.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000873001\\random.exe" C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Windows\CurrentVersion\Run\random.cmd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000874021\\random.cmd" C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\3006.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\AppData\Local\Temp\EEE0.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\B44C.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorgu.job C:\Users\Admin\AppData\Local\Temp\B44C.exe N/A

Enumerates physical storage devices

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Internet Explorer\Toolbar N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 N/A N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f80cb859f6720028040b29b5540cc05aab60000 N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\FFlags = "1092616193" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616209" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\FFlags = "1092616209" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupView = "4294967295" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000 N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Mode = "6" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\IconSize = "48" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\WorkFolders N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f443a5c000000000000000000000000000000000000000000 N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByDirection = "1" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "5" N/A N/A
Key created \Registry\User\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\NotificationData N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668} N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\system32\taskmgr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 60003100000000006e58015e122050524f4752417e330000480009000400efbec55259616e58035e2e000000f004000000000100000000000000000000000000000087fa3e00500072006f006700720061006d004400610074006100000018000000 N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:PID = "2" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 N/A N/A
Key created \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = ffffffff N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295" N/A N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3304 wrote to memory of 1488 N/A N/A C:\Users\Admin\AppData\Local\Temp\B44C.exe
PID 3304 wrote to memory of 1488 N/A N/A C:\Users\Admin\AppData\Local\Temp\B44C.exe
PID 3304 wrote to memory of 1488 N/A N/A C:\Users\Admin\AppData\Local\Temp\B44C.exe
PID 3304 wrote to memory of 2000 N/A N/A C:\Windows\system32\regsvr32.exe
PID 3304 wrote to memory of 2000 N/A N/A C:\Windows\system32\regsvr32.exe
PID 2000 wrote to memory of 468 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2000 wrote to memory of 468 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2000 wrote to memory of 468 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3304 wrote to memory of 1532 N/A N/A C:\Users\Admin\AppData\Local\Temp\3006.exe
PID 3304 wrote to memory of 1532 N/A N/A C:\Users\Admin\AppData\Local\Temp\3006.exe
PID 3304 wrote to memory of 1532 N/A N/A C:\Users\Admin\AppData\Local\Temp\3006.exe
PID 1532 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\3006.exe C:\Users\Admin\AppData\Local\Temp\3006.exe
PID 1532 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\3006.exe C:\Users\Admin\AppData\Local\Temp\3006.exe
PID 1532 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\3006.exe C:\Users\Admin\AppData\Local\Temp\3006.exe
PID 1532 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\3006.exe C:\Users\Admin\AppData\Local\Temp\3006.exe
PID 1532 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\3006.exe C:\Users\Admin\AppData\Local\Temp\3006.exe
PID 1532 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\3006.exe C:\Users\Admin\AppData\Local\Temp\3006.exe
PID 1532 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\3006.exe C:\Users\Admin\AppData\Local\Temp\3006.exe
PID 1532 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\3006.exe C:\Users\Admin\AppData\Local\Temp\3006.exe
PID 2168 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe
PID 2168 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe
PID 2168 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe
PID 2168 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe
PID 2168 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe
PID 2168 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe
PID 3020 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3020 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3020 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3020 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3020 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3020 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3020 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3020 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2940 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2940 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2940 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2940 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2940 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2940 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2940 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2940 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2940 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2168 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\rundll32.exe
PID 2168 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\rundll32.exe
PID 2168 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\rundll32.exe
PID 1172 wrote to memory of 2052 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe
PID 1172 wrote to memory of 2052 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe
PID 2052 wrote to memory of 3544 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\netsh.exe
PID 2052 wrote to memory of 3544 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\netsh.exe
PID 2052 wrote to memory of 2124 N/A C:\Windows\system32\rundll32.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2052 wrote to memory of 2124 N/A C:\Windows\system32\rundll32.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2168 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\rundll32.exe
PID 2168 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\rundll32.exe
PID 2168 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\rundll32.exe
PID 3304 wrote to memory of 1376 N/A N/A C:\Users\Admin\AppData\Local\Temp\F1C1.exe
PID 3304 wrote to memory of 1376 N/A N/A C:\Users\Admin\AppData\Local\Temp\F1C1.exe
PID 3304 wrote to memory of 1376 N/A N/A C:\Users\Admin\AppData\Local\Temp\F1C1.exe
PID 3304 wrote to memory of 3400 N/A N/A C:\Windows\system32\taskmgr.exe
PID 3304 wrote to memory of 3400 N/A N/A C:\Windows\system32\taskmgr.exe
PID 1376 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\F1C1.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
PID 1376 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\F1C1.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
PID 1376 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\F1C1.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
PID 1376 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\F1C1.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
PID 1376 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\F1C1.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.exe

"C:\Users\Admin\AppData\Local\Temp\c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.exe"

C:\Users\Admin\AppData\Local\Temp\B44C.exe

C:\Users\Admin\AppData\Local\Temp\B44C.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\E967.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\E967.dll

C:\Users\Admin\AppData\Local\Temp\3006.exe

C:\Users\Admin\AppData\Local\Temp\3006.exe

C:\Users\Admin\AppData\Local\Temp\3006.exe

C:\Users\Admin\AppData\Local\Temp\3006.exe

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe

"C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe"

C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe

"C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main

C:\Windows\system32\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4372 -ip 4372

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 1128

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\637591879962_Desktop.zip' -CompressionLevel Optimal

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main

C:\Users\Admin\AppData\Local\Temp\F1C1.exe

C:\Users\Admin\AppData\Local\Temp\F1C1.exe

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 960 -ip 960

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 960 -ip 960

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 1124

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 1100

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\CCC0.exe

C:\Users\Admin\AppData\Local\Temp\CCC0.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2472 -ip 2472

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 512

C:\Users\Admin\AppData\Local\Temp\EEE0.exe

C:\Users\Admin\AppData\Local\Temp\EEE0.exe

C:\Users\Admin\AppData\Local\Temp\1000858001\alex12341.exe

"C:\Users\Admin\AppData\Local\Temp\1000858001\alex12341.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\configurationValue\olehpsp.exe

"C:\Users\Admin\AppData\Roaming\configurationValue\olehpsp.exe"

C:\Users\Admin\AppData\Roaming\configurationValue\TWO.exe

"C:\Users\Admin\AppData\Roaming\configurationValue\TWO.exe"

C:\Users\Admin\AppData\Local\Temp\1000865001\dais.exe

"C:\Users\Admin\AppData\Local\Temp\1000865001\dais.exe"

C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe

"C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1000874021\random.cmd" "

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb30603cb8,0x7ffb30603cc8,0x7ffb30603cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffb30603cb8,0x7ffb30603cc8,0x7ffb30603cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb30603cb8,0x7ffb30603cc8,0x7ffb30603cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,11600439447427278000,4273508431963935441,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,11600439447427278000,4273508431963935441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5624 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004D8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\1000875001\amadka.exe

"C:\Users\Admin\AppData\Local\Temp\1000875001\amadka.exe"

C:\Users\Admin\AppData\Local\Temp\1000903001\lummahelp.exe

"C:\Users\Admin\AppData\Local\Temp\1000903001\lummahelp.exe"

C:\Users\Admin\AppData\Roaming\bdasdga

C:\Users\Admin\AppData\Roaming\bdasdga

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2660 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\617C.exe

C:\Users\Admin\AppData\Local\Temp\617C.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe

"C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe"

C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe

C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST

C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"

C:\Users\Admin\AppData\Local\Temp\3E7F.exe

C:\Users\Admin\AppData\Local\Temp\3E7F.exe

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST

C:\Users\Admin\AppData\Local\Temp\1000935001\InstallSetup3.exe

"C:\Users\Admin\AppData\Local\Temp\1000935001\InstallSetup3.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6772 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\is-7IPG4.tmp\3E7F.tmp

"C:\Users\Admin\AppData\Local\Temp\is-7IPG4.tmp\3E7F.tmp" /SL5="$40420,1634991,54272,C:\Users\Admin\AppData\Local\Temp\3E7F.exe"

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe

C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe

C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe

"C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe" -i

C:\Users\Admin\AppData\Local\Temp\april.exe

"C:\Users\Admin\AppData\Local\Temp\april.exe"

C:\Users\Admin\AppData\Local\Temp\3880.exe

C:\Users\Admin\AppData\Local\Temp\3880.exe

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Users\Admin\AppData\Local\Temp\is-DAADB.tmp\april.tmp

"C:\Users\Admin\AppData\Local\Temp\is-DAADB.tmp\april.tmp" /SL5="$30458,1478464,54272,C:\Users\Admin\AppData\Local\Temp\april.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Users\Admin\AppData\Local\Temp\1000936001\toolspub1.exe

"C:\Users\Admin\AppData\Local\Temp\1000936001\toolspub1.exe"

C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe

"C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe" -s

C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe

C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe

C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe

"C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe" -i

C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe

"C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe" -s

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main

C:\Windows\system32\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main

C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe

C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\clip64.dll, Main

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 6024 -ip 6024

C:\Users\Admin\AppData\Local\Temp\1000010001\lenin.exe

"C:\Users\Admin\AppData\Local\Temp\1000010001\lenin.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 6024 -ip 6024

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 1132

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\cd0e42c921a94894b7f746395ef78e5a /t 9576 /p 5904

C:\Users\Admin\AppData\Local\Temp\1000018001\InstallSetup8.exe

"C:\Users\Admin\AppData\Local\Temp\1000018001\InstallSetup8.exe"

C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe

C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
RU 185.215.113.45:80 185.215.113.45 tcp
US 8.8.8.8:53 45.113.215.185.in-addr.arpa udp
RU 185.215.113.32:80 185.215.113.32 tcp
RU 193.233.132.167:80 193.233.132.167 tcp
US 8.8.8.8:53 167.132.233.193.in-addr.arpa udp
US 188.114.96.2:443 resergvearyinitiani.shop tcp
DE 20.218.68.91:7690 tcp
US 172.67.181.250:443 wisemassiveharmonious.shop tcp
RU 185.215.113.32:80 185.215.113.32 tcp
RU 185.215.113.32:80 185.215.113.32 tcp
N/A 127.0.0.1:50024 tcp
CA 167.114.144.152:9002 tcp
FR 178.20.55.18:443 tcp
DE 116.203.140.74:9001 tcp
SE 171.25.193.9:80 tcp
US 8.8.8.8:53 9.193.25.171.in-addr.arpa udp
US 188.114.97.2:443 herdbescuitinjurywu.shop tcp
US 172.67.181.250:443 wisemassiveharmonious.shop tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
NL 84.54.51.152:443 tcp
FI 65.108.136.189:443 tcp
US 188.114.96.2:443 herdbescuitinjurywu.shop tcp
US 172.67.181.250:443 wisemassiveharmonious.shop tcp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 19.128.172.185.in-addr.arpa udp
RU 185.215.113.32:80 185.215.113.32 tcp
RU 193.233.132.167:80 193.233.132.167 tcp
DE 185.172.128.33:8970 tcp
FI 65.108.136.189:443 tcp
NL 84.54.51.152:443 tcp
N/A 127.0.0.1:42463 tcp
RU 193.233.132.62:57893 193.233.132.62 tcp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
NL 172.217.168.238:443 www.youtube.com tcp
US 8.8.8.8:53 84.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
BE 64.233.167.84:443 accounts.google.com udp
NL 172.217.168.238:443 www.youtube.com udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
NL 172.217.168.214:443 i.ytimg.com tcp
NL 172.217.168.214:443 i.ytimg.com tcp
US 209.85.165.72:443 rr3---sn-q4flrn7k.googlevideo.com tcp
US 209.85.165.72:443 rr3---sn-q4flrn7k.googlevideo.com tcp
US 209.85.165.72:443 rr3---sn-q4flrn7k.googlevideo.com tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 209.85.165.72:443 rr3---sn-q4flrn7k.googlevideo.com tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
US 209.85.165.72:443 rr3---sn-q4flrn7k.googlevideo.com tcp
US 209.85.165.72:443 rr3---sn-q4flrn7k.googlevideo.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 beta.thecrims.com udp
US 8.8.8.8:53 my.malwarebytes.com udp
US 8.8.8.8:53 my.malwarebytes.com udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 idp.tamuc.edu udp
US 50.58.50.26:21 sermoncentral.com tcp
US 50.58.50.26:22 sermoncentral.com tcp
FR 52.222.169.95:22 app.toroinvestimentos.com.br tcp
FR 52.222.169.95:21 app.toroinvestimentos.com.br tcp
US 50.58.50.26:443 sermoncentral.com tcp
BE 108.177.15.27:143 aspmx.l.google.com tcp
FR 52.222.169.95:443 app.toroinvestimentos.com.br tcp
US 172.66.40.217:22 beta.thecrims.com tcp
US 172.66.40.217:21 beta.thecrims.com tcp
BE 13.225.239.43:22 my.malwarebytes.com tcp
FR 52.222.169.95:143 app.toroinvestimentos.com.br tcp
US 8.8.8.8:53 accounts.google.com udp
BE 13.225.239.43:21 my.malwarebytes.com tcp
FR 52.222.169.95:80 app.toroinvestimentos.com.br tcp
BE 108.177.15.27:465 aspmx.l.google.com tcp
US 50.58.50.26:80 sermoncentral.com tcp
US 68.232.1.48:22 idp.tamuc.edu tcp
FR 52.222.169.95:465 app.toroinvestimentos.com.br tcp
US 68.232.1.48:21 idp.tamuc.edu tcp
FR 52.222.169.95:995 app.toroinvestimentos.com.br tcp
BE 13.225.239.43:443 my.malwarebytes.com tcp
US 8.8.8.8:53 56.itknyga.co.ua udp
US 8.8.8.8:53 95.169.222.52.in-addr.arpa udp
BE 108.177.15.27:995 aspmx.l.google.com tcp
BR 200.130.24.34:22 enem.inep.gov.br tcp
BR 200.130.24.34:21 enem.inep.gov.br tcp
US 68.232.1.48:443 idp.tamuc.edu tcp
US 172.66.40.217:443 beta.thecrims.com tcp
NL 142.250.179.174:443 youtube.com tcp
NL 142.250.179.174:443 youtube.com tcp
BE 64.233.167.84:22 accounts.google.com tcp
BE 64.233.167.84:21 accounts.google.com tcp
BR 200.130.24.34:443 enem.inep.gov.br tcp
US 172.66.40.217:143 beta.thecrims.com tcp
BE 13.225.239.43:143 my.malwarebytes.com tcp
US 68.232.1.48:143 idp.tamuc.edu tcp
FR 52.222.169.95:80 app.toroinvestimentos.com.br tcp
US 68.232.1.48:465 idp.tamuc.edu tcp
BE 64.233.167.84:443 accounts.google.com tcp
GB 3.10.126.228:21 signup.eune.leagueoflegends.com tcp
US 50.58.50.26:80 sermoncentral.com tcp
US 172.66.40.217:465 beta.thecrims.com tcp
US 172.66.40.217:80 beta.thecrims.com tcp
BE 13.225.239.43:80 my.malwarebytes.com tcp
BE 13.225.239.43:465 my.malwarebytes.com tcp
GB 3.10.126.228:22 signup.eune.leagueoflegends.com tcp
US 172.66.40.217:995 beta.thecrims.com tcp
US 8.8.8.8:53 modthesims.info udp
US 8.8.8.8:53 gmr-smtp-in.l.google.com udp
US 68.232.1.48:80 idp.tamuc.edu tcp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
FR 52.222.169.92:21 app.toroinvestimentos.com.br tcp
FR 52.222.169.95:443 app.toroinvestimentos.com.br tcp
US 8.8.8.8:53 authpre.senasofiaplus.edu.co udp
BE 13.225.239.43:995 my.malwarebytes.com tcp
BR 200.130.24.34:143 enem.inep.gov.br tcp
US 68.232.1.48:995 idp.tamuc.edu tcp
BE 13.225.239.109:22 my.malwarebytes.com tcp
US 8.8.8.8:53 modthesims.info udp
FR 52.222.169.92:22 app.toroinvestimentos.com.br tcp
FR 52.222.169.92:143 app.toroinvestimentos.com.br tcp
GB 3.10.126.228:443 signup.eune.leagueoflegends.com tcp
BE 13.225.239.43:80 my.malwarebytes.com tcp
US 172.66.43.39:22 beta.thecrims.com tcp
US 172.66.43.39:21 beta.thecrims.com tcp
US 104.26.11.129:21 bonk.io tcp
US 50.58.50.26:443 sermoncentral.com tcp
BE 66.102.1.14:143 gmr-smtp-in.l.google.com tcp
FR 52.222.169.92:465 app.toroinvestimentos.com.br tcp
BE 66.102.1.14:465 gmr-smtp-in.l.google.com tcp
US 8.8.8.8:53 nxlogin.nexon.com udp
US 8.8.8.8:53 mx.zoho.com udp
FR 52.222.169.92:995 app.toroinvestimentos.com.br tcp
US 104.26.11.129:22 bonk.io tcp
GB 3.10.126.228:143 signup.eune.leagueoflegends.com tcp
BE 13.225.239.109:21 my.malwarebytes.com tcp
US 104.26.11.129:443 bonk.io tcp
CO 186.113.6.78:22 authpre.senasofiaplus.edu.co tcp
US 172.66.40.217:80 beta.thecrims.com tcp
US 68.232.1.48:80 idp.tamuc.edu tcp
BE 64.233.167.84:80 accounts.google.com tcp
BR 200.130.24.34:465 enem.inep.gov.br tcp
BR 200.130.24.34:80 enem.inep.gov.br tcp
FR 52.222.169.107:21 app.toroinvestimentos.com.br tcp
US 8.8.8.8:53 nxlogin.nexon.com udp
US 104.21.66.204:22 modthesims.info tcp
US 8.8.8.8:53 56.itknyga.co.ua udp
CO 186.113.6.78:21 authpre.senasofiaplus.edu.co tcp
GB 3.10.126.228:995 signup.eune.leagueoflegends.com tcp
GB 3.10.126.228:465 signup.eune.leagueoflegends.com tcp
BE 13.225.239.79:22 my.malwarebytes.com tcp
GB 3.10.126.228:80 signup.eune.leagueoflegends.com tcp
US 104.21.66.204:21 modthesims.info tcp
FR 52.222.169.95:443 app.toroinvestimentos.com.br tcp
BE 66.102.1.14:995 gmr-smtp-in.l.google.com tcp
US 204.141.43.44:143 mx.zoho.com tcp
US 172.66.40.217:443 beta.thecrims.com tcp
BR 200.130.24.34:80 enem.inep.gov.br tcp
US 8.8.8.8:53 recruitment-portal.in udp
US 172.66.43.39:143 beta.thecrims.com tcp
BE 13.225.239.109:143 my.malwarebytes.com tcp
CO 186.113.6.78:443 authpre.senasofiaplus.edu.co tcp
FR 52.222.169.107:22 app.toroinvestimentos.com.br tcp
GB 18.135.83.51:21 signup.eune.leagueoflegends.com tcp
FR 52.222.169.30:21 app.toroinvestimentos.com.br tcp
BE 13.225.239.79:21 my.malwarebytes.com tcp
US 172.66.43.39:995 beta.thecrims.com tcp
FR 52.222.169.107:995 app.toroinvestimentos.com.br tcp
US 104.21.66.204:443 modthesims.info tcp
BE 13.225.239.58:22 my.malwarebytes.com tcp
US 204.141.43.44:465 mx.zoho.com tcp
FR 52.222.169.107:143 app.toroinvestimentos.com.br tcp
US 104.26.11.129:80 bonk.io tcp
BR 200.130.24.34:995 enem.inep.gov.br tcp
US 50.58.50.26:443 sermoncentral.com tcp
KR 183.110.0.26:22 nxlogin.nexon.com tcp
BE 13.225.239.109:465 my.malwarebytes.com tcp
GB 18.135.83.51:22 signup.eune.leagueoflegends.com tcp
US 172.66.43.39:465 beta.thecrims.com tcp
BE 13.225.239.109:995 my.malwarebytes.com tcp
BE 13.225.239.43:443 my.malwarebytes.com tcp
BE 64.233.167.84:80 accounts.google.com tcp
US 8.8.8.8:53 muchienviet.com udp
US 8.8.8.8:53 inspireawards-dst.gov.in udp
FR 52.222.169.107:465 app.toroinvestimentos.com.br tcp
KR 183.110.0.26:21 nxlogin.nexon.com tcp
FR 52.222.169.30:995 app.toroinvestimentos.com.br tcp
GB 3.10.126.228:80 signup.eune.leagueoflegends.com tcp
US 204.141.43.44:995 mx.zoho.com tcp
BE 13.225.239.43:443 my.malwarebytes.com tcp
US 162.159.205.19:143 route2.mx.cloudflare.net tcp
KR 183.110.0.26:443 nxlogin.nexon.com tcp
US 8.8.8.8:53 inspireawards-dst.gov.in udp
BE 13.225.239.79:143 my.malwarebytes.com tcp
US 8.8.8.8:53 campusvirtual.duoc.cl udp
IN 14.139.61.154:22 recruitment-portal.in tcp
US 104.21.66.204:80 modthesims.info tcp
US 162.159.205.19:465 route2.mx.cloudflare.net tcp
CO 186.113.6.78:143 authpre.senasofiaplus.edu.co tcp
US 172.67.207.63:22 modthesims.info tcp
US 172.66.40.217:443 beta.thecrims.com tcp
US 172.67.72.36:22 bonk.io tcp
BE 13.225.239.79:995 my.malwarebytes.com tcp
US 172.67.72.36:21 bonk.io tcp
IN 14.139.61.154:21 recruitment-portal.in tcp
BE 13.225.239.79:465 my.malwarebytes.com tcp
GB 18.135.83.51:995 signup.eune.leagueoflegends.com tcp
US 8.8.8.8:53 campusvirtual.duoc.cl udp
GB 18.135.83.51:143 signup.eune.leagueoflegends.com tcp
BE 13.225.239.58:995 my.malwarebytes.com tcp
US 8.8.8.8:53 dewabet.asia udp
US 8.8.8.8:53 19.205.159.162.in-addr.arpa udp
US 8.8.8.8:53 26.0.110.183.in-addr.arpa udp
CO 186.113.6.78:80 authpre.senasofiaplus.edu.co tcp
CO 186.113.6.78:465 authpre.senasofiaplus.edu.co tcp
GB 3.10.126.228:443 signup.eune.leagueoflegends.com tcp
KR 183.110.0.154:22 nxlogin.nexon.com tcp
GB 18.135.83.51:465 signup.eune.leagueoflegends.com tcp
US 104.26.11.129:80 bonk.io tcp
US 172.66.40.217:21 beta.thecrims.com tcp
US 172.67.207.63:21 modthesims.info tcp
IN 14.139.61.154:443 recruitment-portal.in tcp
US 8.8.8.8:53 56.itknyga.co.ua udp
US 8.8.8.8:53 seraphzone.com udp
US 162.159.205.19:995 route2.mx.cloudflare.net tcp
CO 186.113.6.78:995 authpre.senasofiaplus.edu.co tcp
US 172.66.40.217:22 beta.thecrims.com tcp
IN 164.100.213.160:21 inspireawards-dst.gov.in tcp
KR 183.110.0.154:21 nxlogin.nexon.com tcp
KR 183.110.0.26:143 nxlogin.nexon.com tcp
FR 52.222.169.95:21 app.toroinvestimentos.com.br tcp
BE 64.233.167.84:443 accounts.google.com tcp
US 8.8.8.8:53 78.6.113.186.in-addr.arpa udp
GB 3.10.126.228:443 signup.eune.leagueoflegends.com tcp
BE 64.233.167.84:443 accounts.google.com tcp
BE 13.225.239.43:22 my.malwarebytes.com tcp
US 44.193.118.31:22 campusvirtual.duoc.cl tcp
IN 164.100.213.160:22 inspireawards-dst.gov.in tcp
BR 200.130.24.34:22 enem.inep.gov.br tcp
US 104.21.66.204:443 modthesims.info tcp
FR 52.222.169.95:143 app.toroinvestimentos.com.br tcp
US 162.159.205.19:465 route2.mx.cloudflare.net tcp
FR 52.222.169.95:80 app.toroinvestimentos.com.br tcp
US 8.8.8.8:53 muchienviet.com udp
BR 200.130.24.34:21 enem.inep.gov.br tcp
US 172.66.43.39:21 beta.thecrims.com tcp
FR 52.222.169.92:21 app.toroinvestimentos.com.br tcp
FR 52.222.169.95:22 app.toroinvestimentos.com.br tcp
FR 52.222.169.95:80 app.toroinvestimentos.com.br tcp
US 172.66.40.217:143 beta.thecrims.com tcp
BE 108.177.15.27:465 aspmx.l.google.com tcp
BE 13.225.239.43:21 my.malwarebytes.com tcp
BE 108.177.15.27:143 aspmx.l.google.com tcp
US 104.26.11.129:443 bonk.io tcp
US 50.58.50.26:22 sermoncentral.com tcp
US 50.58.50.26:21 sermoncentral.com tcp
US 68.232.1.48:22 idp.tamuc.edu tcp
IN 14.139.61.154:143 recruitment-portal.in tcp
IN 164.100.213.160:443 inspireawards-dst.gov.in tcp
US 44.193.118.31:21 campusvirtual.duoc.cl tcp
US 162.159.205.19:143 route2.mx.cloudflare.net tcp
US 172.66.40.217:80 beta.thecrims.com tcp
FR 52.222.169.95:995 app.toroinvestimentos.com.br tcp
GB 3.10.126.228:21 signup.eune.leagueoflegends.com tcp
KR 183.110.0.154:465 nxlogin.nexon.com tcp
US 188.114.96.2:22 dewabet.asia tcp
KR 183.110.0.154:80 nxlogin.nexon.com tcp
US 68.232.1.48:21 idp.tamuc.edu tcp
US 172.66.40.217:995 beta.thecrims.com tcp
KR 183.110.0.154:995 nxlogin.nexon.com tcp
US 50.58.50.26:80 sermoncentral.com tcp
BE 64.233.167.84:22 accounts.google.com tcp
FR 52.222.169.95:465 app.toroinvestimentos.com.br tcp
DE 185.172.128.109:80 185.172.128.109 tcp
IN 14.139.61.154:80 recruitment-portal.in tcp
US 8.8.8.8:53 bulletin.nexon.com udp
US 8.8.8.8:53 56.itknyga.co.ua udp
BE 108.177.15.27:995 aspmx.l.google.com tcp
US 172.66.40.217:80 beta.thecrims.com tcp
US 172.66.40.217:465 beta.thecrims.com tcp
BE 13.225.239.43:80 my.malwarebytes.com tcp
GB 3.10.126.228:22 signup.eune.leagueoflegends.com tcp
US 50.58.50.26:80 sermoncentral.com tcp
BE 64.233.167.84:21 accounts.google.com tcp
US 104.21.66.204:80 modthesims.info tcp
US 44.193.118.31:443 campusvirtual.duoc.cl tcp
US 172.66.43.39:22 beta.thecrims.com tcp
US 188.114.96.2:21 dewabet.asia tcp
FR 52.222.169.92:143 app.toroinvestimentos.com.br tcp
KR 183.110.0.154:143 nxlogin.nexon.com tcp
FR 52.222.169.107:21 app.toroinvestimentos.com.br tcp
GB 18.135.83.51:21 signup.eune.leagueoflegends.com tcp
US 188.114.97.2:22 dewabet.asia tcp
KR 183.110.0.26:465 nxlogin.nexon.com tcp
BE 13.225.239.43:143 my.malwarebytes.com tcp
US 104.21.66.204:22 modthesims.info tcp
CO 186.113.6.78:22 authpre.senasofiaplus.edu.co tcp
BE 13.225.239.43:995 my.malwarebytes.com tcp
US 52.21.145.149:22 campusvirtual.duoc.cl tcp
IN 164.100.213.160:143 inspireawards-dst.gov.in tcp
BE 13.225.239.109:22 my.malwarebytes.com tcp
US 104.26.11.129:21 bonk.io tcp
FR 52.222.169.92:22 app.toroinvestimentos.com.br tcp
BE 13.225.239.79:22 my.malwarebytes.com tcp
US 172.66.43.39:143 beta.thecrims.com tcp
BE 13.225.239.58:22 my.malwarebytes.com tcp
US 8.8.8.8:53 feedback-smtp.us-east-1.amazonses.com udp
FR 52.222.169.107:143 app.toroinvestimentos.com.br tcp
US 8.8.8.8:53 154.0.110.183.in-addr.arpa udp
US 8.8.8.8:53 109.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 31.118.193.44.in-addr.arpa udp
GB 92.123.241.50:22 store.steampowered.com tcp
BE 13.225.239.43:465 my.malwarebytes.com tcp
US 52.21.145.149:21 campusvirtual.duoc.cl tcp
BE 13.225.239.109:21 my.malwarebytes.com tcp
US 172.66.43.39:465 beta.thecrims.com tcp
GB 18.135.83.51:22 signup.eune.leagueoflegends.com tcp
FR 52.222.169.92:995 app.toroinvestimentos.com.br tcp
BE 64.233.167.84:80 accounts.google.com tcp
BE 66.102.1.14:995 gmr-smtp-in.l.google.com tcp
US 188.114.96.2:443 dewabet.asia tcp
FR 52.222.169.30:143 app.toroinvestimentos.com.br tcp
US 172.66.43.39:995 beta.thecrims.com tcp
US 44.193.118.31:143 campusvirtual.duoc.cl tcp
GB 3.10.126.228:995 signup.eune.leagueoflegends.com tcp
BE 13.225.239.43:80 my.malwarebytes.com tcp
BR 200.130.24.34:143 enem.inep.gov.br tcp
KR 183.110.0.26:995 nxlogin.nexon.com tcp
IN 14.139.61.154:465 recruitment-portal.in tcp
KR 183.110.0.154:22 nxlogin.nexon.com tcp
US 68.232.1.48:465 idp.tamuc.edu tcp
BE 66.102.1.14:143 gmr-smtp-in.l.google.com tcp
IN 14.139.61.154:995 recruitment-portal.in tcp
GB 3.10.126.228:80 signup.eune.leagueoflegends.com tcp
US 172.67.207.63:22 modthesims.info tcp
FR 52.222.169.92:465 app.toroinvestimentos.com.br tcp
BE 66.102.1.14:465 gmr-smtp-in.l.google.com tcp
GB 3.10.126.228:143 signup.eune.leagueoflegends.com tcp
US 104.26.11.129:22 bonk.io tcp
US 172.67.72.36:21 bonk.io tcp
US 68.232.1.48:143 idp.tamuc.edu tcp
US 3.218.134.115:143 feedback-smtp.us-east-1.amazonses.com tcp
BE 13.225.239.109:465 my.malwarebytes.com tcp
BR 200.130.24.34:465 enem.inep.gov.br tcp
US 68.232.1.48:80 idp.tamuc.edu tcp
US 162.159.205.19:995 route2.mx.cloudflare.net tcp
US 44.193.118.31:465 campusvirtual.duoc.cl tcp
US 44.193.118.31:80 campusvirtual.duoc.cl tcp
GB 3.10.126.228:465 signup.eune.leagueoflegends.com tcp
US 104.21.66.204:21 modthesims.info tcp
IN 164.100.213.160:465 inspireawards-dst.gov.in tcp
IN 164.100.213.160:80 inspireawards-dst.gov.in tcp
FR 52.222.169.95:443 app.toroinvestimentos.com.br tcp
US 52.21.145.149:143 campusvirtual.duoc.cl tcp
GB 18.135.83.51:995 signup.eune.leagueoflegends.com tcp
US 204.141.43.44:465 mx.zoho.com tcp
KR 183.110.0.26:22 nxlogin.nexon.com tcp
CO 186.113.6.78:80 authpre.senasofiaplus.edu.co tcp
CO 186.113.6.78:21 authpre.senasofiaplus.edu.co tcp
US 104.26.10.129:21 bonk.io tcp
US 104.21.66.204:80 modthesims.info tcp
US 68.232.1.48:995 idp.tamuc.edu tcp
US 172.66.40.217:443 beta.thecrims.com tcp
GB 18.135.83.51:143 signup.eune.leagueoflegends.com tcp
US 104.31.16.118:22 chat.1337x.to tcp
GB 92.123.241.50:21 store.steampowered.com tcp
BE 64.233.167.84:80 accounts.google.com tcp
US 52.21.145.149:465 campusvirtual.duoc.cl tcp
GB 18.135.83.51:465 signup.eune.leagueoflegends.com tcp
US 172.67.207.63:21 modthesims.info tcp
US 18.235.76.96:143 feedback-smtp.us-east-1.amazonses.com tcp
US 50.58.50.26:443 sermoncentral.com tcp
US 204.141.43.44:143 mx.zoho.com tcp
GB 3.10.126.228:80 signup.eune.leagueoflegends.com tcp
CL 200.72.242.17:22 tramites.dirtrab.cl tcp
US 44.193.118.31:995 campusvirtual.duoc.cl tcp
BR 200.130.24.34:995 enem.inep.gov.br tcp
US 204.141.43.44:995 mx.zoho.com tcp
BR 200.130.24.34:80 enem.inep.gov.br tcp
IN 164.100.213.160:995 inspireawards-dst.gov.in tcp
US 162.159.205.19:587 route2.mx.cloudflare.net tcp
US 104.26.11.129:80 bonk.io tcp
IN 14.139.61.154:22 recruitment-portal.in tcp
US 172.66.40.217:990 beta.thecrims.com tcp
CO 186.113.6.78:80 authpre.senasofiaplus.edu.co tcp
KR 183.110.0.26:21 nxlogin.nexon.com tcp
US 162.159.205.19:993 route2.mx.cloudflare.net tcp
US 3.218.134.115:465 feedback-smtp.us-east-1.amazonses.com tcp
US 3.218.134.115:995 feedback-smtp.us-east-1.amazonses.com tcp
BE 13.225.239.43:443 my.malwarebytes.com tcp
US 34.192.233.193:143 feedback-smtp.us-east-1.amazonses.com tcp
US 188.114.96.2:80 dewabet.asia tcp
IN 14.139.61.154:21 recruitment-portal.in tcp
CO 186.113.6.78:143 authpre.senasofiaplus.edu.co tcp
BE 13.225.239.43:222 my.malwarebytes.com tcp
GB 92.123.241.50:443 store.steampowered.com tcp
US 104.31.16.118:21 chat.1337x.to tcp
US 104.31.16.118:443 chat.1337x.to tcp
US 172.66.40.217:222 beta.thecrims.com tcp
DE 3.64.163.50:22 rec.hobsons.co.uk tcp
US 104.22.70.253:22 auth.usenext.de tcp
US 8.8.8.8:53 thescla.org udp
US 52.21.145.149:995 campusvirtual.duoc.cl tcp
KR 183.110.0.154:21 nxlogin.nexon.com tcp
US 172.66.43.39:990 beta.thecrims.com tcp
US 18.235.76.96:465 feedback-smtp.us-east-1.amazonses.com tcp
IN 164.100.213.160:22 inspireawards-dst.gov.in tcp
BE 108.177.15.27:993 aspmx.l.google.com tcp
US 50.58.50.26:222 sermoncentral.com tcp
US 44.193.118.31:22 campusvirtual.duoc.cl tcp
BR 200.130.24.34:222 enem.inep.gov.br tcp
IN 14.139.61.154:80 recruitment-portal.in tcp
GB 18.135.83.51:443 signup.eune.leagueoflegends.com tcp
US 8.8.8.8:53 seraphzone.com udp
CL 200.72.242.17:21 tramites.dirtrab.cl tcp
CL 200.72.242.17:443 tramites.dirtrab.cl tcp
BE 13.225.239.109:222 my.malwarebytes.com tcp
DE 3.64.163.50:21 rec.hobsons.co.uk tcp
US 172.66.43.39:222 beta.thecrims.com tcp
US 104.22.71.253:22 auth.usenext.de tcp
GB 18.135.83.51:990 signup.eune.leagueoflegends.com tcp
CO 186.113.6.78:465 authpre.senasofiaplus.edu.co tcp
KR 183.110.0.26:143 nxlogin.nexon.com tcp
US 104.26.11.129:80 bonk.io tcp
CO 186.113.6.78:995 authpre.senasofiaplus.edu.co tcp
FR 52.222.169.95:990 app.toroinvestimentos.com.br tcp
US 104.31.16.118:143 chat.1337x.to tcp
GB 92.123.241.50:143 store.steampowered.com tcp
FR 52.222.149.128:443 bulletin.nexon.com tcp
BE 108.177.15.27:587 aspmx.l.google.com tcp
FR 52.222.169.95:993 app.toroinvestimentos.com.br tcp
US 172.66.40.217:587 beta.thecrims.com tcp
US 188.114.96.2:80 dewabet.asia tcp
BE 13.225.239.79:222 my.malwarebytes.com tcp
BR 200.130.24.34:990 enem.inep.gov.br tcp
KR 183.110.0.26:465 nxlogin.nexon.com tcp
BE 64.233.167.84:222 accounts.google.com tcp
GB 18.135.83.51:222 signup.eune.leagueoflegends.com tcp
US 18.235.76.96:995 feedback-smtp.us-east-1.amazonses.com tcp
IN 14.139.61.154:143 recruitment-portal.in tcp
US 172.67.10.77:22 auth.usenext.de tcp
US 68.232.1.48:80 idp.tamuc.edu tcp
US 52.21.145.149:22 campusvirtual.duoc.cl tcp
GB 92.123.241.50:80 store.steampowered.com tcp
CL 200.72.242.17:143 tramites.dirtrab.cl tcp
BE 64.233.167.84:443 accounts.google.com tcp
FR 52.222.169.95:587 app.toroinvestimentos.com.br tcp
KR 183.110.0.26:80 nxlogin.nexon.com tcp
CO 186.113.6.78:222 authpre.senasofiaplus.edu.co tcp
IN 164.100.213.160:21 inspireawards-dst.gov.in tcp
US 34.192.233.193:995 feedback-smtp.us-east-1.amazonses.com tcp
US 8.8.8.8:53 muchienviet.com udp
BE 13.225.239.58:222 my.malwarebytes.com tcp
FR 52.222.169.95:222 app.toroinvestimentos.com.br tcp
US 8.8.8.8:53 118.16.31.104.in-addr.arpa udp
US 8.8.8.8:53 50.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 l171.com udp
DE 3.64.163.50:443 rec.hobsons.co.uk tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 51.83.135.18.in-addr.arpa udp
NL 142.251.39.110:443 play.google.com tcp
NL 142.251.39.110:443 play.google.com tcp
NL 142.251.39.110:443 play.google.com tcp
US 104.22.70.253:21 auth.usenext.de tcp
US 172.66.40.217:993 beta.thecrims.com tcp
US 68.232.1.48:990 idp.tamuc.edu tcp
GB 3.9.51.5:990 signup.eune.leagueoflegends.com tcp
IN 164.100.213.160:143 inspireawards-dst.gov.in tcp
US 54.147.230.236:22 campusvirtual.duoc.cl tcp
NL 142.251.39.110:443 play.google.com tcp
NL 142.251.39.110:443 play.google.com udp
US 54.162.13.115:22 campusvirtual.duoc.cl tcp
NL 142.251.39.110:443 play.google.com tcp
EE 212.47.208.140:22 forum.biketime.ee tcp
US 188.114.96.2:21 dewabet.asia tcp
US 44.193.118.31:21 campusvirtual.duoc.cl tcp
BE 13.225.239.43:990 my.malwarebytes.com tcp
FR 52.222.169.95:110 app.toroinvestimentos.com.br tcp
FR 52.222.169.92:993 app.toroinvestimentos.com.br tcp
IN 164.100.213.160:80 inspireawards-dst.gov.in tcp
US 68.232.1.48:222 idp.tamuc.edu tcp
US 172.66.43.39:587 beta.thecrims.com tcp
GB 3.9.51.5:222 signup.eune.leagueoflegends.com tcp
KR 183.110.0.154:465 nxlogin.nexon.com tcp
BE 64.233.167.84:990 accounts.google.com tcp
BE 108.177.15.27:110 aspmx.l.google.com tcp
GB 92.123.241.50:465 store.steampowered.com tcp
US 172.66.40.217:110 beta.thecrims.com tcp
BE 13.225.239.43:993 my.malwarebytes.com tcp
US 68.232.1.48:587 idp.tamuc.edu tcp
BE 13.225.239.43:110 my.malwarebytes.com tcp
BR 200.130.24.34:80 enem.inep.gov.br tcp
GB 92.123.241.50:22 store.steampowered.com tcp
US 104.21.66.204:222 modthesims.info tcp
US 104.26.11.129:990 bonk.io tcp
KR 183.110.0.154:995 nxlogin.nexon.com tcp
FR 52.222.169.92:222 app.toroinvestimentos.com.br tcp
US 104.26.11.129:222 bonk.io tcp
US 188.114.96.2:22 dewabet.asia tcp
FR 52.222.169.92:587 app.toroinvestimentos.com.br tcp
US 104.21.66.204:443 modthesims.info tcp
US 188.114.97.2:22 dewabet.asia tcp
US 68.232.1.48:993 idp.tamuc.edu tcp
US 68.232.1.48:110 idp.tamuc.edu tcp
EE 212.47.208.140:21 forum.biketime.ee tcp
US 104.22.70.253:443 auth.usenext.de tcp
FR 52.222.169.107:587 app.toroinvestimentos.com.br tcp
FR 52.222.169.30:587 app.toroinvestimentos.com.br tcp
US 44.193.118.31:443 campusvirtual.duoc.cl tcp
US 172.66.40.217:80 beta.thecrims.com tcp
US 3.218.134.115:143 feedback-smtp.us-east-1.amazonses.com tcp
BE 66.102.1.14:993 gmr-smtp-in.l.google.com tcp
US 104.31.16.118:80 chat.1337x.to tcp
IN 14.139.61.154:995 recruitment-portal.in tcp
US 104.31.16.118:465 chat.1337x.to tcp
GB 92.123.241.50:995 store.steampowered.com tcp
CL 200.72.242.17:80 tramites.dirtrab.cl tcp
CL 200.72.242.17:465 tramites.dirtrab.cl tcp
BE 13.225.239.43:587 my.malwarebytes.com tcp
IN 14.139.61.154:465 recruitment-portal.in tcp
DE 3.64.163.50:143 rec.hobsons.co.uk tcp
US 172.67.72.36:990 bonk.io tcp
US 172.67.72.36:222 bonk.io tcp
US 104.26.10.129:990 bonk.io tcp
GB 18.135.83.51:587 signup.eune.leagueoflegends.com tcp
US 104.22.70.253:143 auth.usenext.de tcp
US 50.58.50.26:80 sermoncentral.com tcp
BR 200.130.24.34:110 enem.inep.gov.br tcp
BE 66.102.1.14:587 gmr-smtp-in.l.google.com tcp
US 44.193.118.31:143 campusvirtual.duoc.cl tcp
CO 186.113.6.78:993 authpre.senasofiaplus.edu.co tcp
US 162.159.205.19:587 route2.mx.cloudflare.net tcp
US 172.66.40.217:80 beta.thecrims.com tcp
FR 52.222.169.95:80 app.toroinvestimentos.com.br tcp
CO 186.113.6.78:80 authpre.senasofiaplus.edu.co tcp
US 104.21.66.204:80 modthesims.info tcp
GB 18.135.83.51:110 signup.eune.leagueoflegends.com tcp
US 8.8.8.8:53 nxlogin.nexon.com udp
US 8.8.8.8:53 56.itknyga.co.ua udp
US 18.235.76.96:143 feedback-smtp.us-east-1.amazonses.com tcp
KR 183.110.0.154:222 nxlogin.nexon.com tcp
IN 164.100.213.160:465 inspireawards-dst.gov.in tcp
US 104.31.16.118:21 chat.1337x.to tcp
EE 212.47.208.140:443 forum.biketime.ee tcp
BR 200.130.24.34:993 enem.inep.gov.br tcp
US 3.83.191.190:21 thescla.org tcp
US 104.31.16.118:80 chat.1337x.to tcp
GB 3.9.51.5:587 signup.eune.leagueoflegends.com tcp
US 34.192.233.193:143 feedback-smtp.us-east-1.amazonses.com tcp
US 104.22.71.253:143 auth.usenext.de tcp
US 104.31.16.118:22 chat.1337x.to tcp
US 162.159.205.19:110 route2.mx.cloudflare.net tcp
GB 18.135.83.51:993 signup.eune.leagueoflegends.com tcp
US 104.31.16.118:995 chat.1337x.to tcp
CL 200.72.242.17:995 tramites.dirtrab.cl tcp
DE 3.64.163.50:465 rec.hobsons.co.uk tcp
GB 92.123.241.50:80 store.steampowered.com tcp
DE 3.64.163.50:80 rec.hobsons.co.uk tcp
US 204.141.43.44:993 mx.zoho.com tcp
US 104.26.11.129:443 bonk.io tcp
US 44.193.118.31:465 campusvirtual.duoc.cl tcp
US 162.159.205.19:993 route2.mx.cloudflare.net tcp
US 104.21.66.204:990 modthesims.info tcp
US 68.232.1.48:80 idp.tamuc.edu tcp
BR 200.130.24.34:587 enem.inep.gov.br tcp
IN 164.100.213.160:995 inspireawards-dst.gov.in tcp
CO 186.113.6.78:80 authpre.senasofiaplus.edu.co tcp
US 188.114.96.2:443 dewabet.asia tcp
CO 186.113.6.78:990 authpre.senasofiaplus.edu.co tcp
US 172.67.10.77:143 auth.usenext.de tcp
GB 92.123.241.50:21 store.steampowered.com tcp
US 104.31.16.11:21 chat.1337x.to tcp
KR 183.110.0.154:990 nxlogin.nexon.com tcp
GB 104.77.160.196:21 account.mojang.com tcp
US 3.83.191.190:443 thescla.org tcp
DE 3.64.163.50:80 rec.hobsons.co.uk tcp
GB 104.77.160.196:443 account.mojang.com tcp
KR 183.110.0.26:990 nxlogin.nexon.com tcp
DE 3.64.163.50:995 rec.hobsons.co.uk tcp
US 8.8.8.8:53 itsapp08.ug.edu.gh udp
US 8.8.8.8:53 store.steampowered.com udp
GB 18.135.83.51:80 signup.eune.leagueoflegends.com tcp
EE 212.47.208.140:143 forum.biketime.ee tcp
IN 14.139.61.154:80 recruitment-portal.in tcp
GB 18.135.83.51:80 signup.eune.leagueoflegends.com tcp
US 3.218.134.115:465 feedback-smtp.us-east-1.amazonses.com tcp
IN 14.139.61.154:222 recruitment-portal.in tcp
US 3.218.134.115:995 feedback-smtp.us-east-1.amazonses.com tcp
US 104.22.70.253:22 auth.usenext.de tcp
BE 13.225.239.43:222 my.malwarebytes.com tcp
BE 13.225.239.43:80 my.malwarebytes.com tcp
CL 200.72.242.17:21 tramites.dirtrab.cl tcp
KR 183.110.0.154:80 nxlogin.nexon.com tcp
US 104.22.71.253:22 auth.usenext.de tcp
BE 13.225.239.109:222 my.malwarebytes.com tcp
US 172.67.10.77:22 auth.usenext.de tcp
CZ 77.75.78.104:21 login.szn.cz tcp
US 8.8.8.8:53 muchienviet.com udp
US 8.8.8.8:53 seraphzone.com udp
BE 13.225.239.79:222 my.malwarebytes.com tcp
BE 13.225.239.58:222 my.malwarebytes.com tcp
EE 212.47.208.140:465 forum.biketime.ee tcp
IN 14.139.61.154:990 recruitment-portal.in tcp
GB 18.135.83.51:990 signup.eune.leagueoflegends.com tcp
IN 164.100.213.160:222 inspireawards-dst.gov.in tcp
GB 3.9.51.5:990 signup.eune.leagueoflegends.com tcp
IN 14.139.61.154:80 recruitment-portal.in tcp
EE 212.47.208.140:995 forum.biketime.ee tcp
US 68.232.1.48:222 idp.tamuc.edu tcp
EE 212.47.208.140:80 forum.biketime.ee tcp
CO 186.113.6.78:222 authpre.senasofiaplus.edu.co tcp
US 8.8.8.8:53 190.191.83.3.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 tools.siteground.com udp
US 8.8.8.8:53 corumcollege.com udp
BE 64.233.167.84:80 accounts.google.com tcp
US 104.22.70.253:80 auth.usenext.de tcp
US 104.31.16.118:443 chat.1337x.to tcp
GB 92.123.241.50:443 store.steampowered.com tcp
FR 52.222.169.95:443 app.toroinvestimentos.com.br tcp
US 3.83.191.190:80 thescla.org tcp
US 104.21.66.204:80 modthesims.info tcp
GB 18.135.83.51:587 signup.eune.leagueoflegends.com tcp
BE 66.102.1.14:993 gmr-smtp-in.l.google.com tcp
IN 14.139.61.154:110 recruitment-portal.in tcp
GB 3.9.51.5:587 signup.eune.leagueoflegends.com tcp
US 172.66.40.217:443 beta.thecrims.com tcp
IN 164.100.213.160:80 inspireawards-dst.gov.in tcp
US 104.31.16.118:443 chat.1337x.to tcp
US 8.8.8.8:53 ftp.beta.thecrims.com udp
US 8.8.8.8:53 56.itknyga.co.ua udp
US 44.193.118.31:587 campusvirtual.duoc.cl tcp
US 52.21.145.149:587 campusvirtual.duoc.cl tcp
BR 200.130.24.34:587 enem.inep.gov.br tcp
IN 164.100.213.160:110 inspireawards-dst.gov.in tcp
US 50.58.50.26:80 sermoncentral.com tcp
DE 3.64.163.50:80 rec.hobsons.co.uk tcp
US 104.26.11.129:80 bonk.io tcp
NL 40.126.32.140:443 login.microsoftonline.com tcp
US 8.8.8.8:53 unicfcead.com.br udp
GB 104.77.160.196:80 account.mojang.com tcp
US 188.114.96.2:80 dewabet.asia tcp
CZ 77.75.78.104:80 login.szn.cz tcp
CO 186.113.6.78:80 authpre.senasofiaplus.edu.co tcp
US 8.8.8.8:53 ftp.sermoncentral.com udp
US 8.8.8.8:53 ftp.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 feedback-smtp.us-east-1.amazonses.com udp
US 8.8.8.8:53 ftp.l171.com udp
US 8.8.8.8:53 ssh.56.itknyga.co.ua udp
US 104.19.143.69:80 futbin.com tcp
US 8.8.8.8:53 nxlogin.nexon.com udp
US 8.8.8.8:53 ftp.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 ftp.idp.tamuc.edu udp
US 8.8.8.8:53 ftp.my.malwarebytes.com udp
US 8.8.8.8:53 ftp.accounts.google.com udp
US 8.8.8.8:53 mail.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
US 8.8.8.8:53 mail.beta.thecrims.com udp
US 8.8.8.8:53 mail.my.malwarebytes.com udp
US 8.8.8.8:53 ftp.enem.inep.gov.br udp
US 8.8.8.8:53 ftp.bonk.io udp
US 8.8.8.8:53 www.thescla.org udp
BE 13.225.239.43:443 my.malwarebytes.com tcp
GH 197.255.125.60:465 itsapp08.ug.edu.gh tcp
US 104.31.16.118:80 chat.1337x.to tcp
US 44.193.118.31:587 campusvirtual.duoc.cl tcp
CL 200.72.242.17:80 tramites.dirtrab.cl tcp
US 52.21.145.149:587 campusvirtual.duoc.cl tcp
BR 200.130.24.34:25 enem.inep.gov.br tcp
CL 200.72.242.17:587 tramites.dirtrab.cl tcp
IN 164.100.213.160:110 inspireawards-dst.gov.in tcp
US 104.21.66.204:443 modthesims.info tcp
US 104.31.16.118:587 chat.1337x.to tcp
US 54.147.230.236:587 campusvirtual.duoc.cl tcp
US 104.31.16.11:587 chat.1337x.to tcp
US 54.162.13.115:587 campusvirtual.duoc.cl tcp
GB 92.123.241.50:80 store.steampowered.com tcp
GB 92.123.241.50:110 store.steampowered.com tcp
BE 64.233.167.84:443 accounts.google.com tcp
GB 18.135.83.51:443 signup.eune.leagueoflegends.com tcp
FR 52.222.169.95:80 app.toroinvestimentos.com.br tcp
FR 99.86.91.94:80 spin247.com tcp
GH 197.255.125.60:80 itsapp08.ug.edu.gh tcp
FR 52.222.149.128:443 bulletin.nexon.com tcp
EE 212.47.208.140:80 forum.biketime.ee tcp
US 3.83.191.190:443 www.thescla.org tcp
DE 3.64.163.50:80 rec.hobsons.co.uk tcp
US 8.8.8.8:53 www.minecraft.net udp
US 8.8.8.8:53 ftp.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 mx2.zoho.com udp
US 8.8.8.8:53 ftp.muchienviet.com udp
US 8.8.8.8:53 104.78.75.77.in-addr.arpa udp
US 8.8.8.8:53 69.143.19.104.in-addr.arpa udp
US 8.8.8.8:53 nxlogin.nexon.com udp
US 8.8.8.8:53 ssh.l171.com udp
US 8.8.8.8:53 corumcollege.com udp
US 8.8.8.8:53 ploudos.com udp
US 8.8.8.8:53 my.malwarebytes.com udp
US 172.66.40.217:80 beta.thecrims.com tcp
US 8.8.8.8:53 ploudos.com udp
US 8.8.8.8:53 lienquancode.com udp
US 8.8.8.8:53 ftp.modthesims.info udp
US 8.8.8.8:53 portal.e-beam.com udp
US 44.193.118.31:80 campusvirtual.duoc.cl tcp
US 8.8.8.8:53 ftp.inspireawards-dst.gov.in udp
US 104.26.11.129:443 bonk.io tcp
US 50.58.50.26:443 sermoncentral.com tcp
GB 104.77.160.198:443 www.minecraft.net tcp
CO 186.113.6.78:80 authpre.senasofiaplus.edu.co tcp
BE 13.225.239.74:80 tools.siteground.com tcp
US 68.232.1.48:80 idp.tamuc.edu tcp
CZ 77.75.78.104:443 login.szn.cz tcp
US 104.22.70.253:443 auth.usenext.de tcp
US 104.19.143.69:443 futbin.com tcp
US 8.8.8.8:53 mail.my.malwarebytes.com udp
US 8.8.8.8:53 mail.beta.thecrims.com udp
US 8.8.8.8:53 mail.muchienviet.com udp
US 8.8.8.8:53 ftp.bonk.io udp
BR 200.130.24.34:80 enem.inep.gov.br tcp
CZ 77.75.78.104:80 login.szn.cz tcp
FR 52.222.169.107:443 app.toroinvestimentos.com.br tcp
US 104.31.16.118:443 chat.1337x.to tcp
EE 212.47.208.140:80 forum.biketime.ee tcp
US 188.114.96.2:443 dewabet.asia tcp
DE 3.64.163.50:80 rec.hobsons.co.uk tcp
US 3.19.19.230:80 unicfcead.com.br tcp
US 104.31.16.118:443 chat.1337x.to tcp
US 104.21.66.204:80 ssh.modthesims.info tcp
FR 18.244.28.88:80 my.malwarebytes.com tcp
VN 103.9.206.107:80 kame.vn tcp
BR 200.130.24.34:80 enem.inep.gov.br tcp
KR 183.110.0.154:80 nxlogin.nexon.com tcp
GB 3.10.126.228:80 signup.eune.leagueoflegends.com tcp
GB 92.123.241.50:443 store.steampowered.com tcp
RU 91.215.85.120:80 selebration17io.io tcp
US 8.8.8.8:53 authpre.senasofiaplus.edu.co udp
GB 104.77.160.198:443 www.minecraft.net tcp
US 188.114.96.2:443 dewabet.asia tcp
US 8.8.8.8:53 74.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 ssh.beta.thecrims.com udp
US 8.8.8.8:53 mail.campusvirtual.duoc.cl udp
US 8.8.8.8:53 mail.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 account.mojang.com udp
US 8.8.8.8:53 mail.enem.inep.gov.br udp
US 8.8.8.8:53 mail.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 seraphzone.com udp
US 8.8.8.8:53 ecetera.hu udp
US 8.8.8.8:53 courtyardmtyapto.ipsofactu.mx udp
US 8.8.8.8:53 ftp.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 corumcollege.com udp
US 8.8.8.8:53 ssh.idp.tamuc.edu udp
US 8.8.8.8:53 nxlogin.nexon.com udp
US 8.8.8.8:53 ssh.l171.com udp
US 8.8.8.8:53 ssh.my.malwarebytes.com udp
US 8.8.8.8:53 ftp.rec.hobsons.co.uk udp
US 8.8.8.8:53 ssh.enem.inep.gov.br udp
US 8.8.8.8:53 ftp.auth.usenext.de udp
US 8.8.8.8:53 ssh.56.itknyga.co.ua udp
US 8.8.8.8:53 ftp.recruitment-portal.in udp
US 8.8.8.8:53 ftp.inspireawards-dst.gov.in udp
US 8.8.8.8:53 mail.my.malwarebytes.com udp
US 8.8.8.8:53 56.itknyga.co.ua udp
US 3.83.191.190:80 www.thescla.org tcp
GH 197.255.125.60:80 itsapp08.ug.edu.gh tcp
FR 99.86.91.94:443 spin247.com tcp
KR 183.109.71.30:80 stdpay.inicis.com tcp
BE 64.233.167.84:80 accounts.google.com tcp
US 172.66.40.217:443 beta.thecrims.com tcp
US 8.8.8.8:53 ftp.campusvirtual.duoc.cl udp
US 8.8.8.8:53 mail.inspireawards-dst.gov.in udp
CL 200.72.242.17:80 tramites.dirtrab.cl tcp
IN 14.139.61.154:80 recruitment-portal.in tcp
US 52.21.145.149:443 campusvirtual.duoc.cl tcp
BE 13.225.239.74:443 tools.siteground.com tcp
US 104.22.70.253:80 auth.usenext.de tcp
US 8.8.8.8:53 ssh.muchienviet.com udp
US 8.8.8.8:53 muchienviet.com udp
US 8.8.8.8:53 mail.muchienviet.com udp
US 8.8.8.8:53 ftp.store.steampowered.com udp
US 8.8.8.8:53 ftp.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 mail.store.steampowered.com udp
US 8.8.8.8:53 ssh.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 ftp.muchienviet.com udp
US 8.8.8.8:53 mail.56.itknyga.co.ua udp
US 8.8.8.8:53 ftp.nxlogin.nexon.com udp
US 8.8.8.8:53 ssh.accounts.google.com udp
US 8.8.8.8:53 ftp.sermoncentral.com udp
US 8.8.8.8:53 107.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 ftp.accounts.google.com udp
US 8.8.8.8:53 ssh.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 account.t-mobile.com udp
US 8.8.8.8:53 ecetera.hu udp
US 8.8.8.8:53 ftp.idp.tamuc.edu udp
US 8.8.8.8:53 courtyardmtyapto.ipsofactu.mx udp
US 8.8.8.8:53 ftp.tramites.dirtrab.cl udp
US 8.8.8.8:53 ftp.l171.com udp
US 8.8.8.8:53 ssh.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 ssh.sermoncentral.com udp
US 8.8.8.8:53 ftp.dewabet.asia udp
US 8.8.8.8:53 ftp.thescla.org udp
US 8.8.8.8:53 ftp.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 ftp.forum.biketime.ee udp
US 8.8.8.8:53 mail.beta.thecrims.com udp
US 8.8.8.8:53 www.futbin.com udp
US 8.8.8.8:53 l171.com udp
US 8.8.8.8:53 230.19.19.3.in-addr.arpa udp
US 8.8.8.8:53 88.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 107.206.9.103.in-addr.arpa udp
US 8.8.8.8:53 mx2.improvmx.com udp
US 8.8.8.8:53 mail.recruitment-portal.in udp
US 8.8.8.8:53 ftp.beta.thecrims.com udp
US 8.8.8.8:53 mail.l171.com udp
US 8.8.8.8:53 account.t-mobile.com udp
US 8.8.8.8:53 ftp.bonk.io udp
US 8.8.8.8:53 mail.nxlogin.nexon.com udp
US 8.8.8.8:53 alt-torrent.com udp
US 8.8.8.8:53 ftp.enem.inep.gov.br udp
US 8.8.8.8:53 mail.idp.tamuc.edu udp
US 8.8.8.8:53 ssh.bonk.io udp
US 8.8.8.8:53 ftp.my.malwarebytes.com udp
US 8.8.8.8:53 alt-torrent.com udp
US 8.8.8.8:53 coryoims.com udp
US 8.8.8.8:53 pop.56.itknyga.co.ua udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 mail.seraphzone.com udp
NL 172.217.168.238:443 www.youtube.com udp
US 68.232.1.48:80 idp.tamuc.edu tcp
US 52.21.145.149:443 campusvirtual.duoc.cl tcp
US 50.58.50.26:80 sermoncentral.com tcp
DE 3.64.163.50:220 mail.rec.hobsons.co.uk tcp
IN 164.100.213.160:80 inspireawards-dst.gov.in tcp
EE 212.47.208.140:80 forum.biketime.ee tcp
VN 103.9.206.107:443 kame.vn tcp
CZ 77.75.78.104:80 login.szn.cz tcp
CO 186.113.6.78:80 authpre.senasofiaplus.edu.co tcp
US 8.8.8.8:53 ssh.recruitment-portal.in udp
US 8.8.8.8:53 ftp.login.szn.cz udp
US 8.8.8.8:53 ssh.dewabet.asia udp
US 104.26.1.138:80 ploudos.com tcp
US 104.21.16.59:80 lienquancode.com tcp
RS 87.237.202.69:80 secure.limundo.com tcp
US 104.21.66.204:443 ssh.modthesims.info tcp
FR 18.244.28.88:443 my.malwarebytes.com tcp
US 104.21.88.47:80 invadedlands.net tcp
US 3.19.19.230:443 unicfcead.com.br tcp
US 188.114.96.2:80 incogniton.com tcp
US 104.18.34.171:80 forum.cfx.re tcp
FR 52.222.169.107:80 app.toroinvestimentos.com.br tcp
US 172.66.40.217:80 beta.thecrims.com tcp
US 104.26.11.129:80 bonk.io tcp
US 104.31.16.118:80 chat.1337x.to tcp
DE 3.64.163.50:80 mail.rec.hobsons.co.uk tcp
US 3.19.19.230:443 unicfcead.com.br tcp
IN 14.139.61.154:80 recruitment-portal.in tcp
US 8.8.8.8:53 ecetera.hu udp
US 8.8.8.8:53 seraphzone.com udp
US 8.8.8.8:53 ftp.futbin.com udp
US 8.8.8.8:53 ftp.tramites.dirtrab.cl udp
US 8.8.8.8:53 ssh.enem.inep.gov.br udp
US 8.8.8.8:53 ssh.nxlogin.nexon.com udp
US 8.8.8.8:53 mail.nxlogin.nexon.com udp
US 8.8.8.8:53 ftp.spin247.com udp
US 8.8.8.8:53 ssh.muchienviet.com udp
US 8.8.8.8:53 ssh.store.steampowered.com udp
US 8.8.8.8:53 mail.idp.tamuc.edu udp
US 8.8.8.8:53 ssh.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 ftp.thescla.org udp
GB 163.70.147.35:443 www.facebook.com tcp
US 104.21.29.103:80 midnight.bestsup.su tcp
US 3.83.191.190:443 www.thescla.org tcp
US 8.8.8.8:53 47.88.21.104.in-addr.arpa udp
US 8.8.8.8:53 69.202.237.87.in-addr.arpa udp
US 8.8.8.8:53 171.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 mail.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 ssh.inspireawards-dst.gov.in udp
US 8.8.8.8:53 mail.seraphzone.com udp
US 8.8.8.8:53 ssh.56.itknyga.co.ua udp
US 8.8.8.8:53 ssh.my.malwarebytes.com udp
US 8.8.8.8:53 ftp.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 ftp.recruitment-portal.in udp
US 8.8.8.8:53 56.itknyga.co.ua udp
US 8.8.8.8:53 mail.my.malwarebytes.com udp
GB 92.123.241.50:80 store.steampowered.com tcp
US 8.8.8.8:53 mail.recruitment-portal.in udp
US 8.8.8.8:53 nxlogin.nexon.com udp
US 8.8.8.8:53 mail.auth.usenext.de udp
US 8.8.8.8:53 mail.56.itknyga.co.ua udp
US 8.8.8.8:53 ftp.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 ssh.chat.1337x.to udp
US 8.8.8.8:53 mail.muchienviet.com udp
US 8.8.8.8:53 mail.store.steampowered.com udp
US 8.8.8.8:53 muchienviet.com udp
US 3.83.191.190:443 www.thescla.org tcp
BE 64.233.167.84:80 accounts.google.com tcp
US 8.8.8.8:53 ftp.nxlogin.nexon.com udp
US 8.8.8.8:53 ftp.bonk.io udp
US 104.21.19.244:80 www.thepixellab.net tcp
US 104.22.70.253:443 auth.usenext.de tcp
KR 183.109.71.30:80 stdpay.inicis.com tcp
BE 13.225.239.74:80 tools.siteground.com tcp
US 8.8.8.8:53 mail.alt-torrent.com udp
RU 5.42.65.31:48396 tcp
US 8.8.8.8:53 pop.56.itknyga.co.ua udp
US 8.8.8.8:53 ssh.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 mail.beta.thecrims.com udp
US 8.8.8.8:53 ftp.beta.thecrims.com udp
US 8.8.8.8:53 ftp.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 ftp.muchienviet.com udp
US 8.8.8.8:53 ftp.forum.biketime.ee udp
IN 164.100.213.160:80 inspireawards-dst.gov.in tcp
TR 217.195.207.156:47721 tcp
CL 200.72.242.17:80 tramites.dirtrab.cl tcp
CZ 77.75.78.104:443 login.szn.cz tcp
CZ 77.75.78.104:80 login.szn.cz tcp
US 104.21.16.59:443 lienquancode.com tcp
US 50.58.50.26:443 sermoncentral.com tcp
US 8.8.8.8:53 mail.campusvirtual.duoc.cl udp
US 8.8.8.8:53 ftp.campusvirtual.duoc.cl udp
US 8.8.8.8:53 ssh.beta.thecrims.com udp
US 8.8.8.8:53 tools.siteground.com udp
EE 212.47.208.140:80 forum.biketime.ee tcp
US 104.21.66.204:80 ssh.modthesims.info tcp
US 104.21.88.47:443 invadedlands.net tcp
US 8.8.8.8:53 mail.idp.tamuc.edu udp
US 8.8.8.8:53 mail.signup.eune.leagueoflegends.com udp
US 104.21.88.47:443 invadedlands.net tcp
US 8.8.8.8:53 steamcommunity.com udp
RU 193.233.132.62:50500 tcp
US 104.18.34.171:443 forum.cfx.re tcp
US 8.8.8.8:53 103.29.21.104.in-addr.arpa udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 ssh.recruitment-portal.in udp
US 8.8.8.8:53 ftp.auth.usenext.de udp
US 8.8.8.8:53 ssh.seraphzone.com udp
US 8.8.8.8:53 ssh.l171.com udp
US 8.8.8.8:53 ftp.store.steampowered.com udp
US 8.8.8.8:53 mail.inspireawards-dst.gov.in udp
US 8.8.8.8:53 toreents.club udp
US 8.8.8.8:53 phukienxiga.net.vn udp
US 8.8.8.8:53 ssh.rec.hobsons.co.uk udp
US 8.8.8.8:53 ssh.auth.usenext.de udp
US 8.8.8.8:53 ftp.tools.siteground.com udp
US 104.19.141.69:443 www.futbin.com tcp
KR 183.110.0.154:80 nxlogin.nexon.com tcp
RU 185.215.113.32:80 185.215.113.32 tcp
US 72.44.75.36:80 coryoims.com tcp
GB 3.10.126.228:80 signup.eune.leagueoflegends.com tcp
US 8.8.8.8:53 ftp.corumcollege.com udp
US 8.8.8.8:53 ftp.spin247.com udp
US 8.8.8.8:53 ssh.muchienviet.com udp
DE 93.90.192.170:80 courtyardmtyapto.ipsofactu.mx tcp
VN 103.9.206.107:80 kame.vn tcp
US 45.60.155.127:80 account.t-mobile.com tcp
NL 40.126.32.140:443 login.microsoftonline.com tcp
FR 18.244.28.88:80 my.malwarebytes.com tcp
DE 3.64.163.50:80 ssh.rec.hobsons.co.uk tcp
CL 186.64.116.125:80 mail.alt-torrent.com tcp
US 188.114.97.2:80 incogniton.com tcp
BE 64.233.167.84:443 accounts.google.com tcp
US 8.8.8.8:53 ftp.seraphzone.com udp
US 8.8.8.8:53 mail.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 us-smtp-inbound-1.mimecast.com udp
US 8.8.8.8:53 dashboard.twitch.tv udp
US 8.8.8.8:53 mail.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 pop.app.toroinvestimentos.com.br udp
BR 200.130.24.34:80 enem.inep.gov.br tcp
BE 64.233.167.84:80 accounts.google.com tcp
US 104.22.70.253:80 auth.usenext.de tcp
IN 192.12.109.71:80 merchant.onlinesbi.sbi tcp
GH 197.255.125.60:80 itsapp08.ug.edu.gh tcp
FR 99.86.91.98:443 www.spin247.com tcp
US 104.21.16.59:80 lienquancode.com tcp
BE 64.233.167.84:443 accounts.google.com tcp
RS 87.237.202.69:80 www.limundo.com tcp
US 3.19.19.230:80 unicfcead.com.br tcp
VN 103.9.206.107:80 kame.vn tcp
US 3.83.191.190:80 www.thescla.org tcp
US 8.8.8.8:53 mail.muchienviet.com udp
US 8.8.8.8:53 app.toroinvestimentos.com.br udp
EE 212.47.208.140:80 forum.biketime.ee tcp
CZ 77.75.78.104:80 login.szn.cz tcp
US 50.58.50.26:80 sermoncentral.com tcp
CL 200.72.242.17:80 tramites.dirtrab.cl tcp
US 8.8.8.8:53 alt2.gmr-smtp-in.l.google.com udp
US 8.8.8.8:53 mail.my.malwarebytes.com udp
US 8.8.8.8:53 mail.nxlogin.nexon.com udp
US 8.8.8.8:53 ssh.accounts.google.com udp
US 8.8.8.8:53 account.mojang.com udp
US 8.8.8.8:53 170.192.90.93.in-addr.arpa udp
US 8.8.8.8:53 127.155.60.45.in-addr.arpa udp
US 8.8.8.8:53 dashboard.twitch.tv udp
US 8.8.8.8:53 mpsky.oci.co.kr udp
US 8.8.8.8:53 chimeratool.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 125.116.64.186.in-addr.arpa udp
US 8.8.8.8:53 ecetera.hu udp
US 8.8.8.8:53 ftp.ploudos.com udp
NL 142.251.39.110:443 www.youtube.com udp
US 8.8.8.8:53 detectordiscusser.shop udp
NL 142.251.39.110:443 www.youtube.com udp
US 72.44.75.36:80 coryoims.com tcp
US 8.8.8.8:53 ssh.beta.thecrims.com udp
US 8.8.8.8:53 mail.recruitment-portal.in udp
US 8.8.8.8:53 ftp.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 ftp.recruitment-portal.in udp
US 8.8.8.8:53 98.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 ssh.inspireawards-dst.gov.in udp
US 8.8.8.8:53 chimeratool.com udp
US 8.8.8.8:53 campusvirtual.duoc.cl udp
US 8.8.8.8:53 ftp.chat.1337x.to udp
US 8.8.8.8:53 mail.itsapp08.ug.edu.gh udp
US 8.8.8.8:53 ftp.secure.limundo.com udp
US 8.8.8.8:53 ssh.login.szn.cz udp
US 104.21.88.47:80 invadedlands.net tcp
US 8.8.8.8:53 ssh.forum.biketime.ee udp
US 8.8.8.8:53 ssh.recruitment-portal.in udp
US 8.8.8.8:53 mail.inspireawards-dst.gov.in udp
KR 183.109.71.30:80 stdpay.inicis.com tcp
US 104.18.34.171:80 forum.cfx.re tcp
GB 23.214.154.77:80 steamcommunity.com tcp
US 8.8.8.8:53 signup.eune.leagueoflegends.com udp
US 68.232.1.48:80 idp.tamuc.edu tcp
GH 197.255.125.60:80 itsapp08.ug.edu.gh tcp
US 8.8.8.8:53 ftp.forum.biketime.ee udp
US 8.8.8.8:53 fresh-mining.com udp
US 8.8.8.8:53 mail.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 phukienxiga.net.vn udp
US 8.8.8.8:53 ssh.auth.usenext.de udp
US 8.8.8.8:53 ftp.itsapp08.ug.edu.gh udp
US 8.8.8.8:53 park-mx.above.com udp
US 8.8.8.8:53 l171.com udp
US 8.8.8.8:53 ftp.stdpay.inicis.com udp
US 8.8.8.8:53 corumcollege.com udp
US 8.8.8.8:53 ssh.sermoncentral.com udp
US 104.19.143.69:80 www.futbin.com tcp
US 172.66.40.217:80 beta.thecrims.com tcp
IN 192.12.109.71:80 merchant.onlinesbi.sbi tcp
US 188.114.96.2:80 incogniton.com tcp
US 104.31.16.118:80 chat.1337x.to tcp
US 45.60.155.127:80 account.t-mobile.com tcp
FR 52.222.169.92:80 app.toroinvestimentos.com.br tcp
US 8.8.8.8:53 ftp.futbin.com udp
US 8.8.8.8:53 ftp.login.szn.cz udp
US 8.8.8.8:53 pop.idp.tamuc.edu udp
US 8.8.8.8:53 ssh.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 mail.beta.thecrims.com udp
US 8.8.8.8:53 ssh.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 pop.56.itknyga.co.ua udp
US 8.8.8.8:53 mail.idp.tamuc.edu udp
US 8.8.8.8:53 pop.beta.thecrims.com udp
US 8.8.8.8:53 mail.tools.siteground.com udp
US 8.8.8.8:53 ftp.store.steampowered.com udp
US 8.8.8.8:53 disneyplus-com.mail.protection.outlook.com udp
US 8.8.8.8:53 ftp.tramites.dirtrab.cl udp
US 8.8.8.8:53 pop.l171.com udp
US 8.8.8.8:53 mail.l171.com udp
US 8.8.8.8:53 ssh.dewabet.asia udp
US 8.8.8.8:53 mail.forum.biketime.ee udp
US 8.8.8.8:53 ssh.enem.inep.gov.br udp
US 104.26.11.129:80 bonk.io tcp
US 104.26.1.138:443 ploudos.com tcp
US 8.8.8.8:53 djponline.pajak.go.id udp
US 8.8.8.8:53 symulator-farmy.pl udp
US 8.8.8.8:53 mail.account.mojang.com udp
US 8.8.8.8:53 ssh.campusvirtual.duoc.cl udp
US 8.8.8.8:53 ftp.unicfcead.com.br udp
US 8.8.8.8:53 mail.corumcollege.com udp
US 8.8.8.8:53 mail.unicfcead.com.br udp
US 8.8.8.8:53 ssh.thescla.org udp
US 8.8.8.8:53 ssh.itsapp08.ug.edu.gh udp
GB 104.77.160.196:80 account.mojang.com tcp
US 104.21.88.47:80 invadedlands.net tcp
DE 93.90.192.170:80 courtyardmtyapto.ipsofactu.mx tcp
DE 108.138.7.116:80 spin247.com tcp
RU 185.215.113.45:80 185.215.113.45 tcp
US 8.8.8.8:53 mail.chat.1337x.to udp
US 8.8.8.8:53 account.t-mobile.com udp
US 8.8.8.8:53 pop.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 mail.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 www.limundo.com udp
BE 64.233.167.84:80 accounts.google.com tcp
IN 164.100.213.160:80 inspireawards-dst.gov.in tcp
US 103.224.182.253:80 toreents.club tcp
IN 14.139.61.154:80 recruitment-portal.in tcp
GB 104.77.160.196:80 account.mojang.com tcp
CL 186.64.116.125:80 mail.alt-torrent.com tcp
US 104.21.66.204:80 ssh.modthesims.info tcp
FR 52.84.174.23:443 tools.siteground.com tcp
GB 92.123.241.50:80 store.steampowered.com tcp
FR 18.244.28.29:80 my.malwarebytes.com tcp
GB 3.10.126.228:80 signup.eune.leagueoflegends.com tcp
US 34.218.145.143:80 disneyplus.com tcp
BR 200.130.24.34:80 enem.inep.gov.br tcp
GB 23.214.154.77:80 steamcommunity.com tcp
US 104.21.19.244:80 thepixellab.net tcp
VN 103.9.206.107:443 kame.vn tcp
US 8.8.8.8:53 mail.56.itknyga.co.ua udp
US 8.8.8.8:53 ssh.my.malwarebytes.com udp
US 8.8.8.8:53 pop.my.malwarebytes.com udp
US 8.8.8.8:53 muchienviet.com udp
US 8.8.8.8:53 mail.enem.inep.gov.br udp
US 8.8.8.8:53 pop.enem.inep.gov.br udp
US 8.8.8.8:53 ftp.invadedlands.net udp
US 8.8.8.8:53 ftp.forum.cfx.re udp
US 8.8.8.8:53 mail.muchienviet.com udp
US 8.8.8.8:53 pop.muchienviet.com udp
US 8.8.8.8:53 mail.dewabet.asia udp
US 8.8.8.8:53 116.7.138.108.in-addr.arpa udp
US 8.8.8.8:53 mail.recruitment-portal.in udp
US 8.8.8.8:53 ftp.stdpay.inicis.com udp
US 8.8.8.8:53 ssh.inspireawards-dst.gov.in udp
US 8.8.8.8:53 mail.itsapp08.ug.edu.gh udp
US 8.8.8.8:53 ssh.login.szn.cz udp
US 8.8.8.8:53 ftp.secure.limundo.com udp
US 8.8.8.8:53 pop.recruitment-portal.in udp
CL 200.72.242.17:80 tramites.dirtrab.cl tcp
US 8.8.8.8:53 banpaudpnf.kemdikbud.go.id udp
US 8.8.8.8:53 idp.openccc.net udp
GB 146.75.74.167:80 dashboard.twitch.tv tcp
US 8.8.8.8:53 pop.nxlogin.nexon.com udp
US 8.8.8.8:53 ssh.accounts.google.com udp
US 8.8.8.8:53 253.182.224.103.in-addr.arpa udp
US 8.8.8.8:53 23.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 ftp.portal.e-beam.com udp
US 8.8.8.8:53 portal.e-beam.com udp
US 8.8.8.8:53 mail.login.szn.cz udp
US 8.8.8.8:53 ssh.stdpay.inicis.com udp
US 8.8.8.8:53 ftp.accounts.google.com udp
US 8.8.8.8:53 ssh.tools.siteground.com udp
US 8.8.8.8:53 mail.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 ftp.itsapp08.ug.edu.gh udp
US 8.8.8.8:53 ssh.sermoncentral.com udp
US 8.8.8.8:53 l171.com udp
US 8.8.8.8:53 account.mojang.com udp
US 8.8.8.8:53 ssh.unicfcead.com.br udp
DE 93.90.192.170:80 courtyardmtyapto.ipsofactu.mx tcp
N/A 192.168.96.100:80 mpsky.oci.co.kr tcp
US 8.8.8.8:53 authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 corumcollege.com udp
US 8.8.8.8:53 pop.beta.thecrims.com udp
US 8.8.8.8:53 ftp.futbin.com udp
US 8.8.8.8:53 pop.56.itknyga.co.ua udp
US 8.8.8.8:53 ssh.store.steampowered.com udp
US 8.8.8.8:53 ftp.corumcollege.com udp
US 8.8.8.8:53 ftp.auth.usenext.de udp
US 8.8.8.8:53 ftp.lienquancode.com udp
US 8.8.8.8:53 ftp.account.mojang.com udp
US 8.8.8.8:53 mail.portal.e-beam.com udp
US 8.8.8.8:53 disneyplus-com.mail.protection.outlook.com udp
US 104.26.1.138:80 ploudos.com tcp
KR 183.109.71.30:80 stdpay.inicis.com tcp
US 104.21.88.47:443 invadedlands.net tcp
RU 193.233.132.56:80 193.233.132.56 tcp
US 68.232.1.48:80 idp.tamuc.edu tcp
US 104.22.70.253:80 auth.usenext.de tcp
BE 64.233.167.84:443 accounts.google.com tcp
US 8.8.8.8:53 ftp.ecetera.hu udp
US 8.8.8.8:53 spin247.com udp
US 8.8.8.8:53 pop.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 mail.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 pop.seraphzone.com udp
US 8.8.8.8:53 ssh.tramites.dirtrab.cl udp
US 8.8.8.8:53 mail.inainscripcioncursos.ac.cr udp
RU 81.94.159.197:80 galandskiyher5.com tcp
US 104.21.16.59:443 lienquancode.com tcp
CZ 77.75.78.104:80 login.szn.cz tcp
US 104.18.34.171:443 forum.cfx.re tcp
US 104.20.77.245:80 chimeratool.com tcp
FR 52.84.174.23:80 tools.siteground.com tcp
BE 64.233.167.84:80 accounts.google.com tcp
US 188.114.97.2:443 incogniton.com tcp
US 72.44.75.36:80 coryoims.com tcp
ID 103.28.106.147:80 djponline.pajak.go.id tcp
DE 212.53.194.169:80 en.forgeofempires.com tcp
US 3.19.19.230:443 unicfcead.com.br tcp
US 3.83.191.190:80 www.thescla.org tcp
US 50.58.50.26:80 sermoncentral.com tcp
N/A 127.0.0.1:42463 tcp
DE 141.95.86.58:80 symulator-farmy.pl tcp
US 8.8.8.8:53 ftp.courtyardmtyapto.ipsofactu.mx udp
N/A 192.168.96.100:80 mpsky.oci.co.kr tcp
US 103.224.182.253:80 toreents.club tcp
US 20.122.152.78:80 inainscripcioncursos.ac.cr tcp
VN 103.9.206.107:80 kame.vn tcp
IN 192.12.109.71:80 merchant.onlinesbi.sbi tcp
GH 197.255.125.60:80 itsapp08.ug.edu.gh tcp
CL 186.64.116.125:443 ftp.alt-torrent.com tcp
GB 146.75.74.167:80 dashboard.twitch.tv tcp
US 8.8.8.8:53 bay247.vip udp
US 8.8.8.8:53 ipinfo.io udp
US 8.8.8.8:53 mail.forum.cfx.re udp
US 8.8.8.8:53 mail.unicfcead.com.br udp
US 8.8.8.8:53 ssh.login.szn.cz udp
US 8.8.8.8:53 56.132.233.193.in-addr.arpa udp
US 34.218.145.143:80 disneyplus.com tcp
US 8.8.8.8:53 pop.campusvirtual.duoc.cl udp
US 8.8.8.8:53 197.159.94.81.in-addr.arpa udp
US 8.8.8.8:53 ssh.invadedlands.net udp
US 8.8.8.8:53 ftp.incogniton.com udp
US 8.8.8.8:53 pop.rec.hobsons.co.uk udp
US 8.8.8.8:53 pop.nxlogin.nexon.com udp
US 8.8.8.8:53 mail.login.szn.cz udp
US 8.8.8.8:53 portal.e-beam.com udp
US 8.8.8.8:53 account.mojang.com udp
US 8.8.8.8:53 pop.beta.thecrims.com udp
US 8.8.8.8:53 245.77.20.104.in-addr.arpa udp
US 8.8.8.8:53 mmmreturns.com udp
US 8.8.8.8:53 wow-freakz.com udp
US 8.8.8.8:53 mail.campusvirtual.duoc.cl udp
US 8.8.8.8:53 mail.recruitment-portal.in udp
US 8.8.8.8:53 ssh.kame.vn udp
US 8.8.8.8:53 pop.recruitment-portal.in udp
US 8.8.8.8:53 unicfcead.com.br udp
US 8.8.8.8:53 ssh.secure.limundo.com udp
US 8.8.8.8:53 ftp.stdpay.inicis.com udp
US 8.8.8.8:53 ssh.accounts.google.com udp
US 8.8.8.8:53 ssh.tools.siteground.com udp
US 8.8.8.8:53 ftp.portal.e-beam.com udp
US 8.8.8.8:53 mail.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 ssh.unicfcead.com.br udp
US 8.8.8.8:53 ssh.sermoncentral.com udp
US 8.8.8.8:53 l171.com udp
US 8.8.8.8:53 ftp.itsapp08.ug.edu.gh udp
US 8.8.8.8:53 ssh.portal.e-beam.com udp
US 8.8.8.8:53 mail.tramites.dirtrab.cl udp
US 8.8.8.8:53 ssh.stdpay.inicis.com udp
US 8.8.8.8:53 mx1.privateemail.com udp
US 8.8.8.8:53 ssh.beta.thecrims.com udp
US 8.8.8.8:53 pop.inspireawards-dst.gov.in udp
US 8.8.8.8:53 169.194.53.212.in-addr.arpa udp
US 8.8.8.8:53 fresh-mining.com udp
US 8.8.8.8:53 mail.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 mail.secure.limundo.com udp
US 8.8.8.8:53 stdpay.inicis.com udp
US 8.8.8.8:53 ftp.corumcollege.com udp
US 8.8.8.8:53 ssh.store.steampowered.com udp
US 8.8.8.8:53 mail.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 mail.l171.com udp
US 8.8.8.8:53 pop.authpre.senasofiaplus.edu.co udp
US 104.31.16.118:80 chat.1337x.to tcp
IN 164.100.213.160:80 inspireawards-dst.gov.in tcp
US 8.8.8.8:53 wow-freakz.com udp
DE 93.90.192.170:80 ftp.courtyardmtyapto.ipsofactu.mx tcp
IN 14.139.61.154:80 recruitment-portal.in tcp
US 8.8.8.8:53 ssh.account.mojang.com udp
US 8.8.8.8:53 mail.account.mojang.com udp
US 8.8.8.8:53 ssh.muchienviet.com udp
RU 193.233.132.56:80 193.233.132.56 tcp
US 8.8.8.8:53 ssh.itsapp08.ug.edu.gh udp
US 188.114.96.2:80 ftp.incogniton.com tcp
US 104.19.143.69:443 www.futbin.com tcp
BE 64.233.167.84:80 accounts.google.com tcp
US 104.26.11.129:80 bonk.io tcp
BR 200.130.24.34:80 enem.inep.gov.br tcp
US 104.21.88.47:80 invadedlands.net tcp
ID 118.98.221.175:80 banpaudpnf.kemdikbud.go.id tcp
US 45.60.47.171:80 idp.openccc.net tcp
US 52.21.145.149:80 campusvirtual.duoc.cl tcp
US 72.44.75.36:80 coryoims.com tcp
US 45.60.47.171:80 idp.openccc.net tcp
KR 183.109.71.30:80 stdpay.inicis.com tcp
US 104.20.51.237:80 ytmonster.net tcp
IN 192.12.109.71:80 merchant.onlinesbi.sbi tcp
US 45.60.155.127:80 account.t-mobile.com tcp
US 45.60.47.171:80 idp.openccc.net tcp
GB 92.123.241.50:80 store.steampowered.com tcp
US 104.20.51.237:80 ytmonster.net tcp
US 104.21.19.244:80 thepixellab.net tcp
US 104.18.34.171:80 forum.cfx.re tcp
RS 87.237.202.69:80 www.limundo.com tcp
US 8.8.8.8:53 daftar-sscasn.bkn.go.id udp
US 8.8.8.8:53 mail.enem.inep.gov.br udp
US 8.8.8.8:53 ssh.forum.biketime.ee udp
US 8.8.8.8:53 mail.account.mojang.com udp
US 8.8.8.8:53 mail.coryoims.com udp
US 8.8.8.8:53 mail.dewabet.asia udp
US 8.8.8.8:53 mail.inspireawards-dst.gov.in udp
US 8.8.8.8:53 mail.courtyardmtyapto.ipsofactu.mx udp
US 8.8.8.8:53 mail.lienquancode.com udp
US 8.8.8.8:53 daftar-sscasn.bkn.go.id udp
US 8.8.8.8:53 alt4.aspmx.l.google.com udp
US 8.8.8.8:53 mail.stdpay.inicis.com udp
US 8.8.8.8:53 171.47.60.45.in-addr.arpa udp
US 8.8.8.8:53 175.221.98.118.in-addr.arpa udp
US 8.8.8.8:53 aticlix.net udp
US 8.8.8.8:53 ssh.courtyardmtyapto.ipsofactu.mx udp
US 8.8.8.8:53 aspmx2.googlemail.com udp
US 8.8.8.8:53 my.malwarebytes.com udp
US 8.8.8.8:53 ssh.lienquancode.com udp
US 8.8.8.8:53 ssh.ploudos.com udp
US 8.8.8.8:53 ssh.forum.cfx.re udp
LK 222.165.160.106:80 internetvas.slt.lk tcp
US 104.21.16.59:80 lienquancode.com tcp
US 8.8.8.8:53 portal.e-beam.com udp
US 68.232.1.48:80 idp.tamuc.edu tcp
GB 146.75.74.167:443 dashboard.twitch.tv tcp
RU 185.215.113.32:80 185.215.113.32 tcp
US 8.8.8.8:53 aticlix.net udp
US 8.8.8.8:53 beding.arshab.com udp
US 8.8.8.8:53 s12.proserv.ge udp
US 8.8.8.8:53 malta.iway.ch udp
US 8.8.8.8:53 ftp.secure.limundo.com udp
US 8.8.8.8:53 237.51.20.104.in-addr.arpa udp
CL 186.64.116.125:80 ftp.alt-torrent.com tcp
US 199.59.243.225:80 ww25.toreents.club tcp
US 3.19.19.230:80 unicfcead.com.br tcp
US 188.114.97.2:80 ftp.incogniton.com tcp
US 20.122.152.78:80 inainscripcioncursos.ac.cr tcp
US 67.225.218.22:80 shadowave.info tcp
US 8.8.8.8:53 ssh.tools.siteground.com udp
US 8.8.8.8:53 mail.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 ssh.unicfcead.com.br udp
US 8.8.8.8:53 ftp.portal.e-beam.com udp
US 8.8.8.8:53 ssh.portal.e-beam.com udp
US 8.8.8.8:53 ssh.store.steampowered.com udp
DE 93.90.192.170:80 ssh.courtyardmtyapto.ipsofactu.mx tcp
US 8.8.8.8:53 ftp.invadedlands.net udp
US 8.8.8.8:53 ftp.disneyplus.com udp
US 104.26.1.138:443 ploudos.com tcp
RO 93.115.95.83:80 perfectmoney.com tcp
US 104.22.70.253:80 auth.usenext.de tcp
US 8.8.8.8:53 phukienxiga.net.vn udp
US 8.8.8.8:53 ftp.fresh-mining.com udp
US 8.8.8.8:53 beding.arshab.com udp
US 8.8.8.8:53 s12.proserv.ge udp
US 8.8.8.8:53 my.forextime.com udp
US 8.8.8.8:53 account.t-mobile.com udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 ssh.auth.usenext.de udp
US 8.8.8.8:53 mail.auth.usenext.de udp
US 8.8.8.8:53 pop.seraphzone.com udp
US 8.8.8.8:53 ssh.tramites.dirtrab.cl udp
US 8.8.8.8:53 pop.beta.thecrims.com udp
US 8.8.8.8:53 ssh.sermoncentral.com udp
US 8.8.8.8:53 ssh.kame.vn udp
US 8.8.8.8:53 marocagreg.com udp
US 8.8.8.8:53 mail.my.malwarebytes.com udp
US 8.8.8.8:53 ssh.nxlogin.nexon.com udp
US 8.8.8.8:53 ftp.tools.siteground.com udp
CZ 77.75.78.104:80 login.szn.cz tcp
US 45.60.155.127:80 account.t-mobile.com tcp
US 8.8.8.8:53 ftp.ecetera.hu udp
US 8.8.8.8:53 ssh.campusvirtual.duoc.cl udp
US 8.8.8.8:53 ssh.secure.limundo.com udp
US 8.8.8.8:53 ftp.account.t-mobile.com udp
US 8.8.8.8:53 pop.chat.1337x.to udp
US 8.8.8.8:53 ssh.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 ftp.forum.cfx.re udp
RS 87.237.202.69:80 www.limundo.com tcp
GH 197.255.125.60:80 itsapp08.ug.edu.gh tcp
US 45.60.47.171:80 idp.openccc.net tcp
BR 189.9.176.35:80 recuperacao.acesso.gov.br tcp
US 104.20.77.245:443 chimeratool.com tcp
FR 52.84.174.102:80 tools.siteground.com tcp
US 45.60.47.171:80 idp.openccc.net tcp
US 104.20.51.237:443 www.ytmonster.net tcp
KR 183.109.71.30:80 stdpay.inicis.com tcp
IN 164.100.213.160:80 inspireawards-dst.gov.in tcp
DE 212.53.194.169:443 en.forgeofempires.com tcp
N/A 192.168.96.100:80 mpsky.oci.co.kr tcp
IN 14.139.61.154:80 recruitment-portal.in tcp
US 45.60.13.220:80 mmls.mmu.edu.my tcp
KR 183.110.0.154:80 nxlogin.nexon.com tcp
US 3.83.191.190:80 www.thescla.org tcp
US 103.224.182.253:80 ftp.toreents.club tcp
N/A 127.0.0.1:42463 tcp
US 45.60.47.171:80 idp.openccc.net tcp
LK 222.165.160.106:443 internetvas.slt.lk tcp
ID 103.28.106.147:443 djponline.pajak.go.id tcp
VN 103.9.206.107:80 kame.vn tcp
US 103.224.182.253:80 ftp.toreents.club tcp
RO 93.115.95.83:80 perfectmoney.com tcp
KR 175.120.254.9:80 trmpc.com tcp
US 104.21.88.47:80 invadedlands.net tcp
US 104.19.143.69:80 www.futbin.com tcp
CL 186.64.116.125:80 ftp.alt-torrent.com tcp
US 104.31.16.118:80 chat.1337x.to tcp
DE 141.95.86.58:443 symulator-farmy.pl tcp
BR 200.130.24.34:80 enem.inep.gov.br tcp
US 20.122.152.78:80 inainscripcioncursos.ac.cr tcp
US 188.114.96.2:80 ftp.incogniton.com tcp
US 104.26.1.138:80 ploudos.com tcp
GB 108.138.217.88:80 spin247.com tcp
GB 146.75.74.167:80 dashboard.twitch.tv tcp
US 8.8.8.8:53 ssh.unicfcead.com.br udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 pop.campusvirtual.duoc.cl udp
US 8.8.8.8:53 mail.coryoims.com udp
US 8.8.8.8:53 pop3.muchienviet.com udp
DE 185.172.128.90:80 185.172.128.90 tcp
DE 93.90.192.170:80 ssh.courtyardmtyapto.ipsofactu.mx tcp
US 8.8.8.8:53 e-learningosimoliceo.it udp
US 8.8.8.8:53 lms.qerp.services udp
US 8.8.8.8:53 ftp.invadedlands.net udp
US 8.8.8.8:53 ftp.disneyplus.com udp
US 8.8.8.8:53 pop3.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 disneyplus.com udp
US 8.8.8.8:53 imap.muchienviet.com udp
US 8.8.8.8:53 mail.unicfcead.com.br udp
US 8.8.8.8:53 imap.nxlogin.nexon.com udp
US 8.8.8.8:53 ssh.spin247.com udp
US 8.8.8.8:53 ssh.futbin.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 23.214.154.77:80 steamcommunity.com tcp
GB 23.214.154.77:443 steamcommunity.com tcp
US 8.8.8.8:53 ssh.thepixellab.net udp
US 8.8.8.8:53 mail.l171.com udp
US 8.8.8.8:53 imap.seraphzone.com udp
US 8.8.8.8:53 imap.l171.com udp
US 8.8.8.8:53 ssh.corumcollege.com udp
US 8.8.8.8:53 ssh.account.mojang.com udp
US 8.8.8.8:53 mail.store.steampowered.com udp
US 8.8.8.8:53 220.13.60.45.in-addr.arpa udp
US 8.8.8.8:53 mail.kame.vn udp
US 8.8.8.8:53 ssh.campusvirtual.duoc.cl udp
US 8.8.8.8:53 ftp.account.t-mobile.com udp
US 8.8.8.8:53 mail.mpsky.oci.co.kr udp
N/A 192.168.96.100:80 mpsky.oci.co.kr tcp
RU 193.233.132.167:80 193.233.132.167 tcp
US 8.8.8.8:53 pop.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 ftp.djponline.pajak.go.id udp
US 8.8.8.8:53 ssh.idp.tamuc.edu udp
US 8.8.8.8:53 ftp.inainscripcioncursos.ac.cr udp
BE 64.233.167.84:80 accounts.google.com tcp
GB 104.77.160.196:80 account.mojang.com tcp
US 72.44.75.36:80 coryoims.com tcp
DE 94.130.222.186:80 s12.proserv.ge tcp
US 8.8.8.8:53 nxlogin.nexon.com udp
US 8.8.8.8:53 ftp.ecetera.hu udp
US 8.8.8.8:53 ssh.secure.limundo.com udp
US 8.8.8.8:53 mail.uc-forum.com udp
US 8.8.8.8:53 pop.chat.1337x.to udp
US 8.8.8.8:53 ftp.forum.cfx.re udp
US 8.8.8.8:53 mail.merchant.onlinesbi.sbi udp
US 45.60.155.127:443 account.t-mobile.com tcp
IN 192.12.109.71:80 merchant.onlinesbi.sbi tcp
GB 108.138.217.88:443 spin247.com tcp
RS 87.237.202.69:443 www.limundo.com tcp
US 34.117.186.192:443 ipinfo.io tcp
US 104.18.34.171:80 forum.cfx.re tcp
ID 118.98.221.175:443 banpaudpnf.kemdikbud.go.id tcp
US 67.225.218.22:80 shadowave.info tcp
DE 185.172.128.187:80 185.172.128.187 tcp
US 104.20.51.237:80 www.ytmonster.net tcp
US 104.20.77.245:80 chimeratool.com tcp
US 68.232.1.48:80 idp.tamuc.edu tcp
DE 212.53.194.169:80 en.forgeofempires.com tcp
US 104.21.19.244:80 thepixellab.net tcp
US 104.21.16.59:80 lienquancode.com tcp
US 8.8.8.8:53 mail.protonmail.ch udp
US 8.8.8.8:53 corumcollege.com udp
US 8.8.8.8:53 pop3.56.itknyga.co.ua udp
US 8.8.8.8:53 bulletin.nexon.com udp
US 8.8.8.8:53 mail.fresh-mining.com udp
US 8.8.8.8:53 ssh.bonk.io udp
US 8.8.8.8:53 ssh.fresh-mining.com udp
US 8.8.8.8:53 ssh.inspireawards-dst.gov.in udp
US 8.8.8.8:53 mail.tramites.dirtrab.cl udp
US 8.8.8.8:53 ftp.stdpay.inicis.com udp
US 104.21.10.242:443 associationokeo.shop tcp
US 8.8.8.8:53 mail.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 pop.enem.inep.gov.br udp
US 8.8.8.8:53 mail.enem.inep.gov.br udp
US 199.59.243.225:80 ww25.toreents.club tcp
US 8.8.8.8:53 ftp.accounts.google.com udp
US 8.8.8.8:53 ssh.futbin.com udp
US 8.8.8.8:53 mail.auth.usenext.de udp
US 8.8.8.8:53 ssh.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 pop.recruitment-portal.in udp
US 8.8.8.8:53 imap.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 account.mojang.com udp
US 8.8.8.8:53 www.minecraft.net udp
US 8.8.8.8:53 beding.arshab.com udp
US 8.8.8.8:53 mail.account.mojang.com udp
US 8.8.8.8:53 phukienxiga.net.vn udp
US 8.8.8.8:53 ftp.phukienxiga.net.vn udp
US 8.8.8.8:53 fritz.box udp
US 8.8.8.8:53 mail.kame.vn udp
US 8.8.8.8:53 ssh.itsapp08.ug.edu.gh udp
US 8.8.8.8:53 disneyplus-com.mail.protection.outlook.com udp
US 8.8.8.8:53 pop.campusvirtual.duoc.cl udp
US 8.8.8.8:53 ssh.disneyplus.com udp
US 8.8.8.8:53 ssh.accounts.google.com udp
US 8.8.8.8:53 ftp.merchant.onlinesbi.sbi udp
US 8.8.8.8:53 portal.e-beam.com udp
US 8.8.8.8:53 mail.dashboard.twitch.tv udp
US 8.8.8.8:53 pop3.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 imap.nxlogin.nexon.com udp
US 8.8.8.8:53 ssh.spin247.com udp
US 8.8.8.8:53 ftp.mumbai.11thadmission.org.in udp
US 8.8.8.8:53 mail.djponline.pajak.go.id udp
US 8.8.8.8:53 mail.l171.com udp
US 8.8.8.8:53 ftp.en.forgeofempires.com udp
US 8.8.8.8:53 invest-hours.pw udp
US 8.8.8.8:53 pop.store.steampowered.com udp
US 8.8.8.8:53 ssh.thepixellab.net udp
US 8.8.8.8:53 ssh.corumcollege.com udp
US 8.8.8.8:53 ssh.account.mojang.com udp
US 8.8.8.8:53 pop.auth.usenext.de udp
US 8.8.8.8:53 mail.itsapp08.ug.edu.gh udp
US 8.8.8.8:53 mail.store.steampowered.com udp
US 8.8.8.8:53 pop.itsapp08.ug.edu.gh udp
US 8.8.8.8:53 imap.seraphzone.com udp
US 8.8.8.8:53 pop3.seraphzone.com udp
US 8.8.8.8:53 ssh.account.t-mobile.com udp
US 8.8.8.8:53 imap.l171.com udp
US 8.8.8.8:53 stdpay.inicis.com udp
RU 193.233.132.56:80 193.233.132.56 tcp
US 104.26.5.15:443 db-ip.com tcp
US 50.28.98.109:80 subsim.com tcp
US 104.21.60.45:80 mumbai.11thadmission.org.in tcp
US 104.20.51.237:80 www.ytmonster.net tcp
US 20.122.152.78:80 inainscripcioncursos.ac.cr tcp
IN 164.100.213.160:80 inspireawards-dst.gov.in tcp
US 104.21.60.45:80 mumbai.11thadmission.org.in tcp
US 45.60.47.171:80 idp.openccc.net tcp
US 3.19.19.230:80 unicfcead.com.br tcp
US 45.60.47.171:80 idp.openccc.net tcp
BG 78.128.98.202:80 www135.imperiaonline.org tcp
US 172.67.132.165:80 wow-freakz.com tcp
GH 197.255.125.60:80 itsapp08.ug.edu.gh tcp
US 54.218.188.255:80 disneyplus.com tcp
GB 146.75.74.167:80 dashboard.twitch.tv tcp
IN 14.139.61.154:80 recruitment-portal.in tcp
US 104.22.70.253:80 auth.usenext.de tcp
US 188.114.97.2:443 ftp.incogniton.com tcp
CL 186.64.116.125:443 ftp.alt-torrent.com tcp
ID 103.28.106.147:80 djponline.pajak.go.id tcp
GB 23.214.154.77:80 steamcommunity.com tcp
CZ 77.75.78.104:80 login.szn.cz tcp
DE 141.95.86.58:80 ftp.symulator-farmy.pl tcp
US 172.67.200.105:80 aticlix.net tcp
DE 94.130.222.186:80 s12.proserv.ge tcp
US 104.26.12.251:80 unknowncheats.me tcp
BG 194.153.145.110:80 passport.abv.bg tcp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 ssh.tramites.dirtrab.cl udp
US 8.8.8.8:53 ww12.shadowave.info udp
US 8.8.8.8:53 45.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 109.98.28.50.in-addr.arpa udp
US 8.8.8.8:53 invest-hours.pw udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 ssh.invadedlands.net udp
US 8.8.8.8:53 ftp.chimeratool.com udp
US 8.8.8.8:53 mail.fresh-mining.com udp
US 8.8.8.8:53 ftp.mpsky.oci.co.kr udp
US 8.8.8.8:53 radioflashbackmani.minhawebradio.net udp
US 8.8.8.8:53 alldebrid.com udp
US 8.8.8.8:53 marocagreg.com udp
US 8.8.8.8:53 pop.forum.biketime.ee udp
US 8.8.8.8:53 ssh.auth.usenext.de udp
US 8.8.8.8:53 pop3.my.malwarebytes.com udp
US 8.8.8.8:53 mail.chat.1337x.to udp
US 8.8.8.8:53 pop3.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 mail.muchienviet.com udp
US 8.8.8.8:53 pop.tramites.dirtrab.cl udp
US 8.8.8.8:53 ftp.coryoims.com udp
US 8.8.8.8:53 ftp.inainscripcioncursos.ac.cr udp
US 8.8.8.8:53 ftp.idp.openccc.net udp
US 8.8.8.8:53 pop.chat.1337x.to udp
US 8.8.8.8:53 ftp.forum.cfx.re udp
US 8.8.8.8:53 pop.account.mojang.com udp
US 8.8.8.8:53 imap.inspireawards-dst.gov.in udp
US 8.8.8.8:53 mmmreturns.com udp
US 8.8.8.8:53 nxlogin.nexon.com udp
US 8.8.8.8:53 ftp.djponline.pajak.go.id udp
US 8.8.8.8:53 mmls.mmu.edu.my udp
US 8.8.8.8:53 ftp.banpaudpnf.kemdikbud.go.id udp
US 54.218.188.255:80 disneyplus.com tcp
IN 192.12.109.71:80 merchant.onlinesbi.sbi tcp
VN 103.9.206.107:80 kame.vn tcp
TH 83.118.17.100:80 lms.qerp.services tcp
ID 118.98.221.175:80 banpaudpnf.kemdikbud.go.id tcp
ID 103.28.106.147:80 djponline.pajak.go.id tcp
US 8.8.8.8:53 bo.sentralcargo.co.id udp
US 8.8.8.8:53 mmmreturns.com udp
US 8.8.8.8:53 recuperacao.acesso.gov.br udp
US 8.8.8.8:53 bonk.io udp
US 8.8.8.8:53 255.188.218.54.in-addr.arpa udp
US 8.8.8.8:53 pop3.idp.tamuc.edu udp
US 8.8.8.8:53 mail.dashboard.twitch.tv udp
US 8.8.8.8:53 mx.e-learningosimoliceo.it udp
US 8.8.8.8:53 marocagreg.com udp
US 8.8.8.8:53 alldebrid.com udp
US 8.8.8.8:53 105.200.67.172.in-addr.arpa udp
US 8.8.8.8:53 account.mojang.com udp
US 8.8.8.8:53 beding.arshab.com udp
US 8.8.8.8:53 pop.auth.usenext.de udp
US 8.8.8.8:53 imap.nxlogin.nexon.com udp
US 8.8.8.8:53 ssh.corumcollege.com udp
US 8.8.8.8:53 disneyplus-com.mail.protection.outlook.com udp
US 8.8.8.8:53 imap.enem.inep.gov.br udp
US 8.8.8.8:53 mail.mpsky.oci.co.kr udp
US 8.8.8.8:53 invest-hours.pw udp
US 8.8.8.8:53 ssh.incogniton.com udp
US 8.8.8.8:53 pop.tools.siteground.com udp
US 8.8.8.8:53 mx1.mail.ovh.net udp
US 8.8.8.8:53 251.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 110.145.153.194.in-addr.arpa udp
US 8.8.8.8:53 ssh.thescla.org udp
US 8.8.8.8:53 ssh.stdpay.inicis.com udp
US 8.8.8.8:53 ecetera.hu udp
US 8.8.8.8:53 ftp.fresh-mining.com udp
US 8.8.8.8:53 www.maxmind.com udp
US 8.8.8.8:53 ssh.alt-torrent.com udp
US 8.8.8.8:53 mail.coryoims.com udp
US 8.8.8.8:53 mail.invadedlands.net udp
US 8.8.8.8:53 mail.secure.limundo.com udp
US 8.8.8.8:53 ftp.steamcommunity.com udp
US 8.8.8.8:53 ssh.inspireawards-dst.gov.in udp
US 8.8.8.8:53 ftp.perfectmoney.com udp
US 8.8.8.8:53 mail.forum.cfx.re udp
US 8.8.8.8:53 ssh.ploudos.com udp
US 8.8.8.8:53 mail.my.malwarebytes.com udp
US 8.8.8.8:53 ssh.lienquancode.com udp
US 8.8.8.8:53 ftp.accounts.google.com udp
US 8.8.8.8:53 ftp.en.forgeofempires.com udp
US 8.8.8.8:53 mail.l171.com udp
US 8.8.8.8:53 gmr-smtp-in.l.google.com udp
US 8.8.8.8:53 ssh.en.forgeofempires.com udp
US 8.8.8.8:53 login.szn.cz udp
US 8.8.8.8:53 mx1.titan.email udp
US 8.8.8.8:53 ssh.djponline.pajak.go.id udp
US 8.8.8.8:53 mail.banpaudpnf.kemdikbud.go.id udp
US 8.8.8.8:53 ssh.inainscripcioncursos.ac.cr udp
US 8.8.8.8:53 mail.account.t-mobile.com udp
US 8.8.8.8:53 symulator-farmy.pl udp
US 8.8.8.8:53 mail.auth.usenext.de udp
US 8.8.8.8:53 imap.auth.usenext.de udp
US 8.8.8.8:53 ssh.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 imap.login.szn.cz udp
US 8.8.8.8:53 mail.seraphzone.com udp
US 8.8.8.8:53 pop.enem.inep.gov.br udp
US 8.8.8.8:53 pop3.l171.com udp
US 8.8.8.8:53 ssh.merchant.onlinesbi.sbi udp
US 8.8.8.8:53 mail.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 pop3.recruitment-portal.in udp
US 8.8.8.8:53 imap.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 mail.lienquancode.com udp
US 8.8.8.8:53 phukienxiga.net.vn udp
US 8.8.8.8:53 mail.phukienxiga.net.vn udp
US 8.8.8.8:53 ssh.disneyplus.com udp
US 8.8.8.8:53 imap.account.mojang.com udp
US 8.8.8.8:53 mail.itsapp08.ug.edu.gh udp
US 8.8.8.8:53 mail.kame.vn udp
US 8.8.8.8:53 ftp.mumbai.11thadmission.org.in udp
US 8.8.8.8:53 imap.l171.com udp
US 8.8.8.8:53 portal.e-beam.com udp
US 8.8.8.8:53 ssh.itsapp08.ug.edu.gh udp
US 8.8.8.8:53 ssh.account.t-mobile.com udp
US 8.8.8.8:53 pop.itsapp08.ug.edu.gh udp
US 8.8.8.8:53 imap.seraphzone.com udp
US 8.8.8.8:53 pop3.seraphzone.com udp
US 8.8.8.8:53 pop3.56.itknyga.co.ua udp
US 8.8.8.8:53 mail.tramites.dirtrab.cl udp
US 8.8.8.8:53 mail.enem.inep.gov.br udp
US 104.18.146.235:80 www.maxmind.com tcp
RO 93.115.95.83:80 perfectmoney.com tcp
GB 108.138.217.9:80 spin247.com tcp
US 103.224.182.253:80 ssh.toreents.club tcp
US 72.44.75.36:80 coryoims.com tcp
US 3.83.191.190:80 www.thescla.org tcp
US 50.28.98.109:80 subsim.com tcp
US 104.21.88.47:80 invadedlands.net tcp
US 104.19.143.69:80 www.futbin.com tcp
US 8.8.8.8:53 mail.ecetera.hu udp
US 8.8.8.8:53 mail.chat.1337x.to udp
US 8.8.8.8:53 mail.account.t-mobile.com udp
US 8.8.8.8:53 www.wow-freakz.com udp
US 104.20.51.237:443 www.ytmonster.net tcp
US 45.60.13.220:443 mmls.mmu.edu.my tcp
US 45.60.155.127:80 account.t-mobile.com tcp
LK 222.165.160.106:80 internetvas.slt.lk tcp
GB 104.77.160.209:80 account.mojang.com tcp
RO 93.115.95.83:80 perfectmoney.com tcp
US 8.8.8.8:53 imap.my.malwarebytes.com udp
US 8.8.8.8:53 ftp.dashboard.twitch.tv udp
US 8.8.8.8:53 pop.corumcollege.com udp
US 8.8.8.8:53 imap.idp.tamuc.edu udp
US 8.8.8.8:53 mail.portal.e-beam.com udp
US 8.8.8.8:53 pop.nxlogin.nexon.com udp
US 8.8.8.8:53 pop.login.szn.cz udp
US 8.8.8.8:53 mail.store.steampowered.com udp
US 8.8.8.8:53 imap.campusvirtual.duoc.cl udp
US 8.8.8.8:53 imap.muchienviet.com udp
US 8.8.8.8:53 imap.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 56.itknyga.co.ua udp
US 8.8.8.8:53 mail.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 ssh.chat.1337x.to udp
FR 52.84.174.100:80 tools.siteground.com tcp
GB 104.103.255.201:443 www.disneyplus.com tcp
BG 78.128.98.202:80 www135.imperiaonline.org tcp
US 104.21.60.45:443 mumbai.11thadmission.org.in tcp
GB 146.75.74.167:443 dashboard.twitch.tv tcp
GB 23.214.154.77:443 steamcommunity.com tcp
N/A 192.168.96.100:80 mpsky.oci.co.kr tcp
BE 64.233.167.84:80 accounts.google.com tcp
DE 94.130.222.186:80 s12.proserv.ge tcp
US 20.122.152.78:80 inainscripcioncursos.ac.cr tcp
US 54.162.13.115:80 campusvirtual.duoc.cl tcp
US 3.19.19.230:80 unicfcead.com.br tcp
US 45.60.47.171:80 idp.openccc.net tcp
DE 212.53.194.169:443 en.forgeofempires.com tcp
CL 186.64.116.125:80 ftp.alt-torrent.com tcp
US 188.114.97.2:80 ftp.incogniton.com tcp
DE 45.76.93.104:80 fritz.box tcp
US 8.8.8.8:53 ftp.chimeratool.com udp
US 8.8.8.8:53 ssh.invadedlands.net udp
US 8.8.8.8:53 mx1.privateemail.com udp
US 8.8.8.8:53 pop3.muchienviet.com udp
GB 108.138.217.9:443 spin247.com tcp
TW 61.57.229.1:80 openpoint.com.tw tcp
US 8.8.8.8:53 mail.nxlogin.nexon.com udp
US 8.8.8.8:53 ftp.banpaudpnf.kemdikbud.go.id udp
US 8.8.8.8:53 invest-hours.pw udp
US 8.8.8.8:53 ssh.dashboard.twitch.tv udp
US 8.8.8.8:53 pop3.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 account.t-mobile.com udp
US 8.8.8.8:53 mail.alldebrid.com udp
US 8.8.8.8:53 mail.fresh-mining.com udp
US 8.8.8.8:53 ftp.mpsky.oci.co.kr udp
US 8.8.8.8:53 imap.inspireawards-dst.gov.in udp
US 8.8.8.8:53 ftp.djponline.pajak.go.id udp
US 104.26.12.251:443 unknowncheats.me tcp
GH 197.255.125.60:80 itsapp08.ug.edu.gh tcp
US 45.60.47.171:80 idp.openccc.net tcp
IT 89.46.110.69:80 e-learningosimoliceo.it tcp
US 104.18.231.99:80 my.forextime.com tcp
BE 64.233.167.84:80 accounts.google.com tcp
US 8.8.8.8:53 ssh.coryoims.com udp
US 8.8.8.8:53 ftp.idp.openccc.net udp
US 8.8.8.8:53 pop3.tramites.dirtrab.cl udp
US 8.8.8.8:53 pop3.my.malwarebytes.com udp
US 8.8.8.8:53 pop.account.mojang.com udp
US 8.8.8.8:53 mmmreturns.com udp
US 8.8.8.8:53 ftp.mmmreturns.com udp
US 8.8.8.8:53 mail.muchienviet.com udp
US 8.8.8.8:53 imap.chat.1337x.to udp
US 8.8.8.8:53 ftp.inainscripcioncursos.ac.cr udp
US 8.8.8.8:53 pop3.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 mail.secure.limundo.com udp
US 8.8.8.8:53 imap.recruitment-portal.in udp
US 8.8.8.8:53 ssh.forum.cfx.re udp
US 8.8.8.8:53 mail.idp.tamuc.edu udp
US 8.8.8.8:53 world.wallstreetenglish.com udp
US 8.8.8.8:53 mmls.mmu.edu.my udp
US 8.8.8.8:53 100.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 201.255.103.104.in-addr.arpa udp
US 8.8.8.8:53 115.13.162.54.in-addr.arpa udp
US 8.8.8.8:53 pop3.forum.biketime.ee udp
US 8.8.8.8:53 ssh.mpsky.oci.co.kr udp
US 8.8.8.8:53 pop3.chat.1337x.to udp
US 8.8.8.8:53 eportfolio.lib.ksu.edu.tw udp
US 8.8.8.8:53 funny-hotel.nl udp
US 8.8.8.8:53 dewabet.asia udp
US 8.8.8.8:53 ssh.ploudos.com udp
US 8.8.8.8:53 ftp.mmls.mmu.edu.my udp
US 8.8.8.8:53 ssh.idp.openccc.net udp
US 8.8.8.8:53 pop.alt-torrent.com udp
BR 189.9.176.35:80 recuperacao.acesso.gov.br tcp
ID 103.89.250.239:80 daftar-sscasn.bkn.go.id tcp
US 104.20.77.245:443 chimeratool.com tcp
US 104.18.34.171:80 forum.cfx.re tcp
RS 87.237.202.69:80 www.limundo.com tcp
US 8.8.8.8:53 ssh.disneyplus.com udp
US 8.8.8.8:53 imap.account.mojang.com udp
US 8.8.8.8:53 mail.coryoims.com udp
US 8.8.8.8:53 imap.56.itknyga.co.ua udp
US 8.8.8.8:53 mail.login.szn.cz udp
US 8.8.8.8:53 imap.login.szn.cz udp
US 8.8.8.8:53 ssh.inainscripcioncursos.ac.cr udp
US 8.8.8.8:53 pop.secure.limundo.com udp
US 8.8.8.8:53 ssh.alt-torrent.com udp
US 8.8.8.8:53 mail.account.t-mobile.com udp
US 8.8.8.8:53 ssh.accounts.google.com udp
US 8.8.8.8:53 ftp.mumbai.11thadmission.org.in udp
US 8.8.8.8:53 mail.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 marocagreg.com udp
US 8.8.8.8:53 www.minecraft.net udp
US 8.8.8.8:53 imap.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 ftp.recuperacao.acesso.gov.br udp
US 8.8.8.8:53 mail.seraphzone.com udp
US 8.8.8.8:53 recuperacao.acesso.gov.br udp
DE 45.76.93.104:80 fritz.box tcp
TW 61.57.229.1:80 openpoint.com.tw tcp
BR 189.9.176.35:80 recuperacao.acesso.gov.br tcp
LK 222.165.160.106:80 internetvas.slt.lk tcp
VN 103.9.206.107:80 kame.vn tcp
US 172.67.132.165:443 www.wow-freakz.com tcp
US 104.23.128.79:80 alldebrid.com tcp
TH 110.78.25.15:80 wsa.dsl.studentloan.or.th tcp
ID 103.28.106.147:443 djponline.pajak.go.id tcp
US 104.21.60.45:80 mumbai.11thadmission.org.in tcp
US 104.20.51.237:80 www.ytmonster.net tcp
US 8.8.8.8:53 imap.enem.inep.gov.br udp
US 8.8.8.8:53 ssh.djponline.pajak.go.id udp
US 8.8.8.8:53 mail.banpaudpnf.kemdikbud.go.id udp
US 8.8.8.8:53 pop.enem.inep.gov.br udp
US 8.8.8.8:53 pop3.l171.com udp
US 8.8.8.8:53 mail.kame.vn udp
US 8.8.8.8:53 pop3.recruitment-portal.in udp
US 8.8.8.8:53 mail.l171.com udp
US 8.8.8.8:53 ftp.spin247.com udp
US 8.8.8.8:53 pop.auth.usenext.de udp
GB 146.75.74.167:80 dashboard.twitch.tv tcp
US 8.8.8.8:53 ssh.lienquancode.com udp
US 8.8.8.8:53 ftp.en.forgeofempires.com udp
US 8.8.8.8:53 mail.internetvas.slt.lk udp
US 8.8.8.8:53 mail.merchant.onlinesbi.sbi udp
US 8.8.8.8:53 mx2.mail.ovh.net udp
US 8.8.8.8:53 mail.idp.openccc.net udp
US 8.8.8.8:53 mail.forum.cfx.re udp
US 8.8.8.8:53 phukienxiga.net.vn udp
US 8.8.8.8:53 imap.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 mail.invadedlands.net udp
US 8.8.8.8:53 pop.courtyardmtyapto.ipsofactu.mx udp
US 8.8.8.8:53 ssh.banpaudpnf.kemdikbud.go.id udp
US 8.8.8.8:53 malta.iway.ch udp
US 8.8.8.8:53 corumcollege.com udp
US 8.8.8.8:53 mail.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 pop.merchant.onlinesbi.sbi udp
US 8.8.8.8:53 ssh.ecetera.hu udp
US 8.8.8.8:53 mail.ecetera.hu udp
US 8.8.8.8:53 mail.chat.1337x.to udp
US 8.8.8.8:53 pop.itsapp08.ug.edu.gh udp
US 8.8.8.8:53 pop.dewabet.asia udp
US 8.8.8.8:53 mail.stdpay.inicis.com udp
US 8.8.8.8:53 pop3.inspireawards-dst.gov.in udp
US 8.8.8.8:53 mail.enem.inep.gov.br udp
US 8.8.8.8:53 pop.account.t-mobile.com udp
US 8.8.8.8:53 ftp.my.forextime.com udp
US 8.8.8.8:53 mail.inspireawards-dst.gov.in udp
US 8.8.8.8:53 mail.account.mojang.com udp
US 8.8.8.8:53 stdpay.inicis.com udp
US 8.8.8.8:53 spin247.com udp
US 8.8.8.8:53 ftp.aticlix.net udp
US 8.8.8.8:53 pop3.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 ssh.thepixellab.net udp
US 8.8.8.8:53 pop3.campusvirtual.duoc.cl udp
US 8.8.8.8:53 mail.dashboard.twitch.tv udp
US 8.8.8.8:53 imap.auth.usenext.de udp
US 8.8.8.8:53 ftp.perfectmoney.com udp
US 8.8.8.8:53 ftp.fresh-mining.com udp
US 8.8.8.8:53 imap.itsapp08.ug.edu.gh udp
US 8.8.8.8:53 69.110.46.89.in-addr.arpa udp
US 8.8.8.8:53 99.231.18.104.in-addr.arpa udp
US 8.8.8.8:53 mail.itsapp08.ug.edu.gh udp
US 8.8.8.8:53 tools.siteground.com udp
US 8.8.8.8:53 mail.phukienxiga.net.vn udp
US 8.8.8.8:53 ssh.en.forgeofempires.com udp
US 8.8.8.8:53 pop.forum.cfx.re udp
US 8.8.8.8:53 pop3.beta.thecrims.com udp
US 8.8.8.8:53 ssh.chimeratool.com udp
US 8.8.8.8:53 mail.portal.e-beam.com udp
US 8.8.8.8:53 mail.store.steampowered.com udp
US 8.8.8.8:53 pop.portal.e-beam.com udp
US 8.8.8.8:53 mail.dewabet.asia udp
US 8.8.8.8:53 imap.idp.tamuc.edu udp
US 8.8.8.8:53 mail.56.itknyga.co.ua udp
US 8.8.8.8:53 ssh.merchant.onlinesbi.sbi udp
US 8.8.8.8:53 mail.my.malwarebytes.com udp
US 8.8.8.8:53 mail.campusvirtual.duoc.cl udp
US 8.8.8.8:53 mail.tramites.dirtrab.cl udp
US 8.8.8.8:53 imap.signup.eune.leagueoflegends.com udp
US 104.21.19.244:80 thepixellab.net tcp
US 103.224.182.253:80 ssh.toreents.club tcp
SG 13.229.246.77:80 bo.sentralcargo.co.id tcp
US 8.8.8.8:53 mail.djponline.pajak.go.id udp
US 8.8.8.8:53 www.spin247.com udp
US 8.8.8.8:53 mail.dashboard.twitch.tv udp
DE 141.95.86.58:443 symulator-farmy.pl tcp
IN 192.12.109.71:80 merchant.onlinesbi.sbi tcp
US 172.67.200.105:443 aticlix.net tcp
US 67.225.218.22:80 ftp.shadowave.info tcp
US 72.44.75.36:80 coryoims.com tcp
FR 13.249.9.74:80 radioflashbackmani.minhawebradio.net tcp
DE 212.53.194.169:80 en.forgeofempires.com tcp
US 104.21.16.59:80 lienquancode.com tcp
BG 78.128.98.202:443 ftp.www135.imperiaonline.org tcp
US 104.26.1.138:80 ploudos.com tcp
DE 94.130.222.186:80 s12.proserv.ge tcp
US 54.218.188.255:80 disneyplus.com tcp
US 104.26.12.251:80 unknowncheats.me tcp
US 8.8.8.8:53 ssh.wow-freakz.com udp
SG 13.229.246.77:80 bo.sentralcargo.co.id tcp
US 45.60.47.171:80 idp.openccc.net tcp
US 45.60.47.171:80 idp.openccc.net tcp
N/A 192.168.96.100:80 mpsky.oci.co.kr tcp
US 8.8.8.8:53 mail.idp.openccc.net udp
US 8.8.8.8:53 futbin.com udp
US 8.8.8.8:53 ssh.tools.siteground.com udp
US 8.8.8.8:53 ssh.portal.e-beam.com udp
US 8.8.8.8:53 www.e-learningosimoliceo.it udp
US 45.60.13.220:80 mmls.mmu.edu.my tcp
GB 23.214.154.77:443 steamcommunity.com tcp
TH 110.78.25.15:80 wsa.dsl.studentloan.or.th tcp
GB 23.214.154.77:80 steamcommunity.com tcp
DE 185.172.128.19:80 185.172.128.19 tcp
TH 83.118.17.100:443 lms.qerp.services tcp
US 20.122.152.78:80 inainscripcioncursos.ac.cr tcp
BG 194.153.145.110:80 passport.abv.bg tcp
US 8.8.8.8:53 aspmx3.googlemail.com udp
US 8.8.8.8:53 mail.secure.limundo.com udp
US 8.8.8.8:53 imap.beta.thecrims.com udp
US 8.8.8.8:53 mail.idp.tamuc.edu udp
US 8.8.8.8:53 ftp.inainscripcioncursos.ac.cr udp
US 8.8.8.8:53 pop3.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 pop3.my.malwarebytes.com udp
US 8.8.8.8:53 pop3.account.mojang.com udp
US 8.8.8.8:53 ftp.idp.openccc.net udp
US 8.8.8.8:53 mail.muchienviet.com udp
US 8.8.8.8:53 imap.chat.1337x.to udp
US 8.8.8.8:53 mail.fresh-mining.com udp
US 8.8.8.8:53 ssh.dashboard.twitch.tv udp
US 8.8.8.8:53 ftp.djponline.pajak.go.id udp
US 8.8.8.8:53 pop3.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 pop3.tramites.dirtrab.cl udp
US 8.8.8.8:53 77.246.229.13.in-addr.arpa udp
US 8.8.8.8:53 iservice.truecorp.co.th udp
US 8.8.8.8:53 lovehoney.com.au udp
US 8.8.8.8:53 mx1.titan.email udp
US 8.8.8.8:53 ftp.internetvas.slt.lk udp
US 8.8.8.8:53 ssh.shadowave.info udp
US 8.8.8.8:53 route1.mx.cloudflare.net udp
US 8.8.8.8:53 mail.toreents.club udp
US 8.8.8.8:53 lovehoney.com.au udp
US 8.8.8.8:53 pop3.auth.usenext.de udp
US 8.8.8.8:53 pfms.nic.in udp
US 8.8.8.8:53 74.9.249.13.in-addr.arpa udp
US 8.8.8.8:53 pop3.enem.inep.gov.br udp
US 8.8.8.8:53 fresh-mining.com udp
US 8.8.8.8:53 mail.auth.usenext.de udp
US 8.8.8.8:53 imap.signup.eune.leagueoflegends.com udp
US 104.21.88.47:80 invadedlands.net tcp
US 8.8.8.8:53 ssh.lienquancode.com udp
US 8.8.8.8:53 mailgate.idp.tamuc.edu udp
US 8.8.8.8:53 www.aticlix.net udp
US 8.8.8.8:53 ftp.symulator-farmy.pl udp
US 8.8.8.8:53 imap.recruitment-portal.in udp
US 8.8.8.8:53 alt4.gmr-smtp-in.l.google.com udp
US 8.8.8.8:53 imap.nxlogin.nexon.com udp
RO 93.115.95.83:80 perfectmoney.com tcp
US 8.8.8.8:53 mail.login.szn.cz udp
US 188.114.97.2:80 lienquancode.com tcp
US 104.20.77.245:80 chimeratool.com tcp
ID 118.98.221.175:443 banpaudpnf.kemdikbud.go.id tcp
US 8.8.8.8:53 imap.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 mail.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 ftp.my.forextime.com udp
US 8.8.8.8:53 mail.tools.siteground.com udp
US 8.8.8.8:53 mail.corumcollege.com udp
US 8.8.8.8:53 ssh.fresh-mining.com udp
US 8.8.8.8:53 mail.chat.1337x.to udp
US 8.8.8.8:53 mail.account.mojang.com udp
US 8.8.8.8:53 pop.lienquancode.com udp
US 8.8.8.8:53 pop.portal.e-beam.com udp
US 8.8.8.8:53 mail.dewabet.asia udp
US 8.8.8.8:53 mail.56.itknyga.co.ua udp
US 8.8.8.8:53 pop.corumcollege.com udp
US 8.8.8.8:53 pop.login.szn.cz udp
US 8.8.8.8:53 pop3.nxlogin.nexon.com udp
US 8.8.8.8:53 ftp.perfectmoney.com udp
US 8.8.8.8:53 ssh.steamcommunity.com udp
US 8.8.8.8:53 ssh.account.t-mobile.com udp
US 8.8.8.8:53 pop.account.t-mobile.com udp
US 8.8.8.8:53 pop.alt-torrent.com udp
US 8.8.8.8:53 mail.merchant.onlinesbi.sbi udp
US 8.8.8.8:53 imap.idp.tamuc.edu udp
US 8.8.8.8:53 imap.itsapp08.ug.edu.gh udp
US 8.8.8.8:53 mail.itsapp08.ug.edu.gh udp
US 8.8.8.8:53 mailgate.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 mail.internetvas.slt.lk udp
US 8.8.8.8:53 imap.stdpay.inicis.com udp
US 8.8.8.8:53 imap.tramites.dirtrab.cl udp
US 8.8.8.8:53 mail.stdpay.inicis.com udp
US 8.8.8.8:53 mail.campusvirtual.duoc.cl udp
US 8.8.8.8:53 pop3.inspireawards-dst.gov.in udp
US 8.8.8.8:53 imap.campusvirtual.duoc.cl udp
US 8.8.8.8:53 ssh.incogniton.com udp
US 8.8.8.8:53 mail.banpaudpnf.kemdikbud.go.id udp
US 45.60.155.127:80 account.t-mobile.com tcp
DE 141.95.86.58:80 ftp.symulator-farmy.pl tcp
DE 108.138.7.116:80 spin247.com tcp
US 104.19.128.70:80 futbin.com tcp
LK 222.165.160.106:443 internetvas.slt.lk tcp
ID 103.28.106.147:80 djponline.pajak.go.id tcp
US 50.28.98.109:80 ftp.subsim.com tcp
US 104.21.19.244:80 thepixellab.net tcp
DE 46.4.57.75:8443 tcp
DE 94.130.222.186:80 mail.s12.proserv.ge tcp
BG 78.128.98.202:80 ftp.www135.imperiaonline.org tcp
BE 64.233.167.84:80 accounts.google.com tcp
IN 192.12.109.71:80 merchant.onlinesbi.sbi tcp
US 8.8.8.8:53 imap.inspireawards-dst.gov.in udp
US 8.8.8.8:53 ftp.banpaudpnf.kemdikbud.go.id udp
US 8.8.8.8:53 bay247.vip udp
US 8.8.8.8:53 mail.bay247.vip udp
US 8.8.8.8:53 mail.phukienxiga.net.vn udp
US 8.8.8.8:53 pop.unicfcead.com.br udp
US 8.8.8.8:53 ssh.merchant.onlinesbi.sbi udp
US 8.8.8.8:53 mail.portal.e-beam.com udp
US 8.8.8.8:53 ssh.en.forgeofempires.com udp
US 8.8.8.8:53 ssh.thepixellab.net udp
US 8.8.8.8:53 pop3.beta.thecrims.com udp
US 8.8.8.8:53 imap.auth.usenext.de udp
US 8.8.8.8:53 pop.forum.cfx.re udp
US 8.8.8.8:53 ftp.bay247.vip udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 mail.store.steampowered.com udp
US 8.8.8.8:53 ssh.chimeratool.com udp
US 8.8.8.8:53 mx1.mail.ovh.net udp
US 8.8.8.8:53 mx2.zoho.com udp
US 8.8.8.8:53 mail.coryoims.com udp
US 8.8.8.8:53 imap.56.itknyga.co.ua udp
US 8.8.8.8:53 ssh.disneyplus.com udp
US 8.8.8.8:53 icash.hermes-it.in udp
US 8.8.8.8:53 internetbanking.tsb.co.uk udp
US 8.8.8.8:53 ftp.spin247.com udp
US 8.8.8.8:53 mail.l171.com udp
US 8.8.8.8:53 pop.kame.vn udp
US 8.8.8.8:53 mail.inspireawards-dst.gov.in udp
US 8.8.8.8:53 phukienxiga.net.vn udp
US 8.8.8.8:53 mail.invadedlands.net udp
US 8.8.8.8:53 pop.dewabet.asia udp
US 8.8.8.8:53 pop3.campusvirtual.duoc.cl udp
US 8.8.8.8:53 mail.enem.inep.gov.br udp
US 8.8.8.8:53 ftp.daftar-sscasn.bkn.go.id udp
US 8.8.8.8:53 ssh.phukienxiga.net.vn udp
US 8.8.8.8:53 ftp.openpoint.com.tw udp
US 8.8.8.8:53 mail.dashboard.twitch.tv udp
US 8.8.8.8:53 ssh.mpsky.oci.co.kr udp
GB 23.48.165.156:80 world.wallstreetenglish.com tcp
CL 186.64.116.125:80 ftp.alt-torrent.com tcp
US 8.8.8.8:53 internetbanking.tsb.co.uk udp
US 8.8.8.8:53 ssh.djponline.pajak.go.id udp
US 8.8.8.8:53 spin247.com udp
US 8.8.8.8:53 mail.mumbai.11thadmission.org.in udp
US 8.8.8.8:53 us-smtp-inbound-2.mimecast.com udp
US 8.8.8.8:53 pop.chimeratool.com udp
US 8.8.8.8:53 us-smtp-inbound-1.mimecast.com udp
US 8.8.8.8:53 ftp.mmls.mmu.edu.my udp
US 8.8.8.8:53 mail.mpsky.oci.co.kr udp
BG 194.153.145.110:80 passport.abv.bg tcp
RU 193.233.132.62:50500 tcp
FR 52.84.174.100:80 tools.siteground.com tcp
TW 120.114.52.139:80 eportfolio.lib.ksu.edu.tw tcp
DE 45.76.93.104:80 fritz.box tcp
TW 61.57.229.1:80 openpoint.com.tw tcp
US 72.44.75.36:80 coryoims.com tcp
US 8.8.8.8:53 imap.my.malwarebytes.com udp
US 8.8.8.8:53 mail.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 disneyplus-com.mail.protection.outlook.com udp
US 8.8.8.8:53 ssh.kame.vn udp
US 8.8.8.8:53 imap.l171.com udp
US 8.8.8.8:53 ssh.portal.e-beam.com udp
US 8.8.8.8:53 ssh.symulator-farmy.pl udp
US 8.8.8.8:53 ftp.lms.qerp.services udp
US 8.8.8.8:53 ssh.wow-freakz.com udp
US 8.8.8.8:53 mail.forum.cfx.re udp
US 8.8.8.8:53 ssh.subsim.com udp
US 8.8.8.8:53 70.128.19.104.in-addr.arpa udp
US 8.8.8.8:53 ftp.accounts.google.com udp
US 8.8.8.8:53 invadedlands.net udp
US 8.8.8.8:53 mail.idp.openccc.net udp
US 8.8.8.8:53 world.wallstreetenglish.com udp
US 8.8.8.8:53 75.57.4.46.in-addr.arpa udp
BE 64.233.167.84:443 accounts.google.com tcp
US 8.8.8.8:53 mailsec.protonmail.ch udp
US 8.8.8.8:53 ssh.mumbai.11thadmission.org.in udp
US 8.8.8.8:53 mail.www135.imperiaonline.org udp
US 8.8.8.8:53 mail.disneyplus.com udp
TH 83.118.17.100:80 lms.qerp.services tcp
US 104.18.231.99:443 www.forextime.com tcp
US 8.8.8.8:53 mailgate.authpre.senasofiaplus.edu.co udp
US 8.8.8.8:53 mail.internetvas.slt.lk udp
US 8.8.8.8:53 imap.tramites.dirtrab.cl udp
US 8.8.8.8:53 imap.stdpay.inicis.com udp
US 8.8.8.8:53 dashboard.twitch.tv udp
US 8.8.8.8:53 account.t-mobile.com udp
US 8.8.8.8:53 ftp.wow-freakz.com udp
US 8.8.8.8:53 mail.unicfcead.com.br udp
US 8.8.8.8:53 ssh.my.forextime.com udp
US 45.60.47.171:80 idp.openccc.net tcp
US 8.8.8.8:53 ftp.ytmonster.net udp
RS 87.237.202.69:80 secure.limundo.com tcp
US 8.8.8.8:53 malta.iway.ch udp
US 8.8.8.8:53 mail.mmls.mmu.edu.my udp
US 8.8.8.8:53 ssh.coryoims.com udp
US 8.8.8.8:53 mail.idp.tamuc.edu udp
US 8.8.8.8:53 imap.beta.thecrims.com udp
US 8.8.8.8:53 pop3.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 mx04.hornetsecurity.com udp
US 8.8.8.8:53 pop3.tramites.dirtrab.cl udp
US 8.8.8.8:53 ftp.internetvas.slt.lk udp
US 8.8.8.8:53 pop3.forum.biketime.ee udp
US 8.8.8.8:53 imap.recruitment-portal.in udp
US 8.8.8.8:53 imap.nxlogin.nexon.com udp
US 8.8.8.8:53 mail.login.szn.cz udp
US 8.8.8.8:53 imap.login.szn.cz udp
US 8.8.8.8:53 pop.coryoims.com udp
US 8.8.8.8:53 ftp.unknowncheats.me udp
US 8.8.8.8:53 pop3.seraphzone.com udp
US 8.8.8.8:53 micuenta.donweb.com udp
US 8.8.8.8:53 cp1.osmosetech.com udp
US 8.8.8.8:53 mail.secure.limundo.com udp
US 8.8.8.8:53 ftp.chimeratool.com udp
US 8.8.8.8:53 ftp.mmmreturns.com udp
US 8.8.8.8:53 ftp.passport.abv.bg udp
US 8.8.8.8:53 ssh.aticlix.net udp
US 8.8.8.8:53 modthesims.info udp
US 8.8.8.8:53 pop3.itsapp08.ug.edu.gh udp
US 8.8.8.8:53 imap.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 pop.tools.siteground.com udp
US 8.8.8.8:53 mail.muchienviet.com udp
US 8.8.8.8:53 ssh.daftar-sscasn.bkn.go.id udp
US 8.8.8.8:53 ssh.incogniton.com udp
US 8.8.8.8:53 pop3.l171.com udp
US 8.8.8.8:53 pop.merchant.onlinesbi.sbi udp
US 8.8.8.8:53 mail.campusvirtual.duoc.cl udp
US 8.8.8.8:53 mail.bonk.io udp
US 8.8.8.8:53 ssh.banpaudpnf.kemdikbud.go.id udp
US 8.8.8.8:53 mail.banpaudpnf.kemdikbud.go.id udp
US 8.8.8.8:53 mail.stdpay.inicis.com udp
US 8.8.8.8:53 imap.campusvirtual.duoc.cl udp
US 8.8.8.8:53 mail.app.toroinvestimentos.com.br udp
US 8.8.8.8:53 pop3.muchienviet.com udp
US 8.8.8.8:53 imap.chat.1337x.to udp
US 8.8.8.8:53 mail.subsim.com udp
US 8.8.8.8:53 pop.secure.limundo.com udp
US 8.8.8.8:53 mail.lienquancode.com udp
US 8.8.8.8:53 ssh.ytmonster.net udp
US 8.8.8.8:53 ssh.dashboard.twitch.tv udp
US 8.8.8.8:53 mx2.titan.email udp
US 8.8.8.8:53 156.165.48.23.in-addr.arpa udp
US 8.8.8.8:53 cp1.osmosetech.com udp
US 8.8.8.8:53 micuenta.donweb.com udp
US 8.8.8.8:53 sso.dla.go.th udp
US 8.8.8.8:53 corumcollege.com udp
US 8.8.8.8:53 imap.enem.inep.gov.br udp
US 8.8.8.8:53 pop3.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 ftp.idp.openccc.net udp
US 8.8.8.8:53 ecetera.hu udp
RU 193.233.132.56:80 193.233.132.56 tcp
US 67.225.218.22:80 ssh.shadowave.info tcp
US 104.21.60.45:443 mumbai.11thadmission.org.in tcp
SG 13.229.246.77:80 bo.sentralcargo.co.id tcp
US 103.224.182.253:80 mail.toreents.club tcp
US 188.114.97.2:80 sorozatbarat.club tcp
RO 93.115.95.83:80 perfectmoney.com tcp
US 54.218.188.255:80 disneyplus.com tcp
FR 13.249.9.39:443 radioflashbackmani.minhawebradio.net tcp
IN 125.17.19.29:80 icash.hermes-it.in tcp
US 50.28.98.109:80 mail.subsim.com tcp
US 172.64.153.85:80 forum.cfx.re tcp
N/A 192.168.96.100:80 mpsky.oci.co.kr tcp
LT 91.211.247.248:53 aypsjxj.ru udp
SG 13.229.246.77:80 bo.sentralcargo.co.id tcp
ID 103.89.250.239:443 daftar-sscasn.bkn.go.id tcp
TW 120.114.52.139:80 eportfolio.lib.ksu.edu.tw tcp
US 3.140.214.32:80 unicfcead.com.br tcp
TW 61.57.229.1:80 openpoint.com.tw tcp
DE 45.76.93.104:80 fritz.box tcp
US 45.60.1.103:80 iservice.truecorp.co.th tcp
ID 118.98.221.175:80 banpaudpnf.kemdikbud.go.id tcp
US 188.114.96.2:80 sorozatbarat.club tcp
BG 78.128.98.202:80 mail.www135.imperiaonline.org tcp
FR 99.86.91.98:80 spin247.com tcp
IN 202.54.157.29:80 icash.hermes-it.in tcp
US 104.20.51.237:80 www.ytmonster.net tcp
US 104.26.12.251:443 unknowncheats.me tcp
VN 103.188.250.131:80 khachhang.giaohangtietkiem.vn tcp
TH 110.78.25.15:80 wsa.dsl.studentloan.or.th tcp
GB 23.53.175.200:80 lovehoney.com.au tcp
IN 125.17.19.29:80 icash.hermes-it.in tcp
US 104.23.128.79:80 alldebrid.com tcp
US 172.67.132.165:80 www.wow-freakz.com tcp
US 8.8.8.8:53 248.247.211.91.in-addr.arpa udp
US 8.8.8.8:53 imap.forum.biketime.ee udp
US 8.8.8.8:53 mail.forum.biketime.ee udp
US 8.8.8.8:53 ftp.beding.arshab.com udp
US 8.8.8.8:53 beding.arshab.com udp
US 8.8.8.8:53 mail.en.forgeofempires.com udp
US 8.8.8.8:53 mailgate.56.itknyga.co.ua udp
US 8.8.8.8:53 pop.fresh-mining.com udp
US 8.8.8.8:53 marocagreg.com udp
US 8.8.8.8:53 fresh-mining.com udp
US 8.8.8.8:53 mail.account.t-mobile.com udp
US 8.8.8.8:53 mail.authpre.senasofiaplus.edu.co udp
DE 212.53.194.169:80 en.forgeofempires.com tcp
US 45.60.1.103:80 iservice.truecorp.co.th tcp
US 172.67.200.105:80 www.aticlix.net tcp
TH 110.78.25.15:80 wsa.dsl.studentloan.or.th tcp
GB 23.53.175.200:80 lovehoney.com.au tcp
VN 103.188.250.131:80 khachhang.giaohangtietkiem.vn tcp
US 172.67.132.165:80 www.wow-freakz.com tcp
US 8.8.8.8:53 ftp.steamcommunity.com udp
US 8.8.8.8:53 ssh.accounts.google.com udp
US 8.8.8.8:53 mail.nxlogin.nexon.com udp
US 8.8.8.8:53 32.214.140.3.in-addr.arpa udp
US 8.8.8.8:53 104.93.76.45.in-addr.arpa udp
US 8.8.8.8:53 ssh.steamcommunity.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 mmmreturns.com udp
US 8.8.8.8:53 mail.itsapp08.ug.edu.gh udp
US 8.8.8.8:53 mmls.mmu.edu.my udp
US 8.8.8.8:53 pop.forum.cfx.re udp
US 8.8.8.8:53 mail.store.steampowered.com udp
US 8.8.8.8:53 imap.signup.eune.leagueoflegends.com udp
US 8.8.8.8:53 pop.djponline.pajak.go.id udp
US 8.8.8.8:53 imap.inspireawards-dst.gov.in udp
US 8.8.8.8:53 ssh.perfectmoney.com udp
BE 64.233.167.84:80 accounts.google.com tcp
DE 94.130.222.186:80 mail.s12.proserv.ge tcp

Files

memory/1612-1-0x0000000001AD0000-0x0000000001BD0000-memory.dmp

memory/1612-2-0x0000000003870000-0x000000000387B000-memory.dmp

memory/1612-3-0x0000000000400000-0x0000000001A29000-memory.dmp

memory/3304-4-0x0000000003340000-0x0000000003356000-memory.dmp

memory/1612-5-0x0000000000400000-0x0000000001A29000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\B44C.exe

MD5 1f2075eafec0c5327118290b68666531
SHA1 0e12d995b602f9aac7dd3558f01c32d68a8ac1ce
SHA256 d1c60eb9343d583dbe9fca64e97f481368187d7927f8a8a60bddcfe092d526c3
SHA512 e4113ed594d23c21e20111007e8dd025eb16e86f64e50e5f02cc6b075e8cb180a2aba3b5e6529729332c8f53e0392e46d1a769cc2add53a2c41e4a4c34673723

memory/1488-15-0x0000000000E00000-0x00000000012B0000-memory.dmp

memory/1488-16-0x0000000077436000-0x0000000077438000-memory.dmp

memory/1488-17-0x0000000000E00000-0x00000000012B0000-memory.dmp

memory/1488-19-0x0000000004ED0000-0x0000000004ED1000-memory.dmp

memory/1488-18-0x0000000004EC0000-0x0000000004EC1000-memory.dmp

memory/1488-20-0x0000000004EB0000-0x0000000004EB1000-memory.dmp

memory/1488-21-0x0000000004EF0000-0x0000000004EF1000-memory.dmp

memory/1488-22-0x0000000004E90000-0x0000000004E91000-memory.dmp

memory/1488-23-0x0000000004EA0000-0x0000000004EA1000-memory.dmp

memory/1488-24-0x0000000004F20000-0x0000000004F21000-memory.dmp

memory/1488-25-0x0000000004F10000-0x0000000004F11000-memory.dmp

memory/1488-31-0x0000000000E00000-0x00000000012B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E967.dll

MD5 b0fb18cfcac1983582e7fd67b2843ce8
SHA1 ca29cf7cee80be38c5d667d5e8c00e6ea11b3294
SHA256 4132c2587cfe85b944d95835d8d0bf92a08a0f831ea26a45c826146048347f45
SHA512 4d9e1b14ef1a8adc15d38846c0a4e1d762e76fd944c76621ef6ac3a8482d14e40cfd4d7a14853d7a99cca2a99aa438eba996e842f1172f5f9a8f34ba1d97daf9

memory/468-36-0x0000000010000000-0x00000000102CE000-memory.dmp

memory/468-35-0x0000000000710000-0x0000000000716000-memory.dmp

memory/468-38-0x0000000002740000-0x000000000286B000-memory.dmp

memory/468-39-0x0000000002870000-0x000000000297F000-memory.dmp

memory/468-42-0x0000000002870000-0x000000000297F000-memory.dmp

memory/468-43-0x0000000010000000-0x00000000102CE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3006.exe

MD5 996c2b1fb60f980ea6618aeefbe4cebf
SHA1 a8553f7f723132a1d35f7a57cae1a2e267cbc2ac
SHA256 f91c0a4753cdb98cce0ade020917fdefe7a8daf88d23b4c07595de741402ca50
SHA512 4af8fb921a332c5ac3d43b85bc23c859e431702e00852537bf1831c7af8b990d880808d044a1317873c77fbdecb1af7c97bed9edd9e2185bcbfa390c463f9056

memory/1532-50-0x00000000023D0000-0x000000000258D000-memory.dmp

memory/1532-51-0x0000000002590000-0x0000000002747000-memory.dmp

memory/1416-52-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3006.exe

MD5 f07ffc94cd213aba6744c5af7a43924b
SHA1 c1dbfd9ac5a8e58f013ce8a64c77a943f492b544
SHA256 28d5437ba0fbeb62913b396b10f0fbf9f149b138beb3376390b31531dd95c9de
SHA512 bb951e2462a5c0c280ffcb0f0b8f80aa6094c0e5c51586db2ecd0813504f4f18ad49ac87742a35f7f06a477a2909f0245e0bd194e22bad1de42add8dda9b5639

memory/1416-55-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1416-56-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1416-57-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1416-58-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1416-59-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1416-62-0x0000000000F70000-0x0000000000F76000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

MD5 e712319f829bb8cd615b7c2cc97c97e3
SHA1 0bcdf2d7e6414b2282669871694e12e96c4ffe90
SHA256 09a291d9a0b89ef5c54703dbbbebab48175f5265aacae397e1f5c366d544250b
SHA512 58b9f2f21b0ba75d5c3985e16949f3deb5ca7e18049e1e4bbd19faac8c472a41f49cb23098815b4dd7484e8db63efb4e1d0d0c5192659750ab558314c8072e42

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

MD5 e05fdc969c15296b1a90da509294ed10
SHA1 9d71ee83bcd71b57d1795046c4d4f933202c34cf
SHA256 288ec4a87b88bc2077f77d2f6511fde993427394245ece02543479b61cb8b37a
SHA512 9bad15184f8257d3937f88bb0454dc97c4616dd16db3e833206134ccbec398cd1c6fc843f315326f956cba7dfd8e9652b9733219d08b21e9648dd51fc012d0e5

memory/2168-66-0x0000000000200000-0x00000000006B0000-memory.dmp

memory/2168-67-0x0000000000200000-0x00000000006B0000-memory.dmp

memory/2168-69-0x0000000004C70000-0x0000000004C71000-memory.dmp

memory/2168-68-0x0000000004C60000-0x0000000004C61000-memory.dmp

memory/2168-71-0x0000000004C90000-0x0000000004C91000-memory.dmp

memory/2168-70-0x0000000004C50000-0x0000000004C51000-memory.dmp

memory/2168-72-0x0000000004C30000-0x0000000004C31000-memory.dmp

memory/2168-73-0x0000000004C40000-0x0000000004C41000-memory.dmp

memory/2168-75-0x0000000004CC0000-0x0000000004CC1000-memory.dmp

memory/2168-76-0x0000000004CB0000-0x0000000004CB1000-memory.dmp

memory/1416-77-0x0000000002F00000-0x000000000302B000-memory.dmp

memory/1416-78-0x0000000003030000-0x000000000313F000-memory.dmp

memory/1416-81-0x0000000003030000-0x000000000313F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe

MD5 a3f8b60a08da0f600cfce3bb600d5cb3
SHA1 b00d7721767b717b3337b5c6dade4ebf2d56345e
SHA256 0c608a9b1e70bf8b51a681a8390c8e4743501c45b84cf4d59727aba2fc33cadb
SHA512 14f63e415133ca438d3c217d5fb3ecf0ad76e19969c54d356f46282230230f1b254fbfc8ae5f78809dc189a9648be2dc1398927b3f089c525cd1105a3843f60d

memory/2940-111-0x0000000000990000-0x0000000000A1C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe

MD5 0c4fee8706a8ea370b7a272b7c5bbc85
SHA1 bda2a1ebc921db843d06aa5074884207ccbe9242
SHA256 9ec8397acd7c4106763ba84f4ebe1fd1cf39b4b0de442be8f89cd57de6151aac
SHA512 dd2c1d00325533db2cc5fe14ab52747182a494a2524e4f891e3dcd3ce2ab9685322a9fe1f5f2bd2b9808d6f1efab2a9cdfcc762016935464a7ddd237e620f9a4

memory/2940-122-0x00000000729B0000-0x0000000073161000-memory.dmp

memory/2940-123-0x0000000005480000-0x0000000005490000-memory.dmp

memory/3020-126-0x00000000729B0000-0x0000000073161000-memory.dmp

memory/3020-125-0x0000000000020000-0x00000000000B2000-memory.dmp

memory/2168-127-0x0000000000200000-0x00000000006B0000-memory.dmp

memory/3020-128-0x0000000004B60000-0x0000000004B70000-memory.dmp

memory/2336-133-0x0000000000400000-0x0000000000450000-memory.dmp

memory/3020-135-0x0000000002300000-0x0000000004300000-memory.dmp

memory/3020-138-0x00000000729B0000-0x0000000073161000-memory.dmp

memory/4372-137-0x0000000000400000-0x0000000000448000-memory.dmp

memory/4372-143-0x0000000000400000-0x0000000000448000-memory.dmp

memory/2336-141-0x0000000005DC0000-0x0000000006366000-memory.dmp

memory/2336-144-0x0000000005910000-0x00000000059A2000-memory.dmp

memory/2940-145-0x0000000002CA0000-0x0000000004CA0000-memory.dmp

memory/2940-147-0x00000000729B0000-0x0000000073161000-memory.dmp

memory/4372-148-0x0000000000C00000-0x0000000000C01000-memory.dmp

memory/2336-150-0x00000000059D0000-0x00000000059DA000-memory.dmp

memory/2336-152-0x00000000058E0000-0x00000000058F0000-memory.dmp

memory/2336-153-0x0000000006CE0000-0x00000000072F8000-memory.dmp

memory/4372-154-0x0000000000400000-0x0000000000448000-memory.dmp

memory/2336-157-0x00000000085A0000-0x00000000085B2000-memory.dmp

memory/2336-156-0x00000000729B0000-0x0000000073161000-memory.dmp

memory/2336-155-0x0000000008670000-0x000000000877A000-memory.dmp

memory/2336-158-0x0000000008600000-0x000000000863C000-memory.dmp

memory/2336-159-0x0000000008780000-0x00000000087CC000-memory.dmp

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 fd17bf7b07fc556a1748e9aafed3a89f
SHA1 ba458f77410c2cd7644bb5a6f37d88ed86ebdfcf
SHA256 e649e0c94651f1201d50828cc7598eebf21dbae67631308b412febb3c9dbf9f6
SHA512 53a3975029e7788acab6242527a9f056b98e246c72a88eb440cf1407b96c86ef6781fffe0bf441d3d25521be3577ef7c87218ffb42b9aae49453861854fda3c4

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 92fbdfccf6a63acef2743631d16652a7
SHA1 971968b1378dd89d59d7f84bf92f16fc68664506
SHA256 b4588feacc183cd5a089f9bb950827b75df04bd5a6e67c95ff258e4a34aa0d72
SHA512 b8ea216d4a59d8858fd4128abb555f8dcf3acca9138e663b488f09dc5200db6dc11ecc235a355e801145bbbb44d7beac6147949d75d78b32fe9cfd2fa200d117

memory/2168-172-0x0000000000200000-0x00000000006B0000-memory.dmp

memory/2336-173-0x0000000006870000-0x00000000068D6000-memory.dmp

memory/2336-174-0x0000000009010000-0x0000000009060000-memory.dmp

memory/4372-179-0x0000000000400000-0x0000000000448000-memory.dmp

memory/2124-180-0x00007FFB353C0000-0x00007FFB35E82000-memory.dmp

memory/2124-181-0x000001F7240F0000-0x000001F724100000-memory.dmp

memory/2124-182-0x000001F7240F0000-0x000001F724100000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1lg4gpmg.ln3.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2124-191-0x000001F724270000-0x000001F724292000-memory.dmp

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll

MD5 2afdbe3b99a4736083066a13e4b5d11a
SHA1 4d4856cf02b3123ac16e63d4a448cdbcb1633546
SHA256 8d31b39170909595b518b1a03e9ec950540fabd545ed14817cac5c84b91599ee
SHA512 d89b3c46854153e60e3fa825b394344eee33936d7dbf186af9d95c9adae54428609e3bf21a18d38fce3d96f3e0b8e4e0ed25cb5004fbe288de3aef3a85b1d93f

memory/2336-202-0x0000000009930000-0x0000000009E5C000-memory.dmp

memory/2336-201-0x0000000009230000-0x00000000093F2000-memory.dmp

memory/2168-208-0x0000000000200000-0x00000000006B0000-memory.dmp

memory/2168-209-0x0000000000200000-0x00000000006B0000-memory.dmp

memory/2124-210-0x000001F7240F0000-0x000001F724100000-memory.dmp

memory/468-211-0x0000000002870000-0x000000000297F000-memory.dmp

memory/468-212-0x0000000002980000-0x0000000003AB2000-memory.dmp

memory/468-213-0x0000000000900000-0x00000000009FD000-memory.dmp

memory/468-214-0x0000000000C10000-0x0000000000D0C000-memory.dmp

memory/468-215-0x0000000000C10000-0x0000000000D0C000-memory.dmp

memory/468-217-0x0000000000C10000-0x0000000000D0C000-memory.dmp

memory/468-218-0x00000000002C0000-0x00000000002D2000-memory.dmp

memory/468-219-0x00000000398E0000-0x0000000039932000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\F1C1.exe

MD5 7571d61af43d8b0d3614154c847f952a
SHA1 74751bbebcff1055fcba0382cbfb562ef6b7099c
SHA256 d9ba761ab2cf8fdb2e6a5924eacff211760891abe53ab66619657ed360e9764a
SHA512 9a02d917acf8ad1fdb6f4f57ef92bbccb113beaeaf7d7f9d4db2c74052d8c32940f38349b35394fda3e85d6df40fad8068fc3381d66ee172543ba67f591974c1

C:\Users\Admin\AppData\Local\Temp\F1C1.exe

MD5 e2db24dba48048a90b9a775a6050f4f5
SHA1 9c067bdfaf89d2255419ce0e3f6dc23d56fd8a7e
SHA256 06b4dede30c5f402559c61459e745e0d86d988ae00728cb3a7d55945c92dffdc
SHA512 e723c6ffbf8d71a7ae2fd2da4e78d2ab826d2d786ed97490129c6f56d60edb2b33b75969e4310017a1fe587a6141881160170a0d8ed5f147631a144b849e61dd

memory/1376-228-0x0000000000550000-0x0000000000AEE000-memory.dmp

memory/2168-236-0x0000000000200000-0x00000000006B0000-memory.dmp

memory/2168-237-0x0000000000200000-0x00000000006B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_Files_\DismountUnblock.txt

MD5 40ac385cf9b62d322c623662e2d65ce8
SHA1 7c2e8e708e64f36887219f4b8ecdc42d343708da
SHA256 6261701bb08cb6856cd5ffa25af5e08efe9645c410ddfd5a030602b0646411e8
SHA512 df6dc71e3c3c68380fd96e3ef5b3536a5bce31a49af66fb8f06231449980d605e8530e313098efcc1982b63069cefd7a4a85c5a5968eb0a1a2905253fce4764b

C:\Users\Admin\AppData\Local\Temp\637591879962_Desktop.zip

MD5 c3f4b01efc18828706bd2d8b09e5e2b7
SHA1 33f0264b2a4f38c564a2342ecaa5b34df4b7ba2d
SHA256 4ff0abeee00d6cd0beb770b57197ddb9d668be070c630a120b90f19a25ede7b2
SHA512 8b41be33fb9232139bcd6319b4649e24f5dc0a8114228c4f9b473a4e1c361baa0918d0ab998fd679bc9357098961f48bec37d8b69e3b78677951d4995b2817db

C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll

MD5 544cd51a596619b78e9b54b70088307d
SHA1 4769ddd2dbc1dc44b758964ed0bd231b85880b65
SHA256 dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd
SHA512 f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus

MD5 c85a0e07782538a2be776b42ae50f843
SHA1 4a09a7acb4dfcdd6e94ae13c6cde67b6f2ad4de9
SHA256 0d3d4af4810805d73509a80834dd319b8d5a89c1bba91b7da2f3702b20891442
SHA512 94236febfd0773a3d5a8b58e3446c87e2972066578e5ce54a1ec0f6a9be6e648128dd757f66f59eec77e872d7e19b4e76cf53766c70a30d901eca561e872994c

C:\Users\Admin\AppData\Local\Temp\CCC0.exe

MD5 d8475e3eb1b8088c1b747799b20802be
SHA1 27727b8406dd18ae5ddc347257eac438f1dc08c2
SHA256 40201bb18c81921d55236144105f37012832f6e321f41f5f48f7469420df0990
SHA512 27bc79e9633f19f92efb72ae5e11603fe2ae0587cf532188b2bb8f2351123167556faf4ea347f0a394c6f3ab0d98374b9f9d7cecb4aa491117415fb9eed70726

C:\Users\Admin\AppData\Local\Temp\EEE0.exe

MD5 a1b5ee1b9649ab629a7ac257e2392f8d
SHA1 dc1b14b6d57589440fb3021c9e06a3e3191968dc
SHA256 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65
SHA512 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b

C:\Users\Admin\AppData\Local\Temp\1000838001\judith1234.exe

MD5 6ae8bb98a051394f17d438a323043de2
SHA1 b92b1b2d69c11dcd0ed7dda14fd85e31e2ec72df
SHA256 96ba68504544a72a6f0cfa9622e8f475f5e779f4df1c1dc4be2be87ff3ec284b
SHA512 9708c78f1c7f8cd2f7c4e399940b8beb2ce341f10babd8acb961db05721cc15fd04ae9a1980545f1ddbf9054b5761a9b688329ebcc29289a6e462291ace4841b

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 c69a5cc0b86fc03281a9dca6da35d4f2
SHA1 50e9988d9024b6e74744ca650ca435a9593234be
SHA256 ea4b5d8f1d3051c4e934976334eb6b9933d0787cd438170728801a52a5cebcef
SHA512 f095f4ed12ef3ce9602f39bad143a62997ac7bec73c26ebb5c11d6e1f0294ffc4f6c81360fdbce732d997d7ef0cdbddceed82c1ff3eb905d2c546561aace4c42

C:\Users\Admin\AppData\Local\Temp\1000858001\alex12341.exe

MD5 2b648280f8c5e94477ba7521982c0375
SHA1 c7d31fd2ae975ae8f409f47dfb044e3972e548c0
SHA256 0c3419ff8ddebff25027285ff876f30569e7915b993930411b230cfbf3e52214
SHA512 168265315dfcfd666cb681da84d0616fb74f9e389073a5a377acbca45320206097f59cc629ea93b8618ec8a265ef6a0a0d5e4a45f26ef133f53ca40234eb314f

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

MD5 47b3bb3bf3bd31854ef77da134dc534f
SHA1 79f7ee98bfce765215cb9bc54d6c27a748af50f3
SHA256 27bd7f1def6afae36983285feba3f689c7a006617a7d48cdac752bbd8ca39683
SHA512 f0d52c49fe5de3abd83875dc52755fbdd7d70aa92d31abae733a8104742372cee2f2e59c5b71f6d667144e52c97c543b095a718ea63410e1709f55b73b4953d0

C:\Users\Admin\AppData\Roaming\configurationValue\olehpsp.exe

MD5 ea1279a3e9e0c0d6ef4fb266f153e734
SHA1 5aeef1a7233ff1dccfbdf6d24bccdd29eb4fa96c
SHA256 9c38ecba653de6a28945eefb0d85def795dd25678d81c717b79fb00a07b70ad8
SHA512 e52e2233c285d918774fb9b3f01258ab070da9500e7568458c7362adcb0755b9a2b0a3df073d6c6a864df962c7556bb07c85d323dab951b8279f9c3fbf7aea29

C:\Users\Admin\AppData\Roaming\configurationValue\TWO.exe

MD5 28f30e43da4c45f023b546fc871a12ea
SHA1 ab063bbb313b75320f4335a8cd878f7a02e5f91c
SHA256 1e246855bc5d7648a3425771faa304d08ce84496a3afa7a023937ac41d381c6b
SHA512 559099480bc8518f740249b096c123bc5dfb9dc0126d1c681f4e650329cfb4383754ec8a307057f24b2692c36f4fa8e90b5b5d2debe1061e1ece27a7b26335b4

C:\Users\Admin\AppData\Local\Temp\1000865001\dais.exe

MD5 1f22a7e6656435da34317aa3e7a95f51
SHA1 8bec84fa7a4a5e4113ea3548eb0c0d95d050f218
SHA256 55fbfaaeee07219fa0c1854b2d594a4b334d94fad72e84f9f4b24f367628ca6c
SHA512 a263145b00ff21ecaf04214996f1b277db13bdc5013591c3c9cf25e9082fc99bc5e357f56aba4cea4dbcc68f85262fe7bbd7f1cec93cde81c0b30dae77f1b95e

C:\Users\Admin\AppData\Local\Temp\1000865001\dais.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe

MD5 2b62ddfa9c96cf01598569d4de667dd0
SHA1 4003a8d4227e816ba8e80bfd6db341e3bd8cf4be
SHA256 96e553e13562bd052411b7d6a913779946c11c30a9e1c736f48d2f721badf462
SHA512 c9fa8bff091d1782e42e13ffaee84e5f2c98604accbf24a27b779a388ac5d0f290afa4bff14359127215c59d97ee722df22c17bb8f77c50b13b9b126e94f62b7

C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe

MD5 5c7828cf9de5e778c2a212cff9de1252
SHA1 7e428673c6a7dd5f329fe58fcce9688bda522ce4
SHA256 0e367e9da1bc639dddd9f6fac190f55cf4667f7642cc1e1bc8f2acd6a5520337
SHA512 a4a1adbf829ad24453a2098c0afe0ffaa113104f8992a4c775fa557369c39faf4084821167eabe1b7415aa53ee21777e1ca9e37749e12f5759475976e0de3671

C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe

MD5 f9da0b608cc297351c0f664283fc86cf
SHA1 02000aae3546cffd8c1e20f5b00f242695f453fa
SHA256 dfca6745856d910aa5d0e4f6508d808946766a97f4764ec35a724a7575d2e92e
SHA512 5adb675986dfbd8fbc8d5f95260941096c6faebff3197800e91398b399790a3b5cd250d6ee229e780e75f1550a4009991741f4084ad0304802dc48f8bac4f10d

C:\Users\Admin\AppData\Local\Temp\1000874021\random.cmd

MD5 7ca00195b480ee284ddaebfea321f27e
SHA1 a9ef34c03c1285c450b0414a20fce7f9533f7fa6
SHA256 c133cb730f4483b60434981714e8544a30bdb422376495c74aabeb16b13fd5d6
SHA512 c78ba3153ac0999f71c1ab0e5c4738e2e46d03f6567045e8c5ec3bd7157adabe4ce61b56554c546ce6070f09c84f26a64354ffaef0bf32175a4b40c27d4a3035

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 656bb397c72d15efa159441f116440a6
SHA1 5b57747d6fdd99160af6d3e580114dbbd351921f
SHA256 770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab
SHA512 5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d459a8c16562fb3f4b1d7cadaca620aa
SHA1 7810bf83e8c362e0c69298e8c16964ed48a90d3a
SHA256 fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a
SHA512 35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 65bf07bb7a211b110d43ce685bcd6cd2
SHA1 27e8ee53db360181692e9d867d94bab0932968f3
SHA256 e18ec90b2cc6a89cf29497e6ad24ce296bd68dc7ffcd145c621684caea26ccd1
SHA512 0f032f97304c854e5795d6f03230fa59b517d86f6aa7ec0add6c4a268bd8aad0bc04d82044546682c41c8b0ef7af353e4406d45c850e45e03d76e51eb3baab35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 11c83f27515bdc3b53183658946594ff
SHA1 baa504abb67ba68c6dcd3cb9b8c9950abbca5604
SHA256 42b63357d8b8b2512197aea3f821232833bc17ecfe387f79c3ee62569bf6627d
SHA512 871670503b44d1951fb4c678e5a63b80a43cb5841dd23fbe21cf64c003f927f81d5bfa6d31c5370676c2b1bef80b8052618fb47019378a724eb76e7326c9d7da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 192d08906fd53a938f2e32e97839d648
SHA1 8335361f4c1dfb42ac4316e27869e90f79356f6d
SHA256 0c06f39fd8b233fede1820d3ed70b37da139911abca537ed51157bb0c81024cc
SHA512 797840091b28735973209d3d700e0161f792f0bae9ec047963a9918c73f05ce06cce5624c3e90c96e33efc65538385a0e4e523e883c661724f8fba3f55393d00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 66f6be9b9b7af68a2253db380386c62e
SHA1 72238a1fb1d6b30f0ff9e5596486f2bf1d497e00
SHA256 e926d3b02fe60ef32f2c95bf442b263f917896b4d2db4b7f0d7391b6375f8b8e
SHA512 8b9fef262d86f7e763d069a00683f7094772ee1ac9dd9f1c041e1b3a6ae096a9fd0fd309ae68a48b8fa947dbd849c1e8a03c9ff61d3b92f7f1c7e3b365e55499

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a90c8.TMP

MD5 8a3b99e470426e2edf5ab3d1f4d39ff8
SHA1 ab09be82dd737621cbff6c518eaf7899303936d6
SHA256 a5b944965a9e626743043f5a6c986438c0cfd0eb06612f9469522e90f36bb1cb
SHA512 d10a34d4252d5dcd86d0c7c45d242192e2da562f56b322fa989bcd4926f80645a0b86ef26556b31ac38c2efa1184f4f5f568a73ca1cc35a15643accd1290326a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b51d3f5f20f6a2bde90a546502b593b6
SHA1 e19cb2e5009cbe798325f3505841039bb6886d53
SHA256 ce464ae9ac166e380a677c80d43d29aa00a744a21952e1968f687085498574dd
SHA512 a516cde79ef7af44ce37694b3a54b1c60e1b5b0555fb40d2aa40bc151a3af54979f801a500ef0aacf40923ce1fff28c6bb5b131929a66c202b58ff8efa4047ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f76c8c8c02999944580a36fe8a01d301
SHA1 063740de39a8204a6352b1aa951688252e6beb7b
SHA256 e5a7037278266acf4509dac6e4686f142f96fac123c8bdde6a659e72b31e0252
SHA512 16946da357bb320d42672ea9f41016e9707c2a8a6037814a566c9720c83fb444bb41af0094c131b7763afde56318cb7fbb44993fdec6790d09bcbe44787080cd

C:\Users\Admin\AppData\Local\Temp\1000875001\amadka.exe

MD5 496b75d209831cb8345c35b7abe59057
SHA1 37f2388ed50ad73b989e7885f632cffa72291e6e
SHA256 1f660ccec27336f1f2491db0f4ac532271dd2d144a57760c0c4723a6216b50fb
SHA512 7821edc7a2c493b8e2c52d755015c6bbfe10ce10ab2d77949bfae1881fc7676cbd65e7c9c8b91e4f7af34d56f80b0ef11547936c8d546f9134b899145e3b5087

C:\Users\Admin\AppData\Local\Temp\1000903001\lummahelp.exe

MD5 f59dabd1309e8fb292d7d997974f6c13
SHA1 38062eaf89b0a50cb3482d921f01f68b706f05ba
SHA256 d43aa50a185a1acbcb6873d935833d4d6341bba82052ba8057c883e2d3a5e800
SHA512 b7fd6a56ff701ad75c23e97a683281a95c85884256330a46327a656ee1697867ba389d77e3a06bc3612a23288bf6e46daf1ec6f088f7407e2ce278c7f0a772b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 3fe3817871cc6e2555fdda9af976550d
SHA1 f1ef4a7798f026e3274c7aa70770e25002bf82aa
SHA256 156bca20c05d6577c6e0472aee06f7d18980d06d273d7567ffeed234dda4bb42
SHA512 a8e0a3ef9eff7522fe362c169d29ddefa40eabaa475aa6a74634c6dd829fe2012fb184abc07570a3f56bb1ca460f89541e2ed1f8173d02e1eaca8f00f105d62a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ae0eb.TMP

MD5 c040d62fcd9925aa89bff95ce664b4d4
SHA1 e5e692274b8db603ba872ddc134ac4fc13e9004e
SHA256 bc05dc3ec6066ad89816ea3e183b155b5714afc91b647adb5b4880443313b05e
SHA512 7ce5f78643c2ba88d20077bba47da91fcbc27ce1eea4569837d39d160ab4ef3436bdbe33b4bbe1b4bb272553a3500f96ea45db5e922f21449f858fcfcbecee26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ed3c427029c0aeaa2bc343fc17cb27a1
SHA1 09ebed30150478ac2c12c4ebf95b796119875554
SHA256 0ebf3b48aa1c57593a8b52bc41173399ba3269abcf82f540aa04725aab6c5439
SHA512 db176657d8d7f69ffc353219618e2c382b7de9c02179269c843226829e04d16254d741e75fa71236df7362d881c530c82abb1ed01cd2268cdb49c37b06e4b330

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 dd4da35bd2e45df570de5488a41b0a1e
SHA1 1e11dbb577e76e294fb6754fae9042e4a9143e18
SHA256 47958f1a5f5496a54eb3992a18f1ec07bf050accef5a6c0c98c07e0eb936a180
SHA512 4730391f9831708f3cf8d9c636180f96d78da9058ec110651468a5f1c207649acd37f6840677a33dbf95bdaee56b73a2635e4a1f65f8b8e65f6e17b7c70f6f5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\addaf0b1-32be-46b2-ba2a-2097080d17fe\index-dir\the-real-index

MD5 0520900f2e95a736c6a013225e8fe387
SHA1 4e57b8b7cc13c19b8e45260c6218ad37684f641e
SHA256 b1bd6b7de741c4a94bc644799c3d6a46515985d72cfc3199732d1f85fda4149d
SHA512 d4b0b2b88ff0337efeb51f0815891582575853cfa38104e6ee43876122be28637f5fcb09c107440bc42d111d60cf0134b61f73a15eeb6841347d933332e242e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\addaf0b1-32be-46b2-ba2a-2097080d17fe\index-dir\the-real-index~RFe5ae8db.TMP

MD5 25daadb60fc0e833bd119fdfb60a553c
SHA1 5bb4cf7cfe4f5c07eb06db721da60121229b18e1
SHA256 09ec9108f6eb8bac37c57e4a690bd4b0550d3f80cc77d46a69aa8a17aa52704e
SHA512 594a2258db1d1ec26ea1ea4d3200fb168197aca0438ab8f0d1d829467f6baf58d6d00b939fbe3f9f63c8504f9730e7ae409898b30b9121a2a9769ed4e1025f61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7a215e269de7d3e8a81359c0434c7a69
SHA1 8a8b63b1b2a0008ad6e9c8605822eca01b9da646
SHA256 49e0554b76f949948567f52bc02f5323b54cf88b04f914996cd2275ac2252d6d
SHA512 059c574e7140d6999aaec21b3c7cd1358f228c85e706fca1626acf85292fa4a1148bb79d91d0c443518efc02ddfe3228747125a4befeb4108d6c07cb983367e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5af667.TMP

MD5 28e47ac79883b63cacd40e6b91db7e57
SHA1 871db53115e772e70f93bf4e158cc0cd7c934e3c
SHA256 61ec1bdca8db0569edd5a4ea807a88a78ee502d2a313b14fab99996ea74971cb
SHA512 2dff33fea309baad9f2ebf861d38f69350b9d5fc4b6ee6b7e13fa6d7148a2b7d5b51820a99ce480673699bf5a5ba345c4faaf1f1b19175cb443f02f4a473cb0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 270db498696e01c16f00424c1ef1d8ce
SHA1 4157a6aa106023bdff26c3f2d3d0f8ee17448ebe
SHA256 25c52eea27a0802af8dcc012424ccf2eb2c1cf9d0283d9fbd8bc7c9ac1d162e0
SHA512 8f3bd64f411642044e5944d88f0d9eb4cf605097ba91bc53bc3b50a4e471412ee42992dae6d2a62e9bc0ff150275bd864e698016477e9e87bd007c32b0190b09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 55455fecbd117748522b26ef89939eb6
SHA1 45abed1f15a0d1b5ae90c8c0e61234e8e8e53213
SHA256 149763b55666d3b14259913d332e9db81856f2bbed9fdce256e2d03cca6009e4
SHA512 571e531776d51097007c4ff27a003ea0f0dc29b61c2e39c6743af87b328fc94d75b4105d692ba9b569c42a1c7f9ccad0d8439706e81630aabc9348ac68f635b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 65ee5758072147cca9ce2526c1af9284
SHA1 61983152b0d331511eae43b331a413fa9cad4cd4
SHA256 e4930deac23e8b628949cccdc213cc04110581663315d123584b367a13538c70
SHA512 696bb4fa55347cb87d8a610c1f8a6adcbc11490c72fe91968a6bf987b879bd448ab9c7affdc576e5a8841651682ba8d1cffa22194b96ba3127fd654a2b72d451

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9ff3239a7f743e02d71771333afbc961
SHA1 edbeb3284e18fa48cbfa9a74c76752ab25d7fcc5
SHA256 9b957a8e128b157e3e1fc1531ad2f33f94e495fc0fec5e96cf15945471cea6f1
SHA512 b274452faf94b55a49faef69ceaf1a288fb3564b3b6e059f89a91a51733e6c33cd41226e4e8ee867b8d9026b52cba7bf11212ec39c970d9c75bb92462cce9659

C:\Users\Admin\AppData\Local\Temp\1000935001\InstallSetup3.exe

MD5 6028456bdbede902999333597e720871
SHA1 fb1b51d3b46b767a24f950a6b0c41f6a9cc4eaf6
SHA256 c59e4f36f1f0e0bdb05b899a47a4857b9aad387fa7cb2f8eb2a3c490960e960e
SHA512 6f820aa57812aaa1b2c4f3cfee5435b304520031050f6a35f5ac068bb9fb531ccf9c3a01d327280adbb87ea6e4a9995cd144da71e7e4d45ce92448233b2ede1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1de9119cd8cc0834003fa4d779d22754
SHA1 1f67d9abd601d78d635a5fadfe5cdfe1642568bf
SHA256 376a95032465cbc88b7244ffa5588adbcdd91cf0bd785bbd00d8ce37a479fd98
SHA512 d53c6a4ba2ee34631e067595823ecc9fc947e1ab5322d8a035a5697ca12644a42040fa756501ab9456792976e5cec85e06ec21ae1e083945a991655d87b97758

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8e69565860f98ab009c45d1aeb2a28cb
SHA1 574b6a7c8beb5339a59ed63e64555c050b4404f1
SHA256 4d84e4c87cf869dd40f25f618fc90801f953c54292edb01acdb18bf56df992f8
SHA512 abfd64812dd85ce440fe312654992346ff796618493cc798c80f87454a9c01ae98b8e342b93ec9b6532fc14a49d166e241fcc94d95a34be0bce01a5df12f785e

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 e76cb04c069b3d121d96526d84eaa596
SHA1 2181f919f956c75672cb53a658f6c2d956d5cd19
SHA256 7c431ad9b6f7ea027c1ccabdf23a3b894e3449c1b6b5fe14755fefd7bb713092
SHA512 d03a5bad6349399e90af0fa127c211c905346f6660334532ed7945eb93582169f608719228882ace9691fd5e41807b27cc9b3a81c4dc105fea29c55f45f5b20a

C:\Users\Admin\AppData\Local\Temp\april.exe

MD5 909cc21ca77aa84e90637926823577f4
SHA1 68a104ee3641a29e53e03533bb9ca7c3b32e9cc3
SHA256 0a10223f76ff767f6dda39493d1f8d94c53e01c03e5e0c8669865bf32ead78d6
SHA512 1b596d8603cb10bf87ce266346e43b1e9d8f0eaa78256314542c923d05c9d6eea2082f2ce40649170961a3519f16530908d1d4fffd13535cfe5494b785e15709

C:\ProgramData\DirectSoundDriver 2.36.198.65\DirectSoundDriver 2.36.198.65.exe

MD5 d4b23a07d6a976d8ecbe9d3945fd4942
SHA1 87406e5ffb24869fa3a73babddca69900085bdc8
SHA256 0f9dff2e66d625dd5d8b1f6ee68157f1f5771168a1a0cd38ed3aa4f8d065be56
SHA512 7fc002d6f9aa01087c793ad2870755df2af7968a0a686d5fb945f49932a947cbeeab4011d9febbe498f00b4c5fb01502097865a5595b8b5a1a6d79fead240d03

C:\Users\Admin\AppData\Local\Text Ultra Edit\is-QVHMC.tmp

MD5 6231b452e676ade27ca0ceb3a3cf874a
SHA1 f8236dbf9fa3b2835bbb5a8d08dab3a155f310d1
SHA256 9941eee1cafffad854ab2dfd49bf6e57b181efeb4e2d731ba7a28f5ab27e91cf
SHA512 f5882a3cded0a4e498519de5679ea12a0ea275c220e318af1762855a94bdac8dc5413d1c5d1a55a7cc31cfebcf4647dcf1f653195536ce1826a3002cf01aa12c

C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dll

MD5 63609258b213e16c70bef1ca7bedf907
SHA1 6ef1504255f3d2880e44f50e3f77aac4f4ef242a
SHA256 943e96a3617079e6f01ee232269ee57afca170b338a5f9e00b177420b55851ed
SHA512 cfe0b153260f459ad5bcd1aa95d468ef93178da50c09885338baeecd232b21324197bc8680be3aab066b365c0e375e39505fcf463686a1acda9bdd8fed5348ec

C:\Users\Admin\AppData\Local\Temp\is-HL9CI.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

C:\Users\Admin\AppData\Local\Temp\is-HL9CI.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\clip64.dll

MD5 726cd06231883a159ec1ce28dd538699
SHA1 404897e6a133d255ad5a9c26ac6414d7134285a2
SHA256 12fef2d5995d671ec0e91bdbdc91e2b0d3c90ed3a8b2b13ddaa8ad64727dcd46
SHA512 9ea82e7cb6c6a58446bd5033855947c3e2d475d2910f2b941235e0b96aa08eec822d2dd17cc86b2d3fce930f78b799291992408e309a6c63e3011266810ea83e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XNU2PQS6\InstallSetup8[1].exe

MD5 0099a99f5ffb3c3ae78af0084136fab3
SHA1 0205a065728a9ec1133e8a372b1e3864df776e8c
SHA256 919ae827ff59fcbe3dbaea9e62855a4d27690818189f696cfb5916a88c823226
SHA512 5ac4f3265c7dd7d172284fb28c94f8fc6428c27853e70989f4ec4208f9897be91720e8eee1906d8e843ab05798f3279a12492a32e8a118f5621ac5e1be2031b6

C:\Users\Admin\AppData\Local\Temp\heidiNXG4jhfEzm4G\ZunTSaNJLBVfWeb Data

MD5 9cf0b730c84728d555a21f9639e36b6d
SHA1 31b7bed8d5606241ea2fae3a99be20ad9a74fad7
SHA256 002b1a9bee320aa70d416b1d264b77a021b03f57c68454ef805e885627fb5ba9
SHA512 8444c3afac9d7755ccc3fc7e1a42d3e1ed890cf69255c1bf0720b36e1f8f30ca25150d7ae566cb5f7123fe0fef081cf359cc1e138234a8c293c4b8c47284d43e

C:\Users\Admin\AppData\Local\Temp\heidiNXG4jhfEzm4G\QdX9ITDLyCRBWeb Data

MD5 82727ca228f125c6c472807a15c3402c
SHA1 9562c5f8c68309c2d660cd445e9f364edce93b8f
SHA256 b2aa7c525764660b70c53bacdda9f334017db0b44c2abffa31621fa682bfb833
SHA512 61a2ccae65cf18f6e1c29f1df72b341cdc272078a236d9db5223e024d8acc57f48d8f664f6a747223297e91715578fb9e311fbe42f03c529b85f4111cbf3d900

C:\Users\Admin\AppData\Local\Temp\adobeNXG4jhfEzm4G\information.txt

MD5 227fd64f50b04b6ec34c29a97ffeb327
SHA1 98da522f8943b88dd75568ed7eaa93dd79ec2fe5
SHA256 461fa725982955c29b92645e293c543c2255d3f0bb9c131ca9194f74008bea2e
SHA512 b30179e355275163911bc670cb485292e631ed1df451691f9fa06629cbc54e85645b441d3d7a91a0377f8c613f430c6b4c4d9447d04937c54854ec6db4c6d81c