Analysis Overview
SHA256
c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0
Threat Level: Known bad
The file c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.bin was found to be: Known bad.
Malicious Activity Summary
Amadey
RedLine payload
Modifies visiblity of hidden/system files in Explorer
Detect ZGRat V1
ZGRat
SmokeLoader
RedLine
Modifies visibility of file extensions in Explorer
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Blocklisted process makes network request
Downloads MZ/PE file
Executes dropped EXE
Deletes itself
Reads local data of messenger clients
Identifies Wine through registry keys
Unexpected DNS network traffic destination
Checks BIOS information in registry
Reads WinSCP keys stored on the system
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Looks up external IP address via web service
Adds Run key to start application
Enumerates connected drives
Writes to the Master Boot Record (MBR)
Suspicious use of SetThreadContext
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Program crash
Enumerates physical storage devices
Unsigned PE
NSIS installer
Suspicious use of UnmapMainImage
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Uses Task Scheduler COM API
Enumerates system info in registry
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: AddClipboardFormatListener
Creates scheduled task(s)
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: MapViewOfSection
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-03-14 11:45
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-14 11:45
Reported
2024-03-14 11:56
Platform
win11-20240221-en
Max time kernel
213s
Max time network
658s
Command Line
Signatures
Amadey
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "0" | N/A | N/A |
Modifies visiblity of hidden/system files in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" | N/A | N/A |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
ZGRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\B44C.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\B44C.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\B44C.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B44C.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3006.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3006.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\F1C1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\CCC0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EEE0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000858001\alex12341.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\configurationValue\olehpsp.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\configurationValue\TWO.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000865001\dais.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\B44C.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3006.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\F1C1.exe | N/A |
Reads WinSCP keys stored on the system
Reads local data of messenger clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 91.211.247.248 | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Windows\CurrentVersion\Run\random.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000873001\\random.exe" | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Windows\CurrentVersion\Run\random.cmd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000874021\\random.cmd" | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\3006.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\EEE0.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B44C.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1532 set thread context of 1416 | N/A | C:\Users\Admin\AppData\Local\Temp\3006.exe | C:\Users\Admin\AppData\Local\Temp\3006.exe |
| PID 3020 set thread context of 2336 | N/A | C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 2940 set thread context of 4372 | N/A | C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 1376 set thread context of 960 | N/A | C:\Users\Admin\AppData\Local\Temp\F1C1.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe |
| PID 3728 set thread context of 1056 | N/A | C:\Users\Admin\AppData\Local\Temp\1000858001\alex12341.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorgu.job | C:\Users\Admin\AppData\Local\Temp\B44C.exe | N/A |
Enumerates physical storage devices
Program crash
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Internet Explorer\Toolbar | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | N/A | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f80cb859f6720028040b29b5540cc05aab60000 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\FFlags = "1092616193" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616209" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\FFlags = "1092616209" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupView = "4294967295" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000 | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Mode = "6" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\IconSize = "48" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\WorkFolders | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f443a5c000000000000000000000000000000000000000000 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByDirection = "1" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "5" | N/A | N/A |
| Key created | \Registry\User\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\NotificationData | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668} | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\taskmgr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 60003100000000006e58015e122050524f4752417e330000480009000400efbec55259616e58035e2e000000f004000000000100000000000000000000000000000087fa3e00500072006f006700720061006d004400610074006100000018000000 | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:PID = "2" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\system32\taskmgr.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = ffffffff | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295" | N/A | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.exe
"C:\Users\Admin\AppData\Local\Temp\c88933a3bcc4494def9d0feb4568c4e865d6b333ace006256816166d34104ea0.exe"
C:\Users\Admin\AppData\Local\Temp\B44C.exe
C:\Users\Admin\AppData\Local\Temp\B44C.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\E967.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\E967.dll
C:\Users\Admin\AppData\Local\Temp\3006.exe
C:\Users\Admin\AppData\Local\Temp\3006.exe
C:\Users\Admin\AppData\Local\Temp\3006.exe
C:\Users\Admin\AppData\Local\Temp\3006.exe
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe
"C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe"
C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe
"C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
C:\Windows\system32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4372 -ip 4372
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 1128
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\637591879962_Desktop.zip' -CompressionLevel Optimal
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
C:\Users\Admin\AppData\Local\Temp\F1C1.exe
C:\Users\Admin\AppData\Local\Temp\F1C1.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 960 -ip 960
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 960 -ip 960
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 1124
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 1100
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\CCC0.exe
C:\Users\Admin\AppData\Local\Temp\CCC0.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2472 -ip 2472
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 512
C:\Users\Admin\AppData\Local\Temp\EEE0.exe
C:\Users\Admin\AppData\Local\Temp\EEE0.exe
C:\Users\Admin\AppData\Local\Temp\1000858001\alex12341.exe
"C:\Users\Admin\AppData\Local\Temp\1000858001\alex12341.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\configurationValue\olehpsp.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\olehpsp.exe"
C:\Users\Admin\AppData\Roaming\configurationValue\TWO.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\TWO.exe"
C:\Users\Admin\AppData\Local\Temp\1000865001\dais.exe
"C:\Users\Admin\AppData\Local\Temp\1000865001\dais.exe"
C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe
"C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1000874021\random.cmd" "
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb30603cb8,0x7ffb30603cc8,0x7ffb30603cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffb30603cb8,0x7ffb30603cc8,0x7ffb30603cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb30603cb8,0x7ffb30603cc8,0x7ffb30603cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,11600439447427278000,4273508431963935441,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,11600439447427278000,4273508431963935441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5624 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004D8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\1000875001\amadka.exe
"C:\Users\Admin\AppData\Local\Temp\1000875001\amadka.exe"
C:\Users\Admin\AppData\Local\Temp\1000903001\lummahelp.exe
"C:\Users\Admin\AppData\Local\Temp\1000903001\lummahelp.exe"
C:\Users\Admin\AppData\Roaming\bdasdga
C:\Users\Admin\AppData\Roaming\bdasdga
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2660 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\617C.exe
C:\Users\Admin\AppData\Local\Temp\617C.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
"C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe"
C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup_four.exe"
C:\Users\Admin\AppData\Local\Temp\3E7F.exe
C:\Users\Admin\AppData\Local\Temp\3E7F.exe
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
C:\Users\Admin\AppData\Local\Temp\1000935001\InstallSetup3.exe
"C:\Users\Admin\AppData\Local\Temp\1000935001\InstallSetup3.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,15283687223561376014,355363841788225220,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6772 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\is-7IPG4.tmp\3E7F.tmp
"C:\Users\Admin\AppData\Local\Temp\is-7IPG4.tmp\3E7F.tmp" /SL5="$40420,1634991,54272,C:\Users\Admin\AppData\Local\Temp\3E7F.exe"
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe
"C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe" -i
C:\Users\Admin\AppData\Local\Temp\april.exe
"C:\Users\Admin\AppData\Local\Temp\april.exe"
C:\Users\Admin\AppData\Local\Temp\3880.exe
C:\Users\Admin\AppData\Local\Temp\3880.exe
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
C:\Users\Admin\AppData\Local\Temp\is-DAADB.tmp\april.tmp
"C:\Users\Admin\AppData\Local\Temp\is-DAADB.tmp\april.tmp" /SL5="$30458,1478464,54272,C:\Users\Admin\AppData\Local\Temp\april.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
C:\Users\Admin\AppData\Local\Temp\1000936001\toolspub1.exe
"C:\Users\Admin\AppData\Local\Temp\1000936001\toolspub1.exe"
C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe
"C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe" -s
C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe
"C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe" -i
C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe
"C:\Users\Admin\AppData\Local\Text Ultra Edit\textultraedit.exe" -s
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main
C:\Windows\system32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main
C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\clip64.dll, Main
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 6024 -ip 6024
C:\Users\Admin\AppData\Local\Temp\1000010001\lenin.exe
"C:\Users\Admin\AppData\Local\Temp\1000010001\lenin.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 6024 -ip 6024
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 1132
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\cd0e42c921a94894b7f746395ef78e5a /t 9576 /p 5904
C:\Users\Admin\AppData\Local\Temp\1000018001\InstallSetup8.exe
"C:\Users\Admin\AppData\Local\Temp\1000018001\InstallSetup8.exe"
C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| RU | 185.215.113.45:80 | 185.215.113.45 | tcp |
| US | 8.8.8.8:53 | 45.113.215.185.in-addr.arpa | udp |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| RU | 193.233.132.167:80 | 193.233.132.167 | tcp |
| US | 8.8.8.8:53 | 167.132.233.193.in-addr.arpa | udp |
| US | 188.114.96.2:443 | resergvearyinitiani.shop | tcp |
| DE | 20.218.68.91:7690 | tcp | |
| US | 172.67.181.250:443 | wisemassiveharmonious.shop | tcp |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| N/A | 127.0.0.1:50024 | tcp | |
| CA | 167.114.144.152:9002 | tcp | |
| FR | 178.20.55.18:443 | tcp | |
| DE | 116.203.140.74:9001 | tcp | |
| SE | 171.25.193.9:80 | tcp | |
| US | 8.8.8.8:53 | 9.193.25.171.in-addr.arpa | udp |
| US | 188.114.97.2:443 | herdbescuitinjurywu.shop | tcp |
| US | 172.67.181.250:443 | wisemassiveharmonious.shop | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| NL | 84.54.51.152:443 | tcp | |
| FI | 65.108.136.189:443 | tcp | |
| US | 188.114.96.2:443 | herdbescuitinjurywu.shop | tcp |
| US | 172.67.181.250:443 | wisemassiveharmonious.shop | tcp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | 19.128.172.185.in-addr.arpa | udp |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| RU | 193.233.132.167:80 | 193.233.132.167 | tcp |
| DE | 185.172.128.33:8970 | tcp | |
| FI | 65.108.136.189:443 | tcp | |
| NL | 84.54.51.152:443 | tcp | |
| N/A | 127.0.0.1:42463 | tcp | |
| RU | 193.233.132.62:57893 | 193.233.132.62 | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| NL | 172.217.168.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 84.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | udp |
| NL | 172.217.168.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 238.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| NL | 172.217.168.214:443 | i.ytimg.com | tcp |
| NL | 172.217.168.214:443 | i.ytimg.com | tcp |
| US | 209.85.165.72:443 | rr3---sn-q4flrn7k.googlevideo.com | tcp |
| US | 209.85.165.72:443 | rr3---sn-q4flrn7k.googlevideo.com | tcp |
| US | 209.85.165.72:443 | rr3---sn-q4flrn7k.googlevideo.com | tcp |
| GB | 157.240.221.16:443 | scontent-lhr8-1.xx.fbcdn.net | tcp |
| GB | 157.240.221.16:443 | scontent-lhr8-1.xx.fbcdn.net | tcp |
| US | 209.85.165.72:443 | rr3---sn-q4flrn7k.googlevideo.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | tcp |
| US | 209.85.165.72:443 | rr3---sn-q4flrn7k.googlevideo.com | tcp |
| US | 209.85.165.72:443 | rr3---sn-q4flrn7k.googlevideo.com | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | beta.thecrims.com | udp |
| US | 8.8.8.8:53 | my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | idp.tamuc.edu | udp |
| US | 50.58.50.26:21 | sermoncentral.com | tcp |
| US | 50.58.50.26:22 | sermoncentral.com | tcp |
| FR | 52.222.169.95:22 | app.toroinvestimentos.com.br | tcp |
| FR | 52.222.169.95:21 | app.toroinvestimentos.com.br | tcp |
| US | 50.58.50.26:443 | sermoncentral.com | tcp |
| BE | 108.177.15.27:143 | aspmx.l.google.com | tcp |
| FR | 52.222.169.95:443 | app.toroinvestimentos.com.br | tcp |
| US | 172.66.40.217:22 | beta.thecrims.com | tcp |
| US | 172.66.40.217:21 | beta.thecrims.com | tcp |
| BE | 13.225.239.43:22 | my.malwarebytes.com | tcp |
| FR | 52.222.169.95:143 | app.toroinvestimentos.com.br | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 13.225.239.43:21 | my.malwarebytes.com | tcp |
| FR | 52.222.169.95:80 | app.toroinvestimentos.com.br | tcp |
| BE | 108.177.15.27:465 | aspmx.l.google.com | tcp |
| US | 50.58.50.26:80 | sermoncentral.com | tcp |
| US | 68.232.1.48:22 | idp.tamuc.edu | tcp |
| FR | 52.222.169.95:465 | app.toroinvestimentos.com.br | tcp |
| US | 68.232.1.48:21 | idp.tamuc.edu | tcp |
| FR | 52.222.169.95:995 | app.toroinvestimentos.com.br | tcp |
| BE | 13.225.239.43:443 | my.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | 95.169.222.52.in-addr.arpa | udp |
| BE | 108.177.15.27:995 | aspmx.l.google.com | tcp |
| BR | 200.130.24.34:22 | enem.inep.gov.br | tcp |
| BR | 200.130.24.34:21 | enem.inep.gov.br | tcp |
| US | 68.232.1.48:443 | idp.tamuc.edu | tcp |
| US | 172.66.40.217:443 | beta.thecrims.com | tcp |
| NL | 142.250.179.174:443 | youtube.com | tcp |
| NL | 142.250.179.174:443 | youtube.com | tcp |
| BE | 64.233.167.84:22 | accounts.google.com | tcp |
| BE | 64.233.167.84:21 | accounts.google.com | tcp |
| BR | 200.130.24.34:443 | enem.inep.gov.br | tcp |
| US | 172.66.40.217:143 | beta.thecrims.com | tcp |
| BE | 13.225.239.43:143 | my.malwarebytes.com | tcp |
| US | 68.232.1.48:143 | idp.tamuc.edu | tcp |
| FR | 52.222.169.95:80 | app.toroinvestimentos.com.br | tcp |
| US | 68.232.1.48:465 | idp.tamuc.edu | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| GB | 3.10.126.228:21 | signup.eune.leagueoflegends.com | tcp |
| US | 50.58.50.26:80 | sermoncentral.com | tcp |
| US | 172.66.40.217:465 | beta.thecrims.com | tcp |
| US | 172.66.40.217:80 | beta.thecrims.com | tcp |
| BE | 13.225.239.43:80 | my.malwarebytes.com | tcp |
| BE | 13.225.239.43:465 | my.malwarebytes.com | tcp |
| GB | 3.10.126.228:22 | signup.eune.leagueoflegends.com | tcp |
| US | 172.66.40.217:995 | beta.thecrims.com | tcp |
| US | 8.8.8.8:53 | modthesims.info | udp |
| US | 8.8.8.8:53 | gmr-smtp-in.l.google.com | udp |
| US | 68.232.1.48:80 | idp.tamuc.edu | tcp |
| US | 8.8.8.8:53 | 174.179.250.142.in-addr.arpa | udp |
| FR | 52.222.169.92:21 | app.toroinvestimentos.com.br | tcp |
| FR | 52.222.169.95:443 | app.toroinvestimentos.com.br | tcp |
| US | 8.8.8.8:53 | authpre.senasofiaplus.edu.co | udp |
| BE | 13.225.239.43:995 | my.malwarebytes.com | tcp |
| BR | 200.130.24.34:143 | enem.inep.gov.br | tcp |
| US | 68.232.1.48:995 | idp.tamuc.edu | tcp |
| BE | 13.225.239.109:22 | my.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | modthesims.info | udp |
| FR | 52.222.169.92:22 | app.toroinvestimentos.com.br | tcp |
| FR | 52.222.169.92:143 | app.toroinvestimentos.com.br | tcp |
| GB | 3.10.126.228:443 | signup.eune.leagueoflegends.com | tcp |
| BE | 13.225.239.43:80 | my.malwarebytes.com | tcp |
| US | 172.66.43.39:22 | beta.thecrims.com | tcp |
| US | 172.66.43.39:21 | beta.thecrims.com | tcp |
| US | 104.26.11.129:21 | bonk.io | tcp |
| US | 50.58.50.26:443 | sermoncentral.com | tcp |
| BE | 66.102.1.14:143 | gmr-smtp-in.l.google.com | tcp |
| FR | 52.222.169.92:465 | app.toroinvestimentos.com.br | tcp |
| BE | 66.102.1.14:465 | gmr-smtp-in.l.google.com | tcp |
| US | 8.8.8.8:53 | nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | mx.zoho.com | udp |
| FR | 52.222.169.92:995 | app.toroinvestimentos.com.br | tcp |
| US | 104.26.11.129:22 | bonk.io | tcp |
| GB | 3.10.126.228:143 | signup.eune.leagueoflegends.com | tcp |
| BE | 13.225.239.109:21 | my.malwarebytes.com | tcp |
| US | 104.26.11.129:443 | bonk.io | tcp |
| CO | 186.113.6.78:22 | authpre.senasofiaplus.edu.co | tcp |
| US | 172.66.40.217:80 | beta.thecrims.com | tcp |
| US | 68.232.1.48:80 | idp.tamuc.edu | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| BR | 200.130.24.34:465 | enem.inep.gov.br | tcp |
| BR | 200.130.24.34:80 | enem.inep.gov.br | tcp |
| FR | 52.222.169.107:21 | app.toroinvestimentos.com.br | tcp |
| US | 8.8.8.8:53 | nxlogin.nexon.com | udp |
| US | 104.21.66.204:22 | modthesims.info | tcp |
| US | 8.8.8.8:53 | 56.itknyga.co.ua | udp |
| CO | 186.113.6.78:21 | authpre.senasofiaplus.edu.co | tcp |
| GB | 3.10.126.228:995 | signup.eune.leagueoflegends.com | tcp |
| GB | 3.10.126.228:465 | signup.eune.leagueoflegends.com | tcp |
| BE | 13.225.239.79:22 | my.malwarebytes.com | tcp |
| GB | 3.10.126.228:80 | signup.eune.leagueoflegends.com | tcp |
| US | 104.21.66.204:21 | modthesims.info | tcp |
| FR | 52.222.169.95:443 | app.toroinvestimentos.com.br | tcp |
| BE | 66.102.1.14:995 | gmr-smtp-in.l.google.com | tcp |
| US | 204.141.43.44:143 | mx.zoho.com | tcp |
| US | 172.66.40.217:443 | beta.thecrims.com | tcp |
| BR | 200.130.24.34:80 | enem.inep.gov.br | tcp |
| US | 8.8.8.8:53 | recruitment-portal.in | udp |
| US | 172.66.43.39:143 | beta.thecrims.com | tcp |
| BE | 13.225.239.109:143 | my.malwarebytes.com | tcp |
| CO | 186.113.6.78:443 | authpre.senasofiaplus.edu.co | tcp |
| FR | 52.222.169.107:22 | app.toroinvestimentos.com.br | tcp |
| GB | 18.135.83.51:21 | signup.eune.leagueoflegends.com | tcp |
| FR | 52.222.169.30:21 | app.toroinvestimentos.com.br | tcp |
| BE | 13.225.239.79:21 | my.malwarebytes.com | tcp |
| US | 172.66.43.39:995 | beta.thecrims.com | tcp |
| FR | 52.222.169.107:995 | app.toroinvestimentos.com.br | tcp |
| US | 104.21.66.204:443 | modthesims.info | tcp |
| BE | 13.225.239.58:22 | my.malwarebytes.com | tcp |
| US | 204.141.43.44:465 | mx.zoho.com | tcp |
| FR | 52.222.169.107:143 | app.toroinvestimentos.com.br | tcp |
| US | 104.26.11.129:80 | bonk.io | tcp |
| BR | 200.130.24.34:995 | enem.inep.gov.br | tcp |
| US | 50.58.50.26:443 | sermoncentral.com | tcp |
| KR | 183.110.0.26:22 | nxlogin.nexon.com | tcp |
| BE | 13.225.239.109:465 | my.malwarebytes.com | tcp |
| GB | 18.135.83.51:22 | signup.eune.leagueoflegends.com | tcp |
| US | 172.66.43.39:465 | beta.thecrims.com | tcp |
| BE | 13.225.239.109:995 | my.malwarebytes.com | tcp |
| BE | 13.225.239.43:443 | my.malwarebytes.com | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | muchienviet.com | udp |
| US | 8.8.8.8:53 | inspireawards-dst.gov.in | udp |
| FR | 52.222.169.107:465 | app.toroinvestimentos.com.br | tcp |
| KR | 183.110.0.26:21 | nxlogin.nexon.com | tcp |
| FR | 52.222.169.30:995 | app.toroinvestimentos.com.br | tcp |
| GB | 3.10.126.228:80 | signup.eune.leagueoflegends.com | tcp |
| US | 204.141.43.44:995 | mx.zoho.com | tcp |
| BE | 13.225.239.43:443 | my.malwarebytes.com | tcp |
| US | 162.159.205.19:143 | route2.mx.cloudflare.net | tcp |
| KR | 183.110.0.26:443 | nxlogin.nexon.com | tcp |
| US | 8.8.8.8:53 | inspireawards-dst.gov.in | udp |
| BE | 13.225.239.79:143 | my.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | campusvirtual.duoc.cl | udp |
| IN | 14.139.61.154:22 | recruitment-portal.in | tcp |
| US | 104.21.66.204:80 | modthesims.info | tcp |
| US | 162.159.205.19:465 | route2.mx.cloudflare.net | tcp |
| CO | 186.113.6.78:143 | authpre.senasofiaplus.edu.co | tcp |
| US | 172.67.207.63:22 | modthesims.info | tcp |
| US | 172.66.40.217:443 | beta.thecrims.com | tcp |
| US | 172.67.72.36:22 | bonk.io | tcp |
| BE | 13.225.239.79:995 | my.malwarebytes.com | tcp |
| US | 172.67.72.36:21 | bonk.io | tcp |
| IN | 14.139.61.154:21 | recruitment-portal.in | tcp |
| BE | 13.225.239.79:465 | my.malwarebytes.com | tcp |
| GB | 18.135.83.51:995 | signup.eune.leagueoflegends.com | tcp |
| US | 8.8.8.8:53 | campusvirtual.duoc.cl | udp |
| GB | 18.135.83.51:143 | signup.eune.leagueoflegends.com | tcp |
| BE | 13.225.239.58:995 | my.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | dewabet.asia | udp |
| US | 8.8.8.8:53 | 19.205.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.0.110.183.in-addr.arpa | udp |
| CO | 186.113.6.78:80 | authpre.senasofiaplus.edu.co | tcp |
| CO | 186.113.6.78:465 | authpre.senasofiaplus.edu.co | tcp |
| GB | 3.10.126.228:443 | signup.eune.leagueoflegends.com | tcp |
| KR | 183.110.0.154:22 | nxlogin.nexon.com | tcp |
| GB | 18.135.83.51:465 | signup.eune.leagueoflegends.com | tcp |
| US | 104.26.11.129:80 | bonk.io | tcp |
| US | 172.66.40.217:21 | beta.thecrims.com | tcp |
| US | 172.67.207.63:21 | modthesims.info | tcp |
| IN | 14.139.61.154:443 | recruitment-portal.in | tcp |
| US | 8.8.8.8:53 | 56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | seraphzone.com | udp |
| US | 162.159.205.19:995 | route2.mx.cloudflare.net | tcp |
| CO | 186.113.6.78:995 | authpre.senasofiaplus.edu.co | tcp |
| US | 172.66.40.217:22 | beta.thecrims.com | tcp |
| IN | 164.100.213.160:21 | inspireawards-dst.gov.in | tcp |
| KR | 183.110.0.154:21 | nxlogin.nexon.com | tcp |
| KR | 183.110.0.26:143 | nxlogin.nexon.com | tcp |
| FR | 52.222.169.95:21 | app.toroinvestimentos.com.br | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 78.6.113.186.in-addr.arpa | udp |
| GB | 3.10.126.228:443 | signup.eune.leagueoflegends.com | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| BE | 13.225.239.43:22 | my.malwarebytes.com | tcp |
| US | 44.193.118.31:22 | campusvirtual.duoc.cl | tcp |
| IN | 164.100.213.160:22 | inspireawards-dst.gov.in | tcp |
| BR | 200.130.24.34:22 | enem.inep.gov.br | tcp |
| US | 104.21.66.204:443 | modthesims.info | tcp |
| FR | 52.222.169.95:143 | app.toroinvestimentos.com.br | tcp |
| US | 162.159.205.19:465 | route2.mx.cloudflare.net | tcp |
| FR | 52.222.169.95:80 | app.toroinvestimentos.com.br | tcp |
| US | 8.8.8.8:53 | muchienviet.com | udp |
| BR | 200.130.24.34:21 | enem.inep.gov.br | tcp |
| US | 172.66.43.39:21 | beta.thecrims.com | tcp |
| FR | 52.222.169.92:21 | app.toroinvestimentos.com.br | tcp |
| FR | 52.222.169.95:22 | app.toroinvestimentos.com.br | tcp |
| FR | 52.222.169.95:80 | app.toroinvestimentos.com.br | tcp |
| US | 172.66.40.217:143 | beta.thecrims.com | tcp |
| BE | 108.177.15.27:465 | aspmx.l.google.com | tcp |
| BE | 13.225.239.43:21 | my.malwarebytes.com | tcp |
| BE | 108.177.15.27:143 | aspmx.l.google.com | tcp |
| US | 104.26.11.129:443 | bonk.io | tcp |
| US | 50.58.50.26:22 | sermoncentral.com | tcp |
| US | 50.58.50.26:21 | sermoncentral.com | tcp |
| US | 68.232.1.48:22 | idp.tamuc.edu | tcp |
| IN | 14.139.61.154:143 | recruitment-portal.in | tcp |
| IN | 164.100.213.160:443 | inspireawards-dst.gov.in | tcp |
| US | 44.193.118.31:21 | campusvirtual.duoc.cl | tcp |
| US | 162.159.205.19:143 | route2.mx.cloudflare.net | tcp |
| US | 172.66.40.217:80 | beta.thecrims.com | tcp |
| FR | 52.222.169.95:995 | app.toroinvestimentos.com.br | tcp |
| GB | 3.10.126.228:21 | signup.eune.leagueoflegends.com | tcp |
| KR | 183.110.0.154:465 | nxlogin.nexon.com | tcp |
| US | 188.114.96.2:22 | dewabet.asia | tcp |
| KR | 183.110.0.154:80 | nxlogin.nexon.com | tcp |
| US | 68.232.1.48:21 | idp.tamuc.edu | tcp |
| US | 172.66.40.217:995 | beta.thecrims.com | tcp |
| KR | 183.110.0.154:995 | nxlogin.nexon.com | tcp |
| US | 50.58.50.26:80 | sermoncentral.com | tcp |
| BE | 64.233.167.84:22 | accounts.google.com | tcp |
| FR | 52.222.169.95:465 | app.toroinvestimentos.com.br | tcp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| IN | 14.139.61.154:80 | recruitment-portal.in | tcp |
| US | 8.8.8.8:53 | bulletin.nexon.com | udp |
| US | 8.8.8.8:53 | 56.itknyga.co.ua | udp |
| BE | 108.177.15.27:995 | aspmx.l.google.com | tcp |
| US | 172.66.40.217:80 | beta.thecrims.com | tcp |
| US | 172.66.40.217:465 | beta.thecrims.com | tcp |
| BE | 13.225.239.43:80 | my.malwarebytes.com | tcp |
| GB | 3.10.126.228:22 | signup.eune.leagueoflegends.com | tcp |
| US | 50.58.50.26:80 | sermoncentral.com | tcp |
| BE | 64.233.167.84:21 | accounts.google.com | tcp |
| US | 104.21.66.204:80 | modthesims.info | tcp |
| US | 44.193.118.31:443 | campusvirtual.duoc.cl | tcp |
| US | 172.66.43.39:22 | beta.thecrims.com | tcp |
| US | 188.114.96.2:21 | dewabet.asia | tcp |
| FR | 52.222.169.92:143 | app.toroinvestimentos.com.br | tcp |
| KR | 183.110.0.154:143 | nxlogin.nexon.com | tcp |
| FR | 52.222.169.107:21 | app.toroinvestimentos.com.br | tcp |
| GB | 18.135.83.51:21 | signup.eune.leagueoflegends.com | tcp |
| US | 188.114.97.2:22 | dewabet.asia | tcp |
| KR | 183.110.0.26:465 | nxlogin.nexon.com | tcp |
| BE | 13.225.239.43:143 | my.malwarebytes.com | tcp |
| US | 104.21.66.204:22 | modthesims.info | tcp |
| CO | 186.113.6.78:22 | authpre.senasofiaplus.edu.co | tcp |
| BE | 13.225.239.43:995 | my.malwarebytes.com | tcp |
| US | 52.21.145.149:22 | campusvirtual.duoc.cl | tcp |
| IN | 164.100.213.160:143 | inspireawards-dst.gov.in | tcp |
| BE | 13.225.239.109:22 | my.malwarebytes.com | tcp |
| US | 104.26.11.129:21 | bonk.io | tcp |
| FR | 52.222.169.92:22 | app.toroinvestimentos.com.br | tcp |
| BE | 13.225.239.79:22 | my.malwarebytes.com | tcp |
| US | 172.66.43.39:143 | beta.thecrims.com | tcp |
| BE | 13.225.239.58:22 | my.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | feedback-smtp.us-east-1.amazonses.com | udp |
| FR | 52.222.169.107:143 | app.toroinvestimentos.com.br | tcp |
| US | 8.8.8.8:53 | 154.0.110.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.118.193.44.in-addr.arpa | udp |
| GB | 92.123.241.50:22 | store.steampowered.com | tcp |
| BE | 13.225.239.43:465 | my.malwarebytes.com | tcp |
| US | 52.21.145.149:21 | campusvirtual.duoc.cl | tcp |
| BE | 13.225.239.109:21 | my.malwarebytes.com | tcp |
| US | 172.66.43.39:465 | beta.thecrims.com | tcp |
| GB | 18.135.83.51:22 | signup.eune.leagueoflegends.com | tcp |
| FR | 52.222.169.92:995 | app.toroinvestimentos.com.br | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| BE | 66.102.1.14:995 | gmr-smtp-in.l.google.com | tcp |
| US | 188.114.96.2:443 | dewabet.asia | tcp |
| FR | 52.222.169.30:143 | app.toroinvestimentos.com.br | tcp |
| US | 172.66.43.39:995 | beta.thecrims.com | tcp |
| US | 44.193.118.31:143 | campusvirtual.duoc.cl | tcp |
| GB | 3.10.126.228:995 | signup.eune.leagueoflegends.com | tcp |
| BE | 13.225.239.43:80 | my.malwarebytes.com | tcp |
| BR | 200.130.24.34:143 | enem.inep.gov.br | tcp |
| KR | 183.110.0.26:995 | nxlogin.nexon.com | tcp |
| IN | 14.139.61.154:465 | recruitment-portal.in | tcp |
| KR | 183.110.0.154:22 | nxlogin.nexon.com | tcp |
| US | 68.232.1.48:465 | idp.tamuc.edu | tcp |
| BE | 66.102.1.14:143 | gmr-smtp-in.l.google.com | tcp |
| IN | 14.139.61.154:995 | recruitment-portal.in | tcp |
| GB | 3.10.126.228:80 | signup.eune.leagueoflegends.com | tcp |
| US | 172.67.207.63:22 | modthesims.info | tcp |
| FR | 52.222.169.92:465 | app.toroinvestimentos.com.br | tcp |
| BE | 66.102.1.14:465 | gmr-smtp-in.l.google.com | tcp |
| GB | 3.10.126.228:143 | signup.eune.leagueoflegends.com | tcp |
| US | 104.26.11.129:22 | bonk.io | tcp |
| US | 172.67.72.36:21 | bonk.io | tcp |
| US | 68.232.1.48:143 | idp.tamuc.edu | tcp |
| US | 3.218.134.115:143 | feedback-smtp.us-east-1.amazonses.com | tcp |
| BE | 13.225.239.109:465 | my.malwarebytes.com | tcp |
| BR | 200.130.24.34:465 | enem.inep.gov.br | tcp |
| US | 68.232.1.48:80 | idp.tamuc.edu | tcp |
| US | 162.159.205.19:995 | route2.mx.cloudflare.net | tcp |
| US | 44.193.118.31:465 | campusvirtual.duoc.cl | tcp |
| US | 44.193.118.31:80 | campusvirtual.duoc.cl | tcp |
| GB | 3.10.126.228:465 | signup.eune.leagueoflegends.com | tcp |
| US | 104.21.66.204:21 | modthesims.info | tcp |
| IN | 164.100.213.160:465 | inspireawards-dst.gov.in | tcp |
| IN | 164.100.213.160:80 | inspireawards-dst.gov.in | tcp |
| FR | 52.222.169.95:443 | app.toroinvestimentos.com.br | tcp |
| US | 52.21.145.149:143 | campusvirtual.duoc.cl | tcp |
| GB | 18.135.83.51:995 | signup.eune.leagueoflegends.com | tcp |
| US | 204.141.43.44:465 | mx.zoho.com | tcp |
| KR | 183.110.0.26:22 | nxlogin.nexon.com | tcp |
| CO | 186.113.6.78:80 | authpre.senasofiaplus.edu.co | tcp |
| CO | 186.113.6.78:21 | authpre.senasofiaplus.edu.co | tcp |
| US | 104.26.10.129:21 | bonk.io | tcp |
| US | 104.21.66.204:80 | modthesims.info | tcp |
| US | 68.232.1.48:995 | idp.tamuc.edu | tcp |
| US | 172.66.40.217:443 | beta.thecrims.com | tcp |
| GB | 18.135.83.51:143 | signup.eune.leagueoflegends.com | tcp |
| US | 104.31.16.118:22 | chat.1337x.to | tcp |
| GB | 92.123.241.50:21 | store.steampowered.com | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| US | 52.21.145.149:465 | campusvirtual.duoc.cl | tcp |
| GB | 18.135.83.51:465 | signup.eune.leagueoflegends.com | tcp |
| US | 172.67.207.63:21 | modthesims.info | tcp |
| US | 18.235.76.96:143 | feedback-smtp.us-east-1.amazonses.com | tcp |
| US | 50.58.50.26:443 | sermoncentral.com | tcp |
| US | 204.141.43.44:143 | mx.zoho.com | tcp |
| GB | 3.10.126.228:80 | signup.eune.leagueoflegends.com | tcp |
| CL | 200.72.242.17:22 | tramites.dirtrab.cl | tcp |
| US | 44.193.118.31:995 | campusvirtual.duoc.cl | tcp |
| BR | 200.130.24.34:995 | enem.inep.gov.br | tcp |
| US | 204.141.43.44:995 | mx.zoho.com | tcp |
| BR | 200.130.24.34:80 | enem.inep.gov.br | tcp |
| IN | 164.100.213.160:995 | inspireawards-dst.gov.in | tcp |
| US | 162.159.205.19:587 | route2.mx.cloudflare.net | tcp |
| US | 104.26.11.129:80 | bonk.io | tcp |
| IN | 14.139.61.154:22 | recruitment-portal.in | tcp |
| US | 172.66.40.217:990 | beta.thecrims.com | tcp |
| CO | 186.113.6.78:80 | authpre.senasofiaplus.edu.co | tcp |
| KR | 183.110.0.26:21 | nxlogin.nexon.com | tcp |
| US | 162.159.205.19:993 | route2.mx.cloudflare.net | tcp |
| US | 3.218.134.115:465 | feedback-smtp.us-east-1.amazonses.com | tcp |
| US | 3.218.134.115:995 | feedback-smtp.us-east-1.amazonses.com | tcp |
| BE | 13.225.239.43:443 | my.malwarebytes.com | tcp |
| US | 34.192.233.193:143 | feedback-smtp.us-east-1.amazonses.com | tcp |
| US | 188.114.96.2:80 | dewabet.asia | tcp |
| IN | 14.139.61.154:21 | recruitment-portal.in | tcp |
| CO | 186.113.6.78:143 | authpre.senasofiaplus.edu.co | tcp |
| BE | 13.225.239.43:222 | my.malwarebytes.com | tcp |
| GB | 92.123.241.50:443 | store.steampowered.com | tcp |
| US | 104.31.16.118:21 | chat.1337x.to | tcp |
| US | 104.31.16.118:443 | chat.1337x.to | tcp |
| US | 172.66.40.217:222 | beta.thecrims.com | tcp |
| DE | 3.64.163.50:22 | rec.hobsons.co.uk | tcp |
| US | 104.22.70.253:22 | auth.usenext.de | tcp |
| US | 8.8.8.8:53 | thescla.org | udp |
| US | 52.21.145.149:995 | campusvirtual.duoc.cl | tcp |
| KR | 183.110.0.154:21 | nxlogin.nexon.com | tcp |
| US | 172.66.43.39:990 | beta.thecrims.com | tcp |
| US | 18.235.76.96:465 | feedback-smtp.us-east-1.amazonses.com | tcp |
| IN | 164.100.213.160:22 | inspireawards-dst.gov.in | tcp |
| BE | 108.177.15.27:993 | aspmx.l.google.com | tcp |
| US | 50.58.50.26:222 | sermoncentral.com | tcp |
| US | 44.193.118.31:22 | campusvirtual.duoc.cl | tcp |
| BR | 200.130.24.34:222 | enem.inep.gov.br | tcp |
| IN | 14.139.61.154:80 | recruitment-portal.in | tcp |
| GB | 18.135.83.51:443 | signup.eune.leagueoflegends.com | tcp |
| US | 8.8.8.8:53 | seraphzone.com | udp |
| CL | 200.72.242.17:21 | tramites.dirtrab.cl | tcp |
| CL | 200.72.242.17:443 | tramites.dirtrab.cl | tcp |
| BE | 13.225.239.109:222 | my.malwarebytes.com | tcp |
| DE | 3.64.163.50:21 | rec.hobsons.co.uk | tcp |
| US | 172.66.43.39:222 | beta.thecrims.com | tcp |
| US | 104.22.71.253:22 | auth.usenext.de | tcp |
| GB | 18.135.83.51:990 | signup.eune.leagueoflegends.com | tcp |
| CO | 186.113.6.78:465 | authpre.senasofiaplus.edu.co | tcp |
| KR | 183.110.0.26:143 | nxlogin.nexon.com | tcp |
| US | 104.26.11.129:80 | bonk.io | tcp |
| CO | 186.113.6.78:995 | authpre.senasofiaplus.edu.co | tcp |
| FR | 52.222.169.95:990 | app.toroinvestimentos.com.br | tcp |
| US | 104.31.16.118:143 | chat.1337x.to | tcp |
| GB | 92.123.241.50:143 | store.steampowered.com | tcp |
| FR | 52.222.149.128:443 | bulletin.nexon.com | tcp |
| BE | 108.177.15.27:587 | aspmx.l.google.com | tcp |
| FR | 52.222.169.95:993 | app.toroinvestimentos.com.br | tcp |
| US | 172.66.40.217:587 | beta.thecrims.com | tcp |
| US | 188.114.96.2:80 | dewabet.asia | tcp |
| BE | 13.225.239.79:222 | my.malwarebytes.com | tcp |
| BR | 200.130.24.34:990 | enem.inep.gov.br | tcp |
| KR | 183.110.0.26:465 | nxlogin.nexon.com | tcp |
| BE | 64.233.167.84:222 | accounts.google.com | tcp |
| GB | 18.135.83.51:222 | signup.eune.leagueoflegends.com | tcp |
| US | 18.235.76.96:995 | feedback-smtp.us-east-1.amazonses.com | tcp |
| IN | 14.139.61.154:143 | recruitment-portal.in | tcp |
| US | 172.67.10.77:22 | auth.usenext.de | tcp |
| US | 68.232.1.48:80 | idp.tamuc.edu | tcp |
| US | 52.21.145.149:22 | campusvirtual.duoc.cl | tcp |
| GB | 92.123.241.50:80 | store.steampowered.com | tcp |
| CL | 200.72.242.17:143 | tramites.dirtrab.cl | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| FR | 52.222.169.95:587 | app.toroinvestimentos.com.br | tcp |
| KR | 183.110.0.26:80 | nxlogin.nexon.com | tcp |
| CO | 186.113.6.78:222 | authpre.senasofiaplus.edu.co | tcp |
| IN | 164.100.213.160:21 | inspireawards-dst.gov.in | tcp |
| US | 34.192.233.193:995 | feedback-smtp.us-east-1.amazonses.com | tcp |
| US | 8.8.8.8:53 | muchienviet.com | udp |
| BE | 13.225.239.58:222 | my.malwarebytes.com | tcp |
| FR | 52.222.169.95:222 | app.toroinvestimentos.com.br | tcp |
| US | 8.8.8.8:53 | 118.16.31.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | l171.com | udp |
| DE | 3.64.163.50:443 | rec.hobsons.co.uk | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 51.83.135.18.in-addr.arpa | udp |
| NL | 142.251.39.110:443 | play.google.com | tcp |
| NL | 142.251.39.110:443 | play.google.com | tcp |
| NL | 142.251.39.110:443 | play.google.com | tcp |
| US | 104.22.70.253:21 | auth.usenext.de | tcp |
| US | 172.66.40.217:993 | beta.thecrims.com | tcp |
| US | 68.232.1.48:990 | idp.tamuc.edu | tcp |
| GB | 3.9.51.5:990 | signup.eune.leagueoflegends.com | tcp |
| IN | 164.100.213.160:143 | inspireawards-dst.gov.in | tcp |
| US | 54.147.230.236:22 | campusvirtual.duoc.cl | tcp |
| NL | 142.251.39.110:443 | play.google.com | tcp |
| NL | 142.251.39.110:443 | play.google.com | udp |
| US | 54.162.13.115:22 | campusvirtual.duoc.cl | tcp |
| NL | 142.251.39.110:443 | play.google.com | tcp |
| EE | 212.47.208.140:22 | forum.biketime.ee | tcp |
| US | 188.114.96.2:21 | dewabet.asia | tcp |
| US | 44.193.118.31:21 | campusvirtual.duoc.cl | tcp |
| BE | 13.225.239.43:990 | my.malwarebytes.com | tcp |
| FR | 52.222.169.95:110 | app.toroinvestimentos.com.br | tcp |
| FR | 52.222.169.92:993 | app.toroinvestimentos.com.br | tcp |
| IN | 164.100.213.160:80 | inspireawards-dst.gov.in | tcp |
| US | 68.232.1.48:222 | idp.tamuc.edu | tcp |
| US | 172.66.43.39:587 | beta.thecrims.com | tcp |
| GB | 3.9.51.5:222 | signup.eune.leagueoflegends.com | tcp |
| KR | 183.110.0.154:465 | nxlogin.nexon.com | tcp |
| BE | 64.233.167.84:990 | accounts.google.com | tcp |
| BE | 108.177.15.27:110 | aspmx.l.google.com | tcp |
| GB | 92.123.241.50:465 | store.steampowered.com | tcp |
| US | 172.66.40.217:110 | beta.thecrims.com | tcp |
| BE | 13.225.239.43:993 | my.malwarebytes.com | tcp |
| US | 68.232.1.48:587 | idp.tamuc.edu | tcp |
| BE | 13.225.239.43:110 | my.malwarebytes.com | tcp |
| BR | 200.130.24.34:80 | enem.inep.gov.br | tcp |
| GB | 92.123.241.50:22 | store.steampowered.com | tcp |
| US | 104.21.66.204:222 | modthesims.info | tcp |
| US | 104.26.11.129:990 | bonk.io | tcp |
| KR | 183.110.0.154:995 | nxlogin.nexon.com | tcp |
| FR | 52.222.169.92:222 | app.toroinvestimentos.com.br | tcp |
| US | 104.26.11.129:222 | bonk.io | tcp |
| US | 188.114.96.2:22 | dewabet.asia | tcp |
| FR | 52.222.169.92:587 | app.toroinvestimentos.com.br | tcp |
| US | 104.21.66.204:443 | modthesims.info | tcp |
| US | 188.114.97.2:22 | dewabet.asia | tcp |
| US | 68.232.1.48:993 | idp.tamuc.edu | tcp |
| US | 68.232.1.48:110 | idp.tamuc.edu | tcp |
| EE | 212.47.208.140:21 | forum.biketime.ee | tcp |
| US | 104.22.70.253:443 | auth.usenext.de | tcp |
| FR | 52.222.169.107:587 | app.toroinvestimentos.com.br | tcp |
| FR | 52.222.169.30:587 | app.toroinvestimentos.com.br | tcp |
| US | 44.193.118.31:443 | campusvirtual.duoc.cl | tcp |
| US | 172.66.40.217:80 | beta.thecrims.com | tcp |
| US | 3.218.134.115:143 | feedback-smtp.us-east-1.amazonses.com | tcp |
| BE | 66.102.1.14:993 | gmr-smtp-in.l.google.com | tcp |
| US | 104.31.16.118:80 | chat.1337x.to | tcp |
| IN | 14.139.61.154:995 | recruitment-portal.in | tcp |
| US | 104.31.16.118:465 | chat.1337x.to | tcp |
| GB | 92.123.241.50:995 | store.steampowered.com | tcp |
| CL | 200.72.242.17:80 | tramites.dirtrab.cl | tcp |
| CL | 200.72.242.17:465 | tramites.dirtrab.cl | tcp |
| BE | 13.225.239.43:587 | my.malwarebytes.com | tcp |
| IN | 14.139.61.154:465 | recruitment-portal.in | tcp |
| DE | 3.64.163.50:143 | rec.hobsons.co.uk | tcp |
| US | 172.67.72.36:990 | bonk.io | tcp |
| US | 172.67.72.36:222 | bonk.io | tcp |
| US | 104.26.10.129:990 | bonk.io | tcp |
| GB | 18.135.83.51:587 | signup.eune.leagueoflegends.com | tcp |
| US | 104.22.70.253:143 | auth.usenext.de | tcp |
| US | 50.58.50.26:80 | sermoncentral.com | tcp |
| BR | 200.130.24.34:110 | enem.inep.gov.br | tcp |
| BE | 66.102.1.14:587 | gmr-smtp-in.l.google.com | tcp |
| US | 44.193.118.31:143 | campusvirtual.duoc.cl | tcp |
| CO | 186.113.6.78:993 | authpre.senasofiaplus.edu.co | tcp |
| US | 162.159.205.19:587 | route2.mx.cloudflare.net | tcp |
| US | 172.66.40.217:80 | beta.thecrims.com | tcp |
| FR | 52.222.169.95:80 | app.toroinvestimentos.com.br | tcp |
| CO | 186.113.6.78:80 | authpre.senasofiaplus.edu.co | tcp |
| US | 104.21.66.204:80 | modthesims.info | tcp |
| GB | 18.135.83.51:110 | signup.eune.leagueoflegends.com | tcp |
| US | 8.8.8.8:53 | nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | 56.itknyga.co.ua | udp |
| US | 18.235.76.96:143 | feedback-smtp.us-east-1.amazonses.com | tcp |
| KR | 183.110.0.154:222 | nxlogin.nexon.com | tcp |
| IN | 164.100.213.160:465 | inspireawards-dst.gov.in | tcp |
| US | 104.31.16.118:21 | chat.1337x.to | tcp |
| EE | 212.47.208.140:443 | forum.biketime.ee | tcp |
| BR | 200.130.24.34:993 | enem.inep.gov.br | tcp |
| US | 3.83.191.190:21 | thescla.org | tcp |
| US | 104.31.16.118:80 | chat.1337x.to | tcp |
| GB | 3.9.51.5:587 | signup.eune.leagueoflegends.com | tcp |
| US | 34.192.233.193:143 | feedback-smtp.us-east-1.amazonses.com | tcp |
| US | 104.22.71.253:143 | auth.usenext.de | tcp |
| US | 104.31.16.118:22 | chat.1337x.to | tcp |
| US | 162.159.205.19:110 | route2.mx.cloudflare.net | tcp |
| GB | 18.135.83.51:993 | signup.eune.leagueoflegends.com | tcp |
| US | 104.31.16.118:995 | chat.1337x.to | tcp |
| CL | 200.72.242.17:995 | tramites.dirtrab.cl | tcp |
| DE | 3.64.163.50:465 | rec.hobsons.co.uk | tcp |
| GB | 92.123.241.50:80 | store.steampowered.com | tcp |
| DE | 3.64.163.50:80 | rec.hobsons.co.uk | tcp |
| US | 204.141.43.44:993 | mx.zoho.com | tcp |
| US | 104.26.11.129:443 | bonk.io | tcp |
| US | 44.193.118.31:465 | campusvirtual.duoc.cl | tcp |
| US | 162.159.205.19:993 | route2.mx.cloudflare.net | tcp |
| US | 104.21.66.204:990 | modthesims.info | tcp |
| US | 68.232.1.48:80 | idp.tamuc.edu | tcp |
| BR | 200.130.24.34:587 | enem.inep.gov.br | tcp |
| IN | 164.100.213.160:995 | inspireawards-dst.gov.in | tcp |
| CO | 186.113.6.78:80 | authpre.senasofiaplus.edu.co | tcp |
| US | 188.114.96.2:443 | dewabet.asia | tcp |
| CO | 186.113.6.78:990 | authpre.senasofiaplus.edu.co | tcp |
| US | 172.67.10.77:143 | auth.usenext.de | tcp |
| GB | 92.123.241.50:21 | store.steampowered.com | tcp |
| US | 104.31.16.11:21 | chat.1337x.to | tcp |
| KR | 183.110.0.154:990 | nxlogin.nexon.com | tcp |
| GB | 104.77.160.196:21 | account.mojang.com | tcp |
| US | 3.83.191.190:443 | thescla.org | tcp |
| DE | 3.64.163.50:80 | rec.hobsons.co.uk | tcp |
| GB | 104.77.160.196:443 | account.mojang.com | tcp |
| KR | 183.110.0.26:990 | nxlogin.nexon.com | tcp |
| DE | 3.64.163.50:995 | rec.hobsons.co.uk | tcp |
| US | 8.8.8.8:53 | itsapp08.ug.edu.gh | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| GB | 18.135.83.51:80 | signup.eune.leagueoflegends.com | tcp |
| EE | 212.47.208.140:143 | forum.biketime.ee | tcp |
| IN | 14.139.61.154:80 | recruitment-portal.in | tcp |
| GB | 18.135.83.51:80 | signup.eune.leagueoflegends.com | tcp |
| US | 3.218.134.115:465 | feedback-smtp.us-east-1.amazonses.com | tcp |
| IN | 14.139.61.154:222 | recruitment-portal.in | tcp |
| US | 3.218.134.115:995 | feedback-smtp.us-east-1.amazonses.com | tcp |
| US | 104.22.70.253:22 | auth.usenext.de | tcp |
| BE | 13.225.239.43:222 | my.malwarebytes.com | tcp |
| BE | 13.225.239.43:80 | my.malwarebytes.com | tcp |
| CL | 200.72.242.17:21 | tramites.dirtrab.cl | tcp |
| KR | 183.110.0.154:80 | nxlogin.nexon.com | tcp |
| US | 104.22.71.253:22 | auth.usenext.de | tcp |
| BE | 13.225.239.109:222 | my.malwarebytes.com | tcp |
| US | 172.67.10.77:22 | auth.usenext.de | tcp |
| CZ | 77.75.78.104:21 | login.szn.cz | tcp |
| US | 8.8.8.8:53 | muchienviet.com | udp |
| US | 8.8.8.8:53 | seraphzone.com | udp |
| BE | 13.225.239.79:222 | my.malwarebytes.com | tcp |
| BE | 13.225.239.58:222 | my.malwarebytes.com | tcp |
| EE | 212.47.208.140:465 | forum.biketime.ee | tcp |
| IN | 14.139.61.154:990 | recruitment-portal.in | tcp |
| GB | 18.135.83.51:990 | signup.eune.leagueoflegends.com | tcp |
| IN | 164.100.213.160:222 | inspireawards-dst.gov.in | tcp |
| GB | 3.9.51.5:990 | signup.eune.leagueoflegends.com | tcp |
| IN | 14.139.61.154:80 | recruitment-portal.in | tcp |
| EE | 212.47.208.140:995 | forum.biketime.ee | tcp |
| US | 68.232.1.48:222 | idp.tamuc.edu | tcp |
| EE | 212.47.208.140:80 | forum.biketime.ee | tcp |
| CO | 186.113.6.78:222 | authpre.senasofiaplus.edu.co | tcp |
| US | 8.8.8.8:53 | 190.191.83.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | tools.siteground.com | udp |
| US | 8.8.8.8:53 | corumcollege.com | udp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| US | 104.22.70.253:80 | auth.usenext.de | tcp |
| US | 104.31.16.118:443 | chat.1337x.to | tcp |
| GB | 92.123.241.50:443 | store.steampowered.com | tcp |
| FR | 52.222.169.95:443 | app.toroinvestimentos.com.br | tcp |
| US | 3.83.191.190:80 | thescla.org | tcp |
| US | 104.21.66.204:80 | modthesims.info | tcp |
| GB | 18.135.83.51:587 | signup.eune.leagueoflegends.com | tcp |
| BE | 66.102.1.14:993 | gmr-smtp-in.l.google.com | tcp |
| IN | 14.139.61.154:110 | recruitment-portal.in | tcp |
| GB | 3.9.51.5:587 | signup.eune.leagueoflegends.com | tcp |
| US | 172.66.40.217:443 | beta.thecrims.com | tcp |
| IN | 164.100.213.160:80 | inspireawards-dst.gov.in | tcp |
| US | 104.31.16.118:443 | chat.1337x.to | tcp |
| US | 8.8.8.8:53 | ftp.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | 56.itknyga.co.ua | udp |
| US | 44.193.118.31:587 | campusvirtual.duoc.cl | tcp |
| US | 52.21.145.149:587 | campusvirtual.duoc.cl | tcp |
| BR | 200.130.24.34:587 | enem.inep.gov.br | tcp |
| IN | 164.100.213.160:110 | inspireawards-dst.gov.in | tcp |
| US | 50.58.50.26:80 | sermoncentral.com | tcp |
| DE | 3.64.163.50:80 | rec.hobsons.co.uk | tcp |
| US | 104.26.11.129:80 | bonk.io | tcp |
| NL | 40.126.32.140:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | unicfcead.com.br | udp |
| GB | 104.77.160.196:80 | account.mojang.com | tcp |
| US | 188.114.96.2:80 | dewabet.asia | tcp |
| CZ | 77.75.78.104:80 | login.szn.cz | tcp |
| CO | 186.113.6.78:80 | authpre.senasofiaplus.edu.co | tcp |
| US | 8.8.8.8:53 | ftp.sermoncentral.com | udp |
| US | 8.8.8.8:53 | ftp.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | feedback-smtp.us-east-1.amazonses.com | udp |
| US | 8.8.8.8:53 | ftp.l171.com | udp |
| US | 8.8.8.8:53 | ssh.56.itknyga.co.ua | udp |
| US | 104.19.143.69:80 | futbin.com | tcp |
| US | 8.8.8.8:53 | nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | ftp.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | ftp.idp.tamuc.edu | udp |
| US | 8.8.8.8:53 | ftp.my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | ftp.accounts.google.com | udp |
| US | 8.8.8.8:53 | mail.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | mail.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | mail.my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | ftp.enem.inep.gov.br | udp |
| US | 8.8.8.8:53 | ftp.bonk.io | udp |
| US | 8.8.8.8:53 | www.thescla.org | udp |
| BE | 13.225.239.43:443 | my.malwarebytes.com | tcp |
| GH | 197.255.125.60:465 | itsapp08.ug.edu.gh | tcp |
| US | 104.31.16.118:80 | chat.1337x.to | tcp |
| US | 44.193.118.31:587 | campusvirtual.duoc.cl | tcp |
| CL | 200.72.242.17:80 | tramites.dirtrab.cl | tcp |
| US | 52.21.145.149:587 | campusvirtual.duoc.cl | tcp |
| BR | 200.130.24.34:25 | enem.inep.gov.br | tcp |
| CL | 200.72.242.17:587 | tramites.dirtrab.cl | tcp |
| IN | 164.100.213.160:110 | inspireawards-dst.gov.in | tcp |
| US | 104.21.66.204:443 | modthesims.info | tcp |
| US | 104.31.16.118:587 | chat.1337x.to | tcp |
| US | 54.147.230.236:587 | campusvirtual.duoc.cl | tcp |
| US | 104.31.16.11:587 | chat.1337x.to | tcp |
| US | 54.162.13.115:587 | campusvirtual.duoc.cl | tcp |
| GB | 92.123.241.50:80 | store.steampowered.com | tcp |
| GB | 92.123.241.50:110 | store.steampowered.com | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| GB | 18.135.83.51:443 | signup.eune.leagueoflegends.com | tcp |
| FR | 52.222.169.95:80 | app.toroinvestimentos.com.br | tcp |
| FR | 99.86.91.94:80 | spin247.com | tcp |
| GH | 197.255.125.60:80 | itsapp08.ug.edu.gh | tcp |
| FR | 52.222.149.128:443 | bulletin.nexon.com | tcp |
| EE | 212.47.208.140:80 | forum.biketime.ee | tcp |
| US | 3.83.191.190:443 | www.thescla.org | tcp |
| DE | 3.64.163.50:80 | rec.hobsons.co.uk | tcp |
| US | 8.8.8.8:53 | www.minecraft.net | udp |
| US | 8.8.8.8:53 | ftp.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | mx2.zoho.com | udp |
| US | 8.8.8.8:53 | ftp.muchienviet.com | udp |
| US | 8.8.8.8:53 | 104.78.75.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.143.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | ssh.l171.com | udp |
| US | 8.8.8.8:53 | corumcollege.com | udp |
| US | 8.8.8.8:53 | ploudos.com | udp |
| US | 8.8.8.8:53 | my.malwarebytes.com | udp |
| US | 172.66.40.217:80 | beta.thecrims.com | tcp |
| US | 8.8.8.8:53 | ploudos.com | udp |
| US | 8.8.8.8:53 | lienquancode.com | udp |
| US | 8.8.8.8:53 | ftp.modthesims.info | udp |
| US | 8.8.8.8:53 | portal.e-beam.com | udp |
| US | 44.193.118.31:80 | campusvirtual.duoc.cl | tcp |
| US | 8.8.8.8:53 | ftp.inspireawards-dst.gov.in | udp |
| US | 104.26.11.129:443 | bonk.io | tcp |
| US | 50.58.50.26:443 | sermoncentral.com | tcp |
| GB | 104.77.160.198:443 | www.minecraft.net | tcp |
| CO | 186.113.6.78:80 | authpre.senasofiaplus.edu.co | tcp |
| BE | 13.225.239.74:80 | tools.siteground.com | tcp |
| US | 68.232.1.48:80 | idp.tamuc.edu | tcp |
| CZ | 77.75.78.104:443 | login.szn.cz | tcp |
| US | 104.22.70.253:443 | auth.usenext.de | tcp |
| US | 104.19.143.69:443 | futbin.com | tcp |
| US | 8.8.8.8:53 | mail.my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | mail.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | mail.muchienviet.com | udp |
| US | 8.8.8.8:53 | ftp.bonk.io | udp |
| BR | 200.130.24.34:80 | enem.inep.gov.br | tcp |
| CZ | 77.75.78.104:80 | login.szn.cz | tcp |
| FR | 52.222.169.107:443 | app.toroinvestimentos.com.br | tcp |
| US | 104.31.16.118:443 | chat.1337x.to | tcp |
| EE | 212.47.208.140:80 | forum.biketime.ee | tcp |
| US | 188.114.96.2:443 | dewabet.asia | tcp |
| DE | 3.64.163.50:80 | rec.hobsons.co.uk | tcp |
| US | 3.19.19.230:80 | unicfcead.com.br | tcp |
| US | 104.31.16.118:443 | chat.1337x.to | tcp |
| US | 104.21.66.204:80 | ssh.modthesims.info | tcp |
| FR | 18.244.28.88:80 | my.malwarebytes.com | tcp |
| VN | 103.9.206.107:80 | kame.vn | tcp |
| BR | 200.130.24.34:80 | enem.inep.gov.br | tcp |
| KR | 183.110.0.154:80 | nxlogin.nexon.com | tcp |
| GB | 3.10.126.228:80 | signup.eune.leagueoflegends.com | tcp |
| GB | 92.123.241.50:443 | store.steampowered.com | tcp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| US | 8.8.8.8:53 | authpre.senasofiaplus.edu.co | udp |
| GB | 104.77.160.198:443 | www.minecraft.net | tcp |
| US | 188.114.96.2:443 | dewabet.asia | tcp |
| US | 8.8.8.8:53 | 74.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssh.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | mail.campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | mail.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | account.mojang.com | udp |
| US | 8.8.8.8:53 | mail.enem.inep.gov.br | udp |
| US | 8.8.8.8:53 | mail.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | seraphzone.com | udp |
| US | 8.8.8.8:53 | ecetera.hu | udp |
| US | 8.8.8.8:53 | courtyardmtyapto.ipsofactu.mx | udp |
| US | 8.8.8.8:53 | ftp.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | corumcollege.com | udp |
| US | 8.8.8.8:53 | ssh.idp.tamuc.edu | udp |
| US | 8.8.8.8:53 | nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | ssh.l171.com | udp |
| US | 8.8.8.8:53 | ssh.my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | ftp.rec.hobsons.co.uk | udp |
| US | 8.8.8.8:53 | ssh.enem.inep.gov.br | udp |
| US | 8.8.8.8:53 | ftp.auth.usenext.de | udp |
| US | 8.8.8.8:53 | ssh.56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | ftp.recruitment-portal.in | udp |
| US | 8.8.8.8:53 | ftp.inspireawards-dst.gov.in | udp |
| US | 8.8.8.8:53 | mail.my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | 56.itknyga.co.ua | udp |
| US | 3.83.191.190:80 | www.thescla.org | tcp |
| GH | 197.255.125.60:80 | itsapp08.ug.edu.gh | tcp |
| FR | 99.86.91.94:443 | spin247.com | tcp |
| KR | 183.109.71.30:80 | stdpay.inicis.com | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| US | 172.66.40.217:443 | beta.thecrims.com | tcp |
| US | 8.8.8.8:53 | ftp.campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | mail.inspireawards-dst.gov.in | udp |
| CL | 200.72.242.17:80 | tramites.dirtrab.cl | tcp |
| IN | 14.139.61.154:80 | recruitment-portal.in | tcp |
| US | 52.21.145.149:443 | campusvirtual.duoc.cl | tcp |
| BE | 13.225.239.74:443 | tools.siteground.com | tcp |
| US | 104.22.70.253:80 | auth.usenext.de | tcp |
| US | 8.8.8.8:53 | ssh.muchienviet.com | udp |
| US | 8.8.8.8:53 | muchienviet.com | udp |
| US | 8.8.8.8:53 | mail.muchienviet.com | udp |
| US | 8.8.8.8:53 | ftp.store.steampowered.com | udp |
| US | 8.8.8.8:53 | ftp.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | mail.store.steampowered.com | udp |
| US | 8.8.8.8:53 | ssh.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | ftp.muchienviet.com | udp |
| US | 8.8.8.8:53 | mail.56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | ftp.nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | ssh.accounts.google.com | udp |
| US | 8.8.8.8:53 | ftp.sermoncentral.com | udp |
| US | 8.8.8.8:53 | 107.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | ftp.accounts.google.com | udp |
| US | 8.8.8.8:53 | ssh.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | account.t-mobile.com | udp |
| US | 8.8.8.8:53 | ecetera.hu | udp |
| US | 8.8.8.8:53 | ftp.idp.tamuc.edu | udp |
| US | 8.8.8.8:53 | courtyardmtyapto.ipsofactu.mx | udp |
| US | 8.8.8.8:53 | ftp.tramites.dirtrab.cl | udp |
| US | 8.8.8.8:53 | ftp.l171.com | udp |
| US | 8.8.8.8:53 | ssh.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | ssh.sermoncentral.com | udp |
| US | 8.8.8.8:53 | ftp.dewabet.asia | udp |
| US | 8.8.8.8:53 | ftp.thescla.org | udp |
| US | 8.8.8.8:53 | ftp.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | ftp.forum.biketime.ee | udp |
| US | 8.8.8.8:53 | mail.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | www.futbin.com | udp |
| US | 8.8.8.8:53 | l171.com | udp |
| US | 8.8.8.8:53 | 230.19.19.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.206.9.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mx2.improvmx.com | udp |
| US | 8.8.8.8:53 | mail.recruitment-portal.in | udp |
| US | 8.8.8.8:53 | ftp.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | mail.l171.com | udp |
| US | 8.8.8.8:53 | account.t-mobile.com | udp |
| US | 8.8.8.8:53 | ftp.bonk.io | udp |
| US | 8.8.8.8:53 | mail.nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | alt-torrent.com | udp |
| US | 8.8.8.8:53 | ftp.enem.inep.gov.br | udp |
| US | 8.8.8.8:53 | mail.idp.tamuc.edu | udp |
| US | 8.8.8.8:53 | ssh.bonk.io | udp |
| US | 8.8.8.8:53 | ftp.my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | alt-torrent.com | udp |
| US | 8.8.8.8:53 | coryoims.com | udp |
| US | 8.8.8.8:53 | pop.56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | mail.seraphzone.com | udp |
| NL | 172.217.168.238:443 | www.youtube.com | udp |
| US | 68.232.1.48:80 | idp.tamuc.edu | tcp |
| US | 52.21.145.149:443 | campusvirtual.duoc.cl | tcp |
| US | 50.58.50.26:80 | sermoncentral.com | tcp |
| DE | 3.64.163.50:220 | mail.rec.hobsons.co.uk | tcp |
| IN | 164.100.213.160:80 | inspireawards-dst.gov.in | tcp |
| EE | 212.47.208.140:80 | forum.biketime.ee | tcp |
| VN | 103.9.206.107:443 | kame.vn | tcp |
| CZ | 77.75.78.104:80 | login.szn.cz | tcp |
| CO | 186.113.6.78:80 | authpre.senasofiaplus.edu.co | tcp |
| US | 8.8.8.8:53 | ssh.recruitment-portal.in | udp |
| US | 8.8.8.8:53 | ftp.login.szn.cz | udp |
| US | 8.8.8.8:53 | ssh.dewabet.asia | udp |
| US | 104.26.1.138:80 | ploudos.com | tcp |
| US | 104.21.16.59:80 | lienquancode.com | tcp |
| RS | 87.237.202.69:80 | secure.limundo.com | tcp |
| US | 104.21.66.204:443 | ssh.modthesims.info | tcp |
| FR | 18.244.28.88:443 | my.malwarebytes.com | tcp |
| US | 104.21.88.47:80 | invadedlands.net | tcp |
| US | 3.19.19.230:443 | unicfcead.com.br | tcp |
| US | 188.114.96.2:80 | incogniton.com | tcp |
| US | 104.18.34.171:80 | forum.cfx.re | tcp |
| FR | 52.222.169.107:80 | app.toroinvestimentos.com.br | tcp |
| US | 172.66.40.217:80 | beta.thecrims.com | tcp |
| US | 104.26.11.129:80 | bonk.io | tcp |
| US | 104.31.16.118:80 | chat.1337x.to | tcp |
| DE | 3.64.163.50:80 | mail.rec.hobsons.co.uk | tcp |
| US | 3.19.19.230:443 | unicfcead.com.br | tcp |
| IN | 14.139.61.154:80 | recruitment-portal.in | tcp |
| US | 8.8.8.8:53 | ecetera.hu | udp |
| US | 8.8.8.8:53 | seraphzone.com | udp |
| US | 8.8.8.8:53 | ftp.futbin.com | udp |
| US | 8.8.8.8:53 | ftp.tramites.dirtrab.cl | udp |
| US | 8.8.8.8:53 | ssh.enem.inep.gov.br | udp |
| US | 8.8.8.8:53 | ssh.nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | mail.nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | ftp.spin247.com | udp |
| US | 8.8.8.8:53 | ssh.muchienviet.com | udp |
| US | 8.8.8.8:53 | ssh.store.steampowered.com | udp |
| US | 8.8.8.8:53 | mail.idp.tamuc.edu | udp |
| US | 8.8.8.8:53 | ssh.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | ftp.thescla.org | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 104.21.29.103:80 | midnight.bestsup.su | tcp |
| US | 3.83.191.190:443 | www.thescla.org | tcp |
| US | 8.8.8.8:53 | 47.88.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.202.237.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | ssh.inspireawards-dst.gov.in | udp |
| US | 8.8.8.8:53 | mail.seraphzone.com | udp |
| US | 8.8.8.8:53 | ssh.56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | ssh.my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | ftp.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | ftp.recruitment-portal.in | udp |
| US | 8.8.8.8:53 | 56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | mail.my.malwarebytes.com | udp |
| GB | 92.123.241.50:80 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | mail.recruitment-portal.in | udp |
| US | 8.8.8.8:53 | nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | mail.auth.usenext.de | udp |
| US | 8.8.8.8:53 | mail.56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | ftp.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | ssh.chat.1337x.to | udp |
| US | 8.8.8.8:53 | mail.muchienviet.com | udp |
| US | 8.8.8.8:53 | mail.store.steampowered.com | udp |
| US | 8.8.8.8:53 | muchienviet.com | udp |
| US | 3.83.191.190:443 | www.thescla.org | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ftp.nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | ftp.bonk.io | udp |
| US | 104.21.19.244:80 | www.thepixellab.net | tcp |
| US | 104.22.70.253:443 | auth.usenext.de | tcp |
| KR | 183.109.71.30:80 | stdpay.inicis.com | tcp |
| BE | 13.225.239.74:80 | tools.siteground.com | tcp |
| US | 8.8.8.8:53 | mail.alt-torrent.com | udp |
| RU | 5.42.65.31:48396 | tcp | |
| US | 8.8.8.8:53 | pop.56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | ssh.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | mail.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | ftp.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | ftp.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | ftp.muchienviet.com | udp |
| US | 8.8.8.8:53 | ftp.forum.biketime.ee | udp |
| IN | 164.100.213.160:80 | inspireawards-dst.gov.in | tcp |
| TR | 217.195.207.156:47721 | tcp | |
| CL | 200.72.242.17:80 | tramites.dirtrab.cl | tcp |
| CZ | 77.75.78.104:443 | login.szn.cz | tcp |
| CZ | 77.75.78.104:80 | login.szn.cz | tcp |
| US | 104.21.16.59:443 | lienquancode.com | tcp |
| US | 50.58.50.26:443 | sermoncentral.com | tcp |
| US | 8.8.8.8:53 | mail.campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | ftp.campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | ssh.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | tools.siteground.com | udp |
| EE | 212.47.208.140:80 | forum.biketime.ee | tcp |
| US | 104.21.66.204:80 | ssh.modthesims.info | tcp |
| US | 104.21.88.47:443 | invadedlands.net | tcp |
| US | 8.8.8.8:53 | mail.idp.tamuc.edu | udp |
| US | 8.8.8.8:53 | mail.signup.eune.leagueoflegends.com | udp |
| US | 104.21.88.47:443 | invadedlands.net | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| RU | 193.233.132.62:50500 | tcp | |
| US | 104.18.34.171:443 | forum.cfx.re | tcp |
| US | 8.8.8.8:53 | 103.29.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | ssh.recruitment-portal.in | udp |
| US | 8.8.8.8:53 | ftp.auth.usenext.de | udp |
| US | 8.8.8.8:53 | ssh.seraphzone.com | udp |
| US | 8.8.8.8:53 | ssh.l171.com | udp |
| US | 8.8.8.8:53 | ftp.store.steampowered.com | udp |
| US | 8.8.8.8:53 | mail.inspireawards-dst.gov.in | udp |
| US | 8.8.8.8:53 | toreents.club | udp |
| US | 8.8.8.8:53 | phukienxiga.net.vn | udp |
| US | 8.8.8.8:53 | ssh.rec.hobsons.co.uk | udp |
| US | 8.8.8.8:53 | ssh.auth.usenext.de | udp |
| US | 8.8.8.8:53 | ftp.tools.siteground.com | udp |
| US | 104.19.141.69:443 | www.futbin.com | tcp |
| KR | 183.110.0.154:80 | nxlogin.nexon.com | tcp |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| US | 72.44.75.36:80 | coryoims.com | tcp |
| GB | 3.10.126.228:80 | signup.eune.leagueoflegends.com | tcp |
| US | 8.8.8.8:53 | ftp.corumcollege.com | udp |
| US | 8.8.8.8:53 | ftp.spin247.com | udp |
| US | 8.8.8.8:53 | ssh.muchienviet.com | udp |
| DE | 93.90.192.170:80 | courtyardmtyapto.ipsofactu.mx | tcp |
| VN | 103.9.206.107:80 | kame.vn | tcp |
| US | 45.60.155.127:80 | account.t-mobile.com | tcp |
| NL | 40.126.32.140:443 | login.microsoftonline.com | tcp |
| FR | 18.244.28.88:80 | my.malwarebytes.com | tcp |
| DE | 3.64.163.50:80 | ssh.rec.hobsons.co.uk | tcp |
| CL | 186.64.116.125:80 | mail.alt-torrent.com | tcp |
| US | 188.114.97.2:80 | incogniton.com | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ftp.seraphzone.com | udp |
| US | 8.8.8.8:53 | mail.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | us-smtp-inbound-1.mimecast.com | udp |
| US | 8.8.8.8:53 | dashboard.twitch.tv | udp |
| US | 8.8.8.8:53 | mail.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | pop.app.toroinvestimentos.com.br | udp |
| BR | 200.130.24.34:80 | enem.inep.gov.br | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| US | 104.22.70.253:80 | auth.usenext.de | tcp |
| IN | 192.12.109.71:80 | merchant.onlinesbi.sbi | tcp |
| GH | 197.255.125.60:80 | itsapp08.ug.edu.gh | tcp |
| FR | 99.86.91.98:443 | www.spin247.com | tcp |
| US | 104.21.16.59:80 | lienquancode.com | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| RS | 87.237.202.69:80 | www.limundo.com | tcp |
| US | 3.19.19.230:80 | unicfcead.com.br | tcp |
| VN | 103.9.206.107:80 | kame.vn | tcp |
| US | 3.83.191.190:80 | www.thescla.org | tcp |
| US | 8.8.8.8:53 | mail.muchienviet.com | udp |
| US | 8.8.8.8:53 | app.toroinvestimentos.com.br | udp |
| EE | 212.47.208.140:80 | forum.biketime.ee | tcp |
| CZ | 77.75.78.104:80 | login.szn.cz | tcp |
| US | 50.58.50.26:80 | sermoncentral.com | tcp |
| CL | 200.72.242.17:80 | tramites.dirtrab.cl | tcp |
| US | 8.8.8.8:53 | alt2.gmr-smtp-in.l.google.com | udp |
| US | 8.8.8.8:53 | mail.my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | mail.nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | ssh.accounts.google.com | udp |
| US | 8.8.8.8:53 | account.mojang.com | udp |
| US | 8.8.8.8:53 | 170.192.90.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.155.60.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dashboard.twitch.tv | udp |
| US | 8.8.8.8:53 | mpsky.oci.co.kr | udp |
| US | 8.8.8.8:53 | chimeratool.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | 125.116.64.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ecetera.hu | udp |
| US | 8.8.8.8:53 | ftp.ploudos.com | udp |
| NL | 142.251.39.110:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| NL | 142.251.39.110:443 | www.youtube.com | udp |
| US | 72.44.75.36:80 | coryoims.com | tcp |
| US | 8.8.8.8:53 | ssh.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | mail.recruitment-portal.in | udp |
| US | 8.8.8.8:53 | ftp.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | ftp.recruitment-portal.in | udp |
| US | 8.8.8.8:53 | 98.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssh.inspireawards-dst.gov.in | udp |
| US | 8.8.8.8:53 | chimeratool.com | udp |
| US | 8.8.8.8:53 | campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | ftp.chat.1337x.to | udp |
| US | 8.8.8.8:53 | mail.itsapp08.ug.edu.gh | udp |
| US | 8.8.8.8:53 | ftp.secure.limundo.com | udp |
| US | 8.8.8.8:53 | ssh.login.szn.cz | udp |
| US | 104.21.88.47:80 | invadedlands.net | tcp |
| US | 8.8.8.8:53 | ssh.forum.biketime.ee | udp |
| US | 8.8.8.8:53 | ssh.recruitment-portal.in | udp |
| US | 8.8.8.8:53 | mail.inspireawards-dst.gov.in | udp |
| KR | 183.109.71.30:80 | stdpay.inicis.com | tcp |
| US | 104.18.34.171:80 | forum.cfx.re | tcp |
| GB | 23.214.154.77:80 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | signup.eune.leagueoflegends.com | udp |
| US | 68.232.1.48:80 | idp.tamuc.edu | tcp |
| GH | 197.255.125.60:80 | itsapp08.ug.edu.gh | tcp |
| US | 8.8.8.8:53 | ftp.forum.biketime.ee | udp |
| US | 8.8.8.8:53 | fresh-mining.com | udp |
| US | 8.8.8.8:53 | mail.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | phukienxiga.net.vn | udp |
| US | 8.8.8.8:53 | ssh.auth.usenext.de | udp |
| US | 8.8.8.8:53 | ftp.itsapp08.ug.edu.gh | udp |
| US | 8.8.8.8:53 | park-mx.above.com | udp |
| US | 8.8.8.8:53 | l171.com | udp |
| US | 8.8.8.8:53 | ftp.stdpay.inicis.com | udp |
| US | 8.8.8.8:53 | corumcollege.com | udp |
| US | 8.8.8.8:53 | ssh.sermoncentral.com | udp |
| US | 104.19.143.69:80 | www.futbin.com | tcp |
| US | 172.66.40.217:80 | beta.thecrims.com | tcp |
| IN | 192.12.109.71:80 | merchant.onlinesbi.sbi | tcp |
| US | 188.114.96.2:80 | incogniton.com | tcp |
| US | 104.31.16.118:80 | chat.1337x.to | tcp |
| US | 45.60.155.127:80 | account.t-mobile.com | tcp |
| FR | 52.222.169.92:80 | app.toroinvestimentos.com.br | tcp |
| US | 8.8.8.8:53 | ftp.futbin.com | udp |
| US | 8.8.8.8:53 | ftp.login.szn.cz | udp |
| US | 8.8.8.8:53 | pop.idp.tamuc.edu | udp |
| US | 8.8.8.8:53 | ssh.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | mail.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | ssh.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | pop.56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | mail.idp.tamuc.edu | udp |
| US | 8.8.8.8:53 | pop.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | mail.tools.siteground.com | udp |
| US | 8.8.8.8:53 | ftp.store.steampowered.com | udp |
| US | 8.8.8.8:53 | disneyplus-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ftp.tramites.dirtrab.cl | udp |
| US | 8.8.8.8:53 | pop.l171.com | udp |
| US | 8.8.8.8:53 | mail.l171.com | udp |
| US | 8.8.8.8:53 | ssh.dewabet.asia | udp |
| US | 8.8.8.8:53 | mail.forum.biketime.ee | udp |
| US | 8.8.8.8:53 | ssh.enem.inep.gov.br | udp |
| US | 104.26.11.129:80 | bonk.io | tcp |
| US | 104.26.1.138:443 | ploudos.com | tcp |
| US | 8.8.8.8:53 | djponline.pajak.go.id | udp |
| US | 8.8.8.8:53 | symulator-farmy.pl | udp |
| US | 8.8.8.8:53 | mail.account.mojang.com | udp |
| US | 8.8.8.8:53 | ssh.campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | ftp.unicfcead.com.br | udp |
| US | 8.8.8.8:53 | mail.corumcollege.com | udp |
| US | 8.8.8.8:53 | mail.unicfcead.com.br | udp |
| US | 8.8.8.8:53 | ssh.thescla.org | udp |
| US | 8.8.8.8:53 | ssh.itsapp08.ug.edu.gh | udp |
| GB | 104.77.160.196:80 | account.mojang.com | tcp |
| US | 104.21.88.47:80 | invadedlands.net | tcp |
| DE | 93.90.192.170:80 | courtyardmtyapto.ipsofactu.mx | tcp |
| DE | 108.138.7.116:80 | spin247.com | tcp |
| RU | 185.215.113.45:80 | 185.215.113.45 | tcp |
| US | 8.8.8.8:53 | mail.chat.1337x.to | udp |
| US | 8.8.8.8:53 | account.t-mobile.com | udp |
| US | 8.8.8.8:53 | pop.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | mail.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | www.limundo.com | udp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| IN | 164.100.213.160:80 | inspireawards-dst.gov.in | tcp |
| US | 103.224.182.253:80 | toreents.club | tcp |
| IN | 14.139.61.154:80 | recruitment-portal.in | tcp |
| GB | 104.77.160.196:80 | account.mojang.com | tcp |
| CL | 186.64.116.125:80 | mail.alt-torrent.com | tcp |
| US | 104.21.66.204:80 | ssh.modthesims.info | tcp |
| FR | 52.84.174.23:443 | tools.siteground.com | tcp |
| GB | 92.123.241.50:80 | store.steampowered.com | tcp |
| FR | 18.244.28.29:80 | my.malwarebytes.com | tcp |
| GB | 3.10.126.228:80 | signup.eune.leagueoflegends.com | tcp |
| US | 34.218.145.143:80 | disneyplus.com | tcp |
| BR | 200.130.24.34:80 | enem.inep.gov.br | tcp |
| GB | 23.214.154.77:80 | steamcommunity.com | tcp |
| US | 104.21.19.244:80 | thepixellab.net | tcp |
| VN | 103.9.206.107:443 | kame.vn | tcp |
| US | 8.8.8.8:53 | mail.56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | ssh.my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | pop.my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | muchienviet.com | udp |
| US | 8.8.8.8:53 | mail.enem.inep.gov.br | udp |
| US | 8.8.8.8:53 | pop.enem.inep.gov.br | udp |
| US | 8.8.8.8:53 | ftp.invadedlands.net | udp |
| US | 8.8.8.8:53 | ftp.forum.cfx.re | udp |
| US | 8.8.8.8:53 | mail.muchienviet.com | udp |
| US | 8.8.8.8:53 | pop.muchienviet.com | udp |
| US | 8.8.8.8:53 | mail.dewabet.asia | udp |
| US | 8.8.8.8:53 | 116.7.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.recruitment-portal.in | udp |
| US | 8.8.8.8:53 | ftp.stdpay.inicis.com | udp |
| US | 8.8.8.8:53 | ssh.inspireawards-dst.gov.in | udp |
| US | 8.8.8.8:53 | mail.itsapp08.ug.edu.gh | udp |
| US | 8.8.8.8:53 | ssh.login.szn.cz | udp |
| US | 8.8.8.8:53 | ftp.secure.limundo.com | udp |
| US | 8.8.8.8:53 | pop.recruitment-portal.in | udp |
| CL | 200.72.242.17:80 | tramites.dirtrab.cl | tcp |
| US | 8.8.8.8:53 | banpaudpnf.kemdikbud.go.id | udp |
| US | 8.8.8.8:53 | idp.openccc.net | udp |
| GB | 146.75.74.167:80 | dashboard.twitch.tv | tcp |
| US | 8.8.8.8:53 | pop.nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | ssh.accounts.google.com | udp |
| US | 8.8.8.8:53 | 253.182.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ftp.portal.e-beam.com | udp |
| US | 8.8.8.8:53 | portal.e-beam.com | udp |
| US | 8.8.8.8:53 | mail.login.szn.cz | udp |
| US | 8.8.8.8:53 | ssh.stdpay.inicis.com | udp |
| US | 8.8.8.8:53 | ftp.accounts.google.com | udp |
| US | 8.8.8.8:53 | ssh.tools.siteground.com | udp |
| US | 8.8.8.8:53 | mail.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | ftp.itsapp08.ug.edu.gh | udp |
| US | 8.8.8.8:53 | ssh.sermoncentral.com | udp |
| US | 8.8.8.8:53 | l171.com | udp |
| US | 8.8.8.8:53 | account.mojang.com | udp |
| US | 8.8.8.8:53 | ssh.unicfcead.com.br | udp |
| DE | 93.90.192.170:80 | courtyardmtyapto.ipsofactu.mx | tcp |
| N/A | 192.168.96.100:80 | mpsky.oci.co.kr | tcp |
| US | 8.8.8.8:53 | authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | corumcollege.com | udp |
| US | 8.8.8.8:53 | pop.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | ftp.futbin.com | udp |
| US | 8.8.8.8:53 | pop.56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | ssh.store.steampowered.com | udp |
| US | 8.8.8.8:53 | ftp.corumcollege.com | udp |
| US | 8.8.8.8:53 | ftp.auth.usenext.de | udp |
| US | 8.8.8.8:53 | ftp.lienquancode.com | udp |
| US | 8.8.8.8:53 | ftp.account.mojang.com | udp |
| US | 8.8.8.8:53 | mail.portal.e-beam.com | udp |
| US | 8.8.8.8:53 | disneyplus-com.mail.protection.outlook.com | udp |
| US | 104.26.1.138:80 | ploudos.com | tcp |
| KR | 183.109.71.30:80 | stdpay.inicis.com | tcp |
| US | 104.21.88.47:443 | invadedlands.net | tcp |
| RU | 193.233.132.56:80 | 193.233.132.56 | tcp |
| US | 68.232.1.48:80 | idp.tamuc.edu | tcp |
| US | 104.22.70.253:80 | auth.usenext.de | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ftp.ecetera.hu | udp |
| US | 8.8.8.8:53 | spin247.com | udp |
| US | 8.8.8.8:53 | pop.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | mail.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | pop.seraphzone.com | udp |
| US | 8.8.8.8:53 | ssh.tramites.dirtrab.cl | udp |
| US | 8.8.8.8:53 | mail.inainscripcioncursos.ac.cr | udp |
| RU | 81.94.159.197:80 | galandskiyher5.com | tcp |
| US | 104.21.16.59:443 | lienquancode.com | tcp |
| CZ | 77.75.78.104:80 | login.szn.cz | tcp |
| US | 104.18.34.171:443 | forum.cfx.re | tcp |
| US | 104.20.77.245:80 | chimeratool.com | tcp |
| FR | 52.84.174.23:80 | tools.siteground.com | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| US | 188.114.97.2:443 | incogniton.com | tcp |
| US | 72.44.75.36:80 | coryoims.com | tcp |
| ID | 103.28.106.147:80 | djponline.pajak.go.id | tcp |
| DE | 212.53.194.169:80 | en.forgeofempires.com | tcp |
| US | 3.19.19.230:443 | unicfcead.com.br | tcp |
| US | 3.83.191.190:80 | www.thescla.org | tcp |
| US | 50.58.50.26:80 | sermoncentral.com | tcp |
| N/A | 127.0.0.1:42463 | tcp | |
| DE | 141.95.86.58:80 | symulator-farmy.pl | tcp |
| US | 8.8.8.8:53 | ftp.courtyardmtyapto.ipsofactu.mx | udp |
| N/A | 192.168.96.100:80 | mpsky.oci.co.kr | tcp |
| US | 103.224.182.253:80 | toreents.club | tcp |
| US | 20.122.152.78:80 | inainscripcioncursos.ac.cr | tcp |
| VN | 103.9.206.107:80 | kame.vn | tcp |
| IN | 192.12.109.71:80 | merchant.onlinesbi.sbi | tcp |
| GH | 197.255.125.60:80 | itsapp08.ug.edu.gh | tcp |
| CL | 186.64.116.125:443 | ftp.alt-torrent.com | tcp |
| GB | 146.75.74.167:80 | dashboard.twitch.tv | tcp |
| US | 8.8.8.8:53 | bay247.vip | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 8.8.8.8:53 | mail.forum.cfx.re | udp |
| US | 8.8.8.8:53 | mail.unicfcead.com.br | udp |
| US | 8.8.8.8:53 | ssh.login.szn.cz | udp |
| US | 8.8.8.8:53 | 56.132.233.193.in-addr.arpa | udp |
| US | 34.218.145.143:80 | disneyplus.com | tcp |
| US | 8.8.8.8:53 | pop.campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | 197.159.94.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssh.invadedlands.net | udp |
| US | 8.8.8.8:53 | ftp.incogniton.com | udp |
| US | 8.8.8.8:53 | pop.rec.hobsons.co.uk | udp |
| US | 8.8.8.8:53 | pop.nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | mail.login.szn.cz | udp |
| US | 8.8.8.8:53 | portal.e-beam.com | udp |
| US | 8.8.8.8:53 | account.mojang.com | udp |
| US | 8.8.8.8:53 | pop.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | 245.77.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mmmreturns.com | udp |
| US | 8.8.8.8:53 | wow-freakz.com | udp |
| US | 8.8.8.8:53 | mail.campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | mail.recruitment-portal.in | udp |
| US | 8.8.8.8:53 | ssh.kame.vn | udp |
| US | 8.8.8.8:53 | pop.recruitment-portal.in | udp |
| US | 8.8.8.8:53 | unicfcead.com.br | udp |
| US | 8.8.8.8:53 | ssh.secure.limundo.com | udp |
| US | 8.8.8.8:53 | ftp.stdpay.inicis.com | udp |
| US | 8.8.8.8:53 | ssh.accounts.google.com | udp |
| US | 8.8.8.8:53 | ssh.tools.siteground.com | udp |
| US | 8.8.8.8:53 | ftp.portal.e-beam.com | udp |
| US | 8.8.8.8:53 | mail.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | ssh.unicfcead.com.br | udp |
| US | 8.8.8.8:53 | ssh.sermoncentral.com | udp |
| US | 8.8.8.8:53 | l171.com | udp |
| US | 8.8.8.8:53 | ftp.itsapp08.ug.edu.gh | udp |
| US | 8.8.8.8:53 | ssh.portal.e-beam.com | udp |
| US | 8.8.8.8:53 | mail.tramites.dirtrab.cl | udp |
| US | 8.8.8.8:53 | ssh.stdpay.inicis.com | udp |
| US | 8.8.8.8:53 | mx1.privateemail.com | udp |
| US | 8.8.8.8:53 | ssh.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | pop.inspireawards-dst.gov.in | udp |
| US | 8.8.8.8:53 | 169.194.53.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fresh-mining.com | udp |
| US | 8.8.8.8:53 | mail.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | mail.secure.limundo.com | udp |
| US | 8.8.8.8:53 | stdpay.inicis.com | udp |
| US | 8.8.8.8:53 | ftp.corumcollege.com | udp |
| US | 8.8.8.8:53 | ssh.store.steampowered.com | udp |
| US | 8.8.8.8:53 | mail.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | mail.l171.com | udp |
| US | 8.8.8.8:53 | pop.authpre.senasofiaplus.edu.co | udp |
| US | 104.31.16.118:80 | chat.1337x.to | tcp |
| IN | 164.100.213.160:80 | inspireawards-dst.gov.in | tcp |
| US | 8.8.8.8:53 | wow-freakz.com | udp |
| DE | 93.90.192.170:80 | ftp.courtyardmtyapto.ipsofactu.mx | tcp |
| IN | 14.139.61.154:80 | recruitment-portal.in | tcp |
| US | 8.8.8.8:53 | ssh.account.mojang.com | udp |
| US | 8.8.8.8:53 | mail.account.mojang.com | udp |
| US | 8.8.8.8:53 | ssh.muchienviet.com | udp |
| RU | 193.233.132.56:80 | 193.233.132.56 | tcp |
| US | 8.8.8.8:53 | ssh.itsapp08.ug.edu.gh | udp |
| US | 188.114.96.2:80 | ftp.incogniton.com | tcp |
| US | 104.19.143.69:443 | www.futbin.com | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| US | 104.26.11.129:80 | bonk.io | tcp |
| BR | 200.130.24.34:80 | enem.inep.gov.br | tcp |
| US | 104.21.88.47:80 | invadedlands.net | tcp |
| ID | 118.98.221.175:80 | banpaudpnf.kemdikbud.go.id | tcp |
| US | 45.60.47.171:80 | idp.openccc.net | tcp |
| US | 52.21.145.149:80 | campusvirtual.duoc.cl | tcp |
| US | 72.44.75.36:80 | coryoims.com | tcp |
| US | 45.60.47.171:80 | idp.openccc.net | tcp |
| KR | 183.109.71.30:80 | stdpay.inicis.com | tcp |
| US | 104.20.51.237:80 | ytmonster.net | tcp |
| IN | 192.12.109.71:80 | merchant.onlinesbi.sbi | tcp |
| US | 45.60.155.127:80 | account.t-mobile.com | tcp |
| US | 45.60.47.171:80 | idp.openccc.net | tcp |
| GB | 92.123.241.50:80 | store.steampowered.com | tcp |
| US | 104.20.51.237:80 | ytmonster.net | tcp |
| US | 104.21.19.244:80 | thepixellab.net | tcp |
| US | 104.18.34.171:80 | forum.cfx.re | tcp |
| RS | 87.237.202.69:80 | www.limundo.com | tcp |
| US | 8.8.8.8:53 | daftar-sscasn.bkn.go.id | udp |
| US | 8.8.8.8:53 | mail.enem.inep.gov.br | udp |
| US | 8.8.8.8:53 | ssh.forum.biketime.ee | udp |
| US | 8.8.8.8:53 | mail.account.mojang.com | udp |
| US | 8.8.8.8:53 | mail.coryoims.com | udp |
| US | 8.8.8.8:53 | mail.dewabet.asia | udp |
| US | 8.8.8.8:53 | mail.inspireawards-dst.gov.in | udp |
| US | 8.8.8.8:53 | mail.courtyardmtyapto.ipsofactu.mx | udp |
| US | 8.8.8.8:53 | mail.lienquancode.com | udp |
| US | 8.8.8.8:53 | daftar-sscasn.bkn.go.id | udp |
| US | 8.8.8.8:53 | alt4.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | mail.stdpay.inicis.com | udp |
| US | 8.8.8.8:53 | 171.47.60.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.221.98.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aticlix.net | udp |
| US | 8.8.8.8:53 | ssh.courtyardmtyapto.ipsofactu.mx | udp |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| US | 8.8.8.8:53 | my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | ssh.lienquancode.com | udp |
| US | 8.8.8.8:53 | ssh.ploudos.com | udp |
| US | 8.8.8.8:53 | ssh.forum.cfx.re | udp |
| LK | 222.165.160.106:80 | internetvas.slt.lk | tcp |
| US | 104.21.16.59:80 | lienquancode.com | tcp |
| US | 8.8.8.8:53 | portal.e-beam.com | udp |
| US | 68.232.1.48:80 | idp.tamuc.edu | tcp |
| GB | 146.75.74.167:443 | dashboard.twitch.tv | tcp |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| US | 8.8.8.8:53 | aticlix.net | udp |
| US | 8.8.8.8:53 | beding.arshab.com | udp |
| US | 8.8.8.8:53 | s12.proserv.ge | udp |
| US | 8.8.8.8:53 | malta.iway.ch | udp |
| US | 8.8.8.8:53 | ftp.secure.limundo.com | udp |
| US | 8.8.8.8:53 | 237.51.20.104.in-addr.arpa | udp |
| CL | 186.64.116.125:80 | ftp.alt-torrent.com | tcp |
| US | 199.59.243.225:80 | ww25.toreents.club | tcp |
| US | 3.19.19.230:80 | unicfcead.com.br | tcp |
| US | 188.114.97.2:80 | ftp.incogniton.com | tcp |
| US | 20.122.152.78:80 | inainscripcioncursos.ac.cr | tcp |
| US | 67.225.218.22:80 | shadowave.info | tcp |
| US | 8.8.8.8:53 | ssh.tools.siteground.com | udp |
| US | 8.8.8.8:53 | mail.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | ssh.unicfcead.com.br | udp |
| US | 8.8.8.8:53 | ftp.portal.e-beam.com | udp |
| US | 8.8.8.8:53 | ssh.portal.e-beam.com | udp |
| US | 8.8.8.8:53 | ssh.store.steampowered.com | udp |
| DE | 93.90.192.170:80 | ssh.courtyardmtyapto.ipsofactu.mx | tcp |
| US | 8.8.8.8:53 | ftp.invadedlands.net | udp |
| US | 8.8.8.8:53 | ftp.disneyplus.com | udp |
| US | 104.26.1.138:443 | ploudos.com | tcp |
| RO | 93.115.95.83:80 | perfectmoney.com | tcp |
| US | 104.22.70.253:80 | auth.usenext.de | tcp |
| US | 8.8.8.8:53 | phukienxiga.net.vn | udp |
| US | 8.8.8.8:53 | ftp.fresh-mining.com | udp |
| US | 8.8.8.8:53 | beding.arshab.com | udp |
| US | 8.8.8.8:53 | s12.proserv.ge | udp |
| US | 8.8.8.8:53 | my.forextime.com | udp |
| US | 8.8.8.8:53 | account.t-mobile.com | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | ssh.auth.usenext.de | udp |
| US | 8.8.8.8:53 | mail.auth.usenext.de | udp |
| US | 8.8.8.8:53 | pop.seraphzone.com | udp |
| US | 8.8.8.8:53 | ssh.tramites.dirtrab.cl | udp |
| US | 8.8.8.8:53 | pop.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | ssh.sermoncentral.com | udp |
| US | 8.8.8.8:53 | ssh.kame.vn | udp |
| US | 8.8.8.8:53 | marocagreg.com | udp |
| US | 8.8.8.8:53 | mail.my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | ssh.nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | ftp.tools.siteground.com | udp |
| CZ | 77.75.78.104:80 | login.szn.cz | tcp |
| US | 45.60.155.127:80 | account.t-mobile.com | tcp |
| US | 8.8.8.8:53 | ftp.ecetera.hu | udp |
| US | 8.8.8.8:53 | ssh.campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | ssh.secure.limundo.com | udp |
| US | 8.8.8.8:53 | ftp.account.t-mobile.com | udp |
| US | 8.8.8.8:53 | pop.chat.1337x.to | udp |
| US | 8.8.8.8:53 | ssh.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | ftp.forum.cfx.re | udp |
| RS | 87.237.202.69:80 | www.limundo.com | tcp |
| GH | 197.255.125.60:80 | itsapp08.ug.edu.gh | tcp |
| US | 45.60.47.171:80 | idp.openccc.net | tcp |
| BR | 189.9.176.35:80 | recuperacao.acesso.gov.br | tcp |
| US | 104.20.77.245:443 | chimeratool.com | tcp |
| FR | 52.84.174.102:80 | tools.siteground.com | tcp |
| US | 45.60.47.171:80 | idp.openccc.net | tcp |
| US | 104.20.51.237:443 | www.ytmonster.net | tcp |
| KR | 183.109.71.30:80 | stdpay.inicis.com | tcp |
| IN | 164.100.213.160:80 | inspireawards-dst.gov.in | tcp |
| DE | 212.53.194.169:443 | en.forgeofempires.com | tcp |
| N/A | 192.168.96.100:80 | mpsky.oci.co.kr | tcp |
| IN | 14.139.61.154:80 | recruitment-portal.in | tcp |
| US | 45.60.13.220:80 | mmls.mmu.edu.my | tcp |
| KR | 183.110.0.154:80 | nxlogin.nexon.com | tcp |
| US | 3.83.191.190:80 | www.thescla.org | tcp |
| US | 103.224.182.253:80 | ftp.toreents.club | tcp |
| N/A | 127.0.0.1:42463 | tcp | |
| US | 45.60.47.171:80 | idp.openccc.net | tcp |
| LK | 222.165.160.106:443 | internetvas.slt.lk | tcp |
| ID | 103.28.106.147:443 | djponline.pajak.go.id | tcp |
| VN | 103.9.206.107:80 | kame.vn | tcp |
| US | 103.224.182.253:80 | ftp.toreents.club | tcp |
| RO | 93.115.95.83:80 | perfectmoney.com | tcp |
| KR | 175.120.254.9:80 | trmpc.com | tcp |
| US | 104.21.88.47:80 | invadedlands.net | tcp |
| US | 104.19.143.69:80 | www.futbin.com | tcp |
| CL | 186.64.116.125:80 | ftp.alt-torrent.com | tcp |
| US | 104.31.16.118:80 | chat.1337x.to | tcp |
| DE | 141.95.86.58:443 | symulator-farmy.pl | tcp |
| BR | 200.130.24.34:80 | enem.inep.gov.br | tcp |
| US | 20.122.152.78:80 | inainscripcioncursos.ac.cr | tcp |
| US | 188.114.96.2:80 | ftp.incogniton.com | tcp |
| US | 104.26.1.138:80 | ploudos.com | tcp |
| GB | 108.138.217.88:80 | spin247.com | tcp |
| GB | 146.75.74.167:80 | dashboard.twitch.tv | tcp |
| US | 8.8.8.8:53 | ssh.unicfcead.com.br | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | pop.campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | mail.coryoims.com | udp |
| US | 8.8.8.8:53 | pop3.muchienviet.com | udp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| DE | 93.90.192.170:80 | ssh.courtyardmtyapto.ipsofactu.mx | tcp |
| US | 8.8.8.8:53 | e-learningosimoliceo.it | udp |
| US | 8.8.8.8:53 | lms.qerp.services | udp |
| US | 8.8.8.8:53 | ftp.invadedlands.net | udp |
| US | 8.8.8.8:53 | ftp.disneyplus.com | udp |
| US | 8.8.8.8:53 | pop3.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | disneyplus.com | udp |
| US | 8.8.8.8:53 | imap.muchienviet.com | udp |
| US | 8.8.8.8:53 | mail.unicfcead.com.br | udp |
| US | 8.8.8.8:53 | imap.nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | ssh.spin247.com | udp |
| US | 8.8.8.8:53 | ssh.futbin.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 23.214.154.77:80 | steamcommunity.com | tcp |
| GB | 23.214.154.77:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | ssh.thepixellab.net | udp |
| US | 8.8.8.8:53 | mail.l171.com | udp |
| US | 8.8.8.8:53 | imap.seraphzone.com | udp |
| US | 8.8.8.8:53 | imap.l171.com | udp |
| US | 8.8.8.8:53 | ssh.corumcollege.com | udp |
| US | 8.8.8.8:53 | ssh.account.mojang.com | udp |
| US | 8.8.8.8:53 | mail.store.steampowered.com | udp |
| US | 8.8.8.8:53 | 220.13.60.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.kame.vn | udp |
| US | 8.8.8.8:53 | ssh.campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | ftp.account.t-mobile.com | udp |
| US | 8.8.8.8:53 | mail.mpsky.oci.co.kr | udp |
| N/A | 192.168.96.100:80 | mpsky.oci.co.kr | tcp |
| RU | 193.233.132.167:80 | 193.233.132.167 | tcp |
| US | 8.8.8.8:53 | pop.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | ftp.djponline.pajak.go.id | udp |
| US | 8.8.8.8:53 | ssh.idp.tamuc.edu | udp |
| US | 8.8.8.8:53 | ftp.inainscripcioncursos.ac.cr | udp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| GB | 104.77.160.196:80 | account.mojang.com | tcp |
| US | 72.44.75.36:80 | coryoims.com | tcp |
| DE | 94.130.222.186:80 | s12.proserv.ge | tcp |
| US | 8.8.8.8:53 | nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | ftp.ecetera.hu | udp |
| US | 8.8.8.8:53 | ssh.secure.limundo.com | udp |
| US | 8.8.8.8:53 | mail.uc-forum.com | udp |
| US | 8.8.8.8:53 | pop.chat.1337x.to | udp |
| US | 8.8.8.8:53 | ftp.forum.cfx.re | udp |
| US | 8.8.8.8:53 | mail.merchant.onlinesbi.sbi | udp |
| US | 45.60.155.127:443 | account.t-mobile.com | tcp |
| IN | 192.12.109.71:80 | merchant.onlinesbi.sbi | tcp |
| GB | 108.138.217.88:443 | spin247.com | tcp |
| RS | 87.237.202.69:443 | www.limundo.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 104.18.34.171:80 | forum.cfx.re | tcp |
| ID | 118.98.221.175:443 | banpaudpnf.kemdikbud.go.id | tcp |
| US | 67.225.218.22:80 | shadowave.info | tcp |
| DE | 185.172.128.187:80 | 185.172.128.187 | tcp |
| US | 104.20.51.237:80 | www.ytmonster.net | tcp |
| US | 104.20.77.245:80 | chimeratool.com | tcp |
| US | 68.232.1.48:80 | idp.tamuc.edu | tcp |
| DE | 212.53.194.169:80 | en.forgeofempires.com | tcp |
| US | 104.21.19.244:80 | thepixellab.net | tcp |
| US | 104.21.16.59:80 | lienquancode.com | tcp |
| US | 8.8.8.8:53 | mail.protonmail.ch | udp |
| US | 8.8.8.8:53 | corumcollege.com | udp |
| US | 8.8.8.8:53 | pop3.56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | bulletin.nexon.com | udp |
| US | 8.8.8.8:53 | mail.fresh-mining.com | udp |
| US | 8.8.8.8:53 | ssh.bonk.io | udp |
| US | 8.8.8.8:53 | ssh.fresh-mining.com | udp |
| US | 8.8.8.8:53 | ssh.inspireawards-dst.gov.in | udp |
| US | 8.8.8.8:53 | mail.tramites.dirtrab.cl | udp |
| US | 8.8.8.8:53 | ftp.stdpay.inicis.com | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | mail.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | pop.enem.inep.gov.br | udp |
| US | 8.8.8.8:53 | mail.enem.inep.gov.br | udp |
| US | 199.59.243.225:80 | ww25.toreents.club | tcp |
| US | 8.8.8.8:53 | ftp.accounts.google.com | udp |
| US | 8.8.8.8:53 | ssh.futbin.com | udp |
| US | 8.8.8.8:53 | mail.auth.usenext.de | udp |
| US | 8.8.8.8:53 | ssh.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | pop.recruitment-portal.in | udp |
| US | 8.8.8.8:53 | imap.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | account.mojang.com | udp |
| US | 8.8.8.8:53 | www.minecraft.net | udp |
| US | 8.8.8.8:53 | beding.arshab.com | udp |
| US | 8.8.8.8:53 | mail.account.mojang.com | udp |
| US | 8.8.8.8:53 | phukienxiga.net.vn | udp |
| US | 8.8.8.8:53 | ftp.phukienxiga.net.vn | udp |
| US | 8.8.8.8:53 | fritz.box | udp |
| US | 8.8.8.8:53 | mail.kame.vn | udp |
| US | 8.8.8.8:53 | ssh.itsapp08.ug.edu.gh | udp |
| US | 8.8.8.8:53 | disneyplus-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | pop.campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | ssh.disneyplus.com | udp |
| US | 8.8.8.8:53 | ssh.accounts.google.com | udp |
| US | 8.8.8.8:53 | ftp.merchant.onlinesbi.sbi | udp |
| US | 8.8.8.8:53 | portal.e-beam.com | udp |
| US | 8.8.8.8:53 | mail.dashboard.twitch.tv | udp |
| US | 8.8.8.8:53 | pop3.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | imap.nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | ssh.spin247.com | udp |
| US | 8.8.8.8:53 | ftp.mumbai.11thadmission.org.in | udp |
| US | 8.8.8.8:53 | mail.djponline.pajak.go.id | udp |
| US | 8.8.8.8:53 | mail.l171.com | udp |
| US | 8.8.8.8:53 | ftp.en.forgeofempires.com | udp |
| US | 8.8.8.8:53 | invest-hours.pw | udp |
| US | 8.8.8.8:53 | pop.store.steampowered.com | udp |
| US | 8.8.8.8:53 | ssh.thepixellab.net | udp |
| US | 8.8.8.8:53 | ssh.corumcollege.com | udp |
| US | 8.8.8.8:53 | ssh.account.mojang.com | udp |
| US | 8.8.8.8:53 | pop.auth.usenext.de | udp |
| US | 8.8.8.8:53 | mail.itsapp08.ug.edu.gh | udp |
| US | 8.8.8.8:53 | mail.store.steampowered.com | udp |
| US | 8.8.8.8:53 | pop.itsapp08.ug.edu.gh | udp |
| US | 8.8.8.8:53 | imap.seraphzone.com | udp |
| US | 8.8.8.8:53 | pop3.seraphzone.com | udp |
| US | 8.8.8.8:53 | ssh.account.t-mobile.com | udp |
| US | 8.8.8.8:53 | imap.l171.com | udp |
| US | 8.8.8.8:53 | stdpay.inicis.com | udp |
| RU | 193.233.132.56:80 | 193.233.132.56 | tcp |
| US | 104.26.5.15:443 | db-ip.com | tcp |
| US | 50.28.98.109:80 | subsim.com | tcp |
| US | 104.21.60.45:80 | mumbai.11thadmission.org.in | tcp |
| US | 104.20.51.237:80 | www.ytmonster.net | tcp |
| US | 20.122.152.78:80 | inainscripcioncursos.ac.cr | tcp |
| IN | 164.100.213.160:80 | inspireawards-dst.gov.in | tcp |
| US | 104.21.60.45:80 | mumbai.11thadmission.org.in | tcp |
| US | 45.60.47.171:80 | idp.openccc.net | tcp |
| US | 3.19.19.230:80 | unicfcead.com.br | tcp |
| US | 45.60.47.171:80 | idp.openccc.net | tcp |
| BG | 78.128.98.202:80 | www135.imperiaonline.org | tcp |
| US | 172.67.132.165:80 | wow-freakz.com | tcp |
| GH | 197.255.125.60:80 | itsapp08.ug.edu.gh | tcp |
| US | 54.218.188.255:80 | disneyplus.com | tcp |
| GB | 146.75.74.167:80 | dashboard.twitch.tv | tcp |
| IN | 14.139.61.154:80 | recruitment-portal.in | tcp |
| US | 104.22.70.253:80 | auth.usenext.de | tcp |
| US | 188.114.97.2:443 | ftp.incogniton.com | tcp |
| CL | 186.64.116.125:443 | ftp.alt-torrent.com | tcp |
| ID | 103.28.106.147:80 | djponline.pajak.go.id | tcp |
| GB | 23.214.154.77:80 | steamcommunity.com | tcp |
| CZ | 77.75.78.104:80 | login.szn.cz | tcp |
| DE | 141.95.86.58:80 | ftp.symulator-farmy.pl | tcp |
| US | 172.67.200.105:80 | aticlix.net | tcp |
| DE | 94.130.222.186:80 | s12.proserv.ge | tcp |
| US | 104.26.12.251:80 | unknowncheats.me | tcp |
| BG | 194.153.145.110:80 | passport.abv.bg | tcp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | ssh.tramites.dirtrab.cl | udp |
| US | 8.8.8.8:53 | ww12.shadowave.info | udp |
| US | 8.8.8.8:53 | 45.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.98.28.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | invest-hours.pw | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | ssh.invadedlands.net | udp |
| US | 8.8.8.8:53 | ftp.chimeratool.com | udp |
| US | 8.8.8.8:53 | mail.fresh-mining.com | udp |
| US | 8.8.8.8:53 | ftp.mpsky.oci.co.kr | udp |
| US | 8.8.8.8:53 | radioflashbackmani.minhawebradio.net | udp |
| US | 8.8.8.8:53 | alldebrid.com | udp |
| US | 8.8.8.8:53 | marocagreg.com | udp |
| US | 8.8.8.8:53 | pop.forum.biketime.ee | udp |
| US | 8.8.8.8:53 | ssh.auth.usenext.de | udp |
| US | 8.8.8.8:53 | pop3.my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | mail.chat.1337x.to | udp |
| US | 8.8.8.8:53 | pop3.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | mail.muchienviet.com | udp |
| US | 8.8.8.8:53 | pop.tramites.dirtrab.cl | udp |
| US | 8.8.8.8:53 | ftp.coryoims.com | udp |
| US | 8.8.8.8:53 | ftp.inainscripcioncursos.ac.cr | udp |
| US | 8.8.8.8:53 | ftp.idp.openccc.net | udp |
| US | 8.8.8.8:53 | pop.chat.1337x.to | udp |
| US | 8.8.8.8:53 | ftp.forum.cfx.re | udp |
| US | 8.8.8.8:53 | pop.account.mojang.com | udp |
| US | 8.8.8.8:53 | imap.inspireawards-dst.gov.in | udp |
| US | 8.8.8.8:53 | mmmreturns.com | udp |
| US | 8.8.8.8:53 | nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | ftp.djponline.pajak.go.id | udp |
| US | 8.8.8.8:53 | mmls.mmu.edu.my | udp |
| US | 8.8.8.8:53 | ftp.banpaudpnf.kemdikbud.go.id | udp |
| US | 54.218.188.255:80 | disneyplus.com | tcp |
| IN | 192.12.109.71:80 | merchant.onlinesbi.sbi | tcp |
| VN | 103.9.206.107:80 | kame.vn | tcp |
| TH | 83.118.17.100:80 | lms.qerp.services | tcp |
| ID | 118.98.221.175:80 | banpaudpnf.kemdikbud.go.id | tcp |
| ID | 103.28.106.147:80 | djponline.pajak.go.id | tcp |
| US | 8.8.8.8:53 | bo.sentralcargo.co.id | udp |
| US | 8.8.8.8:53 | mmmreturns.com | udp |
| US | 8.8.8.8:53 | recuperacao.acesso.gov.br | udp |
| US | 8.8.8.8:53 | bonk.io | udp |
| US | 8.8.8.8:53 | 255.188.218.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pop3.idp.tamuc.edu | udp |
| US | 8.8.8.8:53 | mail.dashboard.twitch.tv | udp |
| US | 8.8.8.8:53 | mx.e-learningosimoliceo.it | udp |
| US | 8.8.8.8:53 | marocagreg.com | udp |
| US | 8.8.8.8:53 | alldebrid.com | udp |
| US | 8.8.8.8:53 | 105.200.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | account.mojang.com | udp |
| US | 8.8.8.8:53 | beding.arshab.com | udp |
| US | 8.8.8.8:53 | pop.auth.usenext.de | udp |
| US | 8.8.8.8:53 | imap.nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | ssh.corumcollege.com | udp |
| US | 8.8.8.8:53 | disneyplus-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | imap.enem.inep.gov.br | udp |
| US | 8.8.8.8:53 | mail.mpsky.oci.co.kr | udp |
| US | 8.8.8.8:53 | invest-hours.pw | udp |
| US | 8.8.8.8:53 | ssh.incogniton.com | udp |
| US | 8.8.8.8:53 | pop.tools.siteground.com | udp |
| US | 8.8.8.8:53 | mx1.mail.ovh.net | udp |
| US | 8.8.8.8:53 | 251.12.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.145.153.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssh.thescla.org | udp |
| US | 8.8.8.8:53 | ssh.stdpay.inicis.com | udp |
| US | 8.8.8.8:53 | ecetera.hu | udp |
| US | 8.8.8.8:53 | ftp.fresh-mining.com | udp |
| US | 8.8.8.8:53 | www.maxmind.com | udp |
| US | 8.8.8.8:53 | ssh.alt-torrent.com | udp |
| US | 8.8.8.8:53 | mail.coryoims.com | udp |
| US | 8.8.8.8:53 | mail.invadedlands.net | udp |
| US | 8.8.8.8:53 | mail.secure.limundo.com | udp |
| US | 8.8.8.8:53 | ftp.steamcommunity.com | udp |
| US | 8.8.8.8:53 | ssh.inspireawards-dst.gov.in | udp |
| US | 8.8.8.8:53 | ftp.perfectmoney.com | udp |
| US | 8.8.8.8:53 | mail.forum.cfx.re | udp |
| US | 8.8.8.8:53 | ssh.ploudos.com | udp |
| US | 8.8.8.8:53 | mail.my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | ssh.lienquancode.com | udp |
| US | 8.8.8.8:53 | ftp.accounts.google.com | udp |
| US | 8.8.8.8:53 | ftp.en.forgeofempires.com | udp |
| US | 8.8.8.8:53 | mail.l171.com | udp |
| US | 8.8.8.8:53 | gmr-smtp-in.l.google.com | udp |
| US | 8.8.8.8:53 | ssh.en.forgeofempires.com | udp |
| US | 8.8.8.8:53 | login.szn.cz | udp |
| US | 8.8.8.8:53 | mx1.titan.email | udp |
| US | 8.8.8.8:53 | ssh.djponline.pajak.go.id | udp |
| US | 8.8.8.8:53 | mail.banpaudpnf.kemdikbud.go.id | udp |
| US | 8.8.8.8:53 | ssh.inainscripcioncursos.ac.cr | udp |
| US | 8.8.8.8:53 | mail.account.t-mobile.com | udp |
| US | 8.8.8.8:53 | symulator-farmy.pl | udp |
| US | 8.8.8.8:53 | mail.auth.usenext.de | udp |
| US | 8.8.8.8:53 | imap.auth.usenext.de | udp |
| US | 8.8.8.8:53 | ssh.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | imap.login.szn.cz | udp |
| US | 8.8.8.8:53 | mail.seraphzone.com | udp |
| US | 8.8.8.8:53 | pop.enem.inep.gov.br | udp |
| US | 8.8.8.8:53 | pop3.l171.com | udp |
| US | 8.8.8.8:53 | ssh.merchant.onlinesbi.sbi | udp |
| US | 8.8.8.8:53 | mail.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | pop3.recruitment-portal.in | udp |
| US | 8.8.8.8:53 | imap.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | mail.lienquancode.com | udp |
| US | 8.8.8.8:53 | phukienxiga.net.vn | udp |
| US | 8.8.8.8:53 | mail.phukienxiga.net.vn | udp |
| US | 8.8.8.8:53 | ssh.disneyplus.com | udp |
| US | 8.8.8.8:53 | imap.account.mojang.com | udp |
| US | 8.8.8.8:53 | mail.itsapp08.ug.edu.gh | udp |
| US | 8.8.8.8:53 | mail.kame.vn | udp |
| US | 8.8.8.8:53 | ftp.mumbai.11thadmission.org.in | udp |
| US | 8.8.8.8:53 | imap.l171.com | udp |
| US | 8.8.8.8:53 | portal.e-beam.com | udp |
| US | 8.8.8.8:53 | ssh.itsapp08.ug.edu.gh | udp |
| US | 8.8.8.8:53 | ssh.account.t-mobile.com | udp |
| US | 8.8.8.8:53 | pop.itsapp08.ug.edu.gh | udp |
| US | 8.8.8.8:53 | imap.seraphzone.com | udp |
| US | 8.8.8.8:53 | pop3.seraphzone.com | udp |
| US | 8.8.8.8:53 | pop3.56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | mail.tramites.dirtrab.cl | udp |
| US | 8.8.8.8:53 | mail.enem.inep.gov.br | udp |
| US | 104.18.146.235:80 | www.maxmind.com | tcp |
| RO | 93.115.95.83:80 | perfectmoney.com | tcp |
| GB | 108.138.217.9:80 | spin247.com | tcp |
| US | 103.224.182.253:80 | ssh.toreents.club | tcp |
| US | 72.44.75.36:80 | coryoims.com | tcp |
| US | 3.83.191.190:80 | www.thescla.org | tcp |
| US | 50.28.98.109:80 | subsim.com | tcp |
| US | 104.21.88.47:80 | invadedlands.net | tcp |
| US | 104.19.143.69:80 | www.futbin.com | tcp |
| US | 8.8.8.8:53 | mail.ecetera.hu | udp |
| US | 8.8.8.8:53 | mail.chat.1337x.to | udp |
| US | 8.8.8.8:53 | mail.account.t-mobile.com | udp |
| US | 8.8.8.8:53 | www.wow-freakz.com | udp |
| US | 104.20.51.237:443 | www.ytmonster.net | tcp |
| US | 45.60.13.220:443 | mmls.mmu.edu.my | tcp |
| US | 45.60.155.127:80 | account.t-mobile.com | tcp |
| LK | 222.165.160.106:80 | internetvas.slt.lk | tcp |
| GB | 104.77.160.209:80 | account.mojang.com | tcp |
| RO | 93.115.95.83:80 | perfectmoney.com | tcp |
| US | 8.8.8.8:53 | imap.my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | ftp.dashboard.twitch.tv | udp |
| US | 8.8.8.8:53 | pop.corumcollege.com | udp |
| US | 8.8.8.8:53 | imap.idp.tamuc.edu | udp |
| US | 8.8.8.8:53 | mail.portal.e-beam.com | udp |
| US | 8.8.8.8:53 | pop.nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | pop.login.szn.cz | udp |
| US | 8.8.8.8:53 | mail.store.steampowered.com | udp |
| US | 8.8.8.8:53 | imap.campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | imap.muchienviet.com | udp |
| US | 8.8.8.8:53 | imap.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | 56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | mail.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | ssh.chat.1337x.to | udp |
| FR | 52.84.174.100:80 | tools.siteground.com | tcp |
| GB | 104.103.255.201:443 | www.disneyplus.com | tcp |
| BG | 78.128.98.202:80 | www135.imperiaonline.org | tcp |
| US | 104.21.60.45:443 | mumbai.11thadmission.org.in | tcp |
| GB | 146.75.74.167:443 | dashboard.twitch.tv | tcp |
| GB | 23.214.154.77:443 | steamcommunity.com | tcp |
| N/A | 192.168.96.100:80 | mpsky.oci.co.kr | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| DE | 94.130.222.186:80 | s12.proserv.ge | tcp |
| US | 20.122.152.78:80 | inainscripcioncursos.ac.cr | tcp |
| US | 54.162.13.115:80 | campusvirtual.duoc.cl | tcp |
| US | 3.19.19.230:80 | unicfcead.com.br | tcp |
| US | 45.60.47.171:80 | idp.openccc.net | tcp |
| DE | 212.53.194.169:443 | en.forgeofempires.com | tcp |
| CL | 186.64.116.125:80 | ftp.alt-torrent.com | tcp |
| US | 188.114.97.2:80 | ftp.incogniton.com | tcp |
| DE | 45.76.93.104:80 | fritz.box | tcp |
| US | 8.8.8.8:53 | ftp.chimeratool.com | udp |
| US | 8.8.8.8:53 | ssh.invadedlands.net | udp |
| US | 8.8.8.8:53 | mx1.privateemail.com | udp |
| US | 8.8.8.8:53 | pop3.muchienviet.com | udp |
| GB | 108.138.217.9:443 | spin247.com | tcp |
| TW | 61.57.229.1:80 | openpoint.com.tw | tcp |
| US | 8.8.8.8:53 | mail.nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | ftp.banpaudpnf.kemdikbud.go.id | udp |
| US | 8.8.8.8:53 | invest-hours.pw | udp |
| US | 8.8.8.8:53 | ssh.dashboard.twitch.tv | udp |
| US | 8.8.8.8:53 | pop3.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | account.t-mobile.com | udp |
| US | 8.8.8.8:53 | mail.alldebrid.com | udp |
| US | 8.8.8.8:53 | mail.fresh-mining.com | udp |
| US | 8.8.8.8:53 | ftp.mpsky.oci.co.kr | udp |
| US | 8.8.8.8:53 | imap.inspireawards-dst.gov.in | udp |
| US | 8.8.8.8:53 | ftp.djponline.pajak.go.id | udp |
| US | 104.26.12.251:443 | unknowncheats.me | tcp |
| GH | 197.255.125.60:80 | itsapp08.ug.edu.gh | tcp |
| US | 45.60.47.171:80 | idp.openccc.net | tcp |
| IT | 89.46.110.69:80 | e-learningosimoliceo.it | tcp |
| US | 104.18.231.99:80 | my.forextime.com | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ssh.coryoims.com | udp |
| US | 8.8.8.8:53 | ftp.idp.openccc.net | udp |
| US | 8.8.8.8:53 | pop3.tramites.dirtrab.cl | udp |
| US | 8.8.8.8:53 | pop3.my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | pop.account.mojang.com | udp |
| US | 8.8.8.8:53 | mmmreturns.com | udp |
| US | 8.8.8.8:53 | ftp.mmmreturns.com | udp |
| US | 8.8.8.8:53 | mail.muchienviet.com | udp |
| US | 8.8.8.8:53 | imap.chat.1337x.to | udp |
| US | 8.8.8.8:53 | ftp.inainscripcioncursos.ac.cr | udp |
| US | 8.8.8.8:53 | pop3.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | mail.secure.limundo.com | udp |
| US | 8.8.8.8:53 | imap.recruitment-portal.in | udp |
| US | 8.8.8.8:53 | ssh.forum.cfx.re | udp |
| US | 8.8.8.8:53 | mail.idp.tamuc.edu | udp |
| US | 8.8.8.8:53 | world.wallstreetenglish.com | udp |
| US | 8.8.8.8:53 | mmls.mmu.edu.my | udp |
| US | 8.8.8.8:53 | 100.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.255.103.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.13.162.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pop3.forum.biketime.ee | udp |
| US | 8.8.8.8:53 | ssh.mpsky.oci.co.kr | udp |
| US | 8.8.8.8:53 | pop3.chat.1337x.to | udp |
| US | 8.8.8.8:53 | eportfolio.lib.ksu.edu.tw | udp |
| US | 8.8.8.8:53 | funny-hotel.nl | udp |
| US | 8.8.8.8:53 | dewabet.asia | udp |
| US | 8.8.8.8:53 | ssh.ploudos.com | udp |
| US | 8.8.8.8:53 | ftp.mmls.mmu.edu.my | udp |
| US | 8.8.8.8:53 | ssh.idp.openccc.net | udp |
| US | 8.8.8.8:53 | pop.alt-torrent.com | udp |
| BR | 189.9.176.35:80 | recuperacao.acesso.gov.br | tcp |
| ID | 103.89.250.239:80 | daftar-sscasn.bkn.go.id | tcp |
| US | 104.20.77.245:443 | chimeratool.com | tcp |
| US | 104.18.34.171:80 | forum.cfx.re | tcp |
| RS | 87.237.202.69:80 | www.limundo.com | tcp |
| US | 8.8.8.8:53 | ssh.disneyplus.com | udp |
| US | 8.8.8.8:53 | imap.account.mojang.com | udp |
| US | 8.8.8.8:53 | mail.coryoims.com | udp |
| US | 8.8.8.8:53 | imap.56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | mail.login.szn.cz | udp |
| US | 8.8.8.8:53 | imap.login.szn.cz | udp |
| US | 8.8.8.8:53 | ssh.inainscripcioncursos.ac.cr | udp |
| US | 8.8.8.8:53 | pop.secure.limundo.com | udp |
| US | 8.8.8.8:53 | ssh.alt-torrent.com | udp |
| US | 8.8.8.8:53 | mail.account.t-mobile.com | udp |
| US | 8.8.8.8:53 | ssh.accounts.google.com | udp |
| US | 8.8.8.8:53 | ftp.mumbai.11thadmission.org.in | udp |
| US | 8.8.8.8:53 | mail.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | marocagreg.com | udp |
| US | 8.8.8.8:53 | www.minecraft.net | udp |
| US | 8.8.8.8:53 | imap.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | ftp.recuperacao.acesso.gov.br | udp |
| US | 8.8.8.8:53 | mail.seraphzone.com | udp |
| US | 8.8.8.8:53 | recuperacao.acesso.gov.br | udp |
| DE | 45.76.93.104:80 | fritz.box | tcp |
| TW | 61.57.229.1:80 | openpoint.com.tw | tcp |
| BR | 189.9.176.35:80 | recuperacao.acesso.gov.br | tcp |
| LK | 222.165.160.106:80 | internetvas.slt.lk | tcp |
| VN | 103.9.206.107:80 | kame.vn | tcp |
| US | 172.67.132.165:443 | www.wow-freakz.com | tcp |
| US | 104.23.128.79:80 | alldebrid.com | tcp |
| TH | 110.78.25.15:80 | wsa.dsl.studentloan.or.th | tcp |
| ID | 103.28.106.147:443 | djponline.pajak.go.id | tcp |
| US | 104.21.60.45:80 | mumbai.11thadmission.org.in | tcp |
| US | 104.20.51.237:80 | www.ytmonster.net | tcp |
| US | 8.8.8.8:53 | imap.enem.inep.gov.br | udp |
| US | 8.8.8.8:53 | ssh.djponline.pajak.go.id | udp |
| US | 8.8.8.8:53 | mail.banpaudpnf.kemdikbud.go.id | udp |
| US | 8.8.8.8:53 | pop.enem.inep.gov.br | udp |
| US | 8.8.8.8:53 | pop3.l171.com | udp |
| US | 8.8.8.8:53 | mail.kame.vn | udp |
| US | 8.8.8.8:53 | pop3.recruitment-portal.in | udp |
| US | 8.8.8.8:53 | mail.l171.com | udp |
| US | 8.8.8.8:53 | ftp.spin247.com | udp |
| US | 8.8.8.8:53 | pop.auth.usenext.de | udp |
| GB | 146.75.74.167:80 | dashboard.twitch.tv | tcp |
| US | 8.8.8.8:53 | ssh.lienquancode.com | udp |
| US | 8.8.8.8:53 | ftp.en.forgeofempires.com | udp |
| US | 8.8.8.8:53 | mail.internetvas.slt.lk | udp |
| US | 8.8.8.8:53 | mail.merchant.onlinesbi.sbi | udp |
| US | 8.8.8.8:53 | mx2.mail.ovh.net | udp |
| US | 8.8.8.8:53 | mail.idp.openccc.net | udp |
| US | 8.8.8.8:53 | mail.forum.cfx.re | udp |
| US | 8.8.8.8:53 | phukienxiga.net.vn | udp |
| US | 8.8.8.8:53 | imap.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | mail.invadedlands.net | udp |
| US | 8.8.8.8:53 | pop.courtyardmtyapto.ipsofactu.mx | udp |
| US | 8.8.8.8:53 | ssh.banpaudpnf.kemdikbud.go.id | udp |
| US | 8.8.8.8:53 | malta.iway.ch | udp |
| US | 8.8.8.8:53 | corumcollege.com | udp |
| US | 8.8.8.8:53 | mail.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | pop.merchant.onlinesbi.sbi | udp |
| US | 8.8.8.8:53 | ssh.ecetera.hu | udp |
| US | 8.8.8.8:53 | mail.ecetera.hu | udp |
| US | 8.8.8.8:53 | mail.chat.1337x.to | udp |
| US | 8.8.8.8:53 | pop.itsapp08.ug.edu.gh | udp |
| US | 8.8.8.8:53 | pop.dewabet.asia | udp |
| US | 8.8.8.8:53 | mail.stdpay.inicis.com | udp |
| US | 8.8.8.8:53 | pop3.inspireawards-dst.gov.in | udp |
| US | 8.8.8.8:53 | mail.enem.inep.gov.br | udp |
| US | 8.8.8.8:53 | pop.account.t-mobile.com | udp |
| US | 8.8.8.8:53 | ftp.my.forextime.com | udp |
| US | 8.8.8.8:53 | mail.inspireawards-dst.gov.in | udp |
| US | 8.8.8.8:53 | mail.account.mojang.com | udp |
| US | 8.8.8.8:53 | stdpay.inicis.com | udp |
| US | 8.8.8.8:53 | spin247.com | udp |
| US | 8.8.8.8:53 | ftp.aticlix.net | udp |
| US | 8.8.8.8:53 | pop3.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | ssh.thepixellab.net | udp |
| US | 8.8.8.8:53 | pop3.campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | mail.dashboard.twitch.tv | udp |
| US | 8.8.8.8:53 | imap.auth.usenext.de | udp |
| US | 8.8.8.8:53 | ftp.perfectmoney.com | udp |
| US | 8.8.8.8:53 | ftp.fresh-mining.com | udp |
| US | 8.8.8.8:53 | imap.itsapp08.ug.edu.gh | udp |
| US | 8.8.8.8:53 | 69.110.46.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.231.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.itsapp08.ug.edu.gh | udp |
| US | 8.8.8.8:53 | tools.siteground.com | udp |
| US | 8.8.8.8:53 | mail.phukienxiga.net.vn | udp |
| US | 8.8.8.8:53 | ssh.en.forgeofempires.com | udp |
| US | 8.8.8.8:53 | pop.forum.cfx.re | udp |
| US | 8.8.8.8:53 | pop3.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | ssh.chimeratool.com | udp |
| US | 8.8.8.8:53 | mail.portal.e-beam.com | udp |
| US | 8.8.8.8:53 | mail.store.steampowered.com | udp |
| US | 8.8.8.8:53 | pop.portal.e-beam.com | udp |
| US | 8.8.8.8:53 | mail.dewabet.asia | udp |
| US | 8.8.8.8:53 | imap.idp.tamuc.edu | udp |
| US | 8.8.8.8:53 | mail.56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | ssh.merchant.onlinesbi.sbi | udp |
| US | 8.8.8.8:53 | mail.my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | mail.campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | mail.tramites.dirtrab.cl | udp |
| US | 8.8.8.8:53 | imap.signup.eune.leagueoflegends.com | udp |
| US | 104.21.19.244:80 | thepixellab.net | tcp |
| US | 103.224.182.253:80 | ssh.toreents.club | tcp |
| SG | 13.229.246.77:80 | bo.sentralcargo.co.id | tcp |
| US | 8.8.8.8:53 | mail.djponline.pajak.go.id | udp |
| US | 8.8.8.8:53 | www.spin247.com | udp |
| US | 8.8.8.8:53 | mail.dashboard.twitch.tv | udp |
| DE | 141.95.86.58:443 | symulator-farmy.pl | tcp |
| IN | 192.12.109.71:80 | merchant.onlinesbi.sbi | tcp |
| US | 172.67.200.105:443 | aticlix.net | tcp |
| US | 67.225.218.22:80 | ftp.shadowave.info | tcp |
| US | 72.44.75.36:80 | coryoims.com | tcp |
| FR | 13.249.9.74:80 | radioflashbackmani.minhawebradio.net | tcp |
| DE | 212.53.194.169:80 | en.forgeofempires.com | tcp |
| US | 104.21.16.59:80 | lienquancode.com | tcp |
| BG | 78.128.98.202:443 | ftp.www135.imperiaonline.org | tcp |
| US | 104.26.1.138:80 | ploudos.com | tcp |
| DE | 94.130.222.186:80 | s12.proserv.ge | tcp |
| US | 54.218.188.255:80 | disneyplus.com | tcp |
| US | 104.26.12.251:80 | unknowncheats.me | tcp |
| US | 8.8.8.8:53 | ssh.wow-freakz.com | udp |
| SG | 13.229.246.77:80 | bo.sentralcargo.co.id | tcp |
| US | 45.60.47.171:80 | idp.openccc.net | tcp |
| US | 45.60.47.171:80 | idp.openccc.net | tcp |
| N/A | 192.168.96.100:80 | mpsky.oci.co.kr | tcp |
| US | 8.8.8.8:53 | mail.idp.openccc.net | udp |
| US | 8.8.8.8:53 | futbin.com | udp |
| US | 8.8.8.8:53 | ssh.tools.siteground.com | udp |
| US | 8.8.8.8:53 | ssh.portal.e-beam.com | udp |
| US | 8.8.8.8:53 | www.e-learningosimoliceo.it | udp |
| US | 45.60.13.220:80 | mmls.mmu.edu.my | tcp |
| GB | 23.214.154.77:443 | steamcommunity.com | tcp |
| TH | 110.78.25.15:80 | wsa.dsl.studentloan.or.th | tcp |
| GB | 23.214.154.77:80 | steamcommunity.com | tcp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| TH | 83.118.17.100:443 | lms.qerp.services | tcp |
| US | 20.122.152.78:80 | inainscripcioncursos.ac.cr | tcp |
| BG | 194.153.145.110:80 | passport.abv.bg | tcp |
| US | 8.8.8.8:53 | aspmx3.googlemail.com | udp |
| US | 8.8.8.8:53 | mail.secure.limundo.com | udp |
| US | 8.8.8.8:53 | imap.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | mail.idp.tamuc.edu | udp |
| US | 8.8.8.8:53 | ftp.inainscripcioncursos.ac.cr | udp |
| US | 8.8.8.8:53 | pop3.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | pop3.my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | pop3.account.mojang.com | udp |
| US | 8.8.8.8:53 | ftp.idp.openccc.net | udp |
| US | 8.8.8.8:53 | mail.muchienviet.com | udp |
| US | 8.8.8.8:53 | imap.chat.1337x.to | udp |
| US | 8.8.8.8:53 | mail.fresh-mining.com | udp |
| US | 8.8.8.8:53 | ssh.dashboard.twitch.tv | udp |
| US | 8.8.8.8:53 | ftp.djponline.pajak.go.id | udp |
| US | 8.8.8.8:53 | pop3.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | pop3.tramites.dirtrab.cl | udp |
| US | 8.8.8.8:53 | 77.246.229.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iservice.truecorp.co.th | udp |
| US | 8.8.8.8:53 | lovehoney.com.au | udp |
| US | 8.8.8.8:53 | mx1.titan.email | udp |
| US | 8.8.8.8:53 | ftp.internetvas.slt.lk | udp |
| US | 8.8.8.8:53 | ssh.shadowave.info | udp |
| US | 8.8.8.8:53 | route1.mx.cloudflare.net | udp |
| US | 8.8.8.8:53 | mail.toreents.club | udp |
| US | 8.8.8.8:53 | lovehoney.com.au | udp |
| US | 8.8.8.8:53 | pop3.auth.usenext.de | udp |
| US | 8.8.8.8:53 | pfms.nic.in | udp |
| US | 8.8.8.8:53 | 74.9.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pop3.enem.inep.gov.br | udp |
| US | 8.8.8.8:53 | fresh-mining.com | udp |
| US | 8.8.8.8:53 | mail.auth.usenext.de | udp |
| US | 8.8.8.8:53 | imap.signup.eune.leagueoflegends.com | udp |
| US | 104.21.88.47:80 | invadedlands.net | tcp |
| US | 8.8.8.8:53 | ssh.lienquancode.com | udp |
| US | 8.8.8.8:53 | mailgate.idp.tamuc.edu | udp |
| US | 8.8.8.8:53 | www.aticlix.net | udp |
| US | 8.8.8.8:53 | ftp.symulator-farmy.pl | udp |
| US | 8.8.8.8:53 | imap.recruitment-portal.in | udp |
| US | 8.8.8.8:53 | alt4.gmr-smtp-in.l.google.com | udp |
| US | 8.8.8.8:53 | imap.nxlogin.nexon.com | udp |
| RO | 93.115.95.83:80 | perfectmoney.com | tcp |
| US | 8.8.8.8:53 | mail.login.szn.cz | udp |
| US | 188.114.97.2:80 | lienquancode.com | tcp |
| US | 104.20.77.245:80 | chimeratool.com | tcp |
| ID | 118.98.221.175:443 | banpaudpnf.kemdikbud.go.id | tcp |
| US | 8.8.8.8:53 | imap.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | mail.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | ftp.my.forextime.com | udp |
| US | 8.8.8.8:53 | mail.tools.siteground.com | udp |
| US | 8.8.8.8:53 | mail.corumcollege.com | udp |
| US | 8.8.8.8:53 | ssh.fresh-mining.com | udp |
| US | 8.8.8.8:53 | mail.chat.1337x.to | udp |
| US | 8.8.8.8:53 | mail.account.mojang.com | udp |
| US | 8.8.8.8:53 | pop.lienquancode.com | udp |
| US | 8.8.8.8:53 | pop.portal.e-beam.com | udp |
| US | 8.8.8.8:53 | mail.dewabet.asia | udp |
| US | 8.8.8.8:53 | mail.56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | pop.corumcollege.com | udp |
| US | 8.8.8.8:53 | pop.login.szn.cz | udp |
| US | 8.8.8.8:53 | pop3.nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | ftp.perfectmoney.com | udp |
| US | 8.8.8.8:53 | ssh.steamcommunity.com | udp |
| US | 8.8.8.8:53 | ssh.account.t-mobile.com | udp |
| US | 8.8.8.8:53 | pop.account.t-mobile.com | udp |
| US | 8.8.8.8:53 | pop.alt-torrent.com | udp |
| US | 8.8.8.8:53 | mail.merchant.onlinesbi.sbi | udp |
| US | 8.8.8.8:53 | imap.idp.tamuc.edu | udp |
| US | 8.8.8.8:53 | imap.itsapp08.ug.edu.gh | udp |
| US | 8.8.8.8:53 | mail.itsapp08.ug.edu.gh | udp |
| US | 8.8.8.8:53 | mailgate.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | mail.internetvas.slt.lk | udp |
| US | 8.8.8.8:53 | imap.stdpay.inicis.com | udp |
| US | 8.8.8.8:53 | imap.tramites.dirtrab.cl | udp |
| US | 8.8.8.8:53 | mail.stdpay.inicis.com | udp |
| US | 8.8.8.8:53 | mail.campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | pop3.inspireawards-dst.gov.in | udp |
| US | 8.8.8.8:53 | imap.campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | ssh.incogniton.com | udp |
| US | 8.8.8.8:53 | mail.banpaudpnf.kemdikbud.go.id | udp |
| US | 45.60.155.127:80 | account.t-mobile.com | tcp |
| DE | 141.95.86.58:80 | ftp.symulator-farmy.pl | tcp |
| DE | 108.138.7.116:80 | spin247.com | tcp |
| US | 104.19.128.70:80 | futbin.com | tcp |
| LK | 222.165.160.106:443 | internetvas.slt.lk | tcp |
| ID | 103.28.106.147:80 | djponline.pajak.go.id | tcp |
| US | 50.28.98.109:80 | ftp.subsim.com | tcp |
| US | 104.21.19.244:80 | thepixellab.net | tcp |
| DE | 46.4.57.75:8443 | tcp | |
| DE | 94.130.222.186:80 | mail.s12.proserv.ge | tcp |
| BG | 78.128.98.202:80 | ftp.www135.imperiaonline.org | tcp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| IN | 192.12.109.71:80 | merchant.onlinesbi.sbi | tcp |
| US | 8.8.8.8:53 | imap.inspireawards-dst.gov.in | udp |
| US | 8.8.8.8:53 | ftp.banpaudpnf.kemdikbud.go.id | udp |
| US | 8.8.8.8:53 | bay247.vip | udp |
| US | 8.8.8.8:53 | mail.bay247.vip | udp |
| US | 8.8.8.8:53 | mail.phukienxiga.net.vn | udp |
| US | 8.8.8.8:53 | pop.unicfcead.com.br | udp |
| US | 8.8.8.8:53 | ssh.merchant.onlinesbi.sbi | udp |
| US | 8.8.8.8:53 | mail.portal.e-beam.com | udp |
| US | 8.8.8.8:53 | ssh.en.forgeofempires.com | udp |
| US | 8.8.8.8:53 | ssh.thepixellab.net | udp |
| US | 8.8.8.8:53 | pop3.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | imap.auth.usenext.de | udp |
| US | 8.8.8.8:53 | pop.forum.cfx.re | udp |
| US | 8.8.8.8:53 | ftp.bay247.vip | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | mail.store.steampowered.com | udp |
| US | 8.8.8.8:53 | ssh.chimeratool.com | udp |
| US | 8.8.8.8:53 | mx1.mail.ovh.net | udp |
| US | 8.8.8.8:53 | mx2.zoho.com | udp |
| US | 8.8.8.8:53 | mail.coryoims.com | udp |
| US | 8.8.8.8:53 | imap.56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | ssh.disneyplus.com | udp |
| US | 8.8.8.8:53 | icash.hermes-it.in | udp |
| US | 8.8.8.8:53 | internetbanking.tsb.co.uk | udp |
| US | 8.8.8.8:53 | ftp.spin247.com | udp |
| US | 8.8.8.8:53 | mail.l171.com | udp |
| US | 8.8.8.8:53 | pop.kame.vn | udp |
| US | 8.8.8.8:53 | mail.inspireawards-dst.gov.in | udp |
| US | 8.8.8.8:53 | phukienxiga.net.vn | udp |
| US | 8.8.8.8:53 | mail.invadedlands.net | udp |
| US | 8.8.8.8:53 | pop.dewabet.asia | udp |
| US | 8.8.8.8:53 | pop3.campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | mail.enem.inep.gov.br | udp |
| US | 8.8.8.8:53 | ftp.daftar-sscasn.bkn.go.id | udp |
| US | 8.8.8.8:53 | ssh.phukienxiga.net.vn | udp |
| US | 8.8.8.8:53 | ftp.openpoint.com.tw | udp |
| US | 8.8.8.8:53 | mail.dashboard.twitch.tv | udp |
| US | 8.8.8.8:53 | ssh.mpsky.oci.co.kr | udp |
| GB | 23.48.165.156:80 | world.wallstreetenglish.com | tcp |
| CL | 186.64.116.125:80 | ftp.alt-torrent.com | tcp |
| US | 8.8.8.8:53 | internetbanking.tsb.co.uk | udp |
| US | 8.8.8.8:53 | ssh.djponline.pajak.go.id | udp |
| US | 8.8.8.8:53 | spin247.com | udp |
| US | 8.8.8.8:53 | mail.mumbai.11thadmission.org.in | udp |
| US | 8.8.8.8:53 | us-smtp-inbound-2.mimecast.com | udp |
| US | 8.8.8.8:53 | pop.chimeratool.com | udp |
| US | 8.8.8.8:53 | us-smtp-inbound-1.mimecast.com | udp |
| US | 8.8.8.8:53 | ftp.mmls.mmu.edu.my | udp |
| US | 8.8.8.8:53 | mail.mpsky.oci.co.kr | udp |
| BG | 194.153.145.110:80 | passport.abv.bg | tcp |
| RU | 193.233.132.62:50500 | tcp | |
| FR | 52.84.174.100:80 | tools.siteground.com | tcp |
| TW | 120.114.52.139:80 | eportfolio.lib.ksu.edu.tw | tcp |
| DE | 45.76.93.104:80 | fritz.box | tcp |
| TW | 61.57.229.1:80 | openpoint.com.tw | tcp |
| US | 72.44.75.36:80 | coryoims.com | tcp |
| US | 8.8.8.8:53 | imap.my.malwarebytes.com | udp |
| US | 8.8.8.8:53 | mail.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | disneyplus-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ssh.kame.vn | udp |
| US | 8.8.8.8:53 | imap.l171.com | udp |
| US | 8.8.8.8:53 | ssh.portal.e-beam.com | udp |
| US | 8.8.8.8:53 | ssh.symulator-farmy.pl | udp |
| US | 8.8.8.8:53 | ftp.lms.qerp.services | udp |
| US | 8.8.8.8:53 | ssh.wow-freakz.com | udp |
| US | 8.8.8.8:53 | mail.forum.cfx.re | udp |
| US | 8.8.8.8:53 | ssh.subsim.com | udp |
| US | 8.8.8.8:53 | 70.128.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ftp.accounts.google.com | udp |
| US | 8.8.8.8:53 | invadedlands.net | udp |
| US | 8.8.8.8:53 | mail.idp.openccc.net | udp |
| US | 8.8.8.8:53 | world.wallstreetenglish.com | udp |
| US | 8.8.8.8:53 | 75.57.4.46.in-addr.arpa | udp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | mailsec.protonmail.ch | udp |
| US | 8.8.8.8:53 | ssh.mumbai.11thadmission.org.in | udp |
| US | 8.8.8.8:53 | mail.www135.imperiaonline.org | udp |
| US | 8.8.8.8:53 | mail.disneyplus.com | udp |
| TH | 83.118.17.100:80 | lms.qerp.services | tcp |
| US | 104.18.231.99:443 | www.forextime.com | tcp |
| US | 8.8.8.8:53 | mailgate.authpre.senasofiaplus.edu.co | udp |
| US | 8.8.8.8:53 | mail.internetvas.slt.lk | udp |
| US | 8.8.8.8:53 | imap.tramites.dirtrab.cl | udp |
| US | 8.8.8.8:53 | imap.stdpay.inicis.com | udp |
| US | 8.8.8.8:53 | dashboard.twitch.tv | udp |
| US | 8.8.8.8:53 | account.t-mobile.com | udp |
| US | 8.8.8.8:53 | ftp.wow-freakz.com | udp |
| US | 8.8.8.8:53 | mail.unicfcead.com.br | udp |
| US | 8.8.8.8:53 | ssh.my.forextime.com | udp |
| US | 45.60.47.171:80 | idp.openccc.net | tcp |
| US | 8.8.8.8:53 | ftp.ytmonster.net | udp |
| RS | 87.237.202.69:80 | secure.limundo.com | tcp |
| US | 8.8.8.8:53 | malta.iway.ch | udp |
| US | 8.8.8.8:53 | mail.mmls.mmu.edu.my | udp |
| US | 8.8.8.8:53 | ssh.coryoims.com | udp |
| US | 8.8.8.8:53 | mail.idp.tamuc.edu | udp |
| US | 8.8.8.8:53 | imap.beta.thecrims.com | udp |
| US | 8.8.8.8:53 | pop3.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | mx04.hornetsecurity.com | udp |
| US | 8.8.8.8:53 | pop3.tramites.dirtrab.cl | udp |
| US | 8.8.8.8:53 | ftp.internetvas.slt.lk | udp |
| US | 8.8.8.8:53 | pop3.forum.biketime.ee | udp |
| US | 8.8.8.8:53 | imap.recruitment-portal.in | udp |
| US | 8.8.8.8:53 | imap.nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | mail.login.szn.cz | udp |
| US | 8.8.8.8:53 | imap.login.szn.cz | udp |
| US | 8.8.8.8:53 | pop.coryoims.com | udp |
| US | 8.8.8.8:53 | ftp.unknowncheats.me | udp |
| US | 8.8.8.8:53 | pop3.seraphzone.com | udp |
| US | 8.8.8.8:53 | micuenta.donweb.com | udp |
| US | 8.8.8.8:53 | cp1.osmosetech.com | udp |
| US | 8.8.8.8:53 | mail.secure.limundo.com | udp |
| US | 8.8.8.8:53 | ftp.chimeratool.com | udp |
| US | 8.8.8.8:53 | ftp.mmmreturns.com | udp |
| US | 8.8.8.8:53 | ftp.passport.abv.bg | udp |
| US | 8.8.8.8:53 | ssh.aticlix.net | udp |
| US | 8.8.8.8:53 | modthesims.info | udp |
| US | 8.8.8.8:53 | pop3.itsapp08.ug.edu.gh | udp |
| US | 8.8.8.8:53 | imap.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | pop.tools.siteground.com | udp |
| US | 8.8.8.8:53 | mail.muchienviet.com | udp |
| US | 8.8.8.8:53 | ssh.daftar-sscasn.bkn.go.id | udp |
| US | 8.8.8.8:53 | ssh.incogniton.com | udp |
| US | 8.8.8.8:53 | pop3.l171.com | udp |
| US | 8.8.8.8:53 | pop.merchant.onlinesbi.sbi | udp |
| US | 8.8.8.8:53 | mail.campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | mail.bonk.io | udp |
| US | 8.8.8.8:53 | ssh.banpaudpnf.kemdikbud.go.id | udp |
| US | 8.8.8.8:53 | mail.banpaudpnf.kemdikbud.go.id | udp |
| US | 8.8.8.8:53 | mail.stdpay.inicis.com | udp |
| US | 8.8.8.8:53 | imap.campusvirtual.duoc.cl | udp |
| US | 8.8.8.8:53 | mail.app.toroinvestimentos.com.br | udp |
| US | 8.8.8.8:53 | pop3.muchienviet.com | udp |
| US | 8.8.8.8:53 | imap.chat.1337x.to | udp |
| US | 8.8.8.8:53 | mail.subsim.com | udp |
| US | 8.8.8.8:53 | pop.secure.limundo.com | udp |
| US | 8.8.8.8:53 | mail.lienquancode.com | udp |
| US | 8.8.8.8:53 | ssh.ytmonster.net | udp |
| US | 8.8.8.8:53 | ssh.dashboard.twitch.tv | udp |
| US | 8.8.8.8:53 | mx2.titan.email | udp |
| US | 8.8.8.8:53 | 156.165.48.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cp1.osmosetech.com | udp |
| US | 8.8.8.8:53 | micuenta.donweb.com | udp |
| US | 8.8.8.8:53 | sso.dla.go.th | udp |
| US | 8.8.8.8:53 | corumcollege.com | udp |
| US | 8.8.8.8:53 | imap.enem.inep.gov.br | udp |
| US | 8.8.8.8:53 | pop3.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | ftp.idp.openccc.net | udp |
| US | 8.8.8.8:53 | ecetera.hu | udp |
| RU | 193.233.132.56:80 | 193.233.132.56 | tcp |
| US | 67.225.218.22:80 | ssh.shadowave.info | tcp |
| US | 104.21.60.45:443 | mumbai.11thadmission.org.in | tcp |
| SG | 13.229.246.77:80 | bo.sentralcargo.co.id | tcp |
| US | 103.224.182.253:80 | mail.toreents.club | tcp |
| US | 188.114.97.2:80 | sorozatbarat.club | tcp |
| RO | 93.115.95.83:80 | perfectmoney.com | tcp |
| US | 54.218.188.255:80 | disneyplus.com | tcp |
| FR | 13.249.9.39:443 | radioflashbackmani.minhawebradio.net | tcp |
| IN | 125.17.19.29:80 | icash.hermes-it.in | tcp |
| US | 50.28.98.109:80 | mail.subsim.com | tcp |
| US | 172.64.153.85:80 | forum.cfx.re | tcp |
| N/A | 192.168.96.100:80 | mpsky.oci.co.kr | tcp |
| LT | 91.211.247.248:53 | aypsjxj.ru | udp |
| SG | 13.229.246.77:80 | bo.sentralcargo.co.id | tcp |
| ID | 103.89.250.239:443 | daftar-sscasn.bkn.go.id | tcp |
| TW | 120.114.52.139:80 | eportfolio.lib.ksu.edu.tw | tcp |
| US | 3.140.214.32:80 | unicfcead.com.br | tcp |
| TW | 61.57.229.1:80 | openpoint.com.tw | tcp |
| DE | 45.76.93.104:80 | fritz.box | tcp |
| US | 45.60.1.103:80 | iservice.truecorp.co.th | tcp |
| ID | 118.98.221.175:80 | banpaudpnf.kemdikbud.go.id | tcp |
| US | 188.114.96.2:80 | sorozatbarat.club | tcp |
| BG | 78.128.98.202:80 | mail.www135.imperiaonline.org | tcp |
| FR | 99.86.91.98:80 | spin247.com | tcp |
| IN | 202.54.157.29:80 | icash.hermes-it.in | tcp |
| US | 104.20.51.237:80 | www.ytmonster.net | tcp |
| US | 104.26.12.251:443 | unknowncheats.me | tcp |
| VN | 103.188.250.131:80 | khachhang.giaohangtietkiem.vn | tcp |
| TH | 110.78.25.15:80 | wsa.dsl.studentloan.or.th | tcp |
| GB | 23.53.175.200:80 | lovehoney.com.au | tcp |
| IN | 125.17.19.29:80 | icash.hermes-it.in | tcp |
| US | 104.23.128.79:80 | alldebrid.com | tcp |
| US | 172.67.132.165:80 | www.wow-freakz.com | tcp |
| US | 8.8.8.8:53 | 248.247.211.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | imap.forum.biketime.ee | udp |
| US | 8.8.8.8:53 | mail.forum.biketime.ee | udp |
| US | 8.8.8.8:53 | ftp.beding.arshab.com | udp |
| US | 8.8.8.8:53 | beding.arshab.com | udp |
| US | 8.8.8.8:53 | mail.en.forgeofempires.com | udp |
| US | 8.8.8.8:53 | mailgate.56.itknyga.co.ua | udp |
| US | 8.8.8.8:53 | pop.fresh-mining.com | udp |
| US | 8.8.8.8:53 | marocagreg.com | udp |
| US | 8.8.8.8:53 | fresh-mining.com | udp |
| US | 8.8.8.8:53 | mail.account.t-mobile.com | udp |
| US | 8.8.8.8:53 | mail.authpre.senasofiaplus.edu.co | udp |
| DE | 212.53.194.169:80 | en.forgeofempires.com | tcp |
| US | 45.60.1.103:80 | iservice.truecorp.co.th | tcp |
| US | 172.67.200.105:80 | www.aticlix.net | tcp |
| TH | 110.78.25.15:80 | wsa.dsl.studentloan.or.th | tcp |
| GB | 23.53.175.200:80 | lovehoney.com.au | tcp |
| VN | 103.188.250.131:80 | khachhang.giaohangtietkiem.vn | tcp |
| US | 172.67.132.165:80 | www.wow-freakz.com | tcp |
| US | 8.8.8.8:53 | ftp.steamcommunity.com | udp |
| US | 8.8.8.8:53 | ssh.accounts.google.com | udp |
| US | 8.8.8.8:53 | mail.nxlogin.nexon.com | udp |
| US | 8.8.8.8:53 | 32.214.140.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.93.76.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssh.steamcommunity.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | mmmreturns.com | udp |
| US | 8.8.8.8:53 | mail.itsapp08.ug.edu.gh | udp |
| US | 8.8.8.8:53 | mmls.mmu.edu.my | udp |
| US | 8.8.8.8:53 | pop.forum.cfx.re | udp |
| US | 8.8.8.8:53 | mail.store.steampowered.com | udp |
| US | 8.8.8.8:53 | imap.signup.eune.leagueoflegends.com | udp |
| US | 8.8.8.8:53 | pop.djponline.pajak.go.id | udp |
| US | 8.8.8.8:53 | imap.inspireawards-dst.gov.in | udp |
| US | 8.8.8.8:53 | ssh.perfectmoney.com | udp |
| BE | 64.233.167.84:80 | accounts.google.com | tcp |
| DE | 94.130.222.186:80 | mail.s12.proserv.ge | tcp |
Files
memory/1612-1-0x0000000001AD0000-0x0000000001BD0000-memory.dmp
memory/1612-2-0x0000000003870000-0x000000000387B000-memory.dmp
memory/1612-3-0x0000000000400000-0x0000000001A29000-memory.dmp
memory/3304-4-0x0000000003340000-0x0000000003356000-memory.dmp
memory/1612-5-0x0000000000400000-0x0000000001A29000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\B44C.exe
| MD5 | 1f2075eafec0c5327118290b68666531 |
| SHA1 | 0e12d995b602f9aac7dd3558f01c32d68a8ac1ce |
| SHA256 | d1c60eb9343d583dbe9fca64e97f481368187d7927f8a8a60bddcfe092d526c3 |
| SHA512 | e4113ed594d23c21e20111007e8dd025eb16e86f64e50e5f02cc6b075e8cb180a2aba3b5e6529729332c8f53e0392e46d1a769cc2add53a2c41e4a4c34673723 |
memory/1488-15-0x0000000000E00000-0x00000000012B0000-memory.dmp
memory/1488-16-0x0000000077436000-0x0000000077438000-memory.dmp
memory/1488-17-0x0000000000E00000-0x00000000012B0000-memory.dmp
memory/1488-19-0x0000000004ED0000-0x0000000004ED1000-memory.dmp
memory/1488-18-0x0000000004EC0000-0x0000000004EC1000-memory.dmp
memory/1488-20-0x0000000004EB0000-0x0000000004EB1000-memory.dmp
memory/1488-21-0x0000000004EF0000-0x0000000004EF1000-memory.dmp
memory/1488-22-0x0000000004E90000-0x0000000004E91000-memory.dmp
memory/1488-23-0x0000000004EA0000-0x0000000004EA1000-memory.dmp
memory/1488-24-0x0000000004F20000-0x0000000004F21000-memory.dmp
memory/1488-25-0x0000000004F10000-0x0000000004F11000-memory.dmp
memory/1488-31-0x0000000000E00000-0x00000000012B0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E967.dll
| MD5 | b0fb18cfcac1983582e7fd67b2843ce8 |
| SHA1 | ca29cf7cee80be38c5d667d5e8c00e6ea11b3294 |
| SHA256 | 4132c2587cfe85b944d95835d8d0bf92a08a0f831ea26a45c826146048347f45 |
| SHA512 | 4d9e1b14ef1a8adc15d38846c0a4e1d762e76fd944c76621ef6ac3a8482d14e40cfd4d7a14853d7a99cca2a99aa438eba996e842f1172f5f9a8f34ba1d97daf9 |
memory/468-36-0x0000000010000000-0x00000000102CE000-memory.dmp
memory/468-35-0x0000000000710000-0x0000000000716000-memory.dmp
memory/468-38-0x0000000002740000-0x000000000286B000-memory.dmp
memory/468-39-0x0000000002870000-0x000000000297F000-memory.dmp
memory/468-42-0x0000000002870000-0x000000000297F000-memory.dmp
memory/468-43-0x0000000010000000-0x00000000102CE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3006.exe
| MD5 | 996c2b1fb60f980ea6618aeefbe4cebf |
| SHA1 | a8553f7f723132a1d35f7a57cae1a2e267cbc2ac |
| SHA256 | f91c0a4753cdb98cce0ade020917fdefe7a8daf88d23b4c07595de741402ca50 |
| SHA512 | 4af8fb921a332c5ac3d43b85bc23c859e431702e00852537bf1831c7af8b990d880808d044a1317873c77fbdecb1af7c97bed9edd9e2185bcbfa390c463f9056 |
memory/1532-50-0x00000000023D0000-0x000000000258D000-memory.dmp
memory/1532-51-0x0000000002590000-0x0000000002747000-memory.dmp
memory/1416-52-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3006.exe
| MD5 | f07ffc94cd213aba6744c5af7a43924b |
| SHA1 | c1dbfd9ac5a8e58f013ce8a64c77a943f492b544 |
| SHA256 | 28d5437ba0fbeb62913b396b10f0fbf9f149b138beb3376390b31531dd95c9de |
| SHA512 | bb951e2462a5c0c280ffcb0f0b8f80aa6094c0e5c51586db2ecd0813504f4f18ad49ac87742a35f7f06a477a2909f0245e0bd194e22bad1de42add8dda9b5639 |
memory/1416-55-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1416-56-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1416-57-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1416-58-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1416-59-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1416-62-0x0000000000F70000-0x0000000000F76000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
| MD5 | e712319f829bb8cd615b7c2cc97c97e3 |
| SHA1 | 0bcdf2d7e6414b2282669871694e12e96c4ffe90 |
| SHA256 | 09a291d9a0b89ef5c54703dbbbebab48175f5265aacae397e1f5c366d544250b |
| SHA512 | 58b9f2f21b0ba75d5c3985e16949f3deb5ca7e18049e1e4bbd19faac8c472a41f49cb23098815b4dd7484e8db63efb4e1d0d0c5192659750ab558314c8072e42 |
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
| MD5 | e05fdc969c15296b1a90da509294ed10 |
| SHA1 | 9d71ee83bcd71b57d1795046c4d4f933202c34cf |
| SHA256 | 288ec4a87b88bc2077f77d2f6511fde993427394245ece02543479b61cb8b37a |
| SHA512 | 9bad15184f8257d3937f88bb0454dc97c4616dd16db3e833206134ccbec398cd1c6fc843f315326f956cba7dfd8e9652b9733219d08b21e9648dd51fc012d0e5 |
memory/2168-66-0x0000000000200000-0x00000000006B0000-memory.dmp
memory/2168-67-0x0000000000200000-0x00000000006B0000-memory.dmp
memory/2168-69-0x0000000004C70000-0x0000000004C71000-memory.dmp
memory/2168-68-0x0000000004C60000-0x0000000004C61000-memory.dmp
memory/2168-71-0x0000000004C90000-0x0000000004C91000-memory.dmp
memory/2168-70-0x0000000004C50000-0x0000000004C51000-memory.dmp
memory/2168-72-0x0000000004C30000-0x0000000004C31000-memory.dmp
memory/2168-73-0x0000000004C40000-0x0000000004C41000-memory.dmp
memory/2168-75-0x0000000004CC0000-0x0000000004CC1000-memory.dmp
memory/2168-76-0x0000000004CB0000-0x0000000004CB1000-memory.dmp
memory/1416-77-0x0000000002F00000-0x000000000302B000-memory.dmp
memory/1416-78-0x0000000003030000-0x000000000313F000-memory.dmp
memory/1416-81-0x0000000003030000-0x000000000313F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000836001\osminog.exe
| MD5 | a3f8b60a08da0f600cfce3bb600d5cb3 |
| SHA1 | b00d7721767b717b3337b5c6dade4ebf2d56345e |
| SHA256 | 0c608a9b1e70bf8b51a681a8390c8e4743501c45b84cf4d59727aba2fc33cadb |
| SHA512 | 14f63e415133ca438d3c217d5fb3ecf0ad76e19969c54d356f46282230230f1b254fbfc8ae5f78809dc189a9648be2dc1398927b3f089c525cd1105a3843f60d |
memory/2940-111-0x0000000000990000-0x0000000000A1C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000837001\goldprime1234.exe
| MD5 | 0c4fee8706a8ea370b7a272b7c5bbc85 |
| SHA1 | bda2a1ebc921db843d06aa5074884207ccbe9242 |
| SHA256 | 9ec8397acd7c4106763ba84f4ebe1fd1cf39b4b0de442be8f89cd57de6151aac |
| SHA512 | dd2c1d00325533db2cc5fe14ab52747182a494a2524e4f891e3dcd3ce2ab9685322a9fe1f5f2bd2b9808d6f1efab2a9cdfcc762016935464a7ddd237e620f9a4 |
memory/2940-122-0x00000000729B0000-0x0000000073161000-memory.dmp
memory/2940-123-0x0000000005480000-0x0000000005490000-memory.dmp
memory/3020-126-0x00000000729B0000-0x0000000073161000-memory.dmp
memory/3020-125-0x0000000000020000-0x00000000000B2000-memory.dmp
memory/2168-127-0x0000000000200000-0x00000000006B0000-memory.dmp
memory/3020-128-0x0000000004B60000-0x0000000004B70000-memory.dmp
memory/2336-133-0x0000000000400000-0x0000000000450000-memory.dmp
memory/3020-135-0x0000000002300000-0x0000000004300000-memory.dmp
memory/3020-138-0x00000000729B0000-0x0000000073161000-memory.dmp
memory/4372-137-0x0000000000400000-0x0000000000448000-memory.dmp
memory/4372-143-0x0000000000400000-0x0000000000448000-memory.dmp
memory/2336-141-0x0000000005DC0000-0x0000000006366000-memory.dmp
memory/2336-144-0x0000000005910000-0x00000000059A2000-memory.dmp
memory/2940-145-0x0000000002CA0000-0x0000000004CA0000-memory.dmp
memory/2940-147-0x00000000729B0000-0x0000000073161000-memory.dmp
memory/4372-148-0x0000000000C00000-0x0000000000C01000-memory.dmp
memory/2336-150-0x00000000059D0000-0x00000000059DA000-memory.dmp
memory/2336-152-0x00000000058E0000-0x00000000058F0000-memory.dmp
memory/2336-153-0x0000000006CE0000-0x00000000072F8000-memory.dmp
memory/4372-154-0x0000000000400000-0x0000000000448000-memory.dmp
memory/2336-157-0x00000000085A0000-0x00000000085B2000-memory.dmp
memory/2336-156-0x00000000729B0000-0x0000000073161000-memory.dmp
memory/2336-155-0x0000000008670000-0x000000000877A000-memory.dmp
memory/2336-158-0x0000000008600000-0x000000000863C000-memory.dmp
memory/2336-159-0x0000000008780000-0x00000000087CC000-memory.dmp
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | fd17bf7b07fc556a1748e9aafed3a89f |
| SHA1 | ba458f77410c2cd7644bb5a6f37d88ed86ebdfcf |
| SHA256 | e649e0c94651f1201d50828cc7598eebf21dbae67631308b412febb3c9dbf9f6 |
| SHA512 | 53a3975029e7788acab6242527a9f056b98e246c72a88eb440cf1407b96c86ef6781fffe0bf441d3d25521be3577ef7c87218ffb42b9aae49453861854fda3c4 |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | 92fbdfccf6a63acef2743631d16652a7 |
| SHA1 | 971968b1378dd89d59d7f84bf92f16fc68664506 |
| SHA256 | b4588feacc183cd5a089f9bb950827b75df04bd5a6e67c95ff258e4a34aa0d72 |
| SHA512 | b8ea216d4a59d8858fd4128abb555f8dcf3acca9138e663b488f09dc5200db6dc11ecc235a355e801145bbbb44d7beac6147949d75d78b32fe9cfd2fa200d117 |
memory/2168-172-0x0000000000200000-0x00000000006B0000-memory.dmp
memory/2336-173-0x0000000006870000-0x00000000068D6000-memory.dmp
memory/2336-174-0x0000000009010000-0x0000000009060000-memory.dmp
memory/4372-179-0x0000000000400000-0x0000000000448000-memory.dmp
memory/2124-180-0x00007FFB353C0000-0x00007FFB35E82000-memory.dmp
memory/2124-181-0x000001F7240F0000-0x000001F724100000-memory.dmp
memory/2124-182-0x000001F7240F0000-0x000001F724100000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1lg4gpmg.ln3.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2124-191-0x000001F724270000-0x000001F724292000-memory.dmp
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll
| MD5 | 2afdbe3b99a4736083066a13e4b5d11a |
| SHA1 | 4d4856cf02b3123ac16e63d4a448cdbcb1633546 |
| SHA256 | 8d31b39170909595b518b1a03e9ec950540fabd545ed14817cac5c84b91599ee |
| SHA512 | d89b3c46854153e60e3fa825b394344eee33936d7dbf186af9d95c9adae54428609e3bf21a18d38fce3d96f3e0b8e4e0ed25cb5004fbe288de3aef3a85b1d93f |
memory/2336-202-0x0000000009930000-0x0000000009E5C000-memory.dmp
memory/2336-201-0x0000000009230000-0x00000000093F2000-memory.dmp
memory/2168-208-0x0000000000200000-0x00000000006B0000-memory.dmp
memory/2168-209-0x0000000000200000-0x00000000006B0000-memory.dmp
memory/2124-210-0x000001F7240F0000-0x000001F724100000-memory.dmp
memory/468-211-0x0000000002870000-0x000000000297F000-memory.dmp
memory/468-212-0x0000000002980000-0x0000000003AB2000-memory.dmp
memory/468-213-0x0000000000900000-0x00000000009FD000-memory.dmp
memory/468-214-0x0000000000C10000-0x0000000000D0C000-memory.dmp
memory/468-215-0x0000000000C10000-0x0000000000D0C000-memory.dmp
memory/468-217-0x0000000000C10000-0x0000000000D0C000-memory.dmp
memory/468-218-0x00000000002C0000-0x00000000002D2000-memory.dmp
memory/468-219-0x00000000398E0000-0x0000000039932000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\F1C1.exe
| MD5 | 7571d61af43d8b0d3614154c847f952a |
| SHA1 | 74751bbebcff1055fcba0382cbfb562ef6b7099c |
| SHA256 | d9ba761ab2cf8fdb2e6a5924eacff211760891abe53ab66619657ed360e9764a |
| SHA512 | 9a02d917acf8ad1fdb6f4f57ef92bbccb113beaeaf7d7f9d4db2c74052d8c32940f38349b35394fda3e85d6df40fad8068fc3381d66ee172543ba67f591974c1 |
C:\Users\Admin\AppData\Local\Temp\F1C1.exe
| MD5 | e2db24dba48048a90b9a775a6050f4f5 |
| SHA1 | 9c067bdfaf89d2255419ce0e3f6dc23d56fd8a7e |
| SHA256 | 06b4dede30c5f402559c61459e745e0d86d988ae00728cb3a7d55945c92dffdc |
| SHA512 | e723c6ffbf8d71a7ae2fd2da4e78d2ab826d2d786ed97490129c6f56d60edb2b33b75969e4310017a1fe587a6141881160170a0d8ed5f147631a144b849e61dd |
memory/1376-228-0x0000000000550000-0x0000000000AEE000-memory.dmp
memory/2168-236-0x0000000000200000-0x00000000006B0000-memory.dmp
memory/2168-237-0x0000000000200000-0x00000000006B0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_Files_\DismountUnblock.txt
| MD5 | 40ac385cf9b62d322c623662e2d65ce8 |
| SHA1 | 7c2e8e708e64f36887219f4b8ecdc42d343708da |
| SHA256 | 6261701bb08cb6856cd5ffa25af5e08efe9645c410ddfd5a030602b0646411e8 |
| SHA512 | df6dc71e3c3c68380fd96e3ef5b3536a5bce31a49af66fb8f06231449980d605e8530e313098efcc1982b63069cefd7a4a85c5a5968eb0a1a2905253fce4764b |
C:\Users\Admin\AppData\Local\Temp\637591879962_Desktop.zip
| MD5 | c3f4b01efc18828706bd2d8b09e5e2b7 |
| SHA1 | 33f0264b2a4f38c564a2342ecaa5b34df4b7ba2d |
| SHA256 | 4ff0abeee00d6cd0beb770b57197ddb9d668be070c630a120b90f19a25ede7b2 |
| SHA512 | 8b41be33fb9232139bcd6319b4649e24f5dc0a8114228c4f9b473a4e1c361baa0918d0ab998fd679bc9357098961f48bec37d8b69e3b78677951d4995b2817db |
C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll
| MD5 | 544cd51a596619b78e9b54b70088307d |
| SHA1 | 4769ddd2dbc1dc44b758964ed0bd231b85880b65 |
| SHA256 | dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd |
| SHA512 | f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus
| MD5 | c85a0e07782538a2be776b42ae50f843 |
| SHA1 | 4a09a7acb4dfcdd6e94ae13c6cde67b6f2ad4de9 |
| SHA256 | 0d3d4af4810805d73509a80834dd319b8d5a89c1bba91b7da2f3702b20891442 |
| SHA512 | 94236febfd0773a3d5a8b58e3446c87e2972066578e5ce54a1ec0f6a9be6e648128dd757f66f59eec77e872d7e19b4e76cf53766c70a30d901eca561e872994c |
C:\Users\Admin\AppData\Local\Temp\CCC0.exe
| MD5 | d8475e3eb1b8088c1b747799b20802be |
| SHA1 | 27727b8406dd18ae5ddc347257eac438f1dc08c2 |
| SHA256 | 40201bb18c81921d55236144105f37012832f6e321f41f5f48f7469420df0990 |
| SHA512 | 27bc79e9633f19f92efb72ae5e11603fe2ae0587cf532188b2bb8f2351123167556faf4ea347f0a394c6f3ab0d98374b9f9d7cecb4aa491117415fb9eed70726 |
C:\Users\Admin\AppData\Local\Temp\EEE0.exe
| MD5 | a1b5ee1b9649ab629a7ac257e2392f8d |
| SHA1 | dc1b14b6d57589440fb3021c9e06a3e3191968dc |
| SHA256 | 2bfd95260a4c52d4474cd51e74469fc3de94caed28937ff0ce99ded66af97e65 |
| SHA512 | 50ccbb9fd4ea2da847c6be5988e1e82e28d551b06cc9122b921dbd40eff4b657a81a010cea76f29e88fda06f8c053090b38d04eb89a6d63ec4f42ef68b1cf82b |
C:\Users\Admin\AppData\Local\Temp\1000838001\judith1234.exe
| MD5 | 6ae8bb98a051394f17d438a323043de2 |
| SHA1 | b92b1b2d69c11dcd0ed7dda14fd85e31e2ec72df |
| SHA256 | 96ba68504544a72a6f0cfa9622e8f475f5e779f4df1c1dc4be2be87ff3ec284b |
| SHA512 | 9708c78f1c7f8cd2f7c4e399940b8beb2ce341f10babd8acb961db05721cc15fd04ae9a1980545f1ddbf9054b5761a9b688329ebcc29289a6e462291ace4841b |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | c69a5cc0b86fc03281a9dca6da35d4f2 |
| SHA1 | 50e9988d9024b6e74744ca650ca435a9593234be |
| SHA256 | ea4b5d8f1d3051c4e934976334eb6b9933d0787cd438170728801a52a5cebcef |
| SHA512 | f095f4ed12ef3ce9602f39bad143a62997ac7bec73c26ebb5c11d6e1f0294ffc4f6c81360fdbce732d997d7ef0cdbddceed82c1ff3eb905d2c546561aace4c42 |
C:\Users\Admin\AppData\Local\Temp\1000858001\alex12341.exe
| MD5 | 2b648280f8c5e94477ba7521982c0375 |
| SHA1 | c7d31fd2ae975ae8f409f47dfb044e3972e548c0 |
| SHA256 | 0c3419ff8ddebff25027285ff876f30569e7915b993930411b230cfbf3e52214 |
| SHA512 | 168265315dfcfd666cb681da84d0616fb74f9e389073a5a377acbca45320206097f59cc629ea93b8618ec8a265ef6a0a0d5e4a45f26ef133f53ca40234eb314f |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
| MD5 | 47b3bb3bf3bd31854ef77da134dc534f |
| SHA1 | 79f7ee98bfce765215cb9bc54d6c27a748af50f3 |
| SHA256 | 27bd7f1def6afae36983285feba3f689c7a006617a7d48cdac752bbd8ca39683 |
| SHA512 | f0d52c49fe5de3abd83875dc52755fbdd7d70aa92d31abae733a8104742372cee2f2e59c5b71f6d667144e52c97c543b095a718ea63410e1709f55b73b4953d0 |
C:\Users\Admin\AppData\Roaming\configurationValue\olehpsp.exe
| MD5 | ea1279a3e9e0c0d6ef4fb266f153e734 |
| SHA1 | 5aeef1a7233ff1dccfbdf6d24bccdd29eb4fa96c |
| SHA256 | 9c38ecba653de6a28945eefb0d85def795dd25678d81c717b79fb00a07b70ad8 |
| SHA512 | e52e2233c285d918774fb9b3f01258ab070da9500e7568458c7362adcb0755b9a2b0a3df073d6c6a864df962c7556bb07c85d323dab951b8279f9c3fbf7aea29 |
C:\Users\Admin\AppData\Roaming\configurationValue\TWO.exe
| MD5 | 28f30e43da4c45f023b546fc871a12ea |
| SHA1 | ab063bbb313b75320f4335a8cd878f7a02e5f91c |
| SHA256 | 1e246855bc5d7648a3425771faa304d08ce84496a3afa7a023937ac41d381c6b |
| SHA512 | 559099480bc8518f740249b096c123bc5dfb9dc0126d1c681f4e650329cfb4383754ec8a307057f24b2692c36f4fa8e90b5b5d2debe1061e1ece27a7b26335b4 |
C:\Users\Admin\AppData\Local\Temp\1000865001\dais.exe
| MD5 | 1f22a7e6656435da34317aa3e7a95f51 |
| SHA1 | 8bec84fa7a4a5e4113ea3548eb0c0d95d050f218 |
| SHA256 | 55fbfaaeee07219fa0c1854b2d594a4b334d94fad72e84f9f4b24f367628ca6c |
| SHA512 | a263145b00ff21ecaf04214996f1b277db13bdc5013591c3c9cf25e9082fc99bc5e357f56aba4cea4dbcc68f85262fe7bbd7f1cec93cde81c0b30dae77f1b95e |
C:\Users\Admin\AppData\Local\Temp\1000865001\dais.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe
| MD5 | 2b62ddfa9c96cf01598569d4de667dd0 |
| SHA1 | 4003a8d4227e816ba8e80bfd6db341e3bd8cf4be |
| SHA256 | 96e553e13562bd052411b7d6a913779946c11c30a9e1c736f48d2f721badf462 |
| SHA512 | c9fa8bff091d1782e42e13ffaee84e5f2c98604accbf24a27b779a388ac5d0f290afa4bff14359127215c59d97ee722df22c17bb8f77c50b13b9b126e94f62b7 |
C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe
| MD5 | 5c7828cf9de5e778c2a212cff9de1252 |
| SHA1 | 7e428673c6a7dd5f329fe58fcce9688bda522ce4 |
| SHA256 | 0e367e9da1bc639dddd9f6fac190f55cf4667f7642cc1e1bc8f2acd6a5520337 |
| SHA512 | a4a1adbf829ad24453a2098c0afe0ffaa113104f8992a4c775fa557369c39faf4084821167eabe1b7415aa53ee21777e1ca9e37749e12f5759475976e0de3671 |
C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe
| MD5 | f9da0b608cc297351c0f664283fc86cf |
| SHA1 | 02000aae3546cffd8c1e20f5b00f242695f453fa |
| SHA256 | dfca6745856d910aa5d0e4f6508d808946766a97f4764ec35a724a7575d2e92e |
| SHA512 | 5adb675986dfbd8fbc8d5f95260941096c6faebff3197800e91398b399790a3b5cd250d6ee229e780e75f1550a4009991741f4084ad0304802dc48f8bac4f10d |
C:\Users\Admin\AppData\Local\Temp\1000874021\random.cmd
| MD5 | 7ca00195b480ee284ddaebfea321f27e |
| SHA1 | a9ef34c03c1285c450b0414a20fce7f9533f7fa6 |
| SHA256 | c133cb730f4483b60434981714e8544a30bdb422376495c74aabeb16b13fd5d6 |
| SHA512 | c78ba3153ac0999f71c1ab0e5c4738e2e46d03f6567045e8c5ec3bd7157adabe4ce61b56554c546ce6070f09c84f26a64354ffaef0bf32175a4b40c27d4a3035 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 656bb397c72d15efa159441f116440a6 |
| SHA1 | 5b57747d6fdd99160af6d3e580114dbbd351921f |
| SHA256 | 770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab |
| SHA512 | 5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d459a8c16562fb3f4b1d7cadaca620aa |
| SHA1 | 7810bf83e8c362e0c69298e8c16964ed48a90d3a |
| SHA256 | fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a |
| SHA512 | 35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 65bf07bb7a211b110d43ce685bcd6cd2 |
| SHA1 | 27e8ee53db360181692e9d867d94bab0932968f3 |
| SHA256 | e18ec90b2cc6a89cf29497e6ad24ce296bd68dc7ffcd145c621684caea26ccd1 |
| SHA512 | 0f032f97304c854e5795d6f03230fa59b517d86f6aa7ec0add6c4a268bd8aad0bc04d82044546682c41c8b0ef7af353e4406d45c850e45e03d76e51eb3baab35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 11c83f27515bdc3b53183658946594ff |
| SHA1 | baa504abb67ba68c6dcd3cb9b8c9950abbca5604 |
| SHA256 | 42b63357d8b8b2512197aea3f821232833bc17ecfe387f79c3ee62569bf6627d |
| SHA512 | 871670503b44d1951fb4c678e5a63b80a43cb5841dd23fbe21cf64c003f927f81d5bfa6d31c5370676c2b1bef80b8052618fb47019378a724eb76e7326c9d7da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 192d08906fd53a938f2e32e97839d648 |
| SHA1 | 8335361f4c1dfb42ac4316e27869e90f79356f6d |
| SHA256 | 0c06f39fd8b233fede1820d3ed70b37da139911abca537ed51157bb0c81024cc |
| SHA512 | 797840091b28735973209d3d700e0161f792f0bae9ec047963a9918c73f05ce06cce5624c3e90c96e33efc65538385a0e4e523e883c661724f8fba3f55393d00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 66f6be9b9b7af68a2253db380386c62e |
| SHA1 | 72238a1fb1d6b30f0ff9e5596486f2bf1d497e00 |
| SHA256 | e926d3b02fe60ef32f2c95bf442b263f917896b4d2db4b7f0d7391b6375f8b8e |
| SHA512 | 8b9fef262d86f7e763d069a00683f7094772ee1ac9dd9f1c041e1b3a6ae096a9fd0fd309ae68a48b8fa947dbd849c1e8a03c9ff61d3b92f7f1c7e3b365e55499 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a90c8.TMP
| MD5 | 8a3b99e470426e2edf5ab3d1f4d39ff8 |
| SHA1 | ab09be82dd737621cbff6c518eaf7899303936d6 |
| SHA256 | a5b944965a9e626743043f5a6c986438c0cfd0eb06612f9469522e90f36bb1cb |
| SHA512 | d10a34d4252d5dcd86d0c7c45d242192e2da562f56b322fa989bcd4926f80645a0b86ef26556b31ac38c2efa1184f4f5f568a73ca1cc35a15643accd1290326a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b51d3f5f20f6a2bde90a546502b593b6 |
| SHA1 | e19cb2e5009cbe798325f3505841039bb6886d53 |
| SHA256 | ce464ae9ac166e380a677c80d43d29aa00a744a21952e1968f687085498574dd |
| SHA512 | a516cde79ef7af44ce37694b3a54b1c60e1b5b0555fb40d2aa40bc151a3af54979f801a500ef0aacf40923ce1fff28c6bb5b131929a66c202b58ff8efa4047ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f76c8c8c02999944580a36fe8a01d301 |
| SHA1 | 063740de39a8204a6352b1aa951688252e6beb7b |
| SHA256 | e5a7037278266acf4509dac6e4686f142f96fac123c8bdde6a659e72b31e0252 |
| SHA512 | 16946da357bb320d42672ea9f41016e9707c2a8a6037814a566c9720c83fb444bb41af0094c131b7763afde56318cb7fbb44993fdec6790d09bcbe44787080cd |
C:\Users\Admin\AppData\Local\Temp\1000875001\amadka.exe
| MD5 | 496b75d209831cb8345c35b7abe59057 |
| SHA1 | 37f2388ed50ad73b989e7885f632cffa72291e6e |
| SHA256 | 1f660ccec27336f1f2491db0f4ac532271dd2d144a57760c0c4723a6216b50fb |
| SHA512 | 7821edc7a2c493b8e2c52d755015c6bbfe10ce10ab2d77949bfae1881fc7676cbd65e7c9c8b91e4f7af34d56f80b0ef11547936c8d546f9134b899145e3b5087 |
C:\Users\Admin\AppData\Local\Temp\1000903001\lummahelp.exe
| MD5 | f59dabd1309e8fb292d7d997974f6c13 |
| SHA1 | 38062eaf89b0a50cb3482d921f01f68b706f05ba |
| SHA256 | d43aa50a185a1acbcb6873d935833d4d6341bba82052ba8057c883e2d3a5e800 |
| SHA512 | b7fd6a56ff701ad75c23e97a683281a95c85884256330a46327a656ee1697867ba389d77e3a06bc3612a23288bf6e46daf1ec6f088f7407e2ce278c7f0a772b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 3fe3817871cc6e2555fdda9af976550d |
| SHA1 | f1ef4a7798f026e3274c7aa70770e25002bf82aa |
| SHA256 | 156bca20c05d6577c6e0472aee06f7d18980d06d273d7567ffeed234dda4bb42 |
| SHA512 | a8e0a3ef9eff7522fe362c169d29ddefa40eabaa475aa6a74634c6dd829fe2012fb184abc07570a3f56bb1ca460f89541e2ed1f8173d02e1eaca8f00f105d62a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ae0eb.TMP
| MD5 | c040d62fcd9925aa89bff95ce664b4d4 |
| SHA1 | e5e692274b8db603ba872ddc134ac4fc13e9004e |
| SHA256 | bc05dc3ec6066ad89816ea3e183b155b5714afc91b647adb5b4880443313b05e |
| SHA512 | 7ce5f78643c2ba88d20077bba47da91fcbc27ce1eea4569837d39d160ab4ef3436bdbe33b4bbe1b4bb272553a3500f96ea45db5e922f21449f858fcfcbecee26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ed3c427029c0aeaa2bc343fc17cb27a1 |
| SHA1 | 09ebed30150478ac2c12c4ebf95b796119875554 |
| SHA256 | 0ebf3b48aa1c57593a8b52bc41173399ba3269abcf82f540aa04725aab6c5439 |
| SHA512 | db176657d8d7f69ffc353219618e2c382b7de9c02179269c843226829e04d16254d741e75fa71236df7362d881c530c82abb1ed01cd2268cdb49c37b06e4b330 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | dd4da35bd2e45df570de5488a41b0a1e |
| SHA1 | 1e11dbb577e76e294fb6754fae9042e4a9143e18 |
| SHA256 | 47958f1a5f5496a54eb3992a18f1ec07bf050accef5a6c0c98c07e0eb936a180 |
| SHA512 | 4730391f9831708f3cf8d9c636180f96d78da9058ec110651468a5f1c207649acd37f6840677a33dbf95bdaee56b73a2635e4a1f65f8b8e65f6e17b7c70f6f5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\addaf0b1-32be-46b2-ba2a-2097080d17fe\index-dir\the-real-index
| MD5 | 0520900f2e95a736c6a013225e8fe387 |
| SHA1 | 4e57b8b7cc13c19b8e45260c6218ad37684f641e |
| SHA256 | b1bd6b7de741c4a94bc644799c3d6a46515985d72cfc3199732d1f85fda4149d |
| SHA512 | d4b0b2b88ff0337efeb51f0815891582575853cfa38104e6ee43876122be28637f5fcb09c107440bc42d111d60cf0134b61f73a15eeb6841347d933332e242e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\addaf0b1-32be-46b2-ba2a-2097080d17fe\index-dir\the-real-index~RFe5ae8db.TMP
| MD5 | 25daadb60fc0e833bd119fdfb60a553c |
| SHA1 | 5bb4cf7cfe4f5c07eb06db721da60121229b18e1 |
| SHA256 | 09ec9108f6eb8bac37c57e4a690bd4b0550d3f80cc77d46a69aa8a17aa52704e |
| SHA512 | 594a2258db1d1ec26ea1ea4d3200fb168197aca0438ab8f0d1d829467f6baf58d6d00b939fbe3f9f63c8504f9730e7ae409898b30b9121a2a9769ed4e1025f61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7a215e269de7d3e8a81359c0434c7a69 |
| SHA1 | 8a8b63b1b2a0008ad6e9c8605822eca01b9da646 |
| SHA256 | 49e0554b76f949948567f52bc02f5323b54cf88b04f914996cd2275ac2252d6d |
| SHA512 | 059c574e7140d6999aaec21b3c7cd1358f228c85e706fca1626acf85292fa4a1148bb79d91d0c443518efc02ddfe3228747125a4befeb4108d6c07cb983367e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5af667.TMP
| MD5 | 28e47ac79883b63cacd40e6b91db7e57 |
| SHA1 | 871db53115e772e70f93bf4e158cc0cd7c934e3c |
| SHA256 | 61ec1bdca8db0569edd5a4ea807a88a78ee502d2a313b14fab99996ea74971cb |
| SHA512 | 2dff33fea309baad9f2ebf861d38f69350b9d5fc4b6ee6b7e13fa6d7148a2b7d5b51820a99ce480673699bf5a5ba345c4faaf1f1b19175cb443f02f4a473cb0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 270db498696e01c16f00424c1ef1d8ce |
| SHA1 | 4157a6aa106023bdff26c3f2d3d0f8ee17448ebe |
| SHA256 | 25c52eea27a0802af8dcc012424ccf2eb2c1cf9d0283d9fbd8bc7c9ac1d162e0 |
| SHA512 | 8f3bd64f411642044e5944d88f0d9eb4cf605097ba91bc53bc3b50a4e471412ee42992dae6d2a62e9bc0ff150275bd864e698016477e9e87bd007c32b0190b09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 55455fecbd117748522b26ef89939eb6 |
| SHA1 | 45abed1f15a0d1b5ae90c8c0e61234e8e8e53213 |
| SHA256 | 149763b55666d3b14259913d332e9db81856f2bbed9fdce256e2d03cca6009e4 |
| SHA512 | 571e531776d51097007c4ff27a003ea0f0dc29b61c2e39c6743af87b328fc94d75b4105d692ba9b569c42a1c7f9ccad0d8439706e81630aabc9348ac68f635b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 65ee5758072147cca9ce2526c1af9284 |
| SHA1 | 61983152b0d331511eae43b331a413fa9cad4cd4 |
| SHA256 | e4930deac23e8b628949cccdc213cc04110581663315d123584b367a13538c70 |
| SHA512 | 696bb4fa55347cb87d8a610c1f8a6adcbc11490c72fe91968a6bf987b879bd448ab9c7affdc576e5a8841651682ba8d1cffa22194b96ba3127fd654a2b72d451 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9ff3239a7f743e02d71771333afbc961 |
| SHA1 | edbeb3284e18fa48cbfa9a74c76752ab25d7fcc5 |
| SHA256 | 9b957a8e128b157e3e1fc1531ad2f33f94e495fc0fec5e96cf15945471cea6f1 |
| SHA512 | b274452faf94b55a49faef69ceaf1a288fb3564b3b6e059f89a91a51733e6c33cd41226e4e8ee867b8d9026b52cba7bf11212ec39c970d9c75bb92462cce9659 |
C:\Users\Admin\AppData\Local\Temp\1000935001\InstallSetup3.exe
| MD5 | 6028456bdbede902999333597e720871 |
| SHA1 | fb1b51d3b46b767a24f950a6b0c41f6a9cc4eaf6 |
| SHA256 | c59e4f36f1f0e0bdb05b899a47a4857b9aad387fa7cb2f8eb2a3c490960e960e |
| SHA512 | 6f820aa57812aaa1b2c4f3cfee5435b304520031050f6a35f5ac068bb9fb531ccf9c3a01d327280adbb87ea6e4a9995cd144da71e7e4d45ce92448233b2ede1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1de9119cd8cc0834003fa4d779d22754 |
| SHA1 | 1f67d9abd601d78d635a5fadfe5cdfe1642568bf |
| SHA256 | 376a95032465cbc88b7244ffa5588adbcdd91cf0bd785bbd00d8ce37a479fd98 |
| SHA512 | d53c6a4ba2ee34631e067595823ecc9fc947e1ab5322d8a035a5697ca12644a42040fa756501ab9456792976e5cec85e06ec21ae1e083945a991655d87b97758 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8e69565860f98ab009c45d1aeb2a28cb |
| SHA1 | 574b6a7c8beb5339a59ed63e64555c050b4404f1 |
| SHA256 | 4d84e4c87cf869dd40f25f618fc90801f953c54292edb01acdb18bf56df992f8 |
| SHA512 | abfd64812dd85ce440fe312654992346ff796618493cc798c80f87454a9c01ae98b8e342b93ec9b6532fc14a49d166e241fcc94d95a34be0bce01a5df12f785e |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | e76cb04c069b3d121d96526d84eaa596 |
| SHA1 | 2181f919f956c75672cb53a658f6c2d956d5cd19 |
| SHA256 | 7c431ad9b6f7ea027c1ccabdf23a3b894e3449c1b6b5fe14755fefd7bb713092 |
| SHA512 | d03a5bad6349399e90af0fa127c211c905346f6660334532ed7945eb93582169f608719228882ace9691fd5e41807b27cc9b3a81c4dc105fea29c55f45f5b20a |
C:\Users\Admin\AppData\Local\Temp\april.exe
| MD5 | 909cc21ca77aa84e90637926823577f4 |
| SHA1 | 68a104ee3641a29e53e03533bb9ca7c3b32e9cc3 |
| SHA256 | 0a10223f76ff767f6dda39493d1f8d94c53e01c03e5e0c8669865bf32ead78d6 |
| SHA512 | 1b596d8603cb10bf87ce266346e43b1e9d8f0eaa78256314542c923d05c9d6eea2082f2ce40649170961a3519f16530908d1d4fffd13535cfe5494b785e15709 |
C:\ProgramData\DirectSoundDriver 2.36.198.65\DirectSoundDriver 2.36.198.65.exe
| MD5 | d4b23a07d6a976d8ecbe9d3945fd4942 |
| SHA1 | 87406e5ffb24869fa3a73babddca69900085bdc8 |
| SHA256 | 0f9dff2e66d625dd5d8b1f6ee68157f1f5771168a1a0cd38ed3aa4f8d065be56 |
| SHA512 | 7fc002d6f9aa01087c793ad2870755df2af7968a0a686d5fb945f49932a947cbeeab4011d9febbe498f00b4c5fb01502097865a5595b8b5a1a6d79fead240d03 |
C:\Users\Admin\AppData\Local\Text Ultra Edit\is-QVHMC.tmp
| MD5 | 6231b452e676ade27ca0ceb3a3cf874a |
| SHA1 | f8236dbf9fa3b2835bbb5a8d08dab3a155f310d1 |
| SHA256 | 9941eee1cafffad854ab2dfd49bf6e57b181efeb4e2d731ba7a28f5ab27e91cf |
| SHA512 | f5882a3cded0a4e498519de5679ea12a0ea275c220e318af1762855a94bdac8dc5413d1c5d1a55a7cc31cfebcf4647dcf1f653195536ce1826a3002cf01aa12c |
C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dll
| MD5 | 63609258b213e16c70bef1ca7bedf907 |
| SHA1 | 6ef1504255f3d2880e44f50e3f77aac4f4ef242a |
| SHA256 | 943e96a3617079e6f01ee232269ee57afca170b338a5f9e00b177420b55851ed |
| SHA512 | cfe0b153260f459ad5bcd1aa95d468ef93178da50c09885338baeecd232b21324197bc8680be3aab066b365c0e375e39505fcf463686a1acda9bdd8fed5348ec |
C:\Users\Admin\AppData\Local\Temp\is-HL9CI.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\AppData\Local\Temp\is-HL9CI.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\clip64.dll
| MD5 | 726cd06231883a159ec1ce28dd538699 |
| SHA1 | 404897e6a133d255ad5a9c26ac6414d7134285a2 |
| SHA256 | 12fef2d5995d671ec0e91bdbdc91e2b0d3c90ed3a8b2b13ddaa8ad64727dcd46 |
| SHA512 | 9ea82e7cb6c6a58446bd5033855947c3e2d475d2910f2b941235e0b96aa08eec822d2dd17cc86b2d3fce930f78b799291992408e309a6c63e3011266810ea83e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XNU2PQS6\InstallSetup8[1].exe
| MD5 | 0099a99f5ffb3c3ae78af0084136fab3 |
| SHA1 | 0205a065728a9ec1133e8a372b1e3864df776e8c |
| SHA256 | 919ae827ff59fcbe3dbaea9e62855a4d27690818189f696cfb5916a88c823226 |
| SHA512 | 5ac4f3265c7dd7d172284fb28c94f8fc6428c27853e70989f4ec4208f9897be91720e8eee1906d8e843ab05798f3279a12492a32e8a118f5621ac5e1be2031b6 |
C:\Users\Admin\AppData\Local\Temp\heidiNXG4jhfEzm4G\ZunTSaNJLBVfWeb Data
| MD5 | 9cf0b730c84728d555a21f9639e36b6d |
| SHA1 | 31b7bed8d5606241ea2fae3a99be20ad9a74fad7 |
| SHA256 | 002b1a9bee320aa70d416b1d264b77a021b03f57c68454ef805e885627fb5ba9 |
| SHA512 | 8444c3afac9d7755ccc3fc7e1a42d3e1ed890cf69255c1bf0720b36e1f8f30ca25150d7ae566cb5f7123fe0fef081cf359cc1e138234a8c293c4b8c47284d43e |
C:\Users\Admin\AppData\Local\Temp\heidiNXG4jhfEzm4G\QdX9ITDLyCRBWeb Data
| MD5 | 82727ca228f125c6c472807a15c3402c |
| SHA1 | 9562c5f8c68309c2d660cd445e9f364edce93b8f |
| SHA256 | b2aa7c525764660b70c53bacdda9f334017db0b44c2abffa31621fa682bfb833 |
| SHA512 | 61a2ccae65cf18f6e1c29f1df72b341cdc272078a236d9db5223e024d8acc57f48d8f664f6a747223297e91715578fb9e311fbe42f03c529b85f4111cbf3d900 |
C:\Users\Admin\AppData\Local\Temp\adobeNXG4jhfEzm4G\information.txt
| MD5 | 227fd64f50b04b6ec34c29a97ffeb327 |
| SHA1 | 98da522f8943b88dd75568ed7eaa93dd79ec2fe5 |
| SHA256 | 461fa725982955c29b92645e293c543c2255d3f0bb9c131ca9194f74008bea2e |
| SHA512 | b30179e355275163911bc670cb485292e631ed1df451691f9fa06629cbc54e85645b441d3d7a91a0377f8c613f430c6b4c4d9447d04937c54854ec6db4c6d81c |