Malware Analysis Report

2024-11-13 14:01

Sample ID 240407-2xgresha4x
Target 855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb
SHA256 855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb
Tags
persistence spyware stealer
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb

Threat Level: Likely malicious

The file 855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb was found to be: Likely malicious.

Malicious Activity Summary

persistence spyware stealer

UPX dump on OEP (original entry point)

Drops file in Drivers directory

Reads user/profile data of web browsers

ACProtect 1.3x - 1.4x DLL software

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Maps connected drives based on registry

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 22:57

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 22:57

Reported

2024-04-07 23:00

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Windows\SysWOW64\smnss.exe N/A

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\ctfmen.exe N/A
N/A N/A C:\Windows\SysWOW64\smnss.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen = "C:\\Windows\\system32\\ctfmen.exe" C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen = "C:\\Windows\\system32\\ctfmen.exe" C:\Windows\SysWOW64\smnss.exe N/A

Maps connected drives based on registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\1 C:\Windows\SysWOW64\smnss.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\1 C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\smnss.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\smnss.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\zipfi.dll C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\Speech_OneCore\Common\tokens.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File created C:\Windows\SysWOW64\smnss.exe C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\I386\unishare-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\SendToOneNote-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\NdfEventView.xml C:\Windows\SysWOW64\smnss.exe N/A
File created C:\Windows\SysWOW64\satornas.dll C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\Amd64\MSXPS2.xml C:\Windows\SysWOW64\smnss.exe N/A
File created C:\Windows\SysWOW64\shervans.dll C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
File created C:\Windows\SysWOW64\grcopy.dll C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\Amd64\MSPWGR-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\Amd64\MSPWGR.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\Amd64\MSMPS.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\Speech_OneCore\Common\en-US\Tokens_SR_en-US-N.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\ctfmen.exe C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\Amd64\unishare-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_6066bc96a5f28b44\tsprint-PipelineConfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\icsxml\ipcfg.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\IME\IMEJP\APPLETS\IMJPCLST.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\Amd64\MSPassthrough-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\Amd64\MSMPS-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\icsxml\cmnicfg.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\icsxml\potscfg.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\icsxml\pppcfg.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\MSxpsPCL6-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\MSxpsPS-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\MPDW_devmode_map.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\wsmanconfig_schema.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\Amd64\MSIPP.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File created C:\Windows\SysWOW64\ctfmen.exe C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
File opened for modification C:\Windows\SysWOW64\AppxProvisioning.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\MXDW-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\MSxpsXPS-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsCodecsRaw.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\Amd64\V3HostingFilter-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\Amd64\unishare3d-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\Amd64\MSAppMon.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\Amd64\MSIPP-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\Amd64\MSECP.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\Speech_OneCore\Common\en-US\tokens_TTS_en-US_david.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms004.inf_amd64_c28ee88ec1bd4178\Amd64\unisharev4-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\Amd64\MSAppMon-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\satornas.dll C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
File created C:\Windows\SysWOW64\zipfiaq.dll C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\MPDW-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\shervans.dll C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
File opened for modification C:\Windows\SysWOW64\F12\Timeline.cpu.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\Speech_OneCore\Common\en-US\tokens_TTS_en-US.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\grcopy.dll C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\Amd64\MSECP-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\icsxml\osinfo.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\tcpbidi.xml C:\Windows\SysWOW64\smnss.exe N/A
File created C:\Windows\SysWOW64\smnss.exe C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\MPDW-PDC.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\Recovery\ReAgent.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\wbem\xsl-mappings.xml C:\Windows\SysWOW64\smnss.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MANIFEST.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sl-SI\View3d\3DViewerProductDescription-universal.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27405.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ka.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ms-MY\View3d\3DViewerProductDescription-universal.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\AppxManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ja.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_2019.430.2026.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\HeartbeatConfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_2019.125.2243.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hu.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN108.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hi-IN\View3d\3DViewerProductDescription-universal.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\co.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN095.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\nb-NO\View3d\3DViewerProductDescription-universal.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sr-Latn-RS\View3d\3DViewerProductDescription-universal.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL087.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\NOTICE.TXT C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\AppxManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\List.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tt.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\manifests\BuiltinStickyNotes.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\pages\winrthost.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\BRANDING.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fr-CA\View3d\3DViewerProductDescription-universal.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x86__8wekyb3d8bbwe\AppxManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\_Resources\index.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2019.716.2313.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\index.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eu.txt C:\Windows\SysWOW64\smnss.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\diagnostics\index\PowerDiagnostic.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CP1254.TXT C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\PLA\Reports\es-ES\Report.System.Disk.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobe-textinput-template.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ThirdPartyNotices.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\pdferrormfnotfound.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\RetailDemo\retailDemoSetupInclusive.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WaaS\tasks\17499b8d805e9480903b0df0326a3d231841049e.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\MicrosoftOffice2013BackupWin32.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\oobe-light-progress-template.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\IdentityCRL\production\wlidsvcconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\PLA\Rules\ja-JP\Rules.System.Diagnostics.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\PLA\Rules\uk-UA\Rules.System.Wired.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\http_410.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-d..view-host-appxsetup_31bf3856ad364e35_10.0.19041.1023_none_bc2fe801d2277712\appxmanifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\AppxManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\core\view\oobe-chrome-contentview-template.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..sslockapp.appxsetup_31bf3856ad364e35_10.0.19041.1_none_b12dd952c6b2312b\AppxManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobe-button-template.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\tokens_enUS.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\oobeoemregistration-main.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_10.0.19041.1_de-de_1418e1a4e830cf09\Rules.System.NetDiagFramework.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..tscontrol.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_bcf0807cccfa0873\r\AppxManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\PLA\Reports\it-IT\Report.System.Disk.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\PLA\Rules\ja-JP\Rules.System.Configuration.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\proxyerror.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\WpcBlockFrame.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\unifiedEnrollment\views\unifiedEnrollmentFinished.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_dual_tsprint.inf_31bf3856ad364e35_10.0.19041.153_none_356ebfa943b1edf9\tsprint-PipelineConfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\MicrosoftInternetExplorer2013Backup.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\oobeactivitysyncconsent-main.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..urepicker.appxsetup_31bf3856ad364e35_10.0.19041.1_none_683314e4dd640401\AppxManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-deliveryoptimization_31bf3856ad364e35_10.0.19041.207_none_a87fa27025b2eaac\r\2213703c9c64cc61ba900531652e23c84728d2a2.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ebd9ffd49454da2e\Report.System.NetDiagFramework.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..iser-inboxdatafiles_31bf3856ad364e35_10.0.19041.1202_none_e636843d96260ccd\Appraiser_TelemetryRunList.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\PLA\Rules\en-US\Rules.System.Network.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\PLA\Rules\ja-JP\Rules.System.Summary.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\ErrorPages\pdferrorrepurchasecontent.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\oobe-footer-template.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\HvsiUserPolicies_ContainerRealtime.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\diagnostics\index\PrinterDiagnostic.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\de-DE\assets\ErrorPages\tlserror.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\pdferrorunknownerror.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ja-JP\assets\ErrorPages\DisableAboutFlag.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..esolverux.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_30675b33c3afc2a2\r\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\close-chrome-breadcrumb-template.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5f8c8a80ca07e2d5\Report.System.Wired.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\hololensWorkAccount.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\oobehello-main.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\de-DE\assets\ErrorPages\forbidframingedge.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\appxmanifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..ep-chxapp.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_7d8eee60f8081103\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..gshellapp.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_b4c98345579ad387\r\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\BingConfiguration\BingConfiguration_en-US.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\diagnostics\index\AppsDiagnostic.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\diagnostics\index\SearchDiagnostic.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\PLA\Rules\it-IT\Rules.System.Network.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\servicing\Editions\EditionMatrix.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\http_403.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\RetailDemo\retailDemoShutdownsInclusive.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobenetworklossaversionv2-main.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppxManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\AuditPol_ContainerRealtime.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\diagnostics\index\DeviceDiagnostic.xml C:\Windows\SysWOW64\smnss.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\ = "C:\\Windows\\SysWow64\\shervans.dll" C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\ = "C:\\Windows\\SysWow64\\shervans.dll" C:\Windows\SysWOW64\smnss.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\smnss.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe

"C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe"

C:\Windows\SysWOW64\ctfmen.exe

ctfmen.exe

C:\Windows\SysWOW64\smnss.exe

C:\Windows\system32\smnss.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4056 --field-trial-handle=3084,i,11997299123381683778,5904351605020331957,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 qanrmqnprn.info udp
US 8.8.8.8:53 mqprparnws.in udp
US 8.8.8.8:53 arnqarwmsn.com udp
US 8.8.8.8:53 hqqhmeqhes.net udp
US 8.8.8.8:53 phhpqhqaqh.in udp
NL 34.91.32.224:80 phhpqhqaqh.in tcp
US 8.8.8.8:53 sanppqeqsa.biz udp
US 8.8.8.8:53 aawemqshra.com udp
US 8.8.8.8:53 mhwqeramar.in udp
US 8.8.8.8:53 nqrwnmsmpn.us udp
US 8.8.8.8:53 eqmmrhsmsh.ws udp
US 64.70.19.203:80 eqmmrhsmsh.ws tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 cs.stanford.edu udp
US 52.101.9.5:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 paqhmsphpn.in udp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 8.8.8.8:53 msenmmqrna.in udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 acm.org udp
US 8.8.8.8:53 mail.mailroute.net udp
US 8.8.8.8:53 224.32.91.34.in-addr.arpa udp
US 8.8.8.8:53 203.19.70.64.in-addr.arpa udp
US 199.89.3.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 qpmrpawwhh.info udp
US 8.8.8.8:53 sqmnnsppah.biz udp
US 8.8.8.8:53 rpnraaswhh.org udp
US 8.8.8.8:53 wpweweaeea.in udp
US 8.8.8.8:53 qapsramhma.info udp
US 8.8.8.8:53 epqwhmwswa.ws udp
US 64.70.19.203:80 epqwhmwswa.ws tcp
US 8.8.8.8:53 aarrnepnsh.com udp
US 8.8.8.8:53 smmrhhpwms.biz udp
US 8.8.8.8:53 ahmqsnmwnh.com udp
US 8.8.8.8:53 eremwwqwah.ws udp
US 64.70.19.203:80 eremwwqwah.ws tcp
US 8.8.8.8:53 aasanwwrqn.com udp
US 8.8.8.8:53 hrnnsmsnen.net udp
US 8.8.8.8:53 amhamsmsms.com udp
US 8.8.8.8:53 snamnqweea.biz udp
US 8.8.8.8:53 ppqerwwwah.in udp
US 8.8.8.8:53 ewssqsrana.ws udp
US 64.70.19.203:80 ewssqsrana.ws tcp
US 8.8.8.8:53 amqmehqmqs.com udp
US 8.8.8.8:53 epwqnrwqhn.ws udp
US 64.70.19.203:80 epwqnrwqhn.ws tcp
US 8.8.8.8:53 qewsmsmmma.info udp
US 8.8.8.8:53 mwhrnpahps.in udp
US 8.8.8.8:53 peheespqpn.in udp
US 8.8.8.8:53 hsrwhqhqrh.net udp
US 8.8.8.8:53 nsspmqhphs.us udp
US 8.8.8.8:53 hrerqrqnrh.net udp
US 8.8.8.8:53 rhprmaqaph.org udp
US 8.8.8.8:53 wsahqpnqnn.in udp
US 8.8.8.8:53 aqqrqmwrns.com udp
US 8.8.8.8:53 wnahsmsqsr.in udp
US 34.162.170.92:80 wnahsmsqsr.in tcp
US 8.8.8.8:53 rhenpharsh.org udp
US 8.8.8.8:53 enmphsmqra.ws udp
US 64.70.19.203:80 enmphsmqra.ws tcp
US 8.8.8.8:53 92.170.162.34.in-addr.arpa udp
US 8.8.8.8:53 nshaesmawa.us udp
US 8.8.8.8:53 eerrnsamqa.ws udp
US 64.70.19.203:80 eerrnsamqa.ws tcp
US 8.8.8.8:53 rhnnrhrqwn.org udp
US 8.8.8.8:53 spnshqnrhh.biz udp
US 8.8.8.8:53 pnarrsphra.in udp
US 8.8.8.8:53 mhmaphewaa.in udp
US 8.8.8.8:53 repwapqmns.org udp
US 8.8.8.8:53 wmenmrprss.in udp
US 8.8.8.8:53 wnshehamhh.in udp
US 8.8.8.8:53 remrpqpseh.org udp
US 8.8.8.8:53 hwnppemeea.net udp
US 8.8.8.8:53 pnaqheqnsa.in udp
US 8.8.8.8:53 mwhnpqrmrn.in udp
US 8.8.8.8:53 pwramqmsms.in udp
US 8.8.8.8:53 hmamsmwhar.net udp
US 8.8.8.8:53 pqshhpemrn.in udp
US 8.8.8.8:53 wpqqhhspps.in udp
SG 34.143.166.163:80 wpqqhhspps.in tcp
US 8.8.8.8:53 gmail.com udp
US 8.8.8.8:53 alt2.gmail-smtp-in.l.google.com udp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx.l.google.com udp
BE 74.125.133.26:25 aspmx.l.google.com tcp
US 8.8.8.8:53 nqenrpwpeh.us udp
US 8.8.8.8:53 spawwehsrs.biz udp
US 8.8.8.8:53 ppeseaqmms.in udp
US 8.8.8.8:53 msarphnewh.in udp
US 8.8.8.8:53 pwqpewwahh.in udp
US 8.8.8.8:53 163.166.143.34.in-addr.arpa udp
US 8.8.8.8:53 hmparqsaqa.net udp
US 8.8.8.8:53 qsqpspspqn.info udp
US 8.8.8.8:53 haearrsqhn.net udp
US 8.8.8.8:53 qnrnwnwaas.info udp
US 8.8.8.8:53 weaeprawra.in udp
US 8.8.8.8:53 qmhqeesawh.info udp
US 8.8.8.8:53 ssnsphrnws.biz udp
US 8.8.8.8:53 aewrhprres.com udp
NL 77.247.183.152:80 aewrhprres.com tcp
US 8.8.8.8:53 mpehqsqwmn.in udp
US 8.8.8.8:53 rnrmmnpnpn.org udp
US 8.8.8.8:53 mwaaemmnhn.in udp
US 8.8.8.8:53 asnrrsamsa.com udp
NL 212.32.237.91:80 asnrrsamsa.com tcp
US 8.8.8.8:53 152.183.247.77.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 2.1.0 udp
US 8.8.8.8:53 4.0.1 udp
US 8.8.8.8:53 gmail-smtp-in.l.google.com udp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
NL 142.250.153.27:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 nocorp.me udp
US 8.8.8.8:53 in1-smtp.messagingengine.com udp
US 103.168.172.220:25 in1-smtp.messagingengine.com tcp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 whmrraawha.in udp
US 8.8.8.8:53 qmsaspnsna.info udp
US 8.8.8.8:53 hnehqqwwrs.net udp
US 8.8.8.8:53 qppamspwhs.info udp
US 8.8.8.8:53 weeqshswms.in udp
US 8.8.8.8:53 aanparshnh.com udp
NL 77.247.183.153:80 aanparshnh.com tcp
US 8.8.8.8:53 hpeqherars.net udp
US 8.8.8.8:53 nnhhneqnrh.us udp
US 8.8.8.8:53 saanqmaqpn.biz udp
US 8.8.8.8:53 armahmrsaa.com udp
US 8.8.8.8:53 wqahhaqenh.in udp
US 8.8.8.8:53 aharwhphnh.com udp
NL 212.32.237.91:80 aharwhphnh.com tcp
US 8.8.8.8:53 153.183.247.77.in-addr.arpa udp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
US 52.101.42.12:25 outlook-com.olc.protection.outlook.com tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
US 85.187.148.2:25 gzip.org tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.8.51:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 coin.mpg udp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 alt3.gmail-smtp-in.l.google.com udp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
NL 142.251.9.27:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 in2-smtp.messagingengine.com udp
US 64.147.123.51:25 in2-smtp.messagingengine.com tcp
US 8.8.8.8:53 apple.com udp
US 8.8.8.8:53 mx-in-rno.apple.com udp
US 17.179.253.242:25 mx-in-rno.apple.com tcp
US 8.8.8.8:53 pobox.com udp
US 8.8.8.8:53 pb-mx23.pobox.com udp
US 173.228.157.42:25 pb-mx23.pobox.com tcp
US 8.8.8.8:53 mnrepmepar.in udp
SG 34.143.166.163:80 mnrepmepar.in tcp
US 8.8.8.8:53 apqhwmnqrh.com udp
US 8.8.8.8:53 mehsnsamha.in udp
US 8.8.8.8:53 qqpqwehwah.info udp
US 8.8.8.8:53 sqmswpnqws.biz udp
US 8.8.8.8:53 pqarnhhhhn.in udp
US 8.8.8.8:53 hqepnmqewn.net udp
US 8.8.8.8:53 rsrsemnren.org udp
US 216.245.214.85:80 rsrsemnren.org tcp
US 8.8.8.8:53 spewqmspma.biz udp
US 8.8.8.8:53 rahhhqwqqa.org udp
US 8.8.8.8:53 empewsqsqa.ws udp
US 8.8.8.8:53 85.214.245.216.in-addr.arpa udp
US 64.70.19.203:80 empewsqsqa.ws tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 pmnrrneaah.in udp
US 8.8.8.8:53 mnwsnarssr.in udp
US 8.8.8.8:53 rrpnmeawrs.org udp
US 8.8.8.8:53 sermsqqqna.biz udp
US 8.8.8.8:53 rsqsepmwas.org udp
US 8.8.8.8:53 mx01.earthlink-vadesecure.net udp
US 8.8.8.8:53 mqpppnhaes.in udp
US 51.81.61.70:25 mx01.earthlink-vadesecure.net tcp
US 8.8.8.8:53 northcoast.com udp
US 8.8.8.8:53 aqmrnawpan.com udp
US 8.8.8.8:53 mxb-00377f03.gslb.pphosted.com udp
US 8.8.8.8:53 wrnwernreh.in udp
US 8.8.8.8:53 cl.cam.ac.uk udp
US 8.8.8.8:53 aeaqmpsaqa.com udp
US 8.8.8.8:53 mx.cam.ac.uk udp
GB 131.111.8.147:25 mx.cam.ac.uk tcp
US 8.8.8.8:53 src.dec.com udp
US 8.8.8.8:53 whwsqnemsn.in udp
US 8.8.8.8:53 rqeaqeewas.org udp
US 8.8.8.8:53 wqpaamhwrs.in udp
US 205.220.164.130:25 mxb-00377f03.gslb.pphosted.com tcp
US 8.8.8.8:53 reaaheeara.org udp
US 8.8.8.8:53 mnaahmqpqs.in udp
US 8.8.8.8:53 rrhaerswna.org udp
US 8.8.8.8:53 wnhrrnhran.in udp
US 8.8.8.8:53 resrnrrmnn.org udp
US 8.8.8.8:53 mannheraph.in udp
US 8.8.8.8:53 pqnqqqrpmh.in udp
US 8.8.8.8:53 smprehnwhs.biz udp
US 8.8.8.8:53 rhwnqwwnah.org udp
US 8.8.8.8:53 srsersmhsa.biz udp
SG 34.143.245.173:80 srsersmhsa.biz tcp
US 8.8.8.8:53 173.245.143.34.in-addr.arpa udp
US 8.8.8.8:53 neshnhhwss.us udp
US 8.8.8.8:53 mswapwrnan.in udp
US 8.8.8.8:53 ahsppnhrmh.com udp
US 8.8.8.8:53 wmamewnnea.in udp
US 8.8.8.8:53 nhwwheearh.us udp
US 8.8.8.8:53 msqepwamwn.in udp
US 8.8.8.8:53 pmmpmshmsr.in udp
US 8.8.8.8:53 mahwmwnrmn.in udp
US 8.8.8.8:53 aaawpshran.com udp
NL 77.247.183.152:80 aaawpshran.com tcp
US 8.8.8.8:53 smmmwrsqhs.biz udp
US 8.8.8.8:53 pweenawwra.in udp
US 8.8.8.8:53 sqepwsanpn.biz udp
US 8.8.8.8:53 qseerensns.info udp
US 8.8.8.8:53 hnhsehnhpa.net udp
US 8.8.8.8:53 psswwrmraa.in udp
US 8.8.8.8:53 hwhnrpesma.net udp
US 8.8.8.8:53 qmqspqnhwa.info udp
US 8.8.8.8:53 shprahaqrh.biz udp
US 8.8.8.8:53 rmmamheshh.org udp
US 8.8.8.8:53 ennmqsmqna.ws udp
US 64.70.19.203:80 ennmqsmqna.ws tcp
US 8.8.8.8:53 qseahwrsps.info udp
US 8.8.8.8:53 ehrawpsrms.ws udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 64.70.19.203:80 ehrawpsrms.ws tcp
US 8.8.8.8:53 naspqmsmeh.us udp
US 8.8.8.8:53 wwnmhhenpa.in udp
US 8.8.8.8:53 qmrmswrran.info udp
US 8.8.8.8:53 wqeasppnas.in udp
US 8.8.8.8:53 awhhsqness.com udp
US 8.8.8.8:53 eqprsrnprs.ws udp
US 64.70.19.203:80 eqprsrnprs.ws tcp
US 8.8.8.8:53 aaesrmawah.com udp
NL 212.32.237.91:80 aaesrmawah.com tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 theriver.com udp
US 8.8.8.8:53 ismtp.sitestar.everyone.net udp
US 64.29.151.236:25 ismtp.sitestar.everyone.net tcp
US 8.8.8.8:53 bryson.demon.co.uk udp
US 8.8.8.8:53 onlineconnections.com.au udp
US 8.8.8.8:53 onlineconnections.com.au udp
US 192.254.190.168:25 onlineconnections.com.au tcp
US 8.8.8.8:53 openoffice.org udp
US 8.8.8.8:53 mx2-lw-eu.apache.org udp
US 8.8.8.8:53 mx1-lw-eu.apache.org udp
US 8.8.8.8:53 mx1-lw-us.apache.org udp
US 8.8.8.8:53 mx2-lw-us.apache.org udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.9.0:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 nongnu.org udp
US 8.8.8.8:53 eggs.gnu.org udp
US 209.51.188.92:25 eggs.gnu.org tcp
US 209.51.188.92:25 eggs.gnu.org tcp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 kinoho.net udp
US 8.8.8.8:53 aspmx2.googlemail.com udp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
NL 142.250.153.26:25 aspmx2.googlemail.com tcp
US 8.8.8.8:53 riseup.net udp
US 8.8.8.8:53 mx1.riseup.net udp
US 198.252.153.129:25 mx1.riseup.net tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 alt4.gmail-smtp-in.l.google.com udp
SG 74.125.200.26:25 alt4.gmail-smtp-in.l.google.com tcp
SG 74.125.200.26:25 alt4.gmail-smtp-in.l.google.com tcp
NL 142.250.153.26:25 aspmx2.googlemail.com tcp
US 8.8.8.8:53 mx-in-mdn.apple.com udp
US 17.32.222.242:25 mx-in-mdn.apple.com tcp
US 8.8.8.8:53 pb-mx21.pobox.com udp
US 173.228.157.40:25 pb-mx21.pobox.com tcp
US 8.8.8.8:53 mail.ru udp
US 8.8.8.8:53 mxs.mail.ru udp
RU 94.100.180.31:25 mxs.mail.ru tcp
US 8.8.8.8:53 bog.msu.ru udp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 mx02.earthlink-vadesecure.net udp
US 51.81.61.71:25 mx02.earthlink-vadesecure.net tcp
NL 185.183.28.235:25 mxb-00377f01.gslb.pphosted.com tcp
US 8.8.8.8:53 wnaampsmna.in udp
US 8.8.8.8:53 qpnphqawmh.info udp
US 8.8.8.8:53 hmqrapnpsh.net udp
US 8.8.8.8:53 aqsnaasemh.com udp
US 8.8.8.8:53 haswmnsqah.net udp
US 8.8.8.8:53 aeaqnwmhes.com udp
US 8.8.8.8:53 mqsnrenerh.in udp
US 8.8.8.8:53 nspseanhrs.us udp
US 8.8.8.8:53 haaahpspqs.net udp
US 8.8.8.8:53 qppqsasahn.info udp
US 8.8.8.8:53 mnnhnhahmh.in udp
US 8.8.8.8:53 nwrrpeshhn.us udp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 wqsrephqms.in udp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 nprhssnrmn.us udp
US 8.8.8.8:53 eqnhphnqms.ws udp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 64.70.19.203:80 eqnhphnqms.ws tcp
US 8.8.8.8:53 neqanhanwn.us udp
SG 34.143.166.163:80 neqanhanwn.us tcp
US 8.8.8.8:53 smrnnmaqra.biz udp
US 8.8.8.8:53 nnnrpsanwh.us udp
US 8.8.8.8:53 wharrewhpn.in udp
US 8.8.8.8:53 qhhnpesehs.info udp
US 8.8.8.8:53 mesrphwwas.in udp
US 8.8.8.8:53 awmmprseha.com udp
US 8.8.8.8:53 weaamsqssa.in udp
US 8.8.8.8:53 rqeaqsqpsr.org udp
US 8.8.8.8:53 wrmqnnrqmh.in udp
US 8.8.8.8:53 npmpsewraa.us udp
US 8.8.8.8:53 whqrmqmnrs.in udp
US 8.8.8.8:53 nwqsnneawh.us udp
US 8.8.8.8:53 smwrehrsph.biz udp
US 8.8.8.8:53 qrmhwrwwmn.info udp
US 8.8.8.8:53 sprpmpqasn.biz udp
US 8.8.8.8:53 apmeppqwqh.com udp
US 8.8.8.8:53 wqpeaenphs.in udp
US 8.8.8.8:53 awqqrwmwsh.com udp
US 8.8.8.8:53 erphseshhh.ws udp
US 64.70.19.203:80 erphseshhh.ws tcp
US 8.8.8.8:53 nmerqanann.us udp
US 8.8.8.8:53 hpswpmhqah.net udp
US 8.8.8.8:53 psqesnmpph.in udp
US 8.8.8.8:53 hwnwwhmapa.net udp
US 8.8.8.8:53 nerrawwees.us udp
US 8.8.8.8:53 smqnsaanqs.biz udp
US 8.8.8.8:53 pehawnswha.in udp
US 8.8.8.8:53 wsmsannrsr.in udp
US 8.8.8.8:53 pnmhpsaqwn.in udp
US 8.8.8.8:53 wpraeqahma.in udp
US 8.8.8.8:53 napenhsmha.us udp
US 8.8.8.8:53 manrhhmrsn.in udp
US 8.8.8.8:53 rqsepprwmh.org udp
US 8.8.8.8:53 wnrphnsawn.in udp
US 8.8.8.8:53 npeewrpmsh.us udp
US 8.8.8.8:53 spmpesqama.biz udp
US 8.8.8.8:53 rpwrwpqmrs.org udp
US 8.8.8.8:53 smspppawmn.biz udp
US 8.8.8.8:53 pmrqmemawa.in udp
US 8.8.8.8:53 wmphheprha.in udp
US 8.8.8.8:53 prmaahsmqs.in udp
US 8.8.8.8:53 emhmmwaasa.ws udp
US 64.70.19.203:80 emhmmwaasa.ws tcp
US 8.8.8.8:53 pehprrmnns.in udp
US 8.8.8.8:53 hwenrqmmmh.net udp
US 8.8.8.8:53 nhamrnqsps.us udp
US 8.8.8.8:53 wpnermpasr.in udp
US 8.8.8.8:53 nnhssqsasr.us udp
US 8.8.8.8:53 mnmrweahpn.in udp
US 8.8.8.8:53 nhseewhaps.us udp
US 8.8.8.8:53 msaemqshmh.in udp
US 8.8.8.8:53 aewnhwwpwa.com udp
US 8.8.8.8:53 snarawppsr.biz udp
US 8.8.8.8:53 qsaqhnrwwn.info udp
US 8.8.8.8:53 swqrheamea.biz udp
US 8.8.8.8:53 aeaqppqhqs.com udp
US 8.8.8.8:53 mpnssapaws.in udp
US 8.8.8.8:53 rnehrmnwqa.org udp
US 8.8.8.8:53 wnnqnrwqea.in udp
US 8.8.8.8:53 qnmmhnspwn.info udp
US 8.8.8.8:53 wwaqpenhnn.in udp
US 8.8.8.8:53 rnrnqqawqs.org udp
US 8.8.8.8:53 mmmphaeann.in udp
US 8.8.8.8:53 aweqaesrms.com udp
US 8.8.8.8:53 hswwqmmseh.net udp
US 8.8.8.8:53 qhqqqnerss.info udp
US 8.8.8.8:53 wnnempshra.in udp
US 8.8.8.8:53 qnhwpqaans.info udp
US 171.64.64.64:25 cs.stanford.edu tcp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 mpmhhhprnn.in udp
US 8.8.8.8:53 qhwqwrpwnn.info udp
US 8.8.8.8:53 mhaewrqnps.in udp
US 8.8.8.8:53 psqeppnaha.in udp
US 8.8.8.8:53 maanhsqens.in udp
US 8.8.8.8:53 qsspraneas.info udp
US 8.8.8.8:53 msprmhpesa.in udp
US 8.8.8.8:53 nrmwqewpnn.us udp
US 8.8.8.8:53 sphpehqmsh.biz udp
US 8.8.8.8:53 nwrrsharmn.us udp
US 8.8.8.8:53 wnhpqrweas.in udp
US 8.8.8.8:53 rmmwpwhapn.org udp
US 8.8.8.8:53 hharwnqhha.net udp
US 8.8.8.8:53 rrqmmwahna.org udp
US 8.8.8.8:53 ssapaqsepa.biz udp
US 8.8.8.8:53 qqewasnrnr.info udp
US 8.8.8.8:53 mnpsepswhs.in udp
US 8.8.8.8:53 rammaswpsh.org udp
US 8.8.8.8:53 ssmrnmspws.biz udp
US 8.8.8.8:53 resmarqarn.org udp
US 8.8.8.8:53 mapasaqear.in udp
US 8.8.8.8:53 qsepnwpmna.info udp
US 64.70.19.203:80 emhmmwaasa.ws tcp
US 8.8.8.8:53 qrrmswemps.info udp
US 8.8.8.8:53 hhsmeanamh.net udp
US 8.8.8.8:53 qeraempash.info udp
US 8.8.8.8:53 wrpeasspnn.in udp
US 8.8.8.8:53 amqwpwewrs.com udp
US 8.8.8.8:53 hewamrprrs.net udp
US 8.8.8.8:53 nsneerhwrs.us udp
US 8.8.8.8:53 wphhpmahqs.in udp
US 8.8.8.8:53 nqrreahqrh.us udp
US 8.8.8.8:53 hhwhmwmaws.net udp
US 8.8.8.8:53 rphpaspqar.org udp
US 8.8.8.8:53 hrwswapann.net udp
US 8.8.8.8:53 awharshhrh.com udp
US 8.8.8.8:53 sqmmqqssea.biz udp
US 8.8.8.8:53 rrnpamehwa.org udp
US 8.8.8.8:53 ehnwnaqnss.ws udp
US 64.70.19.203:80 ehnwnaqnss.ws tcp
US 8.8.8.8:53 rwmswamheh.org udp
US 8.8.8.8:53 wwaprrwnwa.in udp
US 8.8.8.8:53 rrseshrqsn.org udp
US 8.8.8.8:53 hqremeeheh.net udp
US 8.8.8.8:53 aspamphaqh.com udp
NL 212.32.237.92:80 aspamphaqh.com tcp
US 8.8.8.8:53 wereqmsnwh.in udp
US 8.8.8.8:53 nwspmnannr.us udp
US 8.8.8.8:53 swwmpphesa.biz udp
US 8.8.8.8:53 peerrrehen.in udp
US 8.8.8.8:53 sreeshwpmh.biz udp
US 8.8.8.8:53 rnnnpannna.org udp
US 8.8.8.8:53 emqewenpsh.ws udp
US 64.70.19.203:80 emqewenpsh.ws tcp
US 8.8.8.8:53 penpnnehwa.in udp
US 8.8.8.8:53 mnwqmqhrsh.in udp
US 8.8.8.8:53 qhnhqesmnn.info udp
US 8.8.8.8:53 wnnnqwpeea.in udp
US 8.8.8.8:53 rmpmspqhph.org udp
US 8.8.8.8:53 mrwpmwnnra.in udp
US 8.8.8.8:53 nwaahharmh.us udp
US 8.8.8.8:53 92.237.32.212.in-addr.arpa udp
US 8.8.8.8:53 meseewppah.in udp
US 8.8.8.8:53 rswnmhhsrh.org udp
US 8.8.8.8:53 ersaenrnwh.ws udp
US 64.70.19.203:80 ersaenrnwh.ws tcp
SG 74.125.200.26:25 alt4.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 qsswqemmws.info udp
US 8.8.8.8:53 wnarpnqaqh.in udp
US 8.8.8.8:53 rmqsrpsqes.org udp
US 8.8.8.8:53 henwwsahhh.net udp
US 8.8.8.8:53 ansenhrann.com udp
US 8.8.8.8:53 wpaeaapwhh.in udp
US 8.8.8.8:53 rshesmeshs.org udp
US 8.8.8.8:53 wsnnneaqws.in udp
US 8.8.8.8:53 rnsmmparph.org udp
US 8.8.8.8:53 hnemspmeaa.net udp
US 8.8.8.8:53 ahqnaqpwps.com udp
US 8.8.8.8:53 sasspmseas.biz udp
US 8.8.8.8:53 arqsarmwna.com udp
US 8.8.8.8:53 eernsaepaa.ws udp
US 64.70.19.203:80 eernsaepaa.ws tcp
US 8.8.8.8:53 qpwsqahpaa.info udp
US 8.8.8.8:53 whhanasrsa.in udp
US 8.8.8.8:53 aqpanwnraa.com udp
US 8.8.8.8:53 wrshrprwrh.in udp
US 8.8.8.8:53 rhmwsseqea.org udp
US 8.8.8.8:53 enwqmeawna.ws udp
US 64.70.19.203:80 enwqmeawna.ws tcp
US 8.8.8.8:53 pnhhenwapn.in udp
US 8.8.8.8:53 eepswnahha.ws udp
US 64.70.19.203:80 eepswnahha.ws tcp
US 8.8.8.8:53 qpmsqhrrph.info udp
US 8.8.8.8:53 srppwarhna.biz udp
US 8.8.8.8:53 annsqehena.com udp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 aspmx3.googlemail.com udp
US 8.8.8.8:53 emhsphwesn.ws udp
NL 142.251.9.26:25 aspmx3.googlemail.com tcp
US 64.70.19.203:80 emhsphwesn.ws tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 ameeqsrswn.com udp
US 8.8.8.8:53 wmseshpmmn.in udp
US 8.8.8.8:53 rqrmqhmhrn.org udp
US 8.8.8.8:53 eerrwwharh.ws udp
US 64.70.19.203:80 eerrwwharh.ws tcp
US 8.8.8.8:53 nqhaaprhns.us udp
US 8.8.8.8:53 hwrsqmqpra.net udp
US 8.8.8.8:53 areqrwqrrs.com udp
US 8.8.8.8:53 hprhanepes.net udp
US 8.8.8.8:53 rmrrsspwmn.org udp
US 8.8.8.8:53 hwwpqshqsh.net udp
US 8.8.8.8:53 anwqphnwsr.com udp
US 8.8.8.8:53 emppqmsmeh.ws udp
US 64.70.19.203:80 emppqmsmeh.ws tcp
US 8.8.8.8:53 naqwahersn.us udp
US 8.8.8.8:53 mrnaepehws.in udp
US 8.8.8.8:53 apmapqesma.com udp
US 8.8.8.8:53 msaphmnwqn.in udp
US 8.8.8.8:53 asmseshqqh.com udp
US 8.8.8.8:53 enweeeamwn.ws udp
US 64.70.19.203:80 enweeeamwn.ws tcp
US 8.8.8.8:53 nmmwwmapwh.us udp
US 8.8.8.8:53 shnnmahqps.biz udp
US 8.8.8.8:53 nppsaeheqa.us udp
US 8.8.8.8:53 whesepqran.in udp
US 8.8.8.8:53 qmemqhsnnn.info udp
US 8.8.8.8:53 ssqsqrapws.biz udp
US 8.8.8.8:53 eanhsaqhea.ws udp
US 64.70.19.203:80 eanhsaqhea.ws tcp
SG 74.125.200.26:25 alt4.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 appqeqnems.com udp
US 8.8.8.8:53 seswqasrqa.biz udp
US 8.8.8.8:53 qpshhqhwes.info udp
US 8.8.8.8:53 hhpeepnqen.net udp
US 8.8.8.8:53 alt1.gmail-smtp-in.l.google.com udp
NL 142.250.153.27:25 alt1.gmail-smtp-in.l.google.com tcp
NL 142.250.153.27:25 alt1.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 nsnnpnwaas.us udp
US 8.8.8.8:53 msprnqrwph.in udp
US 8.8.8.8:53 pwqahwmman.in udp
US 8.8.8.8:53 hmqerwpasr.net udp
US 8.8.8.8:53 rqnamprpen.org udp
US 8.8.8.8:53 hrmsapnrsh.net udp
NL 142.251.9.26:25 aspmx3.googlemail.com tcp
US 8.8.8.8:53 pmnpresenh.in udp
US 8.8.8.8:53 hewrsrsppn.net udp
US 8.8.8.8:53 rrqeqssnnn.org udp
US 8.8.8.8:53 emsewqmmes.ws udp
US 64.70.19.203:80 emsewqmmes.ws tcp
US 8.8.8.8:53 mx-in.g.apple.com udp
NL 17.57.165.2:25 mx-in.g.apple.com tcp
US 8.8.8.8:53 pb-mx9.pobox.com udp
US 8.8.8.8:53 ahapqmnhas.com udp
US 64.147.108.50:25 pb-mx9.pobox.com tcp
US 8.8.8.8:53 mpemmhsqsn.in udp
US 8.8.8.8:53 pqeherrhph.in udp
US 8.8.8.8:53 sharnammaa.biz udp
US 8.8.8.8:53 qamepsmnas.info udp
US 8.8.8.8:53 enrraehrsh.ws udp
US 64.70.19.203:80 enrraehrsh.ws tcp
US 8.8.8.8:53 arewnhrnaa.com udp
US 8.8.8.8:53 ehaqewaqps.ws udp
US 64.70.19.203:80 ehaqewaqps.ws tcp
US 8.8.8.8:53 pesennwhnh.in udp
US 8.8.8.8:53 mrhqqnanah.in udp
US 8.8.8.8:53 nmseqphmhh.us udp
US 8.8.8.8:53 hnnmpsppmh.net udp
US 8.8.8.8:53 qnnwqqppwn.info udp
US 8.8.8.8:53 mpqarnhrnr.in udp
US 8.8.8.8:53 aqrawwnmms.com udp
US 8.8.8.8:53 ehahhnqhss.ws udp
US 64.70.19.203:80 ehahhnqhss.ws tcp
US 8.8.8.8:53 pmmhmqwera.in udp
US 8.8.8.8:53 hmqaqmqspn.net udp
US 8.8.8.8:53 pnmahaespa.in udp
US 8.8.8.8:53 smwwrrrhms.biz udp
US 8.8.8.8:53 pmnwarsrwa.in udp
US 8.8.8.8:53 mappwehqps.in udp
US 8.8.8.8:53 rpqempansh.org udp
US 8.8.8.8:53 hqhmnspaar.net udp
US 8.8.8.8:53 phnwhmnrsn.in udp
US 8.8.8.8:53 hwspeqapnh.net udp
US 8.8.8.8:53 qeqeqaewss.info udp
US 8.8.8.8:53 mseqnhhqhh.in udp
US 8.8.8.8:53 peanqrsren.in udp
US 8.8.8.8:53 hwrsapwasa.net udp
US 8.8.8.8:53 aqnweawssr.com udp
US 8.8.8.8:53 hneamnqahh.net udp
US 8.8.8.8:53 nrmahhweqa.us udp
US 8.8.8.8:53 hwwaprspps.net udp
US 8.8.8.8:53 qhshnrramn.info udp
US 8.8.8.8:53 wpnaaeqnan.in udp
US 8.8.8.8:53 pmpqnarqrs.in udp
US 8.8.8.8:53 aqnnneqwma.com udp
US 8.8.8.8:53 ehqweqawrh.ws udp
US 64.70.19.203:80 ehqweqawrh.ws tcp
US 8.8.8.8:53 qrnaswnssa.info udp
US 8.8.8.8:53 wmwawqmqes.in udp
US 8.8.8.8:53 rqnnwawhsr.org udp
US 8.8.8.8:53 seepaemswn.biz udp
US 8.8.8.8:53 qawhanhsqs.info udp
US 8.8.8.8:53 wwhwanrqas.in udp
US 8.8.8.8:53 nmansrqqqs.us udp
US 8.8.8.8:53 ssnhahnhns.biz udp
US 8.8.8.8:53 qnwehaerrs.info udp
US 8.8.8.8:53 sphwrpeers.biz udp
US 8.8.8.8:53 qsaqsmnsps.info udp
US 8.8.8.8:53 hnawqnhnas.net udp
US 8.8.8.8:53 rwpeewmqqh.org udp
US 8.8.8.8:53 eqaeerwhsa.ws udp
US 64.70.19.203:80 eqaeerwhsa.ws tcp
US 8.8.8.8:53 nhsprshans.us udp
US 8.8.8.8:53 eewarqnnma.ws udp
US 64.70.19.203:80 eewarqnnma.ws tcp
US 8.8.8.8:53 npennqeqph.us udp
SG 74.125.200.26:25 alt4.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 wmmhpanmwn.in udp
US 8.8.8.8:53 rqnnnhnswa.org udp
SG 74.125.200.26:25 alt4.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 swranwpqms.biz udp
US 8.8.8.8:53 qnpperpswn.info udp
SG 74.125.200.26:25 alt4.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 heewphswhn.net udp
US 8.8.8.8:53 qmewrwsnas.info udp
US 8.8.8.8:53 hraqqnspnr.net udp
US 8.8.8.8:53 pesqmansns.in udp
US 8.8.8.8:53 wwpehampsa.in udp
US 8.8.8.8:53 nmhemmwehn.us udp
US 8.8.8.8:53 sshennesha.biz udp
US 8.8.8.8:53 nqhhsaaern.us udp
US 8.8.8.8:53 eamqmmwmqh.ws udp
US 64.70.19.203:80 eamqmmwmqh.ws tcp
US 8.8.8.8:53 mx03.earthlink-vadesecure.net udp
US 51.81.232.218:25 mx03.earthlink-vadesecure.net tcp
US 8.8.8.8:53 qsmnmrwsmh.info udp
US 8.8.8.8:53 mephhnnhea.in udp
US 8.8.8.8:53 mxa-00377f01.gslb.pphosted.com udp
US 8.8.8.8:53 awprrphqnh.com udp
US 8.8.8.8:53 wshamwpsas.in udp
US 8.8.8.8:53 rpwmemprph.org udp
US 8.8.8.8:53 esqarawrar.ws udp
US 64.70.19.203:80 esqarawrar.ws tcp
NL 185.183.28.235:25 mxa-00377f01.gslb.pphosted.com tcp
US 8.8.8.8:53 pepprpwpwn.in udp
US 8.8.8.8:53 raphrpmhws.org udp
US 8.8.8.8:53 psmsmewsra.in udp
US 8.8.8.8:53 enshqmhpnr.ws udp
US 64.70.19.203:80 enshqmhpnr.ws tcp
US 8.8.8.8:53 pppwpqshhn.in udp
US 8.8.8.8:53 wnwmwqhahn.in udp
US 8.8.8.8:53 npnmprmpph.us udp
US 8.8.8.8:53 wmrhsrhqas.in udp
US 8.8.8.8:53 aqnnhnhpah.com udp
US 8.8.8.8:53 mwsprmmhqs.in udp
US 8.8.8.8:53 nqqrasnwea.us udp
US 8.8.8.8:53 heqaeewwhh.net udp
US 8.8.8.8:53 aqeearhspa.com udp
US 8.8.8.8:53 swarwspmnn.biz udp
US 8.8.8.8:53 aenpwqnewa.com udp
US 8.8.8.8:53 spqwapwnnn.biz udp
US 8.8.8.8:53 qswnmramsn.info udp
US 8.8.8.8:53 wrehrranaa.in udp
US 8.8.8.8:53 amsppahpwa.com udp
US 8.8.8.8:53 snpnaqhrsr.biz udp
US 8.8.8.8:53 aapnwqnhrn.com udp
US 8.8.8.8:53 ewmnqnmwan.ws udp
US 64.70.19.203:80 ewmnqnmwan.ws tcp
US 8.8.8.8:53 amrsaaqpwn.com udp
US 8.8.8.8:53 weanrnaqwh.in udp
US 8.8.8.8:53 nsawwaphwa.us udp
US 8.8.8.8:53 emwheannhh.ws udp
US 64.70.19.203:80 emwheannhh.ws tcp
US 8.8.8.8:53 pwrerrnqas.in udp
US 8.8.8.8:53 epnnrsrarn.ws udp
US 64.70.19.203:80 epnnrsrarn.ws tcp
US 8.8.8.8:53 nwrrwswwws.us udp
US 8.8.8.8:53 esqrnwqsnn.ws udp
US 64.70.19.203:80 esqrnwqsnn.ws tcp
US 8.8.8.8:53 qphemerhas.info udp
US 8.8.8.8:53 hswspwsspa.net udp
US 8.8.8.8:53 meqhpmhmea.in udp
US 8.8.8.8:53 pmmsqhnmsa.in udp
US 8.8.8.8:53 apanmrhshh.com udp
US 8.8.8.8:53 shnhwnewea.biz udp
US 8.8.8.8:53 ampenaanhh.com udp
US 8.8.8.8:53 maaawspars.in udp
US 8.8.8.8:53 ranhpmarar.org udp
US 8.8.8.8:53 emwwrarqha.ws udp
US 64.70.19.203:80 emwwrarqha.ws tcp
SG 74.125.200.26:25 alt4.gmail-smtp-in.l.google.com tcp
SG 74.125.200.26:25 alt4.gmail-smtp-in.l.google.com tcp
SG 74.125.200.26:25 alt4.gmail-smtp-in.l.google.com tcp
SG 74.125.200.26:25 alt4.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 qrpepmpsqh.info udp
US 8.8.8.8:53 aqswrhraen.com udp
US 8.8.8.8:53 wpqhmwsrna.in udp
US 8.8.8.8:53 qnqsehaesr.info udp
US 8.8.8.8:53 mpamqpneha.in udp
US 8.8.8.8:53 pqrwawspsn.in udp
US 8.8.8.8:53 wnnmesmsss.in udp
US 8.8.8.8:53 ahrahaqwra.com udp
US 8.8.8.8:53 wssahppnnr.in udp
US 8.8.8.8:53 anhaqwwnqn.com udp
US 8.8.8.8:53 hahnrssrea.net udp
US 8.8.8.8:53 nppanemqas.us udp
US 8.8.8.8:53 hewmeqamwn.net udp
US 8.8.8.8:53 qeeenerrpa.info udp
US 8.8.8.8:53 esmpempawa.ws udp
US 64.70.19.203:80 esmpempawa.ws tcp
US 8.8.8.8:53 ahnapewnnr.com udp
US 8.8.8.8:53 mamnwwhnma.in udp
US 8.8.8.8:53 shaepneans.biz udp
US 8.8.8.8:53 nrqwnessqs.us udp
US 8.8.8.8:53 wwsanenrmn.in udp
US 8.8.8.8:53 nwheressha.us udp
US 8.8.8.8:53 hprhsmnnws.net udp
US 8.8.8.8:53 rwmqwnsshn.org udp
US 8.8.8.8:53 whneqhpsas.in udp
US 8.8.8.8:53 pnhmahwqqa.in udp
US 8.8.8.8:53 smwhamesen.biz udp
US 8.8.8.8:53 rwrwermwqh.org udp
US 8.8.8.8:53 sarmnsssmh.biz udp
US 8.8.8.8:53 qswwrwqpmh.info udp
US 8.8.8.8:53 eseqrmaenr.ws udp
US 64.70.19.203:80 eseqrmaenr.ws tcp
US 8.8.8.8:53 renwrraqwh.org udp
US 8.8.8.8:53 heawmssmmn.net udp
US 8.8.8.8:53 pnewmrenmh.in udp
US 8.8.8.8:53 qnpahamppa.info udp
US 8.8.8.8:53 wenrpewrns.in udp
US 8.8.8.8:53 rqmsapshhn.org udp
US 8.8.8.8:53 haqnwrwanh.net udp
US 8.8.8.8:53 repwwesnsa.org udp
US 8.8.8.8:53 erqapnnnsa.ws udp
US 64.70.19.203:80 erqapnnnsa.ws tcp
US 8.8.8.8:53 wrnsqqsapa.in udp
US 8.8.8.8:53 phsmawqpnr.in udp
US 8.8.8.8:53 mqwhwwhmnh.in udp
US 8.8.8.8:53 ppmshwhmas.in udp
US 8.8.8.8:53 ehaqhwhash.ws udp
US 64.70.19.203:80 ehaqhwhash.ws tcp
US 8.8.8.8:53 phaqmpewpn.in udp
US 8.8.8.8:53 hsrqnswssh.net udp
US 8.8.8.8:53 ehwmnhehps.ws udp
US 64.70.19.203:80 ehwmnhehps.ws tcp
US 8.8.8.8:53 nrrnemnhsh.us udp
US 8.8.8.8:53 easeqasarn.ws udp
US 64.70.19.203:80 easeqasarn.ws tcp
US 8.8.8.8:53 aasmssahqh.com udp
US 8.8.8.8:53 wqphsphnah.in udp
US 8.8.8.8:53 nrsnhnqrwn.us udp
US 8.8.8.8:53 mahpnnnnwa.in udp
US 8.8.8.8:53 newrnpprrn.us udp
US 8.8.8.8:53 espnmpssma.ws udp
US 64.70.19.203:80 espnmpssma.ws tcp
SG 74.125.200.26:25 alt4.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 nnmspempsn.us udp
US 8.8.8.8:53 epsqserasa.ws udp
SG 74.125.200.26:25 alt4.gmail-smtp-in.l.google.com tcp
US 64.70.19.203:80 epsqserasa.ws tcp
US 8.8.8.8:53 pqpqsrqqsh.in udp
US 8.8.8.8:53 shmamphrhh.biz udp
US 8.8.8.8:53 ahpmsahsns.com udp
US 8.8.8.8:53 mawmwpeqaa.in udp
US 8.8.8.8:53 eeqhsaqaar.ws udp
US 64.70.19.203:80 eeqhsaqaar.ws tcp
US 8.8.8.8:53 pensqnwqhn.in udp
US 8.8.8.8:53 enamqnheha.ws udp
US 64.70.19.203:80 enamqnheha.ws tcp
US 8.8.8.8:53 ppmqrneqsn.in udp
US 8.8.8.8:53 wawehaahsr.in udp
US 8.8.8.8:53 pshrpnawen.in udp
US 8.8.8.8:53 heqshremqa.net udp
US 8.8.8.8:53 nsheqhapms.us udp
US 8.8.8.8:53 haewsaaqqn.net udp
US 8.8.8.8:53 npapaenran.us udp
US 8.8.8.8:53 mpprmpsqpa.in udp
US 8.8.8.8:53 rqhsashwmn.org udp
US 8.8.8.8:53 rhmqehsppa.org udp
US 8.8.8.8:53 sqnsrnemas.biz udp
US 8.8.8.8:53 aanpaeawwn.com udp
US 8.8.8.8:53 smmmrhewws.biz udp
US 8.8.8.8:53 nqhqqhrqps.us udp
US 8.8.8.8:53 mnwwnewear.in udp
US 8.8.8.8:53 rqwppsrasr.org udp
US 8.8.8.8:53 ewnsmprwhn.ws udp
US 64.70.19.203:80 ewnsmprwhn.ws tcp
US 8.8.8.8:53 pwqsnampra.in udp
US 8.8.8.8:53 wemsweenhh.in udp
US 8.8.8.8:53 aparnqamah.com udp
US 8.8.8.8:53 mhqahpwnra.in udp
US 8.8.8.8:53 qnpwhpeqsa.info udp
US 8.8.8.8:53 weqerspwha.in udp
US 8.8.8.8:53 neaqnrsqsn.us udp
US 8.8.8.8:53 wphphsphqa.in udp
US 8.8.8.8:53 hsqhrewmpn.net udp
US 8.8.8.8:53 prpmpnswns.in udp
US 8.8.8.8:53 wppnssqsah.in udp
US 8.8.8.8:53 qampamrera.info udp
US 8.8.8.8:53 wwwssrshns.in udp
US 8.8.8.8:53 nmnsrempqh.us udp
US 8.8.8.8:53 hpahmaqrmh.net udp
US 8.8.8.8:53 awqaawwapa.com udp
US 8.8.8.8:53 wwnphpphen.in udp
US 8.8.8.8:53 aprnwrarwa.com udp
US 8.8.8.8:53 ssepaphsqa.biz udp
US 8.8.8.8:53 ahsnaranma.com udp
US 8.8.8.8:53 mpaammrehs.in udp
US 8.8.8.8:53 rqwesqasar.org udp
US 8.8.8.8:53 msrppaswra.in udp
US 8.8.8.8:53 npsnrhammn.us udp
US 8.8.8.8:53 mnnsneeaqn.in udp
US 8.8.8.8:53 newmshsrhs.us udp
US 8.8.8.8:53 wraeeqmnsr.in udp
US 8.8.8.8:53 ahhamhnsha.com udp
US 8.8.8.8:53 srqnnhnnwh.biz udp
US 8.8.8.8:53 pnqsresqws.in udp
US 8.8.8.8:53 mwmssmhqsr.in udp
US 8.8.8.8:53 rhmeahqrps.org udp
US 8.8.8.8:53 hhweswmmrn.net udp
US 8.8.8.8:53 nhpnqanpea.us udp
US 8.8.8.8:53 hrhwawqnra.net udp
US 8.8.8.8:53 nprrahwsah.us udp
US 8.8.8.8:53 enpneqrsmh.ws udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 64.70.19.203:80 enpneqrsmh.ws tcp
DE 172.217.16.202:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 apmrewppps.com udp
US 8.8.8.8:53 wphnnasmrh.in udp
US 8.8.8.8:53 rsahhqmqps.org udp
US 8.8.8.8:53 wmemnnpana.in udp
US 8.8.8.8:53 prrhqahnea.in udp
US 8.8.8.8:53 202.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 mwaernmmsh.in udp
US 8.8.8.8:53 pmqpmpneps.in udp
US 8.8.8.8:53 heeswwpwqn.net udp
US 8.8.8.8:53 raawwneapn.org udp
US 8.8.8.8:53 smrrserhqa.biz udp
NL 142.250.153.27:25 alt1.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 qnepwsrnwh.info udp
US 8.8.8.8:53 mnrehawrpn.in udp
US 8.8.8.8:53 prrqhssnsh.in udp
US 8.8.8.8:53 mhqaamphas.in udp
US 8.8.8.8:53 aspspewaah.com udp
US 8.8.8.8:53 hehhspanwh.net udp
US 8.8.8.8:53 ppesapmqan.in udp
US 8.8.8.8:53 wrwmwpeswh.in udp
US 8.8.8.8:53 amhrrwqhms.com udp
US 8.8.8.8:53 hhhrqmqqma.net udp
US 8.8.8.8:53 rrhnpasnqn.org udp
US 8.8.8.8:53 ahhnapmnmn.com udp
US 8.8.8.8:53 spqmqashas.biz udp
US 8.8.8.8:53 annaqmwarh.com udp
US 8.8.8.8:53 ewpnhhpasn.ws udp
US 64.70.19.203:80 ewpnhhpasn.ws tcp
US 8.8.8.8:53 rennrwmenh.org udp
US 8.8.8.8:53 weehmpmass.in udp
US 8.8.8.8:53 qsqhhnrqwa.info udp
US 8.8.8.8:53 hrhwrpmeeh.net udp
US 8.8.8.8:53 qawnhpqqah.info udp
US 8.8.8.8:53 eawmerrpmn.ws udp
US 64.70.19.203:80 eawmerrpmn.ws tcp
US 8.8.8.8:53 rpqwnmaaqh.org udp
US 8.8.8.8:53 essqsswrsn.ws udp
US 64.70.19.203:80 essqsswrsn.ws tcp
US 8.8.8.8:53 pwawwppwns.in udp
US 8.8.8.8:53 sassshseqa.biz udp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
BE 74.125.133.26:25 aspmx.l.google.com tcp
US 8.8.8.8:53 qspsrhrqps.info udp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 hrwnapreps.net udp
US 8.8.8.8:53 ahwasrhnhn.com udp
US 8.8.8.8:53 erherhnnah.ws udp
US 64.70.19.203:80 erherhnnah.ws tcp
US 8.8.8.8:53 qsesrasmsn.info udp
US 8.8.8.8:53 emwqmqpwmn.ws udp
US 64.70.19.203:80 emwqmqpwmn.ws tcp
US 8.8.8.8:53 namshseews.us udp
US 8.8.8.8:53 hmaeaehswh.net udp
US 8.8.8.8:53 aqhwawehqa.com udp
US 8.8.8.8:53 hawnmerswa.net udp
US 8.8.8.8:53 qqrqwmmmes.info udp
US 8.8.8.8:53 mqmnwpmpnr.in udp
US 8.8.8.8:53 prsrqqmhmh.in udp
US 8.8.8.8:53 wnrswshrwn.in udp
US 8.8.8.8:53 qpnhwwssnr.info udp
US 8.8.8.8:53 eaqqqmmhpa.ws udp
US 64.70.19.203:80 eaqqqmmhpa.ws tcp
US 8.8.8.8:53 nwqwenpnrs.us udp
US 8.8.8.8:53 msmphpwhsr.in udp
US 8.8.8.8:53 rseehqahnh.org udp
US 8.8.8.8:53 hhnsqemhwh.net udp
US 8.8.8.8:53 nepephness.us udp
US 8.8.8.8:53 hqmwhsahwa.net udp
US 8.8.8.8:53 nqpqppamsr.us udp
US 8.8.8.8:53 ensmshenqn.ws udp
US 64.70.19.203:80 ensmshenqn.ws tcp
US 8.8.8.8:53 rrmqmaaesa.org udp
US 8.8.8.8:53 haewaanppn.net udp
US 8.8.8.8:53 rshsppenas.org udp
US 8.8.8.8:53 eaerrqensa.ws udp
US 64.70.19.203:80 eaerrqensa.ws tcp
NL 142.250.153.27:25 alt1.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 aspmx4.googlemail.com udp
US 8.8.8.8:53 rnmwwaqmna.org udp
US 8.8.8.8:53 mx-in-vib.apple.com udp
US 17.57.170.2:25 mx-in-vib.apple.com tcp
US 8.8.8.8:53 pb-mx10.pobox.com udp
US 64.147.108.51:25 pb-mx10.pobox.com tcp
US 8.8.8.8:53 hapawmwmar.net udp
US 8.8.8.8:53 sashnwqrwn.biz udp
US 8.8.8.8:53 rreswmsmps.org udp
US 8.8.8.8:53 ewhqmmwsws.ws udp
US 64.70.19.203:80 ewhqmmwsws.ws tcp
US 8.8.8.8:53 aermrwmqph.com udp
US 8.8.8.8:53 wmapqhmssa.in udp
US 8.8.8.8:53 nmpnprhswn.us udp
US 8.8.8.8:53 smpnmwsaea.biz udp
US 8.8.8.8:53 npeewwarns.us udp
US 8.8.8.8:53 hhwsrwareh.net udp
US 8.8.8.8:53 arawanmhns.com udp
US 8.8.8.8:53 seseprhaar.biz udp
US 8.8.8.8:53 phwamawwqn.in udp
US 8.8.8.8:53 enppmhawas.ws udp
US 64.70.19.203:80 enppmhawas.ws tcp
NL 142.250.153.27:25 alt1.gmail-smtp-in.l.google.com tcp
NL 142.250.153.27:25 alt1.gmail-smtp-in.l.google.com tcp
NL 142.250.153.27:25 alt1.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 ppssepmeph.in udp
US 8.8.8.8:53 mmnwnhraar.in udp
US 8.8.8.8:53 nrmsesrmnr.us udp
US 8.8.8.8:53 mamnerqras.in udp
US 8.8.8.8:53 pqspneapen.in udp
US 8.8.8.8:53 hpwwpqmspa.net udp
US 8.8.8.8:53 qphwraawma.info udp
US 8.8.8.8:53 mrrpemhems.in udp
US 8.8.8.8:53 mx04.earthlink-vadesecure.net udp
US 8.8.8.8:53 merqhmawrn.in udp
US 147.135.98.120:25 mx04.earthlink-vadesecure.net tcp
US 8.8.8.8:53 qqewnnqnpn.info udp
US 8.8.8.8:53 wshsenmnen.in udp
US 8.8.8.8:53 qsraehrash.info udp
US 8.8.8.8:53 esqhsnqnhh.ws udp
US 64.70.19.203:80 esqhsnqnhh.ws tcp
US 8.8.8.8:53 mxa-00377f03.gslb.pphosted.com udp
US 8.8.8.8:53 qnpmremmqs.info udp
US 205.220.164.130:25 mxa-00377f03.gslb.pphosted.com tcp
US 8.8.8.8:53 mnhrwmprph.in udp
US 8.8.8.8:53 rqmnewwprn.org udp
US 8.8.8.8:53 meqrrhwsar.in udp
US 8.8.8.8:53 nnqwmneamh.us udp
US 8.8.8.8:53 sawqmpawrh.biz udp
US 8.8.8.8:53 rqqneawamn.org udp
US 8.8.8.8:53 hqpmsmmqhn.net udp
US 8.8.8.8:53 awwsrrseps.com udp
US 8.8.8.8:53 hmersnnrnr.net udp
US 8.8.8.8:53 pqpmahwnrh.in udp
US 8.8.8.8:53 swhwsrsnsn.biz udp
US 8.8.8.8:53 phqppnsemn.in udp
US 8.8.8.8:53 mpemsnehhs.in udp
US 8.8.8.8:53 qsnenepeeh.info udp
US 8.8.8.8:53 hpehrqqwhs.net udp
US 8.8.8.8:53 npapqswnrh.us udp
US 8.8.8.8:53 saawwnphhn.biz udp
US 8.8.8.8:53 pqanneaawa.in udp
FI 142.250.150.26:25 aspmx4.googlemail.com tcp
US 8.8.8.8:53 mwspsmnhss.in udp
US 8.8.8.8:53 pemepmmnps.in udp
US 8.8.8.8:53 hhesspmesh.net udp
US 8.8.8.8:53 qspwnmrswh.info udp
US 8.8.8.8:53 mhppnwqqnn.in udp
US 8.8.8.8:53 napmshrrsn.us udp
US 8.8.8.8:53 nmqsamersa.us udp
NL 142.250.153.27:25 alt1.gmail-smtp-in.l.google.com tcp
NL 142.250.153.27:25 alt1.gmail-smtp-in.l.google.com tcp
NL 142.250.153.27:25 alt1.gmail-smtp-in.l.google.com tcp
NL 142.250.153.27:25 alt1.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 mmremmqmhh.in udp
US 8.8.8.8:53 reasesnwha.org udp
US 8.8.8.8:53 epaqmphans.ws udp
US 64.70.19.203:80 epaqmphans.ws tcp
US 8.8.8.8:53 arnnmepqha.com udp
US 8.8.8.8:53 msmhnmpnna.in udp
US 8.8.8.8:53 pweqwqsass.in udp
US 8.8.8.8:53 sarsaspqpn.biz udp
US 8.8.8.8:53 ranewserph.org udp
US 8.8.8.8:53 seanwasrma.biz udp
US 8.8.8.8:53 reqsanwqnr.org udp
US 8.8.8.8:53 mnrqnwseen.in udp
US 8.8.8.8:53 aqwqhaahaa.com udp
US 8.8.8.8:53 wpraeewhna.in udp
US 8.8.8.8:53 aenqasrqsn.com udp
US 8.8.8.8:53 mpasqqpswh.in udp
US 8.8.8.8:53 nepsmnewes.us udp
US 8.8.8.8:53 eespammpws.ws udp
US 64.70.19.203:80 eespammpws.ws tcp
US 8.8.8.8:53 ahrrspqpan.com udp
US 8.8.8.8:53 hwmmehnaas.net udp
US 8.8.8.8:53 qspqphwpss.info udp
US 8.8.8.8:53 msswhhhwwh.in udp
US 8.8.8.8:53 nqhenswhpa.us udp
US 8.8.8.8:53 hmmernwqpa.net udp
US 8.8.8.8:53 aqaeshwenn.com udp
US 8.8.8.8:53 ehqenerswa.ws udp
US 64.70.19.203:80 ehqenerswa.ws tcp
US 8.8.8.8:53 nqrhqwnhqs.us udp
US 8.8.8.8:53 wmememrsmn.in udp
US 8.8.8.8:53 rrwqwwwwph.org udp
US 8.8.8.8:53 smeeeqwasa.biz udp
US 8.8.8.8:53 qpwmpmasps.info udp
US 8.8.8.8:53 ephqrpeash.ws udp
US 64.70.19.203:80 ephqrpeash.ws tcp
US 8.8.8.8:53 aqqspmnnhn.com udp
US 8.8.8.8:53 shwrwsmpws.biz udp
US 8.8.8.8:53 rmpnrmreas.org udp
US 8.8.8.8:53 herqarahmh.net udp
US 8.8.8.8:53 aaqmeasnrh.com udp
US 8.8.8.8:53 hpeeqprapa.net udp
US 8.8.8.8:53 qamwawrhqh.info udp
US 8.8.8.8:53 hhrsahmera.net udp
US 8.8.8.8:53 aqqpwapqqn.com udp
US 8.8.8.8:53 hapahanqen.net udp
US 8.8.8.8:53 npsqewhssn.us udp
US 8.8.8.8:53 whnawepqrn.in udp
US 8.8.8.8:53 wapaeqpwrs.in udp
US 8.8.8.8:53 rsmhpemear.org udp
US 8.8.8.8:53 wwmameqpeh.in udp
US 8.8.8.8:53 qsehmspwss.info udp
US 8.8.8.8:53 wqnahsrqnr.in udp
US 8.8.8.8:53 rmrnqhnqss.org udp
US 8.8.8.8:53 wwqqmeqewn.in udp
US 8.8.8.8:53 prrppssqsr.in udp
US 8.8.8.8:53 ehwnhhqrmh.ws udp
US 64.70.19.203:80 ehwnhhqrmh.ws tcp
US 8.8.8.8:53 nrrwprnpna.us udp
US 8.8.8.8:53 epwwqqhmmh.ws udp
US 64.70.19.203:80 epwwqqhmmh.ws tcp
US 8.8.8.8:53 pqpaseqwwh.in udp
US 8.8.8.8:53 nnnherpmwa.us udp
US 8.8.8.8:53 srmrrnhmah.biz udp
US 8.8.8.8:53 rnnspqrneh.org udp
US 8.8.8.8:53 esrsppsmnr.ws udp
US 64.70.19.203:80 esrsppsmnr.ws tcp
US 8.8.8.8:53 rswpswpqns.org udp
US 8.8.8.8:53 hehpswqpas.net udp
US 8.8.8.8:53 ppsprarern.in udp
US 8.8.8.8:53 ssqhmpwhrn.biz udp
US 8.8.8.8:53 nrmnepaheh.us udp
US 8.8.8.8:53 hhhhsamawh.net udp
NL 142.250.153.27:25 alt1.gmail-smtp-in.l.google.com tcp
NL 142.250.153.27:25 alt1.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 qmqeemqnes.info udp
US 8.8.8.8:53 qqqsqprsqa.info udp
US 8.8.8.8:53 whwsweqwes.in udp
US 8.8.8.8:53 rqmpawqpps.org udp
US 8.8.8.8:53 esweaheewh.ws udp
US 64.70.19.203:80 esweaheewh.ws tcp
US 8.8.8.8:53 aswqrperha.com udp
US 8.8.8.8:53 eannpnwesr.ws udp
US 64.70.19.203:80 eannpnwesr.ws tcp
US 8.8.8.8:53 paannwnmsa.in udp
US 8.8.8.8:53 hpsnhmqaea.net udp
US 8.8.8.8:53 aenphmersa.com udp
US 8.8.8.8:53 eahpesmssr.ws udp
US 64.70.19.203:80 eahpesmssr.ws tcp
US 8.8.8.8:53 pamnwpmrsa.in udp
US 8.8.8.8:53 eehmhqahqh.ws udp
US 64.70.19.203:80 eehmhqahqh.ws tcp
US 8.8.8.8:53 aemhwpwsrs.com udp
US 8.8.8.8:53 hwmewhsnsh.net udp
US 8.8.8.8:53 qhwnmnnaha.info udp
US 8.8.8.8:53 mhammqshnn.in udp
US 8.8.8.8:53 pmneprnrqn.in udp
US 8.8.8.8:53 qserhmmhpa.info udp
US 8.8.8.8:53 emwmppmrph.ws udp
US 64.70.19.203:80 emwmppmrph.ws tcp
US 8.8.8.8:53 rheqarames.org udp
US 8.8.8.8:53 whnrrewhqa.in udp
US 8.8.8.8:53 qwhqqeenna.info udp
US 8.8.8.8:53 mmeqqpmhsa.in udp
US 8.8.8.8:53 psaenhnqwh.in udp
US 8.8.8.8:53 eqqwnsarps.ws udp
US 64.70.19.203:80 eqqwnsarps.ws tcp
US 8.8.8.8:53 nhsesnpqwa.us udp
US 8.8.8.8:53 esemnnpewh.ws udp
US 64.70.19.203:80 esemnnpewh.ws tcp
US 8.8.8.8:53 nrhemaqppa.us udp
US 8.8.8.8:53 eaanqphhwn.ws udp
US 64.70.19.203:80 eaanqphhwn.ws tcp
US 8.8.8.8:53 pareeshmha.in udp
US 8.8.8.8:53 emrprrnrrn.ws udp
US 64.70.19.203:80 emrprrnrrn.ws tcp
US 8.8.8.8:53 qahpmpqhha.info udp
US 8.8.8.8:53 hhqqmqsqnr.net udp
US 8.8.8.8:53 wrwweapewh.in udp
US 8.8.8.8:53 rwmhwwqhwn.org udp
US 8.8.8.8:53 ernerneswn.ws udp
US 64.70.19.203:80 ernerneswn.ws tcp
US 8.8.8.8:53 prawewmsea.in udp
US 8.8.8.8:53 eensmpqqrs.ws udp
US 64.70.19.203:80 eensmpqqrs.ws tcp
US 8.8.8.8:53 qpmpenwesn.info udp
US 8.8.8.8:53 arhhpsnpsh.com udp
US 8.8.8.8:53 ewpaeeepra.ws udp
US 64.70.19.203:80 ewpaeeepra.ws tcp
US 8.8.8.8:53 naesnnpspn.us udp
US 8.8.8.8:53 eansmamseh.ws udp
US 64.70.19.203:80 eansmamseh.ws tcp
US 8.8.8.8:53 qwepqqrqrn.info udp
US 8.8.8.8:53 ewmphphenn.ws udp
US 64.70.19.203:80 ewmphphenn.ws tcp
SG 74.125.200.26:25 alt4.gmail-smtp-in.l.google.com tcp
NL 142.250.153.27:25 alt1.gmail-smtp-in.l.google.com tcp
SG 74.125.200.26:25 alt4.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 nnwppaeaaa.us udp
US 8.8.8.8:53 sqehphhrqs.biz udp
US 8.8.8.8:53 qhnwepmrnn.info udp
US 8.8.8.8:53 swwrprahwh.biz udp
US 8.8.8.8:53 ahqnnrmrpn.com udp
US 8.8.8.8:53 hwsnhsnhph.net udp
US 8.8.8.8:53 smshmqwwsr.biz udp
US 8.8.8.8:53 pmnnppwmes.in udp
US 8.8.8.8:53 enpmehhsws.ws udp
US 64.70.19.203:80 enpmehhsws.ws tcp
US 8.8.8.8:53 nsqsmenwnr.us udp
US 8.8.8.8:53 ehaepprpan.ws udp
US 64.70.19.203:80 ehaepprpan.ws tcp
US 8.8.8.8:53 qaaepqsssn.info udp
US 8.8.8.8:53 enewwahaph.ws udp
US 64.70.19.203:80 enewwahaph.ws tcp
US 8.8.8.8:53 qsppqhhmqa.info udp
US 8.8.8.8:53 smhwwresaa.biz udp
US 8.8.8.8:53 amawshrahn.com udp
US 8.8.8.8:53 erwrsnmhmh.ws udp
US 64.70.19.203:80 erwrsnmhmh.ws tcp
US 8.8.8.8:53 qehnemrnan.info udp
US 8.8.8.8:53 hnwqeerwps.net udp
US 8.8.8.8:53 reanehwras.org udp
US 8.8.8.8:53 mpmnwnqpna.in udp
US 8.8.8.8:53 nhrwmnmssa.us udp
US 8.8.8.8:53 qnrqempmnn.info udp
US 8.8.8.8:53 whmhrawnqs.in udp
US 8.8.8.8:53 pamqhsawna.in udp
US 8.8.8.8:53 smaarerhms.biz udp
US 8.8.8.8:53 phrmanhear.in udp
US 8.8.8.8:53 wmsprsspqs.in udp
US 8.8.8.8:53 appaenmpns.com udp
US 8.8.8.8:53 shneeeehhn.biz udp
US 8.8.8.8:53 pmaaspqhrs.in udp
US 8.8.8.8:53 mnharspran.in udp
US 8.8.8.8:53 nmqnmsmenr.us udp
US 8.8.8.8:53 hqsarwnsah.net udp
US 8.8.8.8:53 rwmeswppnr.org udp
US 8.8.8.8:53 sphasmwhnn.biz udp
US 8.8.8.8:53 qwhqrnameh.info udp
US 8.8.8.8:53 eepnnewaar.ws udp
US 64.70.19.203:80 eepnnewaar.ws tcp
US 8.8.8.8:53 mx-in-hfd.apple.com udp
NL 17.57.165.2:25 mx-in-hfd.apple.com tcp
US 8.8.8.8:53 pmahnensms.in udp
US 8.8.8.8:53 epeeampwpa.ws udp
US 64.70.19.203:80 epeeampwpa.ws tcp
US 8.8.8.8:53 pb-mx20.pobox.com udp
US 173.228.157.39:25 pb-mx20.pobox.com tcp
US 8.8.8.8:53 qhnpwrnpma.info udp
US 8.8.8.8:53 swennsnqna.biz udp
US 8.8.8.8:53 nreqqqphan.us udp
US 8.8.8.8:53 hhsahppnws.net udp
US 8.8.8.8:53 ehewrrrwpn.ws udp
US 64.70.19.203:80 ehewrrrwpn.ws tcp
US 8.8.8.8:53 rmhhnhrnes.org udp
US 8.8.8.8:53 hmehehqaan.net udp
US 8.8.8.8:53 qswhrpnmps.info udp
US 8.8.8.8:53 wnqprsswws.in udp
US 8.8.8.8:53 aesnswemwa.com udp
US 8.8.8.8:53 hmrnrqeqws.net udp
US 8.8.8.8:53 rqrennpess.org udp
US 8.8.8.8:53 esrsshmmhs.ws udp
US 64.70.19.203:80 esrsshmmhs.ws tcp
US 8.8.8.8:53 nnenhenshh.us udp
US 8.8.8.8:53 hmhwnprmas.net udp
US 8.8.8.8:53 aqpnrqswas.com udp
US 8.8.8.8:53 emeeaapssa.ws udp
US 64.70.19.203:80 emeeaapssa.ws tcp
US 8.8.8.8:53 ahqhwewhen.com udp
US 8.8.8.8:53 erpmmpwhna.ws udp
US 64.70.19.203:80 erpmmpwhna.ws tcp
US 8.8.8.8:53 arnqrqpeph.com udp
US 8.8.8.8:53 shprpmwpar.biz udp
US 8.8.8.8:53 ahhhhmwsmn.com udp
US 8.8.8.8:53 spnqarhhqs.biz udp
US 8.8.8.8:53 pqppmhqerh.in udp
US 8.8.8.8:53 wqnwrpwnaa.in udp
US 8.8.8.8:53 qqmprmpmsn.info udp
US 8.8.8.8:53 eapersneas.ws udp
US 64.70.19.203:80 eapersneas.ws tcp
US 8.8.8.8:53 nmewphaeph.us udp
US 8.8.8.8:53 shpmqnwens.biz udp
US 8.8.8.8:53 ahsehqrama.com udp
US 8.8.8.8:53 ermaqrrhhh.ws udp
US 64.70.19.203:80 ermaqrrhhh.ws tcp
US 8.8.8.8:53 aqaaraswpn.com udp
US 8.8.8.8:53 ehawmwprhh.ws udp
US 64.70.19.203:80 ehawmwprhh.ws tcp
US 8.8.8.8:53 rhwaemnspn.org udp
US 8.8.8.8:53 whrranwsea.in udp
US 8.8.8.8:53 rnnnnwraha.org udp
US 8.8.8.8:53 warmsaqsha.in udp
US 8.8.8.8:53 rmeahwnmhs.org udp
US 8.8.8.8:53 wmnnqaphes.in udp
US 8.8.8.8:53 pqrpsaheaa.in udp
US 8.8.8.8:53 ssasnhqppn.biz udp
US 8.8.8.8:53 pmhhhrwwar.in udp
US 8.8.8.8:53 mrhnmsesms.in udp
US 8.8.8.8:53 qmnnrwwsmn.info udp
US 8.8.8.8:53 ehhwssaprs.ws udp
US 64.70.19.203:80 ehhwssaprs.ws tcp
US 8.8.8.8:53 amqsswemns.com udp
US 8.8.8.8:53 wmnssnwsms.in udp
US 8.8.8.8:53 pnnmqwwrea.in udp
US 8.8.8.8:53 mwharpewnn.in udp
US 8.8.8.8:53 qnsqsmaaah.info udp
US 8.8.8.8:53 snppwqhnrn.biz udp
US 8.8.8.8:53 qepsqhnhqh.info udp
US 8.8.8.8:53 hrerqqanph.net udp
US 8.8.8.8:53 ahwesrwnna.com udp
US 8.8.8.8:53 hsemrnmhnh.net udp
US 8.8.8.8:53 rqherraqas.org udp
US 8.8.8.8:53 ehpararqws.ws udp
US 64.70.19.203:80 emenqwsmhn.ws tcp
US 8.8.8.8:53 ahphhshhhn.com udp
US 8.8.8.8:53 wsesaqpnmh.in udp
US 8.8.8.8:53 rasrasnrns.org udp
US 8.8.8.8:53 hrhqqqammn.net udp
US 8.8.8.8:53 perahwhsas.in udp
US 8.8.8.8:53 eqnenapsar.ws udp
US 64.70.19.203:80 eqnenapsar.ws tcp
US 8.8.8.8:53 pnqhhqmsmn.in udp
US 8.8.8.8:53 wqqqprphrs.in udp
US 8.8.8.8:53 reqnsrasas.org udp
US 8.8.8.8:53 enewmnhpra.ws udp
US 64.70.19.203:80 enewmnhpra.ws tcp
US 8.8.8.8:53 aspmx5.googlemail.com udp
SG 74.125.200.26:25 aspmx5.googlemail.com tcp
US 8.8.8.8:53 aqsnqnwqes.com udp
US 8.8.8.8:53 waaweaeasn.in udp
US 8.8.8.8:53 pwspeamapa.in udp
US 8.8.8.8:53 spnrranmmn.biz udp
US 8.8.8.8:53 rrphrrhsss.org udp
US 8.8.8.8:53 emmnawahra.ws udp
US 64.70.19.203:80 emmnawahra.ws tcp
US 8.8.8.8:53 pwnpaqewma.in udp
US 8.8.8.8:53 mqpsmshren.in udp
US 8.8.8.8:53 pnmwqhhmws.in udp
US 8.8.8.8:53 mshhnhrsrs.in udp
US 8.8.8.8:53 rmmmahnppn.org udp
US 8.8.8.8:53 wermhepsan.in udp
US 8.8.8.8:53 pahmwewhra.in udp
US 8.8.8.8:53 hqwaqqnpqa.net udp
US 8.8.8.8:53 qqmehpwaha.info udp
US 8.8.8.8:53 spmnqpqprh.biz udp
US 8.8.8.8:53 qsanrqsnms.info udp
US 8.8.8.8:53 swreqrshss.biz udp
US 8.8.8.8:53 qammpwwnps.info udp
US 8.8.8.8:53 mnsenehmwn.in udp
US 8.8.8.8:53 qmhhspanmn.info udp
US 64.70.19.203:80 emmnawahra.ws tcp
US 8.8.8.8:53 ahrhqwqnwn.com udp
US 8.8.8.8:53 mnprhqnmaa.in udp
US 8.8.8.8:53 newsewspha.us udp
US 8.8.8.8:53 qamaseahhn.info udp
US 8.8.8.8:53 heshapnmqs.net udp
US 8.8.8.8:53 prwasqwppa.in udp
US 8.8.8.8:53 harshnmsar.net udp
US 8.8.8.8:53 aeehmwsnea.com udp
US 8.8.8.8:53 sqnqpsqren.biz udp
US 8.8.8.8:53 pqhprqswph.in udp
US 8.8.8.8:53 wprmpprssr.in udp
US 8.8.8.8:53 phhqqrqqwn.in udp
US 8.8.8.8:53 hwnwewpanr.net udp
US 8.8.8.8:53 rapqmqwnrs.org udp
US 8.8.8.8:53 serrhmqqen.biz udp
US 8.8.8.8:53 npmapeanmh.us udp
US 8.8.8.8:53 hmrqarrsmh.net udp
US 8.8.8.8:53 qmahrpmwsr.info udp
US 8.8.8.8:53 eeprrwaqrn.ws udp
US 64.70.19.203:80 eeprrwaqrn.ws tcp
US 8.8.8.8:53 qqqpmhwqwh.info udp
US 8.8.8.8:53 mnmaqhprsh.in udp
US 8.8.8.8:53 pqawmspqqa.in udp
US 8.8.8.8:53 wqrwwenswn.in udp
US 8.8.8.8:53 aapaaermeh.com udp
US 8.8.8.8:53 sehaqesanh.biz udp
US 8.8.8.8:53 mnswwwqmsn.in udp
US 8.8.8.8:53 nsqqnqwhhn.us udp
US 8.8.8.8:53 ehrahehrra.ws udp
US 64.70.19.203:80 ehrahehrra.ws tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp

Files

C:\Windows\SysWOW64\shervans.dll

MD5 c3b9b2d7196fd340d38f3a91d5f4022f
SHA1 1200040b97c75e67780fdf706d8a37805de164a0
SHA256 9940327aff3f75a654174a985e8049168cdd5c00433aad43ef07a877572d8e61
SHA512 41ee9dff94a022dba78e6f05319751faed26da27af34bea28cad3959b59756d9c09255032361e86327dd4d189124b2e7910e2b7d70559de5201452a74a5e7767

memory/2664-11-0x0000000010000000-0x000000001000D000-memory.dmp

C:\Windows\SysWOW64\grcopy.dll

MD5 23a148713e3ba1e0b5eb7b43d514677d
SHA1 45e37de9c5f978a6832858129c42b51536910fb4
SHA256 a9e1eeaaede86c3a707d90fa12743c7d0dab093409caf27f0c17efb8db6e028c
SHA512 4263f86f0ac2db2db58c98b65bcbf79217c383f6c64cf35ba7fe2235b7900ed3851dfe54df4a5eaa0a61109dca37e49d9d46b15c11a72bbd73d5a883553b9eef

C:\Windows\SysWOW64\ctfmen.exe

MD5 0af9f9c6293b9714c101db35f45ad191
SHA1 bf40d0538003825f62cd7fec3a1f858295492c38
SHA256 97cba2f1b17f488f869feacfdf2977bc8515fa2ad9e7660e117b14a2a0354806
SHA512 a45e8f749d78e092e4fd7fc341a9277abb01d4255355943b36a61d139f539b2c6abaa4566f7049cdb0bee3ae17e43cf468b85049ecb459705ca6d92ce39db7f7

memory/2664-20-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2664-25-0x0000000010000000-0x000000001000D000-memory.dmp

memory/3448-22-0x0000000000400000-0x0000000000409000-memory.dmp

C:\Windows\SysWOW64\satornas.dll

MD5 ddffca50ea4268f116e0286a20330a6f
SHA1 e4de30f39cc54ec42bec9d662d27740ade2b6d98
SHA256 94cc938cfe0736564d65307f3478c2e91fe22113550460dcdb6045ceceff7d5e
SHA512 d958e88b3ba503aabee217720e14a06aca1b132013353ba01d79b33c5953d86bc3bd751e205555fb89ca6d10454dd03e4e186939b5de9846e290bb0f26adef70

memory/1720-34-0x0000000010000000-0x000000001000D000-memory.dmp

memory/1720-35-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1720-39-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1720-41-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1720-43-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1720-45-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1720-47-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1720-49-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1720-51-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1720-53-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1720-55-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1720-57-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1720-59-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1720-61-0x0000000000400000-0x000000000041C000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 22:57

Reported

2024-04-07 23:00

Platform

win7-20240221-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Windows\SysWOW64\smnss.exe N/A

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\ctfmen.exe N/A
N/A N/A C:\Windows\SysWOW64\smnss.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen = "C:\\Windows\\system32\\ctfmen.exe" C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen = "C:\\Windows\\system32\\ctfmen.exe" C:\Windows\SysWOW64\smnss.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\K: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\smnss.exe N/A

Maps connected drives based on registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\smnss.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\smnss.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\1 C:\Windows\SysWOW64\smnss.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\1 C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpd7400t.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hphp910t.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\migwiz\MigApp.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_split.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Comment_Based_Help.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Parsing.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_properties.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pipelines.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_trap.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_jobs.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_data_sections.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Throw.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Language_Keywords.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\HPO4300T.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpk7100t.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc\Amd64\hpb8500t.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc\Amd64\hpd7500t.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Arithmetic_Operators.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_operators.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\fr-FR\about_BITS_Cmdlets.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Automatic_Variables.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_History.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_transactions.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Break.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_environment_variables.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_do.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Windows_PowerShell_2.0.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\Microsoft.PowerShell.Commands.Management.dll-Help.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_arrays.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Session_Configurations.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\Amd64\smx620u.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Windows_PowerShell_ISE.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_advanced.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\HPO1500T.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpsd730t.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpl7600t.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_do.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Arithmetic_Operators.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_History.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Throw.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_While.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Language_Keywords.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_parameters.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_functions_advanced_parameters.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Foreach.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_environment_variables.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File created C:\Windows\SysWOW64\smnss.exe C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnky003.inf_amd64_neutral_fe7ea176f20ab839\Amd64\kyw7qur2.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Special_Characters.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Special_Characters.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnep002.inf_amd64_neutral_efc4a7485b172c07\Amd64\EP0SBT00.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\HPO5H83L.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_join.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\Microsoft.PowerShell.ConsoleHost.dll-Help.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnky306.inf_amd64_ja-jp_97f0de39317f6837\Amd64\KYW7QUR5.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\es-ES\erofflps.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scopes.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Ref.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Signing.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\HPC1RXSL.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scripts.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.ConsoleHost.dll-Help.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_CommonParameters.help.txt C:\Windows\SysWOW64\smnss.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsImageTemplate.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGSTORYVERT.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\gadget.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Office 2.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\slideShow.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Technic.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL097.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsMacroTemplate.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\ROGERS.COM.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\WANS.NET.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\es.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\gadget.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Concourse.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN044.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGWEBCAL.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Executive.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\SBCGLOBAL.NET.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGLOGO.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\gadget.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGNAVBAR.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\calendar.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL054.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\flyout.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Roses.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\gadget.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Adjacency.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Median.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGACCBAR.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\JUDGESCH.HTM C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lv.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CA.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.JP.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPreviewTemplateRTL.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGZIPC.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsHomePage.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewTemplate.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\gadget.xml C:\Windows\SysWOW64\smnss.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\winsxs\amd64_prnts002.inf_31bf3856ad364e35_6.1.7600.16385_none_19d5b3fbc067e0bb\Amd64\tsmpu002.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_escape_characters.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\403-14.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\404-9.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.1.7601.17514_none_fa6a47c21b85ab79\Rules.System.Wireless.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_Ref.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_do.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1044\LocalizedData.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8490213a810a8a5\403-18.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_data_sections.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_debuggers.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_018b4fa043769680\erofflps.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_PSSnapins.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_join.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_Path_Syntax.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_join.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_Signing.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_remote_troubleshooting.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\default.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-devicediagnostic_31bf3856ad364e35_6.1.7600.16385_none_451a033a54709874\DeviceDiagnostic.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_Comparison_Operators.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_prnky004.inf_31bf3856ad364e35_6.1.7600.16385_none_3dd58b93065f62f8\Amd64\KYW7QUR4.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_arrays.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_PSSnapins.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.1.7601.17514_none_2fd7b56967fc5c76\web.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\about_script_blocks.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0f8ccf36b90bab3b\403-1.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_trap.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Core_Commands.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4c778c357864a2ed\about_join.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4a6b77ab9aa530d\about_split.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ba1cc5c862844f35\Report.System.NetDiagFramework.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b60543bd2d988807\RSSFeeds.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_it-it_45286e597214a485\403-17.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\ehome\en-US\playReady_eula_oem.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-t..d-chinese-shuangpin_31bf3856ad364e35_6.1.7600.16385_none_7aab2462f08e2d02\TableTextServiceSimplifiedShuangPin.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_Quoting_Rules.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\PLA\Rules\en-US\Rules.System.Disk.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_it-it_68a732179d3e6395\gadget.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_remote_requirements.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ece294d84b2f3159\playReady_eula_oem.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_68bfa622c568dbc2\Report.System.Disk.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_prnhp002.inf_31bf3856ad364e35_6.1.7600.16385_none_2f4e6f72537f8faa\Amd64\HPO7300T.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\PLA\Reports\fr-FR\Report.System.Network.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\PLA\Reports\ja-JP\Report.System.Performance.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\PLA\Rules\ja-JP\Rules.System.NetDiagFramework.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_jobs.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_aa520d2885499112\about_methods.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_script_internationalization.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_providers.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a4c9c9294fb161c1\picturePuzzle.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-nettrace-netsh-helper_31bf3856ad364e35_6.1.7600.16385_none_f72251fe8a04e1e5\Rules.System.NetTrace.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_functions_advanced_parameters.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-iis-powershellprovider_31bf3856ad364e35_6.1.7600.16385_none_f7454d6160c30219\NavigationTypes.namespace.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_Comparison_Operators.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\ipsnld.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_100033cd17b788a3\slideShow.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\diagnostics\index\AudioPlaybackDiagnostic.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-editions-client_31bf3856ad364e35_6.1.7600.16385_none_bc037fbe81d7b074\ProfessionalEdition.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\500-14.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_scripts.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.1.7601.17514_none_1202940e4711971e\Report.System.CPU.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\RSSFeeds.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_trap.help.txt C:\Windows\SysWOW64\smnss.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\ = "C:\\Windows\\SysWow64\\shervans.dll" C:\Windows\SysWOW64\smnss.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\ = "C:\\Windows\\SysWow64\\shervans.dll" C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\smnss.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe

"C:\Users\Admin\AppData\Local\Temp\855f362a587183016e67bbc04e9994ed3fd1ce2221b409a3bd4c4e8ec2e3debb.exe"

C:\Windows\SysWOW64\ctfmen.exe

ctfmen.exe

C:\Windows\SysWOW64\smnss.exe

C:\Windows\system32\smnss.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 qanrmqnprn.info udp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 alumni.caltech.edu udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 megginson.com udp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
US 52.101.11.10:25 alumni-caltech-edu.mail.protection.outlook.com tcp
NL 142.250.153.27:25 alt1.aspmx.l.google.com tcp
NL 142.250.153.27:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 jk.uni-linz.ac.at udp
US 8.8.8.8:53 mail3.edvz.uni-linz.ac.at udp
AT 140.78.3.83:25 mail3.edvz.uni-linz.ac.at tcp
US 8.8.8.8:53 mqprparnws.in udp
US 8.8.8.8:53 arnqarwmsn.com udp
US 8.8.8.8:53 cdata.tvnet.hu udp
US 8.8.8.8:53 attbi.com udp
US 8.8.8.8:53 cdata.tvnet.hu udp
US 8.8.8.8:53 courtesan.com udp
US 8.8.8.8:53 millert.dev udp
US 8.8.8.8:53 bigelowandholmes.com udp
US 65.102.237.118:25 millert.dev tcp
US 8.8.8.8:53 hqqhmeqhes.net udp
US 8.8.8.8:53 phhpqhqaqh.in udp
NL 34.91.32.224:80 phhpqhqaqh.in tcp
US 8.8.8.8:53 sanppqeqsa.biz udp
US 85.187.148.2:25 gzip.org tcp
US 52.101.11.10:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gnu.org udp
US 8.8.8.8:53 eggs.gnu.org udp
US 209.51.188.92:25 eggs.gnu.org tcp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 aawemqshra.com udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.9.5:25 alumni-caltech-edu.mail.protection.outlook.com tcp
NL 142.250.153.27:25 alt1.aspmx.l.google.com tcp
NL 142.250.153.27:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 mhwqeramar.in udp
AT 140.78.3.83:25 mail3.edvz.uni-linz.ac.at tcp
US 8.8.8.8:53 nqrwnmsmpn.us udp
US 65.102.237.118:25 millert.dev tcp
US 8.8.8.8:53 eqmmrhsmsh.ws udp
US 64.70.19.203:80 eqmmrhsmsh.ws tcp
US 8.8.8.8:53 paqhmsphpn.in udp
US 8.8.8.8:53 msenmmqrna.in udp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
NL 142.251.9.27:25 alt2.aspmx.l.google.com tcp
US 85.187.148.2:25 gzip.org tcp
NL 142.251.9.27:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 mail4.edvz.uni-linz.ac.at udp
US 52.101.8.51:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 85.187.148.2:25 gzip.org tcp
AT 140.78.3.82:25 mail4.edvz.uni-linz.ac.at tcp
US 52.101.8.51:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 qpmrpawwhh.info udp
US 8.8.8.8:53 sqmnnsppah.biz udp
NL 142.250.153.27:25 alt1.aspmx.l.google.com tcp
NL 142.250.153.27:25 alt1.aspmx.l.google.com tcp
AT 140.78.3.83:25 mail3.edvz.uni-linz.ac.at tcp
US 8.8.8.8:53 rpnraaswhh.org udp
US 8.8.8.8:53 wpweweaeea.in udp
US 65.102.237.118:25 millert.dev tcp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 qapsramhma.info udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
NL 142.251.9.27:25 alt2.aspmx.l.google.com tcp
US 52.101.40.24:25 alumni-caltech-edu.mail.protection.outlook.com tcp
AT 140.78.3.82:25 mail4.edvz.uni-linz.ac.at tcp
NL 142.251.9.27:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 coin.mpg udp
US 8.8.8.8:53 epqwhmwswa.ws udp
US 64.70.19.203:80 epqwhmwswa.ws tcp
US 8.8.8.8:53 aarrnepnsh.com udp
US 8.8.8.8:53 domain.com udp
US 8.8.8.8:53 domain-com.mail.protection.outlook.com udp
US 52.101.10.10:25 domain-com.mail.protection.outlook.com tcp
US 8.8.8.8:53 smmrhhpwms.biz udp
US 8.8.8.8:53 ahmqsnmwnh.com udp
US 8.8.8.8:53 eremwwqwah.ws udp
US 64.70.19.203:80 eremwwqwah.ws tcp
US 8.8.8.8:53 aasanwwrqn.com udp
US 8.8.8.8:53 aspmx.l.google.com udp
BE 173.194.76.26:25 aspmx.l.google.com tcp
BE 173.194.76.26:25 aspmx.l.google.com tcp
US 8.8.8.8:53 mail1.edvz.uni-linz.ac.at udp
AT 140.78.3.68:25 mail1.edvz.uni-linz.ac.at tcp
US 8.8.8.8:53 hrnnsmsnen.net udp
NL 142.251.9.27:25 alt2.aspmx.l.google.com tcp
NL 142.251.9.27:25 alt2.aspmx.l.google.com tcp
AT 140.78.3.82:25 mail4.edvz.uni-linz.ac.at tcp
US 8.8.8.8:53 amhamsmsms.com udp
US 8.8.8.8:53 snamnqweea.biz udp
US 8.8.8.8:53 ppqerwwwah.in udp
US 8.8.8.8:53 ewssqsrana.ws udp
US 64.70.19.203:80 ewssqsrana.ws tcp
US 8.8.8.8:53 amqmehqmqs.com udp
BE 173.194.76.26:25 aspmx.l.google.com tcp
BE 173.194.76.26:25 aspmx.l.google.com tcp
AT 140.78.3.68:25 mail1.edvz.uni-linz.ac.at tcp
US 8.8.8.8:53 epwqnrwqhn.ws udp
US 64.70.19.203:80 epwqnrwqhn.ws tcp
US 8.8.8.8:53 qewsmsmmma.info udp
US 8.8.8.8:53 mwhrnpahps.in udp
US 8.8.8.8:53 peheespqpn.in udp
US 8.8.8.8:53 aspmx2.googlemail.com udp
US 8.8.8.8:53 aspmx2.googlemail.com udp
NL 142.250.153.26:25 aspmx2.googlemail.com tcp
NL 142.250.153.27:25 aspmx2.googlemail.com tcp
US 8.8.8.8:53 mail2.edvz.uni-linz.ac.at udp
AT 140.78.3.69:25 mail2.edvz.uni-linz.ac.at tcp
US 8.8.8.8:53 hsrwhqhqrh.net udp
US 8.8.8.8:53 nsspmqhphs.us udp
BE 173.194.76.26:25 aspmx.l.google.com tcp
BE 173.194.76.26:25 aspmx.l.google.com tcp
AT 140.78.3.68:25 mail1.edvz.uni-linz.ac.at tcp
US 8.8.8.8:53 hrerqrqnrh.net udp
US 8.8.8.8:53 rhprmaqaph.org udp
US 8.8.8.8:53 wsahqpnqnn.in udp
US 8.8.8.8:53 aqqrqmwrns.com udp
NL 142.250.153.27:25 aspmx2.googlemail.com tcp
AT 140.78.3.69:25 mail2.edvz.uni-linz.ac.at tcp
NL 142.250.153.27:25 aspmx2.googlemail.com tcp
US 8.8.8.8:53 wnahsmsqsr.in udp
US 34.162.170.92:80 wnahsmsqsr.in tcp
US 8.8.8.8:53 rhenpharsh.org udp
US 8.8.8.8:53 enmphsmqra.ws udp
US 64.70.19.203:80 enmphsmqra.ws tcp
US 8.8.8.8:53 nshaesmawa.us udp
US 8.8.8.8:53 eerrnsamqa.ws udp
US 64.70.19.203:80 eerrnsamqa.ws tcp
US 8.8.8.8:53 rhnnrhrqwn.org udp
US 8.8.8.8:53 aspmx3.googlemail.com udp
NL 142.251.9.27:25 aspmx3.googlemail.com tcp
NL 142.251.9.27:25 aspmx3.googlemail.com tcp
US 8.8.8.8:53 spnshqnrhh.biz udp
NL 142.250.153.27:25 aspmx2.googlemail.com tcp
NL 142.250.153.27:25 aspmx2.googlemail.com tcp
AT 140.78.3.69:25 mail2.edvz.uni-linz.ac.at tcp
US 8.8.8.8:53 pnarrsphra.in udp
US 8.8.8.8:53 mhmaphewaa.in udp
US 8.8.8.8:53 repwapqmns.org udp
US 8.8.8.8:53 wmenmrprss.in udp
NL 142.251.9.27:25 aspmx3.googlemail.com tcp
NL 142.251.9.27:25 aspmx3.googlemail.com tcp
US 8.8.8.8:53 wnshehamhh.in udp
US 8.8.8.8:53 remrpqpseh.org udp
US 8.8.8.8:53 hwnppemeea.net udp
US 8.8.8.8:53 aspmx4.googlemail.com udp
FI 142.250.150.26:25 aspmx4.googlemail.com tcp
FI 142.250.150.26:25 aspmx4.googlemail.com tcp
US 8.8.8.8:53 pnaqheqnsa.in udp
US 8.8.8.8:53 mwhnpqrmrn.in udp
NL 142.251.9.27:25 aspmx3.googlemail.com tcp
NL 142.251.9.27:25 aspmx3.googlemail.com tcp
US 8.8.8.8:53 pwramqmsms.in udp
US 8.8.8.8:53 hmamsmwhar.net udp
US 8.8.8.8:53 pqshhpemrn.in udp
US 8.8.8.8:53 wpqqhhspps.in udp
SG 34.143.166.163:80 wpqqhhspps.in tcp
FI 142.250.150.26:25 aspmx4.googlemail.com tcp
FI 142.250.150.26:25 aspmx4.googlemail.com tcp
US 8.8.8.8:53 nqenrpwpeh.us udp
US 8.8.8.8:53 spawwehsrs.biz udp
US 8.8.8.8:53 ppeseaqmms.in udp
US 8.8.8.8:53 msarphnewh.in udp
US 8.8.8.8:53 aspmx5.googlemail.com udp
SG 74.125.200.27:25 aspmx5.googlemail.com tcp
SG 74.125.200.27:25 aspmx5.googlemail.com tcp
US 8.8.8.8:53 pwqpewwahh.in udp
US 8.8.8.8:53 hmparqsaqa.net udp
FI 142.250.150.26:25 aspmx4.googlemail.com tcp
FI 142.250.150.26:25 aspmx4.googlemail.com tcp
US 8.8.8.8:53 qsqpspspqn.info udp
US 8.8.8.8:53 haearrsqhn.net udp
US 8.8.8.8:53 qnrnwnwaas.info udp
SG 74.125.200.27:25 aspmx5.googlemail.com tcp
SG 74.125.200.27:25 aspmx5.googlemail.com tcp

Files

\Windows\SysWOW64\shervans.dll

MD5 0f97578cef9a8f33c9b09a24f6f38caf
SHA1 bb1914dfec6db479f7ae1d63f3748e9beab70831
SHA256 e30ff50d468e10046049b555703a4aa20af81072636ba0c32d53eb47b4d8cd5d
SHA512 241711453bb996aa6f3a01427046d384c8ea129ce787a36e088097a92c6f0d6f2c1c44cdb8a865f94daad8dc2559ecd3263c66da940b50deebd6f35e78e9843a

memory/2328-11-0x0000000010000000-0x000000001000D000-memory.dmp

\Windows\SysWOW64\ctfmen.exe

MD5 49599eaa984194e855e4841aba9bfc7a
SHA1 be031bbdbe1cf76d1b3e97b84aaf5fbe0d942e3d
SHA256 d7adcde7f7b46e1a531122f22383f041fb474f3b61f5ed064a558836dd3549dd
SHA512 c516a9acc812dfb6140ed083a42cceb8518e96eda5f311cbe6c74473f919d4427dc1d2b6d6665578f8e6569f96943f757c782d0db284d5b77fc7c72d238d2675

memory/2328-17-0x0000000000340000-0x0000000000349000-memory.dmp

memory/2328-23-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Windows\SysWOW64\smnss.exe

MD5 998374cad53940782a9e0e67ca9bc3fb
SHA1 602745e5dd9c35bb777c4a5a42d908dd5c3178bb
SHA256 b619cbde65549dd6d072b1013d8528704d2e11db5f936ba480866283d850b27c
SHA512 4fccce36449f0e55d87eb32abf43e5d17944e238f702f21bf9c90d4ac4b6615eca156953e34c6bad8b8f14edb489c9fbe908eb907770e0ffb5664cc26a763688

memory/2684-30-0x0000000000400000-0x0000000000409000-memory.dmp

memory/2328-29-0x0000000010000000-0x000000001000D000-memory.dmp

C:\Windows\SysWOW64\satornas.dll

MD5 e3dcb2e041e74be3ac4c4dc5923defd1
SHA1 b123e230ac7f11a16080781fd3fd02bb446c3e1c
SHA256 1d1b8a4342015889b65cdaa69d2bbc3a8b851cd143a9ca209742bd01c3973f30
SHA512 6e67d91ea907fe8cad8ce79dd9decbf16a958cb3cb8a3771655a9d7d4091774724215ee2e48894fedf695499dd2c2fb9642e661c1c4f589301a9f21c18648b5a

memory/2700-38-0x0000000010000000-0x000000001000D000-memory.dmp

memory/2700-39-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2700-41-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2700-43-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2700-45-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2700-47-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2700-49-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2700-51-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2700-53-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2700-55-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2700-57-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2700-59-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2700-61-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2700-63-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2700-65-0x0000000000400000-0x000000000041C000-memory.dmp