Malware Analysis Report

2024-11-15 06:11

Sample ID 240407-3pdkgaaa4t
Target 98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866
SHA256 98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866
Tags
persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866

Threat Level: Known bad

The file 98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Drops file in Drivers directory

ACProtect 1.3x - 1.4x DLL software

Reads user/profile data of web browsers

Loads dropped DLL

Executes dropped EXE

Enumerates connected drives

Maps connected drives based on registry

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Program crash

Unsigned PE

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 23:41

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 23:41

Reported

2024-04-07 23:43

Platform

win7-20240221-en

Max time kernel

151s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\ctfmen.exe N/A
N/A N/A C:\Windows\SysWOW64\smnss.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen = "C:\\Windows\\system32\\ctfmen.exe" C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen = "C:\\Windows\\system32\\ctfmen.exe" C:\Windows\SysWOW64\smnss.exe N/A

Maps connected drives based on registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\1 C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\smnss.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\smnss.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\1 C:\Windows\SysWOW64\smnss.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\smnss.exe C:\Windows\SysWOW64\smnss.exe N/A
File created C:\Windows\SysWOW64\ctfmen.exe C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
File created C:\Windows\SysWOW64\shervans.dll C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
File created C:\Windows\SysWOW64\grcopy.dll C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
File created C:\Windows\SysWOW64\satornas.dll C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
File created C:\Windows\SysWOW64\zipfiaq.dll C:\Windows\SysWOW64\smnss.exe N/A
File created C:\Windows\SysWOW64\zipfi.dll C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\ctfmen.exe C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
File opened for modification C:\Windows\SysWOW64\grcopy.dll C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
File opened for modification C:\Windows\SysWOW64\shervans.dll C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
File created C:\Windows\SysWOW64\smnss.exe C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
File opened for modification C:\Windows\SysWOW64\satornas.dll C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\fi.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uk.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cs.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fr.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\io.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sl.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tg.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cy.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mr.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ro.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\License.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ne.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lv.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\si.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\th.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\da.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sa.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hu.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ext.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ru.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\az.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fa.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\el.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml C:\Windows\SysWOW64\smnss.exe N/A

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\smnss.exe

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\ = "C:\\Windows\\SysWow64\\shervans.dll" C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\ = "C:\\Windows\\SysWow64\\shervans.dll" C:\Windows\SysWOW64\smnss.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\smnss.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2612 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe C:\Windows\SysWOW64\ctfmen.exe
PID 2612 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe C:\Windows\SysWOW64\ctfmen.exe
PID 2612 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe C:\Windows\SysWOW64\ctfmen.exe
PID 2612 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe C:\Windows\SysWOW64\ctfmen.exe
PID 2912 wrote to memory of 2540 N/A C:\Windows\SysWOW64\ctfmen.exe C:\Windows\SysWOW64\smnss.exe
PID 2912 wrote to memory of 2540 N/A C:\Windows\SysWOW64\ctfmen.exe C:\Windows\SysWOW64\smnss.exe
PID 2912 wrote to memory of 2540 N/A C:\Windows\SysWOW64\ctfmen.exe C:\Windows\SysWOW64\smnss.exe
PID 2912 wrote to memory of 2540 N/A C:\Windows\SysWOW64\ctfmen.exe C:\Windows\SysWOW64\smnss.exe
PID 2540 wrote to memory of 2636 N/A C:\Windows\SysWOW64\smnss.exe C:\Windows\SysWOW64\WerFault.exe
PID 2540 wrote to memory of 2636 N/A C:\Windows\SysWOW64\smnss.exe C:\Windows\SysWOW64\WerFault.exe
PID 2540 wrote to memory of 2636 N/A C:\Windows\SysWOW64\smnss.exe C:\Windows\SysWOW64\WerFault.exe
PID 2540 wrote to memory of 2636 N/A C:\Windows\SysWOW64\smnss.exe C:\Windows\SysWOW64\WerFault.exe

Processes

C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe

"C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe"

C:\Windows\SysWOW64\ctfmen.exe

ctfmen.exe

C:\Windows\SysWOW64\smnss.exe

C:\Windows\system32\smnss.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 820

Network

Country Destination Domain Proto
US 8.8.8.8:53 qanrmqnprn.info udp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 megginson.com udp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
NL 142.251.9.26:25 alt2.aspmx.l.google.com tcp
NL 142.251.9.26:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 jk.uni-linz.ac.at udp
US 8.8.8.8:53 mail4.edvz.uni-linz.ac.at udp
AT 140.78.3.82:25 mail4.edvz.uni-linz.ac.at tcp
US 8.8.8.8:53 mqprparnws.in udp
US 8.8.8.8:53 arnqarwmsn.com udp
US 8.8.8.8:53 cdata.tvnet.hu udp
US 8.8.8.8:53 attbi.com udp
US 8.8.8.8:53 courtesan.com udp
US 8.8.8.8:53 millert.dev udp
US 8.8.8.8:53 bigelowandholmes.com udp

Files

memory/2612-0-0x0000000000400000-0x000000000041F000-memory.dmp

\Windows\SysWOW64\shervans.dll

MD5 255ed633493eaaccf8d70d0a3e52a6ea
SHA1 15a654be9cf78d917e96178ea284ecacf1a9d230
SHA256 186bd23125b6b76b9b4c4622a248dd618dc026b2b076350afc7fc66f14e340d6
SHA512 92b0d236d5d1d9137edd205f69cf821bd73c040ecc3197869993a75a923536aaa57399991e29064c08c8eba23cd2688bbc9800add549dc86d5a435ec81525ec1

memory/2612-14-0x0000000010000000-0x000000001000D000-memory.dmp

\Windows\SysWOW64\ctfmen.exe

MD5 f44f221f931e2558535fd4dbc8a49a6d
SHA1 bd1b5b9b9d6e0394a678c6bff1a9f5c5f06f79b5
SHA256 6a2e928d32f0960c2b05c0e937c23772e1ea6369c021ee02d091f505499d1f74
SHA512 64edc91e4afd09717b1bff33e20dee29c5dbc48fd3df18fe83fcf9e87b1b113098aadcc8d7bc511d988322455cabb1ac9e9355e5b5911d87e97d70b846eaed8c

memory/2612-18-0x0000000000340000-0x0000000000349000-memory.dmp

memory/2612-24-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2912-29-0x0000000000400000-0x0000000000409000-memory.dmp

memory/2612-32-0x0000000000340000-0x0000000000349000-memory.dmp

memory/2612-31-0x0000000010000000-0x000000001000D000-memory.dmp

C:\Windows\SysWOW64\smnss.exe

MD5 b40d57bdcbe6c7ee91d8ed76b56a92fa
SHA1 46c9e7129a045bce4dbf22f3a19b1fc38d23459f
SHA256 b56993c0f5eace9f61ed12d1af74078475a8688ef3ba8129390e68f0845724c8
SHA512 e7501bcadf0f0124dea7494866f3d0ac18d81c7cd49d516d519f6c49dfd3087903abb1bfeb8796fc7784477f87a1582f436f60a5306e070f9fb3c0ef812f0d9f

memory/2540-35-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2540-39-0x0000000010000000-0x000000001000D000-memory.dmp

C:\Windows\SysWOW64\satornas.dll

MD5 5d61738be3682051b12ebab04f22dd1f
SHA1 71732aebb8f9e2dc7444e833ea161447b746b4b6
SHA256 82f8ea932719e2120798ab38192ac0b6f7e88020c9a8c3c8ea05566b89da162f
SHA512 48c925527a3f2aa28d0b8d3f11e38e930bf6e4c71507daf7c2f8bebbad31ed3e1ab89fb82a59048f1a06949bd13615efbc70341d7ccf1b8b220f936b8f0185b9

memory/2540-41-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2540-42-0x0000000010000000-0x000000001000D000-memory.dmp

memory/2540-46-0x0000000000400000-0x000000000041F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 23:41

Reported

2024-04-07 23:43

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt C:\Windows\SysWOW64\smnss.exe N/A

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\ctfmen.exe N/A
N/A N/A C:\Windows\SysWOW64\smnss.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen = "C:\\Windows\\system32\\ctfmen.exe" C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen = "C:\\Windows\\system32\\ctfmen.exe" C:\Windows\SysWOW64\smnss.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\smnss.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\smnss.exe N/A

Maps connected drives based on registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\smnss.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\1 C:\Windows\SysWOW64\smnss.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\1 C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\smnss.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\grcopy.dll C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
File opened for modification C:\Windows\SysWOW64\shervans.dll C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\Amd64\MSMPS.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\AppxProvisioning.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\Amd64\V3HostingFilter-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\I386\unishare-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\Amd64\MSPWGR-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\Amd64\MSMPS-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\Amd64\MSIPP.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\icsxml\potscfg.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\tcpbidi.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\wbem\xsl-mappings.xml C:\Windows\SysWOW64\smnss.exe N/A
File created C:\Windows\SysWOW64\smnss.exe C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
File opened for modification C:\Windows\SysWOW64\satornas.dll C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\MPDW_devmode_map.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File created C:\Windows\SysWOW64\satornas.dll C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\Amd64\unishare3d-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\Amd64\MSECP.xml C:\Windows\SysWOW64\smnss.exe N/A
File created C:\Windows\SysWOW64\ctfmen.exe C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
File created C:\Windows\SysWOW64\smnss.exe C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\MPDW-PDC.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\icsxml\osinfo.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\Speech_OneCore\Common\en-US\tokens_TTS_en-US.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\ctfmen.exe C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
File created C:\Windows\SysWOW64\shervans.dll C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
File created C:\Windows\SysWOW64\grcopy.dll C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\Amd64\unishare-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\Amd64\MSECP-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\wsmanconfig_schema.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\Amd64\MSAppMon.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\icsxml\cmnicfg.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\IME\IMEJP\APPLETS\IMJPCLST.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\Recovery\ReAgent.xml C:\Windows\SysWOW64\smnss.exe N/A
File created C:\Windows\SysWOW64\zipfi.dll C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\MPDW-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\Amd64\MSAppMon-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\F12\Timeline.cpu.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\icsxml\ipcfg.xml C:\Windows\SysWOW64\smnss.exe N/A
File created C:\Windows\SysWOW64\zipfiaq.dll C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms004.inf_amd64_c28ee88ec1bd4178\Amd64\unisharev4-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\Amd64\MSXPS2.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\Amd64\MSIPP-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\icsxml\pppcfg.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\MXDW-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\MSxpsPCL6-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\SendToOneNote-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\Amd64\MSPassthrough-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\Amd64\MSPWGR.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\Speech_OneCore\Common\en-US\Tokens_SR_en-US-N.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\Speech_OneCore\Common\en-US\tokens_TTS_en-US_david.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsCodecsRaw.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\MSxpsPS-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\MSxpsXPS-pipelineconfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_6066bc96a5f28b44\tsprint-PipelineConfig.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\NdfEventView.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SysWOW64\Speech_OneCore\Common\tokens.xml C:\Windows\SysWOW64\smnss.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\bootstrap.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_2019.430.2026.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\StoreRating\StoreRatingRules.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\manifests\BuiltinClassNotebook.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\WINWORD.VisualElementsManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Client.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lv.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN082.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eu.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\bootstrap.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\AppxManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ext.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.513.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ta.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL096.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL108.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\_Resources\index.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\en-us\View3d\3DViewerProductDescription-universal.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\manifests\BuiltinResearcher.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN096.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\nb-NO\View3d\3DViewerProductDescription-universal.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL103.XML C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceYi.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.1813.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lij.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Third Party Notices.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kab.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\AppCore\Location\Shifter\Relicensing Statement.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml C:\Windows\SysWOW64\smnss.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\PLA\Rules\en-US\Rules.System.CPU.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\MicrosoftOffice2016Win32.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-o..ctionflow.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_4d3bd653a974d501\r\AppxManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-o..documents.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f733914287b80b36\oobe_learn_more_activity_history.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_9a7ce02ef73966bb\Report.System.Disk.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_8a8440f738abd1b9\connectionmanager_dmr.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobe-light-progress-template.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\tokens_frCA.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b4fc93ef208f3edb\403-14.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_9f248a35f7c12459\406.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_9a7ce02ef73966bb\Rules.System.Diagnostics.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-waasmedic_31bf3856ad364e35_10.0.19041.1165_none_a82485b8f343811f\f\ceb497ee0184aaa4681d2fb2ef242a5b8551eea8.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-iana-tzdb-timezones_31bf3856ad364e35_10.0.19041.1081_none_7844725cf8ddff9b\r\timezones.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.19041.1_none_11b2da2074e7d6e4\Error.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\diagnostics\index\PowerDiagnostic.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\PLA\Rules\es-ES\Rules.System.Network.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\ErrorPages\pdferrorofflineaccessdenied.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\oobeeula-hololens.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\tokens_jaJP.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_9f248a35f7c12459\403.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft.processmitigations.commands_31bf3856ad364e35_10.0.19041.662_none_2a8c125210169f86\f\Microsoft.ProcessMitigations.Commands.dll-Help.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Loading.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\speech\1009\tokens_enCA.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxsetup_31bf3856ad364e35_10.0.19041.1_none_7abe2d33f207c2d5\AppxManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\404-14.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_9f248a35f7c12459\403-6.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..iencehost.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_fb71c64c36f7dd93\AppxManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-x..ectdialog.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_fe2a3fc32038c1d1\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\oobe-button-template.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\speech\0809\tokens_enGB.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobehello-main.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\roamingDisambiguation.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..iencehost.appxsetup_31bf3856ad364e35_10.0.19041.1_none_3c8b1d422130f806\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..e.desktop.searchapp_31bf3856ad364e35_10.0.19041.1_none_43fe9f4e368e081f\28.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\PLA\Reports\it-IT\Report.System.NetDiagFramework.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-management-oobe_31bf3856ad364e35_10.0.19041.207_none_504b6becabbef9fe\autopilotespprogress-main.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-o..documents.resources_31bf3856ad364e35_10.0.19041.1_en-us_c863490bca720bd6\oobe_learn_more_activity_history.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.19041.423_none_204af7ff19532470\tokens_enGB.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.746_none_afaafac6b02c16fa\ja-jp-sym.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.746_none_afaafac6b02c16fa\symbols.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\PLA\Reports\fr-FR\Report.System.Summary.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\es-ES\assets\ErrorPages\servbusy.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ialoghost.appxsetup_31bf3856ad364e35_10.0.19041.1_none_98303264c7bf3dbf\AppxManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\unknownprotocol.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\PLA\Reports\ja-JP\Report.System.Configuration.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\BingConfiguration\BingConfiguration_en-IN.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-b..nrollment.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_3bef52e9f4b5e3b0\AppxManifest.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\502.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_it-it_2fceb6f1060351fa\startfresh.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_10.0.19041.1_none_f59d207965b1bbc3\ipsdan.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\oobe-retaildemo-exit-dialog-template.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_9f248a35f7c12459\403-2.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_414a0942eadc3634\403-19.htm C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..iondialog.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_5f1081b1c1cd1c92\f\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\PLA\Reports\es-ES\Report.System.Summary.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\cache\Desktop\9.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobewelcome-main.html C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_10.0.19041.1_de-de_ceb289e251ed179c\default.help.txt C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..defaultassociations_31bf3856ad364e35_10.0.19041.964_none_983b357fe6dfa2bf\f\OEMDefaultAssociations.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\x86_netfx4-ngenassemblyexclusionclient_31bf3856ad364e35_4.0.19041.1_none_1220d64f604b7fe4\clientexclusionlist.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\speech\040c\tokens_frFR.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-b..nrollment.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_3bef52e9f4b5e3b0\AppxBlockMap.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\Ftp_schema.xml C:\Windows\SysWOW64\smnss.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0e2f6adb2cec6f62\Rules.System.Network.xml C:\Windows\SysWOW64\smnss.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\ = "C:\\Windows\\SysWow64\\shervans.dll" C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\ = "C:\\Windows\\SysWow64\\shervans.dll" C:\Windows\SysWOW64\smnss.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\smnss.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe

"C:\Users\Admin\AppData\Local\Temp\98314be4825f2c7d10644a2cdeccdcd8191690dbfdb514f3f9635ba31a075866.exe"

C:\Windows\SysWOW64\ctfmen.exe

ctfmen.exe

C:\Windows\SysWOW64\smnss.exe

C:\Windows\system32\smnss.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 99.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 qanrmqnprn.info udp
US 8.8.8.8:53 mqprparnws.in udp
US 8.8.8.8:53 arnqarwmsn.com udp
US 8.8.8.8:53 hqqhmeqhes.net udp
US 8.8.8.8:53 phhpqhqaqh.in udp
NL 34.91.32.224:80 phhpqhqaqh.in tcp
US 8.8.8.8:53 sanppqeqsa.biz udp
US 8.8.8.8:53 aawemqshra.com udp
US 8.8.8.8:53 224.32.91.34.in-addr.arpa udp
US 8.8.8.8:53 mhwqeramar.in udp
US 8.8.8.8:53 nqrwnmsmpn.us udp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 alumni.caltech.edu udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 cs.stanford.edu udp
US 52.101.42.10:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 acm.org udp
US 8.8.8.8:53 mail.mailroute.net udp
US 199.89.3.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 eqmmrhsmsh.ws udp
US 64.70.19.203:80 eqmmrhsmsh.ws tcp
US 8.8.8.8:53 paqhmsphpn.in udp
US 8.8.8.8:53 msenmmqrna.in udp
US 8.8.8.8:53 203.19.70.64.in-addr.arpa udp
US 8.8.8.8:53 qpmrpawwhh.info udp
US 8.8.8.8:53 sqmnnsppah.biz udp
US 8.8.8.8:53 rpnraaswhh.org udp
US 8.8.8.8:53 wpweweaeea.in udp
US 8.8.8.8:53 qapsramhma.info udp
US 8.8.8.8:53 epqwhmwswa.ws udp
US 64.70.19.203:80 epqwhmwswa.ws tcp
US 8.8.8.8:53 aarrnepnsh.com udp
US 8.8.8.8:53 smmrhhpwms.biz udp
US 8.8.8.8:53 ahmqsnmwnh.com udp
US 8.8.8.8:53 eremwwqwah.ws udp
US 64.70.19.203:80 eremwwqwah.ws tcp
US 8.8.8.8:53 aasanwwrqn.com udp
US 8.8.8.8:53 hrnnsmsnen.net udp
US 8.8.8.8:53 amhamsmsms.com udp
US 8.8.8.8:53 snamnqweea.biz udp
US 8.8.8.8:53 ppqerwwwah.in udp
US 8.8.8.8:53 ewssqsrana.ws udp
US 64.70.19.203:80 ewssqsrana.ws tcp
US 8.8.8.8:53 amqmehqmqs.com udp
US 8.8.8.8:53 epwqnrwqhn.ws udp
US 64.70.19.203:80 epwqnrwqhn.ws tcp
US 8.8.8.8:53 qewsmsmmma.info udp
US 8.8.8.8:53 mwhrnpahps.in udp
US 8.8.8.8:53 peheespqpn.in udp
US 8.8.8.8:53 hsrwhqhqrh.net udp
US 8.8.8.8:53 nsspmqhphs.us udp
US 8.8.8.8:53 hrerqrqnrh.net udp
US 8.8.8.8:53 rhprmaqaph.org udp
US 8.8.8.8:53 wsahqpnqnn.in udp
US 8.8.8.8:53 aqqrqmwrns.com udp
US 8.8.8.8:53 wnahsmsqsr.in udp
US 34.162.170.92:80 wnahsmsqsr.in tcp
US 8.8.8.8:53 gmail.com udp
US 8.8.8.8:53 alt1.gmail-smtp-in.l.google.com udp
NL 142.250.153.26:25 alt1.gmail-smtp-in.l.google.com tcp
NL 142.250.153.26:25 alt1.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx.l.google.com udp
BE 74.125.133.26:25 aspmx.l.google.com tcp
US 8.8.8.8:53 rhenpharsh.org udp
US 8.8.8.8:53 92.170.162.34.in-addr.arpa udp
US 8.8.8.8:53 enmphsmqra.ws udp
US 64.70.19.203:80 enmphsmqra.ws tcp
NL 142.250.153.26:25 alt1.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 nshaesmawa.us udp
US 8.8.8.8:53 eerrnsamqa.ws udp
US 64.70.19.203:80 eerrnsamqa.ws tcp
US 8.8.8.8:53 rhnnrhrqwn.org udp
US 8.8.8.8:53 spnshqnrhh.biz udp
US 8.8.8.8:53 pnarrsphra.in udp
US 8.8.8.8:53 mhmaphewaa.in udp
US 8.8.8.8:53 repwapqmns.org udp
US 8.8.8.8:53 wmenmrprss.in udp
US 8.8.8.8:53 wnshehamhh.in udp
US 8.8.8.8:53 remrpqpseh.org udp
US 8.8.8.8:53 hwnppemeea.net udp
US 8.8.8.8:53 pnaqheqnsa.in udp
US 8.8.8.8:53 mwhnpqrmrn.in udp
US 8.8.8.8:53 pwramqmsms.in udp
US 8.8.8.8:53 hmamsmwhar.net udp
US 8.8.8.8:53 pqshhpemrn.in udp
US 8.8.8.8:53 wpqqhhspps.in udp
SG 34.143.166.163:80 wpqqhhspps.in tcp
US 8.8.8.8:53 nqenrpwpeh.us udp
US 8.8.8.8:53 spawwehsrs.biz udp
US 8.8.8.8:53 ppeseaqmms.in udp
US 8.8.8.8:53 msarphnewh.in udp
US 8.8.8.8:53 pwqpewwahh.in udp
US 8.8.8.8:53 hmparqsaqa.net udp
US 8.8.8.8:53 qsqpspspqn.info udp
US 8.8.8.8:53 haearrsqhn.net udp
US 8.8.8.8:53 qnrnwnwaas.info udp
US 8.8.8.8:53 163.166.143.34.in-addr.arpa udp
US 8.8.8.8:53 weaeprawra.in udp
US 8.8.8.8:53 qmhqeesawh.info udp
US 8.8.8.8:53 ssnsphrnws.biz udp
US 8.8.8.8:53 aewrhprres.com udp
NL 77.247.183.155:80 aewrhprres.com tcp
US 8.8.8.8:53 mpehqsqwmn.in udp
US 8.8.8.8:53 rnrmmnpnpn.org udp
US 8.8.8.8:53 mwaaemmnhn.in udp
US 8.8.8.8:53 asnrrsamsa.com udp
NL 212.32.237.91:80 asnrrsamsa.com tcp
US 8.8.8.8:53 155.183.247.77.in-addr.arpa udp
NL 142.250.153.26:25 alt1.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 2.1.0 udp
US 8.8.8.8:53 4.0.1 udp
US 8.8.8.8:53 nocorp.me udp
US 8.8.8.8:53 in1-smtp.messagingengine.com udp
US 103.168.172.218:25 in1-smtp.messagingengine.com tcp
NL 142.250.153.26:25 alt1.gmail-smtp-in.l.google.com tcp
NL 142.250.153.26:25 alt1.gmail-smtp-in.l.google.com tcp
NL 142.250.153.26:25 alt1.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
NL 52.101.73.25:25 outlook-com.olc.protection.outlook.com tcp
NL 142.250.153.26:25 alt1.gmail-smtp-in.l.google.com tcp
NL 142.250.153.26:25 alt1.gmail-smtp-in.l.google.com tcp
NL 142.250.153.26:25 alt1.gmail-smtp-in.l.google.com tcp
NL 142.250.153.26:25 alt1.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
NL 142.250.153.26:25 alt1.gmail-smtp-in.l.google.com tcp
NL 142.250.153.26:25 alt1.gmail-smtp-in.l.google.com tcp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 gmail-smtp-in.l.google.com udp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
NL 142.250.153.27:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.9.21:25 alumni-caltech-edu.mail.protection.outlook.com tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 coin.mpg udp
US 8.8.8.8:53 apple.com udp
US 8.8.8.8:53 mx-in-rno.apple.com udp
US 17.179.253.242:25 mx-in-rno.apple.com tcp
US 8.8.8.8:53 pobox.com udp
US 8.8.8.8:53 pb-mx14.pobox.com udp
US 64.147.108.55:25 pb-mx14.pobox.com tcp
US 8.8.8.8:53 whmrraawha.in udp
US 8.8.8.8:53 qmsaspnsna.info udp
US 8.8.8.8:53 hnehqqwwrs.net udp
US 8.8.8.8:53 qppamspwhs.info udp
US 8.8.8.8:53 weeqshswms.in udp
US 8.8.8.8:53 aanparshnh.com udp
NL 77.247.183.149:80 aanparshnh.com tcp
US 8.8.8.8:53 hpeqherars.net udp
US 8.8.8.8:53 nnhhneqnrh.us udp
US 8.8.8.8:53 saanqmaqpn.biz udp
US 8.8.8.8:53 armahmrsaa.com udp
US 8.8.8.8:53 wqahhaqenh.in udp
US 8.8.8.8:53 aharwhphnh.com udp
NL 212.32.237.90:80 aharwhphnh.com tcp
US 8.8.8.8:53 149.183.247.77.in-addr.arpa udp
US 8.8.8.8:53 mnrepmepar.in udp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
SG 34.143.166.163:80 mnrepmepar.in tcp
US 8.8.8.8:53 in2-smtp.messagingengine.com udp
US 64.147.123.51:25 in2-smtp.messagingengine.com tcp
US 8.8.8.8:53 90.237.32.212.in-addr.arpa udp
US 8.8.8.8:53 apqhwmnqrh.com udp
US 8.8.8.8:53 mehsnsamha.in udp
US 8.8.8.8:53 qqpqwehwah.info udp
US 8.8.8.8:53 sqmswpnqws.biz udp
US 8.8.8.8:53 pqarnhhhhn.in udp
US 8.8.8.8:53 hqepnmqewn.net udp
US 8.8.8.8:53 rsrsemnren.org udp
NL 77.247.183.150:80 rsrsemnren.org tcp
US 8.8.8.8:53 spewqmspma.biz udp
US 8.8.8.8:53 rahhhqwqqa.org udp
US 8.8.8.8:53 empewsqsqa.ws udp
US 64.70.19.203:80 empewsqsqa.ws tcp
US 8.8.8.8:53 150.183.247.77.in-addr.arpa udp
US 8.8.8.8:53 pmnrrneaah.in udp
US 8.8.8.8:53 netcom.com udp
US 8.8.8.8:53 mnwsnarssr.in udp
US 8.8.8.8:53 mx01.earthlink-vadesecure.net udp
US 8.8.8.8:53 northcoast.com udp
US 8.8.8.8:53 rrpnmeawrs.org udp
US 51.81.61.70:25 mx01.earthlink-vadesecure.net tcp
US 8.8.8.8:53 cl.cam.ac.uk udp
US 8.8.8.8:53 sermsqqqna.biz udp
US 8.8.8.8:53 mx.cam.ac.uk udp
US 8.8.8.8:53 src.dec.com udp
US 8.8.8.8:53 mxb-00377f03.gslb.pphosted.com udp
US 8.8.8.8:53 rsqsepmwas.org udp
GB 131.111.8.148:25 mx.cam.ac.uk tcp
US 8.8.8.8:53 mqpppnhaes.in udp
US 8.8.8.8:53 aqmrnawpan.com udp
US 8.8.8.8:53 wrnwernreh.in udp
US 205.220.164.130:25 mxb-00377f03.gslb.pphosted.com tcp
US 8.8.8.8:53 aeaqmpsaqa.com udp
US 8.8.8.8:53 whwsqnemsn.in udp
US 8.8.8.8:53 rqeaqeewas.org udp
US 8.8.8.8:53 wqpaamhwrs.in udp
US 8.8.8.8:53 reaaheeara.org udp
US 8.8.8.8:53 mnaahmqpqs.in udp
US 8.8.8.8:53 rrhaerswna.org udp
US 8.8.8.8:53 wnhrrnhran.in udp
US 8.8.8.8:53 resrnrrmnn.org udp
US 8.8.8.8:53 mannheraph.in udp
US 8.8.8.8:53 pqnqqqrpmh.in udp
US 8.8.8.8:53 smprehnwhs.biz udp
US 8.8.8.8:53 rhwnqwwnah.org udp
US 8.8.8.8:53 srsersmhsa.biz udp
SG 34.143.245.173:80 srsersmhsa.biz tcp
US 8.8.8.8:53 neshnhhwss.us udp
US 8.8.8.8:53 mswapwrnan.in udp
US 8.8.8.8:53 ahsppnhrmh.com udp
US 8.8.8.8:53 wmamewnnea.in udp
US 8.8.8.8:53 nhwwheearh.us udp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 msqepwamwn.in udp
US 8.8.8.8:53 pmmpmshmsr.in udp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 mahwmwnrmn.in udp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 aaawpshran.com udp
NL 77.247.183.152:80 aaawpshran.com tcp
US 8.8.8.8:53 smmmwrsqhs.biz udp
US 8.8.8.8:53 pweenawwra.in udp
US 8.8.8.8:53 sqepwsanpn.biz udp
US 8.8.8.8:53 qseerensns.info udp
US 8.8.8.8:53 hnhsehnhpa.net udp
US 8.8.8.8:53 psswwrmraa.in udp
US 8.8.8.8:53 hwhnrpesma.net udp
US 8.8.8.8:53 173.245.143.34.in-addr.arpa udp
US 8.8.8.8:53 152.183.247.77.in-addr.arpa udp
US 8.8.8.8:53 qmqspqnhwa.info udp
US 8.8.8.8:53 shprahaqrh.biz udp
US 8.8.8.8:53 rmmamheshh.org udp
US 8.8.8.8:53 ennmqsmqna.ws udp
US 64.70.19.203:80 ennmqsmqna.ws tcp
US 8.8.8.8:53 theriver.com udp
US 8.8.8.8:53 bryson.demon.co.uk udp
US 8.8.8.8:53 onlineconnections.com.au udp
US 8.8.8.8:53 openoffice.org udp
US 8.8.8.8:53 ismtp.sitestar.everyone.net udp
US 8.8.8.8:53 onlineconnections.com.au udp
US 8.8.8.8:53 mx1-lw-eu.apache.org udp
US 192.254.190.168:25 onlineconnections.com.au tcp
US 8.8.8.8:53 mx2-lw-us.apache.org udp
US 8.8.8.8:53 mx2-lw-eu.apache.org udp
US 8.8.8.8:53 qseahwrsps.info udp
US 64.29.151.236:25 ismtp.sitestar.everyone.net tcp
US 8.8.8.8:53 mx1-lw-us.apache.org udp
US 8.8.8.8:53 ehrawpsrms.ws udp
US 64.70.19.203:80 ehrawpsrms.ws tcp
US 8.8.8.8:53 naspqmsmeh.us udp
US 8.8.8.8:53 wwnmhhenpa.in udp
US 8.8.8.8:53 qmrmswrran.info udp
US 8.8.8.8:53 wqeasppnas.in udp
US 8.8.8.8:53 awhhsqness.com udp
US 8.8.8.8:53 eqprsrnprs.ws udp
US 64.70.19.203:80 eqprsrnprs.ws tcp
US 8.8.8.8:53 aaesrmawah.com udp
NL 212.32.237.90:80 aaesrmawah.com tcp
US 8.8.8.8:53 wnaampsmna.in udp
US 8.8.8.8:53 qpnphqawmh.info udp
US 8.8.8.8:53 hmqrapnpsh.net udp
US 8.8.8.8:53 aqsnaasemh.com udp
US 8.8.8.8:53 haswmnsqah.net udp
US 8.8.8.8:53 aeaqnwmhes.com udp
US 8.8.8.8:53 mqsnrenerh.in udp
US 8.8.8.8:53 nspseanhrs.us udp
US 8.8.8.8:53 haaahpspqs.net udp
US 8.8.8.8:53 qppqsasahn.info udp
US 8.8.8.8:53 mnnhnhahmh.in udp
US 8.8.8.8:53 nwrrpeshhn.us udp
US 8.8.8.8:53 wqsrephqms.in udp
US 8.8.8.8:53 nprhssnrmn.us udp
US 8.8.8.8:53 eqnhphnqms.ws udp
US 64.70.19.203:80 eqnhphnqms.ws tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 neqanhanwn.us udp
SG 34.143.166.163:80 neqanhanwn.us tcp
US 8.8.8.8:53 smrnnmaqra.biz udp
US 8.8.8.8:53 nnnrpsanwh.us udp
US 8.8.8.8:53 wharrewhpn.in udp
US 8.8.8.8:53 qhhnpesehs.info udp
US 8.8.8.8:53 mesrphwwas.in udp
US 8.8.8.8:53 awmmprseha.com udp
US 8.8.8.8:53 weaamsqssa.in udp
US 8.8.8.8:53 rqeaqsqpsr.org udp
US 8.8.8.8:53 wrmqnnrqmh.in udp
US 8.8.8.8:53 npmpsewraa.us udp
US 8.8.8.8:53 whqrmqmnrs.in udp
US 8.8.8.8:53 nwqsnneawh.us udp
US 8.8.8.8:53 smwrehrsph.biz udp
US 8.8.8.8:53 qrmhwrwwmn.info udp
US 8.8.8.8:53 sprpmpqasn.biz udp
US 8.8.8.8:53 apmeppqwqh.com udp
US 8.8.8.8:53 wqpeaenphs.in udp
US 8.8.8.8:53 awqqrwmwsh.com udp
US 8.8.8.8:53 erphseshhh.ws udp
US 64.70.19.203:80 erphseshhh.ws tcp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 nongnu.org udp
US 52.101.40.2:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 eggs.gnu.org udp
US 8.8.8.8:53 nmerqanann.us udp
US 209.51.188.92:25 eggs.gnu.org tcp
US 209.51.188.92:25 eggs.gnu.org tcp
US 8.8.8.8:53 hpswpmhqah.net udp
US 8.8.8.8:53 psqesnmpph.in udp
US 8.8.8.8:53 hwnwwhmapa.net udp
US 8.8.8.8:53 nerrawwees.us udp
US 8.8.8.8:53 smqnsaanqs.biz udp
US 8.8.8.8:53 pehawnswha.in udp
US 8.8.8.8:53 wsmsannrsr.in udp
US 8.8.8.8:53 pnmhpsaqwn.in udp
US 8.8.8.8:53 wpraeqahma.in udp
US 8.8.8.8:53 napenhsmha.us udp
US 8.8.8.8:53 manrhhmrsn.in udp
US 8.8.8.8:53 rqsepprwmh.org udp
US 8.8.8.8:53 wnrphnsawn.in udp
US 8.8.8.8:53 npeewrpmsh.us udp
US 8.8.8.8:53 spmpesqama.biz udp
US 8.8.8.8:53 rpwrwpqmrs.org udp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 8.8.8.8:53 smspppawmn.biz udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 pmrqmemawa.in udp
US 8.8.8.8:53 wmphheprha.in udp
US 8.8.8.8:53 prmaahsmqs.in udp
US 8.8.8.8:53 emhmmwaasa.ws udp
US 64.70.19.203:80 emhmmwaasa.ws tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 pehprrmnns.in udp
US 8.8.8.8:53 hwenrqmmmh.net udp
US 8.8.8.8:53 nhamrnqsps.us udp
US 8.8.8.8:53 wpnermpasr.in udp
US 8.8.8.8:53 nnhssqsasr.us udp
US 8.8.8.8:53 mnmrweahpn.in udp
US 8.8.8.8:53 nhseewhaps.us udp
US 8.8.8.8:53 aewnhwwpwa.com udp
US 8.8.8.8:53 snarawppsr.biz udp
US 8.8.8.8:53 qsaqhnrwwn.info udp
US 8.8.8.8:53 swqrheamea.biz udp
US 8.8.8.8:53 aeaqppqhqs.com udp
US 8.8.8.8:53 mpnssapaws.in udp
US 8.8.8.8:53 rnehrmnwqa.org udp
US 8.8.8.8:53 wnnqnrwqea.in udp
US 8.8.8.8:53 wwaqpenhnn.in udp
US 8.8.8.8:53 rnrnqqawqs.org udp
US 8.8.8.8:53 mmmphaeann.in udp
US 8.8.8.8:53 aweqaesrms.com udp
US 8.8.8.8:53 hswwqmmseh.net udp
US 8.8.8.8:53 qhqqqnerss.info udp
US 8.8.8.8:53 wnnempshra.in udp
US 8.8.8.8:53 qnhwpqaans.info udp
US 8.8.8.8:53 mpmhhhprnn.in udp
US 8.8.8.8:53 qhwqwrpwnn.info udp
US 8.8.8.8:53 mhaewrqnps.in udp
US 8.8.8.8:53 psqeppnaha.in udp
US 8.8.8.8:53 maanhsqens.in udp
US 8.8.8.8:53 qsspraneas.info udp
US 8.8.8.8:53 msprmhpesa.in udp
US 8.8.8.8:53 nrmwqewpnn.us udp
US 8.8.8.8:53 sphpehqmsh.biz udp
US 8.8.8.8:53 nwrrsharmn.us udp
US 8.8.8.8:53 wnhpqrweas.in udp
US 8.8.8.8:53 rmmwpwhapn.org udp
US 8.8.8.8:53 hharwnqhha.net udp
US 8.8.8.8:53 rrqmmwahna.org udp
US 8.8.8.8:53 ssapaqsepa.biz udp
US 8.8.8.8:53 qqewasnrnr.info udp
US 8.8.8.8:53 mnpsepswhs.in udp
US 8.8.8.8:53 kinoho.net udp
US 8.8.8.8:53 rammaswpsh.org udp
NL 142.250.153.27:25 alt1.aspmx.l.google.com tcp
NL 142.250.153.26:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 ssmrnmspws.biz udp
US 8.8.8.8:53 riseup.net udp
US 8.8.8.8:53 resmarqarn.org udp
US 8.8.8.8:53 mx1.riseup.net udp
NL 142.250.153.26:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 mapasaqear.in udp
US 198.252.153.129:25 mx1.riseup.net tcp
US 8.8.8.8:53 qsepnwpmna.info udp
US 8.8.8.8:53 eshmhnprpa.ws udp
US 64.70.19.203:80 eshmhnprpa.ws tcp
US 8.8.8.8:53 qrrmswemps.info udp
US 8.8.8.8:53 hhsmeanamh.net udp
US 8.8.8.8:53 qeraempash.info udp
US 8.8.8.8:53 wrpeasspnn.in udp
US 8.8.8.8:53 amqwpwewrs.com udp
US 8.8.8.8:53 hewamrprrs.net udp
US 8.8.8.8:53 nsneerhwrs.us udp
US 8.8.8.8:53 wphhpmahqs.in udp
US 8.8.8.8:53 nqrreahqrh.us udp
US 8.8.8.8:53 hhwhmwmaws.net udp
US 8.8.8.8:53 rphpaspqar.org udp
US 8.8.8.8:53 hrwswapann.net udp
US 8.8.8.8:53 awharshhrh.com udp
US 8.8.8.8:53 sqmmqqssea.biz udp
US 8.8.8.8:53 rrnpamehwa.org udp
US 8.8.8.8:53 ehnwnaqnss.ws udp
US 64.70.19.203:80 ehnwnaqnss.ws tcp
US 8.8.8.8:53 alt4.gmail-smtp-in.l.google.com udp
SG 74.125.200.27:25 alt4.gmail-smtp-in.l.google.com tcp
SG 74.125.200.27:25 alt4.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
NL 142.251.9.26:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 rwmswamheh.org udp
US 8.8.8.8:53 wwaprrwnwa.in udp
US 8.8.8.8:53 rrseshrqsn.org udp
US 8.8.8.8:53 hqremeeheh.net udp
SG 74.125.200.27:25 alt4.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 aspamphaqh.com udp
NL 212.32.237.90:80 aspamphaqh.com tcp
US 8.8.8.8:53 wereqmsnwh.in udp
US 8.8.8.8:53 nwspmnannr.us udp
US 8.8.8.8:53 swwmpphesa.biz udp
US 8.8.8.8:53 peerrrehen.in udp
US 8.8.8.8:53 sreeshwpmh.biz udp
US 8.8.8.8:53 rnnnpannna.org udp
US 8.8.8.8:53 emqewenpsh.ws udp
US 64.70.19.203:80 emqewenpsh.ws tcp
US 8.8.8.8:53 penpnnehwa.in udp
US 8.8.8.8:53 mnwqmqhrsh.in udp
US 8.8.8.8:53 qhnhqesmnn.info udp
US 8.8.8.8:53 wnnnqwpeea.in udp
US 8.8.8.8:53 rmpmspqhph.org udp
US 8.8.8.8:53 mrwpmwnnra.in udp
US 8.8.8.8:53 nwaahharmh.us udp
US 8.8.8.8:53 meseewppah.in udp
US 8.8.8.8:53 rswnmhhsrh.org udp
US 8.8.8.8:53 ersaenrnwh.ws udp
US 64.70.19.203:80 ersaenrnwh.ws tcp
US 8.8.8.8:53 mx-in-mdn.apple.com udp
US 17.32.222.242:25 mx-in-mdn.apple.com tcp
US 8.8.8.8:53 pb-mx20.pobox.com udp
US 8.8.8.8:53 wnarpnqaqh.in udp
US 173.228.157.39:25 pb-mx20.pobox.com tcp
US 8.8.8.8:53 mail.ru udp
US 8.8.8.8:53 rmqsrpsqes.org udp
US 8.8.8.8:53 mxs.mail.ru udp
US 8.8.8.8:53 bog.msu.ru udp
US 8.8.8.8:53 henwwsahhh.net udp
RU 94.100.180.31:25 mxs.mail.ru tcp
US 8.8.8.8:53 ansenhrann.com udp
US 8.8.8.8:53 wpaeaapwhh.in udp
US 8.8.8.8:53 rshesmeshs.org udp
US 8.8.8.8:53 wsnnneaqws.in udp
US 8.8.8.8:53 rnsmmparph.org udp
US 8.8.8.8:53 hnemspmeaa.net udp
US 8.8.8.8:53 ahqnaqpwps.com udp
US 8.8.8.8:53 sasspmseas.biz udp
US 8.8.8.8:53 arqsarmwna.com udp
US 8.8.8.8:53 eernsaepaa.ws udp
US 64.70.19.203:80 eernsaepaa.ws tcp
US 8.8.8.8:53 qpwsqahpaa.info udp
US 8.8.8.8:53 whhanasrsa.in udp
US 8.8.8.8:53 aqpanwnraa.com udp
US 8.8.8.8:53 wrshrprwrh.in udp
US 8.8.8.8:53 rhmwsseqea.org udp
US 8.8.8.8:53 enwqmeawna.ws udp
US 64.70.19.203:80 enwqmeawna.ws tcp
US 8.8.8.8:53 pnhhenwapn.in udp
US 8.8.8.8:53 eepswnahha.ws udp
US 64.70.19.203:80 eepswnahha.ws tcp
SG 74.125.200.27:25 alt4.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 qpmsqhrrph.info udp
US 8.8.8.8:53 srppwarhna.biz udp
US 8.8.8.8:53 annsqehena.com udp
US 8.8.8.8:53 emhsphwesn.ws udp
US 64.70.19.203:80 emhsphwesn.ws tcp
US 8.8.8.8:53 ameeqsrswn.com udp
US 8.8.8.8:53 wmseshpmmn.in udp
US 8.8.8.8:53 rqrmqhmhrn.org udp
US 8.8.8.8:53 eerrwwharh.ws udp
US 64.70.19.203:80 eerrwwharh.ws tcp
US 8.8.8.8:53 nqhaaprhns.us udp
US 8.8.8.8:53 hwrsqmqpra.net udp
US 8.8.8.8:53 areqrwqrrs.com udp
US 8.8.8.8:53 hprhanepes.net udp
US 8.8.8.8:53 rmrrsspwmn.org udp
US 8.8.8.8:53 hwwpqshqsh.net udp
US 8.8.8.8:53 anwqphnwsr.com udp
US 8.8.8.8:53 emppqmsmeh.ws udp
US 64.70.19.203:80 emppqmsmeh.ws tcp
US 8.8.8.8:53 naqwahersn.us udp
US 8.8.8.8:53 mx02.earthlink-vadesecure.net udp
US 8.8.8.8:53 mrnaepehws.in udp
US 51.81.61.71:25 mx02.earthlink-vadesecure.net tcp
US 8.8.8.8:53 apmapqesma.com udp
US 8.8.8.8:53 msaphmnwqn.in udp
US 8.8.8.8:53 asmseshqqh.com udp
US 8.8.8.8:53 enweeeamwn.ws udp
US 64.70.19.203:80 enweeeamwn.ws tcp
US 8.8.8.8:53 mxb-00377f01.gslb.pphosted.com udp
NL 185.183.28.235:25 mxb-00377f01.gslb.pphosted.com tcp
US 8.8.8.8:53 nmmwwmapwh.us udp
US 8.8.8.8:53 shnnmahqps.biz udp
US 8.8.8.8:53 nppsaeheqa.us udp
US 8.8.8.8:53 whesepqran.in udp
US 8.8.8.8:53 qmemqhsnnn.info udp
US 8.8.8.8:53 ssqsqrapws.biz udp
US 8.8.8.8:53 qprhhrhems.info udp
US 8.8.8.8:53 eanhsaqhea.ws udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 64.70.19.203:80 eanhsaqhea.ws tcp
US 8.8.8.8:53 appqeqnems.com udp
US 8.8.8.8:53 seswqasrqa.biz udp
US 8.8.8.8:53 qpshhqhwes.info udp
US 8.8.8.8:53 hhpeepnqen.net udp
US 8.8.8.8:53 nsnnpnwaas.us udp
SG 74.125.200.27:25 alt4.gmail-smtp-in.l.google.com tcp
SG 74.125.200.27:25 alt4.gmail-smtp-in.l.google.com tcp
SG 74.125.200.27:25 alt4.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 msprnqrwph.in udp
US 8.8.8.8:53 pwqahwmman.in udp
US 8.8.8.8:53 hmqerwpasr.net udp
US 8.8.8.8:53 rqnamprpen.org udp
US 8.8.8.8:53 hrmsapnrsh.net udp
US 8.8.8.8:53 pmnpresenh.in udp
US 8.8.8.8:53 hewrsrsppn.net udp
US 8.8.8.8:53 rrqeqssnnn.org udp
US 8.8.8.8:53 emsewqmmes.ws udp
US 64.70.19.203:80 emsewqmmes.ws tcp
US 8.8.8.8:53 ahapqmnhas.com udp
US 8.8.8.8:53 mpemmhsqsn.in udp
US 8.8.8.8:53 pqeherrhph.in udp
US 8.8.8.8:53 sharnammaa.biz udp
US 8.8.8.8:53 qamepsmnas.info udp
US 8.8.8.8:53 enrraehrsh.ws udp
US 64.70.19.203:80 enrraehrsh.ws tcp
US 8.8.8.8:53 arewnhrnaa.com udp
US 8.8.8.8:53 ehaqewaqps.ws udp
US 64.70.19.203:80 ehaqewaqps.ws tcp
US 8.8.8.8:53 pesennwhnh.in udp
US 8.8.8.8:53 mrhqqnanah.in udp
US 8.8.8.8:53 nmseqphmhh.us udp
US 8.8.8.8:53 hnnmpsppmh.net udp
US 8.8.8.8:53 qnnwqqppwn.info udp
US 8.8.8.8:53 mpqarnhrnr.in udp
US 8.8.8.8:53 aqrawwnmms.com udp
US 8.8.8.8:53 ehahhnqhss.ws udp
US 64.70.19.203:80 ehahhnqhss.ws tcp
US 8.8.8.8:53 pmmhmqwera.in udp
US 8.8.8.8:53 hmqaqmqspn.net udp
US 8.8.8.8:53 pnmahaespa.in udp
US 8.8.8.8:53 smwwrrrhms.biz udp
US 8.8.8.8:53 pmnwarsrwa.in udp
US 8.8.8.8:53 mappwehqps.in udp
US 8.8.8.8:53 rpqempansh.org udp
US 8.8.8.8:53 hqhmnspaar.net udp
US 8.8.8.8:53 phnwhmnrsn.in udp
US 8.8.8.8:53 hwspeqapnh.net udp
US 8.8.8.8:53 qeqeqaewss.info udp
US 8.8.8.8:53 peanqrsren.in udp
US 8.8.8.8:53 aqnweawssr.com udp
US 8.8.8.8:53 hneamnqahh.net udp
US 8.8.8.8:53 nrmahhweqa.us udp
US 8.8.8.8:53 hwwaprspps.net udp
US 8.8.8.8:53 qhshnrramn.info udp
US 8.8.8.8:53 wpnaaeqnan.in udp
US 8.8.8.8:53 pmpqnarqrs.in udp
US 8.8.8.8:53 snsnnswwws.biz udp
US 8.8.8.8:53 aqnnneqwma.com udp
SG 74.125.200.27:25 alt4.gmail-smtp-in.l.google.com tcp
US 64.70.19.203:80 ehahhnqhss.ws tcp
SG 74.125.200.27:25 alt4.gmail-smtp-in.l.google.com tcp
SG 74.125.200.27:25 alt4.gmail-smtp-in.l.google.com tcp
SG 74.125.200.27:25 alt4.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 qrnaswnssa.info udp
US 8.8.8.8:53 wmwawqmqes.in udp
US 8.8.8.8:53 rqnnwawhsr.org udp
US 8.8.8.8:53 seepaemswn.biz udp
US 8.8.8.8:53 qawhanhsqs.info udp
US 8.8.8.8:53 wwhwanrqas.in udp
US 8.8.8.8:53 nmansrqqqs.us udp
US 8.8.8.8:53 ssnhahnhns.biz udp
US 8.8.8.8:53 qnwehaerrs.info udp
US 8.8.8.8:53 sphwrpeers.biz udp
US 8.8.8.8:53 qsaqsmnsps.info udp
US 8.8.8.8:53 hnawqnhnas.net udp
US 8.8.8.8:53 rwpeewmqqh.org udp
US 8.8.8.8:53 eqaeerwhsa.ws udp
US 64.70.19.203:80 eqaeerwhsa.ws tcp
US 8.8.8.8:53 eewarqnnma.ws udp
US 64.70.19.203:80 eewarqnnma.ws tcp
US 8.8.8.8:53 npennqeqph.us udp
US 8.8.8.8:53 wmmhpanmwn.in udp
US 8.8.8.8:53 rqnnnhnswa.org udp
US 8.8.8.8:53 swranwpqms.biz udp
US 8.8.8.8:53 qnpperpswn.info udp
US 8.8.8.8:53 heewphswhn.net udp
US 8.8.8.8:53 hraqqnspnr.net udp
US 8.8.8.8:53 pesqmansns.in udp
US 8.8.8.8:53 wwpehampsa.in udp
US 8.8.8.8:53 nmhemmwehn.us udp
US 8.8.8.8:53 sshennesha.biz udp
US 8.8.8.8:53 nqhhsaaern.us udp
US 8.8.8.8:53 eamqmmwmqh.ws udp
US 64.70.19.203:80 eamqmmwmqh.ws tcp
US 8.8.8.8:53 qsmnmrwsmh.info udp
US 8.8.8.8:53 mephhnnhea.in udp
US 8.8.8.8:53 awprrphqnh.com udp
US 8.8.8.8:53 wshamwpsas.in udp
US 8.8.8.8:53 rpwmemprph.org udp
US 8.8.8.8:53 esqarawrar.ws udp
US 64.70.19.203:80 esqarawrar.ws tcp
US 8.8.8.8:53 pepprpwpwn.in udp
US 8.8.8.8:53 snhpwpheeh.biz udp
US 8.8.8.8:53 raphrpmhws.org udp
US 8.8.8.8:53 hrrasrhwmh.net udp
US 8.8.8.8:53 psmsmewsra.in udp
US 8.8.8.8:53 enshqmhpnr.ws udp
US 64.70.19.203:80 enshqmhpnr.ws tcp
US 8.8.8.8:53 pppwpqshhn.in udp
US 8.8.8.8:53 wnwmwqhahn.in udp
US 8.8.8.8:53 npnmprmpph.us udp
US 8.8.8.8:53 wmrhsrhqas.in udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 aqnnhnhpah.com udp
US 8.8.8.8:53 mwsprmmhqs.in udp
SG 74.125.200.27:25 alt4.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 nqqrasnwea.us udp
SG 74.125.200.27:25 alt4.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 aqeearhspa.com udp
US 8.8.8.8:53 swarwspmnn.biz udp
US 8.8.8.8:53 aenpwqnewa.com udp
US 8.8.8.8:53 spqwapwnnn.biz udp
US 8.8.8.8:53 qswnmramsn.info udp
US 8.8.8.8:53 wrehrranaa.in udp
US 8.8.8.8:53 amsppahpwa.com udp
US 8.8.8.8:53 snpnaqhrsr.biz udp
US 8.8.8.8:53 aapnwqnhrn.com udp
US 8.8.8.8:53 ewmnqnmwan.ws udp
US 64.70.19.203:80 ewmnqnmwan.ws tcp
US 8.8.8.8:53 weanrnaqwh.in udp
US 8.8.8.8:53 nsawwaphwa.us udp
US 8.8.8.8:53 emwheannhh.ws udp
US 64.70.19.203:80 emwheannhh.ws tcp
US 8.8.8.8:53 epnnrsrarn.ws udp
US 64.70.19.203:80 epnnrsrarn.ws tcp
US 8.8.8.8:53 nwrrwswwws.us udp
US 8.8.8.8:53 esqrnwqsnn.ws udp
US 64.70.19.203:80 esqrnwqsnn.ws tcp
US 8.8.8.8:53 qphemerhas.info udp
US 8.8.8.8:53 hswspwsspa.net udp
US 8.8.8.8:53 apeewqpmpa.com udp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 aspmx3.googlemail.com udp
US 8.8.8.8:53 meqhpmhmea.in udp
NL 142.251.9.27:25 aspmx3.googlemail.com tcp
US 8.8.8.8:53 pmmsqhnmsa.in udp
BE 74.125.71.27:25 gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 hwhpawqeen.net udp
US 8.8.8.8:53 apanmrhshh.com udp
US 8.8.8.8:53 shnhwnewea.biz udp
US 8.8.8.8:53 ampenaanhh.com udp
US 8.8.8.8:53 maaawspars.in udp
US 8.8.8.8:53 ranhpmarar.org udp
US 8.8.8.8:53 emwwrarqha.ws udp
US 64.70.19.203:80 emwwrarqha.ws tcp
US 8.8.8.8:53 qrpepmpsqh.info udp
US 8.8.8.8:53 wewspapnnr.in udp
US 8.8.8.8:53 aqswrhraen.com udp
US 8.8.8.8:53 wpqhmwsrna.in udp
US 8.8.8.8:53 qnqsehaesr.info udp
US 8.8.8.8:53 mpamqpneha.in udp
US 8.8.8.8:53 pqrwawspsn.in udp
US 8.8.8.8:53 wnnmesmsss.in udp
US 8.8.8.8:53 ahrahaqwra.com udp
US 8.8.8.8:53 wssahppnnr.in udp
US 8.8.8.8:53 anhaqwwnqn.com udp
US 8.8.8.8:53 hahnrssrea.net udp
US 8.8.8.8:53 nppanemqas.us udp
US 8.8.8.8:53 hewmeqamwn.net udp
US 8.8.8.8:53 alt3.gmail-smtp-in.l.google.com udp
US 8.8.8.8:53 qeeenerrpa.info udp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 esmpempawa.ws udp
US 8.8.8.8:53 aspmx2.googlemail.com udp
US 64.70.19.203:80 esmpempawa.ws tcp
NL 142.250.153.27:25 aspmx2.googlemail.com tcp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 ahnapewnnr.com udp
US 8.8.8.8:53 mamnwwhnma.in udp
US 8.8.8.8:53 pprqsqhwpn.in udp
US 8.8.8.8:53 shaepneans.biz udp
US 8.8.8.8:53 nrqwnessqs.us udp
US 8.8.8.8:53 wwsanenrmn.in udp
US 8.8.8.8:53 nwheressha.us udp
US 8.8.8.8:53 hprhsmnnws.net udp
US 8.8.8.8:53 rwmqwnsshn.org udp
US 8.8.8.8:53 whneqhpsas.in udp
US 8.8.8.8:53 pnhmahwqqa.in udp
US 8.8.8.8:53 smwhamesen.biz udp
US 8.8.8.8:53 rwrwermwqh.org udp
US 8.8.8.8:53 sarmnsssmh.biz udp
US 8.8.8.8:53 qswwrwqpmh.info udp
US 8.8.8.8:53 eseqrmaenr.ws udp
US 64.70.19.203:80 eseqrmaenr.ws tcp
US 8.8.8.8:53 renwrraqwh.org udp
US 8.8.8.8:53 heawmssmmn.net udp
US 8.8.8.8:53 pnewmrenmh.in udp
US 8.8.8.8:53 wqmawranrs.in udp
US 8.8.8.8:53 qnpahamppa.info udp
US 8.8.8.8:53 wenrpewrns.in udp
US 8.8.8.8:53 rqmsapshhn.org udp
US 8.8.8.8:53 haqnwrwanh.net udp
US 8.8.8.8:53 repwwesnsa.org udp
US 8.8.8.8:53 erqapnnnsa.ws udp
US 64.70.19.203:80 erqapnnnsa.ws tcp
US 8.8.8.8:53 mx-in.g.apple.com udp
NL 17.57.165.2:25 mx-in.g.apple.com tcp
US 8.8.8.8:53 pareqhraws.in udp
US 8.8.8.8:53 wrnsqqsapa.in udp
US 8.8.8.8:53 phsmawqpnr.in udp
US 8.8.8.8:53 mqwhwwhmnh.in udp
US 8.8.8.8:53 ppmshwhmas.in udp
US 8.8.8.8:53 ehaqhwhash.ws udp
US 64.70.19.203:80 ehaqhwhash.ws tcp
US 64.147.108.50:25 pb-mx9.pobox.com tcp
US 8.8.8.8:53 phaqmpewpn.in udp
US 8.8.8.8:53 hsrqnswssh.net udp
US 8.8.8.8:53 prnawersqa.in udp
US 8.8.8.8:53 ehwmnhehps.ws udp
US 64.70.19.203:80 ehwmnhehps.ws tcp
US 8.8.8.8:53 nrrnemnhsh.us udp
US 8.8.8.8:53 easeqasarn.ws udp
US 64.70.19.203:80 easeqasarn.ws tcp
US 8.8.8.8:53 aasmssahqh.com udp
US 8.8.8.8:53 wqphsphnah.in udp
US 8.8.8.8:53 nrsnhnqrwn.us udp
US 8.8.8.8:53 mahpnnnnwa.in udp
US 8.8.8.8:53 newrnpprrn.us udp
US 8.8.8.8:53 espnmpssma.ws udp
US 64.70.19.203:80 espnmpssma.ws tcp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 nnmspempsn.us udp
US 8.8.8.8:53 epsqserasa.ws udp
US 64.70.19.203:80 epsqserasa.ws tcp
US 8.8.8.8:53 pqpqsrqqsh.in udp
US 8.8.8.8:53 shmamphrhh.biz udp
US 8.8.8.8:53 ahpmsahsns.com udp
US 8.8.8.8:53 mawmwpeqaa.in udp
US 8.8.8.8:53 qwmeneshha.info udp
US 8.8.8.8:53 eeqhsaqaar.ws udp
US 64.70.19.203:80 eeqhsaqaar.ws tcp
US 8.8.8.8:53 pensqnwqhn.in udp
US 8.8.8.8:53 enamqnheha.ws udp
US 64.70.19.203:80 enamqnheha.ws tcp
US 8.8.8.8:53 mx03.earthlink-vadesecure.net udp
US 51.81.232.218:25 mx03.earthlink-vadesecure.net tcp
US 8.8.8.8:53 ppmqrneqsn.in udp
US 8.8.8.8:53 wawehaahsr.in udp
US 8.8.8.8:53 pshrpnawen.in udp
US 8.8.8.8:53 mxa-00377f01.gslb.pphosted.com udp
US 8.8.8.8:53 heqshremqa.net udp
US 8.8.8.8:53 nsheqhapms.us udp
NL 185.183.28.235:25 mxa-00377f01.gslb.pphosted.com tcp
US 8.8.8.8:53 haewsaaqqn.net udp
US 8.8.8.8:53 npapaenran.us udp
US 8.8.8.8:53 mpprmpsqpa.in udp
US 8.8.8.8:53 rqhsashwmn.org udp
US 8.8.8.8:53 seqssrraph.biz udp
US 8.8.8.8:53 rhmqehsppa.org udp
US 8.8.8.8:53 sqnsrnemas.biz udp
US 8.8.8.8:53 aanpaeawwn.com udp
US 8.8.8.8:53 smmmrhewws.biz udp
US 8.8.8.8:53 nqhqqhrqps.us udp
US 8.8.8.8:53 mnwwnewear.in udp
US 8.8.8.8:53 rqwppsrasr.org udp
US 8.8.8.8:53 ewnsmprwhn.ws udp
US 64.70.19.203:80 ewnsmprwhn.ws tcp
US 8.8.8.8:53 pwqsnampra.in udp
US 8.8.8.8:53 wemsweenhh.in udp
US 8.8.8.8:53 aparnqamah.com udp
US 8.8.8.8:53 mhqahpwnra.in udp
US 8.8.8.8:53 qnpwhpeqsa.info udp
US 8.8.8.8:53 neaqnrsqsn.us udp
US 8.8.8.8:53 wphphsphqa.in udp
US 8.8.8.8:53 qrawsqaqhs.info udp
US 8.8.8.8:53 hsqhrewmpn.net udp
US 8.8.8.8:53 prpmpnswns.in udp
US 8.8.8.8:53 wppnssqsah.in udp
US 8.8.8.8:53 qampamrera.info udp
US 8.8.8.8:53 wwwssrshns.in udp
US 8.8.8.8:53 nmnsrempqh.us udp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 hpahmaqrmh.net udp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 awqaawwapa.com udp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 wwnphpphen.in udp
US 8.8.8.8:53 aprnwrarwa.com udp
US 8.8.8.8:53 ssepaphsqa.biz udp
US 8.8.8.8:53 ahsnaranma.com udp
US 8.8.8.8:53 mpaammrehs.in udp
US 8.8.8.8:53 rqwesqasar.org udp
US 8.8.8.8:53 msrppaswra.in udp
US 8.8.8.8:53 npsnrhammn.us udp
US 8.8.8.8:53 mnnsneeaqn.in udp
US 8.8.8.8:53 newmshsrhs.us udp
US 8.8.8.8:53 wraeeqmnsr.in udp
US 8.8.8.8:53 ahhamhnsha.com udp
US 8.8.8.8:53 srqnnhnnwh.biz udp
US 8.8.8.8:53 pnqsresqws.in udp
US 8.8.8.8:53 mwmssmhqsr.in udp
US 8.8.8.8:53 rhmeahqrps.org udp
US 8.8.8.8:53 hhweswmmrn.net udp
US 8.8.8.8:53 nhpnqanpea.us udp
US 8.8.8.8:53 hrhwawqnra.net udp
US 8.8.8.8:53 nprrahwsah.us udp
US 8.8.8.8:53 enpneqrsmh.ws udp
US 64.70.19.203:80 enpneqrsmh.ws tcp
US 8.8.8.8:53 apmrewppps.com udp
US 8.8.8.8:53 wphnnasmrh.in udp
US 8.8.8.8:53 rsahhqmqps.org udp
US 8.8.8.8:53 wmemnnpana.in udp
US 8.8.8.8:53 prrhqahnea.in udp
US 8.8.8.8:53 mwaernmmsh.in udp
US 8.8.8.8:53 pmqpmpneps.in udp
US 8.8.8.8:53 heeswwpwqn.net udp
US 8.8.8.8:53 raawwneapn.org udp
US 8.8.8.8:53 smrrserhqa.biz udp
US 8.8.8.8:53 qnepwsrnwh.info udp
US 8.8.8.8:53 prrqhssnsh.in udp
US 8.8.8.8:53 aspspewaah.com udp
US 8.8.8.8:53 hehhspanwh.net udp
US 8.8.8.8:53 ppesapmqan.in udp
US 8.8.8.8:53 wrwmwpeswh.in udp
US 8.8.8.8:53 amhrrwqhms.com udp
US 8.8.8.8:53 hhhrqmqqma.net udp
US 8.8.8.8:53 rrhnpasnqn.org udp
US 8.8.8.8:53 semnaepena.biz udp
US 8.8.8.8:53 ahhnapmnmn.com udp
US 8.8.8.8:53 spqmqashas.biz udp
US 8.8.8.8:53 annaqmwarh.com udp
US 8.8.8.8:53 ewpnhhpasn.ws udp
US 64.70.19.203:80 ewpnhhpasn.ws tcp
US 8.8.8.8:53 rennrwmenh.org udp
US 8.8.8.8:53 weehmpmass.in udp
US 8.8.8.8:53 qsqhhnrqwa.info udp
US 8.8.8.8:53 hrhwrpmeeh.net udp
US 8.8.8.8:53 qawnhpqqah.info udp
US 8.8.8.8:53 eawmerrpmn.ws udp
US 64.70.19.203:80 eawmerrpmn.ws tcp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 rpqwnmaaqh.org udp
US 8.8.8.8:53 essqsswrsn.ws udp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 64.70.19.203:80 essqsswrsn.ws tcp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 pwawwppwns.in udp
US 8.8.8.8:53 sassshseqa.biz udp
US 8.8.8.8:53 qspsrhrqps.info udp
US 8.8.8.8:53 hrwnapreps.net udp
US 8.8.8.8:53 ahwasrhnhn.com udp
US 64.70.19.203:80 essqsswrsn.ws tcp
US 8.8.8.8:53 qsesrasmsn.info udp
US 8.8.8.8:53 emwqmqpwmn.ws udp
US 64.70.19.203:80 emwqmqpwmn.ws tcp
US 8.8.8.8:53 namshseews.us udp
US 8.8.8.8:53 hmaeaehswh.net udp
US 8.8.8.8:53 aqhwawehqa.com udp
US 8.8.8.8:53 hawnmerswa.net udp
US 8.8.8.8:53 qqrqwmmmes.info udp
US 8.8.8.8:53 mqmnwpmpnr.in udp
US 8.8.8.8:53 prsrqqmhmh.in udp
US 8.8.8.8:53 wnrswshrwn.in udp
US 8.8.8.8:53 qpnhwwssnr.info udp
US 8.8.8.8:53 eaqqqmmhpa.ws udp
US 64.70.19.203:80 eaqqqmmhpa.ws tcp
US 8.8.8.8:53 nwqwenpnrs.us udp
US 8.8.8.8:53 msmphpwhsr.in udp
US 8.8.8.8:53 hhnsqemhwh.net udp
US 8.8.8.8:53 nepephness.us udp
US 8.8.8.8:53 hqmwhsahwa.net udp
US 8.8.8.8:53 nqpqppamsr.us udp
US 8.8.8.8:53 ensmshenqn.ws udp
US 64.70.19.203:80 ensmshenqn.ws tcp
US 8.8.8.8:53 rrmqmaaesa.org udp
US 8.8.8.8:53 haewaanppn.net udp
US 8.8.8.8:53 rshsppenas.org udp
US 8.8.8.8:53 eaerrqensa.ws udp
US 64.70.19.203:80 eaerrqensa.ws tcp
US 8.8.8.8:53 rnmwwaqmna.org udp
US 8.8.8.8:53 hapawmwmar.net udp
US 8.8.8.8:53 asssrermnh.com udp
US 8.8.8.8:53 sashnwqrwn.biz udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 rreswmsmps.org udp
US 8.8.8.8:53 ewhqmmwsws.ws udp
US 64.70.19.203:80 ewhqmmwsws.ws tcp
US 8.8.8.8:53 aermrwmqph.com udp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 wmapqhmssa.in udp
US 8.8.8.8:53 nmpnprhswn.us udp
US 8.8.8.8:53 smpnmwsaea.biz udp
US 8.8.8.8:53 npeewwarns.us udp
US 8.8.8.8:53 hhwsrwareh.net udp
US 8.8.8.8:53 arawanmhns.com udp
US 8.8.8.8:53 seseprhaar.biz udp
US 8.8.8.8:53 phwamawwqn.in udp
US 8.8.8.8:53 enppmhawas.ws udp
US 64.70.19.203:80 enppmhawas.ws tcp
US 8.8.8.8:53 ppssepmeph.in udp
US 8.8.8.8:53 mmnwnhraar.in udp
US 8.8.8.8:53 nrmsesrmnr.us udp
US 8.8.8.8:53 mamnerqras.in udp
US 8.8.8.8:53 pqspneapen.in udp
US 8.8.8.8:53 hpwwpqmspa.net udp
US 8.8.8.8:53 qphwraawma.info udp
US 8.8.8.8:53 mrrpemhems.in udp
US 8.8.8.8:53 nmqmpqswrn.us udp
US 8.8.8.8:53 merqhmawrn.in udp
US 8.8.8.8:53 qqewnnqnpn.info udp
US 8.8.8.8:53 wshsenmnen.in udp
US 8.8.8.8:53 qsraehrash.info udp
US 8.8.8.8:53 esqhsnqnhh.ws udp
US 64.70.19.203:80 esqhsnqnhh.ws tcp
US 8.8.8.8:53 qnpmremmqs.info udp
US 8.8.8.8:53 mnhrwmprph.in udp
US 8.8.8.8:53 rqmnewwprn.org udp
US 8.8.8.8:53 meqrrhwsar.in udp
US 8.8.8.8:53 nnqwmneamh.us udp
US 8.8.8.8:53 sawqmpawrh.biz udp
US 8.8.8.8:53 rqqneawamn.org udp
US 8.8.8.8:53 hqpmsmmqhn.net udp
US 8.8.8.8:53 awwsrrseps.com udp
US 8.8.8.8:53 hmersnnrnr.net udp
US 8.8.8.8:53 pqpmahwnrh.in udp
SG 74.125.200.27:25 alt4.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 swhwsrsnsn.biz udp
US 8.8.8.8:53 phqppnsemn.in udp
NL 142.250.153.27:25 aspmx2.googlemail.com tcp
US 8.8.8.8:53 mpemsnehhs.in udp
SG 74.125.200.27:25 alt4.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 qsnenepeeh.info udp
US 8.8.8.8:53 hpehrqqwhs.net udp
US 8.8.8.8:53 npapqswnrh.us udp
US 8.8.8.8:53 saawwnphhn.biz udp
US 8.8.8.8:53 pqanneaawa.in udp
US 8.8.8.8:53 pemepmmnps.in udp
US 8.8.8.8:53 hhesspmesh.net udp
US 8.8.8.8:53 qspwnmrswh.info udp
US 8.8.8.8:53 mhppnwqqnn.in udp
US 8.8.8.8:53 napmshrrsn.us udp
US 8.8.8.8:53 wsqmneamrn.in udp
US 8.8.8.8:53 nmqsamersa.us udp
US 8.8.8.8:53 mmremmqmhh.in udp
US 8.8.8.8:53 epaqmphans.ws udp
US 64.70.19.203:80 epaqmphans.ws tcp
US 8.8.8.8:53 arnnmepqha.com udp
US 8.8.8.8:53 msmhnmpnna.in udp
US 8.8.8.8:53 pweqwqsass.in udp
US 8.8.8.8:53 sarsaspqpn.biz udp
US 8.8.8.8:53 ranewserph.org udp
US 8.8.8.8:53 seanwasrma.biz udp
US 8.8.8.8:53 reqsanwqnr.org udp
US 8.8.8.8:53 mnrqnwseen.in udp
US 8.8.8.8:53 alt2.gmail-smtp-in.l.google.com udp
US 8.8.8.8:53 aqwqhaahaa.com udp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 wpraeewhna.in udp
NL 142.251.9.27:25 aspmx3.googlemail.com tcp
US 8.8.8.8:53 aenqasrqsn.com udp
US 8.8.8.8:53 mpasqqpswh.in udp
US 8.8.8.8:53 nepsmnewes.us udp
US 8.8.8.8:53 eespammpws.ws udp
US 64.70.19.203:80 eespammpws.ws tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 ahrrspqpan.com udp
US 8.8.8.8:53 hwmmehnaas.net udp
US 8.8.8.8:53 qspqphwpss.info udp
US 8.8.8.8:53 nqhenswhpa.us udp
US 8.8.8.8:53 hmmernwqpa.net udp
US 8.8.8.8:53 aqaeshwenn.com udp
US 8.8.8.8:53 ehqenerswa.ws udp
US 64.70.19.203:80 ehqenerswa.ws tcp
US 8.8.8.8:53 nqrhqwnhqs.us udp
US 8.8.8.8:53 wmememrsmn.in udp
US 8.8.8.8:53 rrwqwwwwph.org udp
US 8.8.8.8:53 smeeeqwasa.biz udp
US 8.8.8.8:53 qpwmpmasps.info udp
US 8.8.8.8:53 ephqrpeash.ws udp
US 64.70.19.203:80 ephqrpeash.ws tcp
US 8.8.8.8:53 aqqspmnnhn.com udp
US 8.8.8.8:53 shwrwsmpws.biz udp
US 8.8.8.8:53 rmpnrmreas.org udp
US 8.8.8.8:53 herqarahmh.net udp
US 8.8.8.8:53 aaqmeasnrh.com udp
US 8.8.8.8:53 hpeeqprapa.net udp
US 8.8.8.8:53 mx-in-vib.apple.com udp
US 8.8.8.8:53 qamwawrhqh.info udp
US 17.57.170.2:25 mx-in-vib.apple.com tcp
US 8.8.8.8:53 hhrsahmera.net udp
US 8.8.8.8:53 aqqpwapqqn.com udp
US 8.8.8.8:53 hapahanqen.net udp
US 8.8.8.8:53 npsqewhssn.us udp
US 8.8.8.8:53 whnawepqrn.in udp
US 8.8.8.8:53 prrhqeewqn.in udp
US 8.8.8.8:53 wapaeqpwrs.in udp
US 8.8.8.8:53 rsmhpemear.org udp
US 8.8.8.8:53 pb-mx10.pobox.com udp
US 8.8.8.8:53 wwmameqpeh.in udp
US 8.8.8.8:53 qsehmspwss.info udp
US 64.147.108.51:25 pb-mx10.pobox.com tcp
US 8.8.8.8:53 wqnahsrqnr.in udp
US 8.8.8.8:53 rmrnqhnqss.org udp
US 8.8.8.8:53 prrppssqsr.in udp
US 8.8.8.8:53 ehwnhhqrmh.ws udp
US 64.70.19.203:80 ehwnhhqrmh.ws tcp
US 8.8.8.8:53 nrrwprnpna.us udp
US 8.8.8.8:53 epwwqqhmmh.ws udp
US 64.70.19.203:80 epwwqqhmmh.ws tcp
US 8.8.8.8:53 pqpaseqwwh.in udp
US 8.8.8.8:53 waeeamsspa.in udp
US 8.8.8.8:53 nnnherpmwa.us udp
US 8.8.8.8:53 srmrrnhmah.biz udp
US 8.8.8.8:53 rnnspqrneh.org udp
US 8.8.8.8:53 esrsppsmnr.ws udp
US 64.70.19.203:80 esrsppsmnr.ws tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 rswpswpqns.org udp
US 8.8.8.8:53 hehpswqpas.net udp
US 8.8.8.8:53 ppsprarern.in udp
US 8.8.8.8:53 ssqhmpwhrn.biz udp
US 8.8.8.8:53 nrmnepaheh.us udp
US 8.8.8.8:53 qmqeemqnes.info udp
US 8.8.8.8:53 hnnpmsnwqn.net udp
US 8.8.8.8:53 qqqsqprsqa.info udp
US 8.8.8.8:53 whwsweqwes.in udp
US 8.8.8.8:53 rqmpawqpps.org udp
US 8.8.8.8:53 esweaheewh.ws udp
US 64.70.19.203:80 esweaheewh.ws tcp
US 8.8.8.8:53 aswqrperha.com udp
US 8.8.8.8:53 eannpnwesr.ws udp
US 64.70.19.203:80 eannpnwesr.ws tcp
US 8.8.8.8:53 paannwnmsa.in udp
US 8.8.8.8:53 hpsnhmqaea.net udp
US 8.8.8.8:53 aenphmersa.com udp
US 8.8.8.8:53 eahpesmssr.ws udp
US 64.70.19.203:80 eahpesmssr.ws tcp
US 8.8.8.8:53 pamnwpmrsa.in udp
US 8.8.8.8:53 mx04.earthlink-vadesecure.net udp
US 64.70.19.203:80 eahpesmssr.ws tcp
US 147.135.98.120:25 mx04.earthlink-vadesecure.net tcp
US 8.8.8.8:53 aemhwpwsrs.com udp
US 8.8.8.8:53 hwmewhsnsh.net udp
US 8.8.8.8:53 qhwnmnnaha.info udp
US 8.8.8.8:53 mxa-00377f03.gslb.pphosted.com udp
US 8.8.8.8:53 mhammqshnn.in udp
US 8.8.8.8:53 pmneprnrqn.in udp
US 8.8.8.8:53 wwwqewseeh.in udp
US 205.220.176.130:25 mxa-00377f03.gslb.pphosted.com tcp
US 8.8.8.8:53 qserhmmhpa.info udp
US 8.8.8.8:53 emwmppmrph.ws udp
US 64.70.19.203:80 emwmppmrph.ws tcp
US 8.8.8.8:53 rheqarames.org udp
US 8.8.8.8:53 whnrrewhqa.in udp
US 8.8.8.8:53 qwhqqeenna.info udp
US 8.8.8.8:53 mmeqqpmhsa.in udp
US 8.8.8.8:53 psaenhnqwh.in udp
US 8.8.8.8:53 eqqwnsarps.ws udp
US 64.70.19.203:80 eqqwnsarps.ws tcp
US 8.8.8.8:53 nhsesnpqwa.us udp
US 8.8.8.8:53 esemnnpewh.ws udp
US 64.70.19.203:80 esemnnpewh.ws tcp
US 8.8.8.8:53 nrhemaqppa.us udp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 eaanqphhwn.ws udp
US 64.70.19.203:80 eaanqphhwn.ws tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 pareeshmha.in udp
US 8.8.8.8:53 emrprrnrrn.ws udp
US 64.70.19.203:80 emrprrnrrn.ws tcp
US 8.8.8.8:53 qahpmpqhha.info udp
US 8.8.8.8:53 hhqqmqsqnr.net udp
US 8.8.8.8:53 nwwpppswra.us udp
US 8.8.8.8:53 wrwweapewh.in udp
US 8.8.8.8:53 rwmhwwqhwn.org udp
US 8.8.8.8:53 ernerneswn.ws udp
US 64.70.19.203:80 ernerneswn.ws tcp
US 8.8.8.8:53 prawewmsea.in udp
US 8.8.8.8:53 eensmpqqrs.ws udp
US 64.70.19.203:80 eensmpqqrs.ws tcp
US 8.8.8.8:53 qpmpenwesn.info udp
US 8.8.8.8:53 wwwwpwrnpa.in udp
US 8.8.8.8:53 arhhpsnpsh.com udp
US 64.70.19.203:80 eensmpqqrs.ws tcp
US 8.8.8.8:53 naesnnpspn.us udp
US 8.8.8.8:53 eansmamseh.ws udp
US 64.70.19.203:80 eansmamseh.ws tcp
US 8.8.8.8:53 qwepqqrqrn.info udp
US 8.8.8.8:53 ewmphphenn.ws udp
US 64.70.19.203:80 ewmphphenn.ws tcp
US 8.8.8.8:53 nnwppaeaaa.us udp
US 8.8.8.8:53 sqehphhrqs.biz udp
US 8.8.8.8:53 qhnwepmrnn.info udp
US 8.8.8.8:53 swwrprahwh.biz udp
US 8.8.8.8:53 ahqnnrmrpn.com udp
US 8.8.8.8:53 qeapwemres.info udp
US 8.8.8.8:53 smshmqwwsr.biz udp
US 8.8.8.8:53 pmnnppwmes.in udp
US 8.8.8.8:53 enpmehhsws.ws udp
US 64.70.19.203:80 enpmehhsws.ws tcp
US 8.8.8.8:53 nsqsmenwnr.us udp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 ehaepprpan.ws udp
US 64.70.19.203:80 ehaepprpan.ws tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 qaaepqsssn.info udp
US 8.8.8.8:53 enewwahaph.ws udp
US 64.70.19.203:80 enewwahaph.ws tcp
US 8.8.8.8:53 qsppqhhmqa.info udp
US 8.8.8.8:53 smhwwresaa.biz udp
US 8.8.8.8:53 amawshrahn.com udp
US 8.8.8.8:53 erwrsnmhmh.ws udp
US 64.70.19.203:80 erwrsnmhmh.ws tcp
US 8.8.8.8:53 qehnemrnan.info udp
US 8.8.8.8:53 hnwqeerwps.net udp
US 8.8.8.8:53 reanehwras.org udp
US 8.8.8.8:53 mpmnwnqpna.in udp
US 8.8.8.8:53 nhrwmnmssa.us udp
US 8.8.8.8:53 mewarmheas.in udp
US 8.8.8.8:53 whmhrawnqs.in udp
US 8.8.8.8:53 pamqhsawna.in udp
US 8.8.8.8:53 smaarerhms.biz udp
US 8.8.8.8:53 phrmanhear.in udp
US 8.8.8.8:53 wmsprsspqs.in udp
US 8.8.8.8:53 appaenmpns.com udp
US 8.8.8.8:53 shneeeehhn.biz udp
US 8.8.8.8:53 mnharspran.in udp
US 8.8.8.8:53 nmqnmsmenr.us udp
US 8.8.8.8:53 hqsarwnsah.net udp
US 8.8.8.8:53 rwmeswppnr.org udp
US 8.8.8.8:53 sphasmwhnn.biz udp
US 8.8.8.8:53 qwhqrnameh.info udp
US 8.8.8.8:53 eepnnewaar.ws udp
US 64.70.19.203:80 eepnnewaar.ws tcp
US 8.8.8.8:53 pmahnensms.in udp
US 8.8.8.8:53 epeeampwpa.ws udp
US 64.70.19.203:80 epeeampwpa.ws tcp
US 8.8.8.8:53 qhnpwrnpma.info udp
US 8.8.8.8:53 swennsnqna.biz udp
US 8.8.8.8:53 nreqqqphan.us udp
US 8.8.8.8:53 hhsahppnws.net udp
US 8.8.8.8:53 qmrpashqhn.info udp
US 8.8.8.8:53 ehewrrrwpn.ws udp
US 64.70.19.203:80 ehewrrrwpn.ws tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 rmhhnhrnes.org udp
US 8.8.8.8:53 hmehehqaan.net udp
US 8.8.8.8:53 qswhrpnmps.info udp
US 8.8.8.8:53 wnqprsswws.in udp
US 8.8.8.8:53 aesnswemwa.com udp
US 8.8.8.8:53 hmrnrqeqws.net udp
US 8.8.8.8:53 rqrennpess.org udp
US 8.8.8.8:53 esrsshmmhs.ws udp
US 64.70.19.203:80 esrsshmmhs.ws tcp
US 8.8.8.8:53 nnenhenshh.us udp
US 8.8.8.8:53 hmhwnprmas.net udp
US 8.8.8.8:53 aqpnrqswas.com udp
US 64.70.19.203:80 esrsshmmhs.ws tcp
US 8.8.8.8:53 ahqhwewhen.com udp
US 8.8.8.8:53 erpmmpwhna.ws udp
US 64.70.19.203:80 erpmmpwhna.ws tcp
US 8.8.8.8:53 arnqrqpeph.com udp
US 8.8.8.8:53 shprpmwpar.biz udp
US 8.8.8.8:53 spnqarhhqs.biz udp
US 8.8.8.8:53 pqppmhqerh.in udp
US 8.8.8.8:53 wqnwrpwnaa.in udp
US 8.8.8.8:53 qqmprmpmsn.info udp
US 8.8.8.8:53 eapersneas.ws udp
US 64.70.19.203:80 eapersneas.ws tcp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
FI 142.250.150.26:25 alt3.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 nmewphaeph.us udp
US 8.8.8.8:53 shpmqnwens.biz udp
US 8.8.8.8:53 ahsehqrama.com udp
US 8.8.8.8:53 ermaqrrhhh.ws udp
US 64.70.19.203:80 ermaqrrhhh.ws tcp
US 8.8.8.8:53 aqaaraswpn.com udp
US 8.8.8.8:53 ehawmwprhh.ws udp
US 64.70.19.203:80 ehawmwprhh.ws tcp
US 8.8.8.8:53 rhwaemnspn.org udp
US 8.8.8.8:53 whrranwsea.in udp
US 8.8.8.8:53 rnnnnwraha.org udp
US 8.8.8.8:53 warmsaqsha.in udp
US 8.8.8.8:53 rmeahwnmhs.org udp
US 8.8.8.8:53 wmnnqaphes.in udp
US 8.8.8.8:53 pqrpsaheaa.in udp
US 8.8.8.8:53 ssasnhqppn.biz udp
US 8.8.8.8:53 pmhhhrwwar.in udp
US 8.8.8.8:53 mrhnmsesms.in udp
US 8.8.8.8:53 aspmx4.googlemail.com udp
US 8.8.8.8:53 qmnnrwwsmn.info udp
FI 142.250.150.27:25 aspmx4.googlemail.com tcp
US 8.8.8.8:53 ehhwssaprs.ws udp
US 64.70.19.203:80 ehhwssaprs.ws tcp
US 8.8.8.8:53 amqsswemns.com udp
US 8.8.8.8:53 wmnssnwsms.in udp
US 8.8.8.8:53 pnnmqwwrea.in udp
US 8.8.8.8:53 mwharpewnn.in udp
US 8.8.8.8:53 qnsqsmaaah.info udp
US 8.8.8.8:53 snppwqhnrn.biz udp
US 8.8.8.8:53 qepsqhnhqh.info udp
US 8.8.8.8:53 hrerqqanph.net udp
US 8.8.8.8:53 ahwesrwnna.com udp
US 8.8.8.8:53 hsemrnmhnh.net udp
US 8.8.8.8:53 rqherraqas.org udp
US 8.8.8.8:53 ehpararqws.ws udp
US 64.70.19.203:80 ehpararqws.ws tcp
US 8.8.8.8:53 ahphhshhhn.com udp
US 8.8.8.8:53 wsesaqpnmh.in udp
US 8.8.8.8:53 rasrasnrns.org udp
US 8.8.8.8:53 eqnenapsar.ws udp
US 64.70.19.203:80 eqnenapsar.ws tcp
US 8.8.8.8:53 pnqhhqmsmn.in udp
US 8.8.8.8:53 wqqqprphrs.in udp
US 8.8.8.8:53 reqnsrasas.org udp
US 8.8.8.8:53 enewmnhpra.ws udp
US 64.70.19.203:80 enewmnhpra.ws tcp
US 8.8.8.8:53 mx-in-hfd.apple.com udp
NL 17.57.165.2:25 mx-in-hfd.apple.com tcp
US 8.8.8.8:53 aqsnqnwqes.com udp
US 8.8.8.8:53 waaweaeasn.in udp
US 8.8.8.8:53 pwspeamapa.in udp
US 8.8.8.8:53 rrphrrhsss.org udp
US 8.8.8.8:53 emmnawahra.ws udp
US 8.8.8.8:53 pb-mx23.pobox.com udp
US 64.70.19.203:80 emmnawahra.ws tcp
US 173.228.157.42:25 pb-mx23.pobox.com tcp
US 8.8.8.8:53 pwnpaqewma.in udp
US 8.8.8.8:53 mqpsmshren.in udp
US 8.8.8.8:53 pnmwqhhmws.in udp
US 8.8.8.8:53 mshhnhrsrs.in udp
US 8.8.8.8:53 wermhepsan.in udp
US 8.8.8.8:53 pahmwewhra.in udp
US 8.8.8.8:53 hqwaqqnpqa.net udp
US 8.8.8.8:53 qqmehpwaha.info udp
US 8.8.8.8:53 spmnqpqprh.biz udp
US 8.8.8.8:53 qsanrqsnms.info udp
US 8.8.8.8:53 swreqrshss.biz udp
US 8.8.8.8:53 qammpwwnps.info udp
US 8.8.8.8:53 mnsenehmwn.in udp
US 8.8.8.8:53 qmhhspanmn.info udp
US 8.8.8.8:53 emenqwsmhn.ws udp
US 64.70.19.203:80 emenqwsmhn.ws tcp
US 8.8.8.8:53 ahrhqwqnwn.com udp
US 8.8.8.8:53 mnprhqnmaa.in udp
US 8.8.8.8:53 newsewspha.us udp
US 8.8.8.8:53 mssqnrnhna.in udp
US 8.8.8.8:53 heshapnmqs.net udp
US 8.8.8.8:53 prwasqwppa.in udp
US 8.8.8.8:53 harshnmsar.net udp
US 8.8.8.8:53 aeehmwsnea.com udp
US 8.8.8.8:53 sqnqpsqren.biz udp
US 8.8.8.8:53 pqhprqswph.in udp
US 8.8.8.8:53 wprmpprssr.in udp
US 8.8.8.8:53 phhqqrqqwn.in udp
US 8.8.8.8:53 hwnwewpanr.net udp
US 8.8.8.8:53 rapqmqwnrs.org udp
US 8.8.8.8:53 serrhmqqen.biz udp
US 8.8.8.8:53 npmapeanmh.us udp
US 8.8.8.8:53 hmrqarrsmh.net udp
US 8.8.8.8:53 qmahrpmwsr.info udp
US 8.8.8.8:53 eeprrwaqrn.ws udp
US 64.70.19.203:80 eeprrwaqrn.ws tcp
US 8.8.8.8:53 qqqpmhwqwh.info udp
US 8.8.8.8:53 mnmaqhprsh.in udp
US 8.8.8.8:53 pqawmspqqa.in udp
US 8.8.8.8:53 wqrwwenswn.in udp
US 8.8.8.8:53 nqqeqwnhma.us udp
US 8.8.8.8:53 henwwwrweh.net udp
US 8.8.8.8:53 aapaaermeh.com udp
US 8.8.8.8:53 sehaqesanh.biz udp
US 8.8.8.8:53 qpmmehemah.info udp
US 8.8.8.8:53 mnswwwqmsn.in udp
US 8.8.8.8:53 nsqqnqwhhn.us udp
US 8.8.8.8:53 ehrahehrra.ws udp
US 64.70.19.203:80 ehrahehrra.ws tcp
US 8.8.8.8:53 nqperwwpnn.us udp
US 8.8.8.8:53 wemnamemmn.in udp
US 8.8.8.8:53 rnneaaaaah.org udp
US 8.8.8.8:53 mewnpmwnhn.in udp
US 8.8.8.8:53 peapqpqmen.in udp
US 8.8.8.8:53 sqwswsnrnh.biz udp
US 8.8.8.8:53 nmrpshnshh.us udp
US 8.8.8.8:53 ssnwnppshs.biz udp
US 8.8.8.8:53 renqqwnqmh.org udp
US 8.8.8.8:53 mpmmemhhmh.in udp
US 8.8.8.8:53 parhaqaanr.in udp
US 8.8.8.8:53 nparepqqrs.us udp
US 8.8.8.8:53 eahhsrssra.ws udp
US 64.70.19.203:80 eahhsrssra.ws tcp
US 8.8.8.8:53 rnmeqpmwms.org udp
US 8.8.8.8:53 shmrmprrha.biz udp
US 8.8.8.8:53 peswaherra.in udp
US 8.8.8.8:53 hmrahseera.net udp
US 8.8.8.8:53 qmrenhsawa.info udp
US 8.8.8.8:53 hnpaparnwn.net udp
US 8.8.8.8:53 rmmeannmes.org udp
US 8.8.8.8:53 enremrsmnn.ws udp
US 64.70.19.203:80 enremrsmnn.ws tcp
US 8.8.8.8:53 rrrrwwmrqh.org udp
US 8.8.8.8:53 mhernrrwwa.in udp
US 8.8.8.8:53 pswrhseprs.in udp
US 8.8.8.8:53 srhqnwphrh.biz udp
US 8.8.8.8:53 nmsanpamsr.us udp
US 8.8.8.8:53 swawpeanhh.biz udp
US 8.8.8.8:53 napawaaaeh.us udp
US 8.8.8.8:53 wsphahnhwa.in udp
US 8.8.8.8:53 nwewprqhes.us udp
US 8.8.8.8:53 mmqeampash.in udp
US 8.8.8.8:53 rerrarqmwa.org udp
US 8.8.8.8:53 eqwnnwswah.ws udp
US 64.70.19.203:80 eqwnnwswah.ws tcp
US 8.8.8.8:53 aqwampqrqh.com udp
US 8.8.8.8:53 wqhsewhpen.in udp
US 8.8.8.8:53 eahrrprmsn.ws udp
US 64.70.19.203:80 eahrrprmsn.ws tcp
US 8.8.8.8:53 eewshememn.ws udp
US 64.70.19.203:80 eewshememn.ws tcp
US 8.8.8.8:53 ameaaarpar.com udp
US 8.8.8.8:53 mnpwpqpwrn.in udp
US 8.8.8.8:53 nhqmsqhmah.us udp
US 8.8.8.8:53 hpwnmmsrsa.net udp
US 8.8.8.8:53 rswemqemwh.org udp
US 8.8.8.8:53 wmpwrpephs.in udp
US 8.8.8.8:53 aasrpempar.com udp
US 8.8.8.8:53 ehanrrsqan.ws udp
US 64.70.19.203:80 ehanrrsqan.ws tcp
US 8.8.8.8:53 qqsrmmmnra.info udp
US 8.8.8.8:53 herhnapnnn.net udp
US 8.8.8.8:53 nespnsswea.us udp
US 8.8.8.8:53 smwappmrrs.biz udp
US 8.8.8.8:53 psqrpamhna.in udp
US 8.8.8.8:53 eamwqmwena.ws udp
US 64.70.19.203:80 eamwqmwena.ws tcp
US 8.8.8.8:53 nermpeamhs.us udp
US 8.8.8.8:53 wnraheqwhn.in udp
US 8.8.8.8:53 pseswnrmes.in udp
US 8.8.8.8:53 mnrwnamhsa.in udp
US 8.8.8.8:53 pqmsenwapn.in udp
US 8.8.8.8:53 seseprsqhn.biz udp
US 8.8.8.8:53 rmeareashn.org udp
US 8.8.8.8:53 hmhnmaqeqh.net udp
US 8.8.8.8:53 qeshrepwah.info udp
US 8.8.8.8:53 ssrmpqrqra.biz udp
US 8.8.8.8:53 nqaerraanh.us udp
US 8.8.8.8:53 hhsmaprman.net udp
US 8.8.8.8:53 arappqqwen.com udp
US 8.8.8.8:53 ereqawmmsa.ws udp
US 64.70.19.203:80 ereqawmmsa.ws tcp
US 8.8.8.8:53 nhsmwpsqnr.us udp
US 8.8.8.8:53 peenhasema.in udp
US 8.8.8.8:53 hwmephssma.net udp
US 8.8.8.8:53 hpehmewrhn.net udp
US 8.8.8.8:53 peawhnneeh.in udp
US 8.8.8.8:53 epmprwesrs.ws udp
US 64.70.19.203:80 epmprwesrs.ws tcp
US 8.8.8.8:53 qemhmannpa.info udp
US 8.8.8.8:53 mhharqemsh.in udp
US 8.8.8.8:53 aswnqhnrws.com udp
US 8.8.8.8:53 samswhnwea.biz udp
US 8.8.8.8:53 rrhprmqnes.org udp
US 8.8.8.8:53 sshnsemshh.biz udp
US 8.8.8.8:53 wwepaahpqs.in udp
US 8.8.8.8:53 rqmmrpqqns.org udp
US 8.8.8.8:53 wamqrmsqaa.in udp
US 8.8.8.8:53 qnhharmamh.info udp
US 8.8.8.8:53 eqhmwprnnr.ws udp
US 64.70.19.203:80 eqhmwprnnr.ws tcp
US 8.8.8.8:53 qmqwsnwman.info udp
US 8.8.8.8:53 sessqeamsa.biz udp
US 8.8.8.8:53 qahpnamppn.info udp
US 8.8.8.8:53 hwrnpmsnwa.net udp
US 8.8.8.8:53 nwmmreawns.us udp
US 8.8.8.8:53 mhmwnqmnsr.in udp
US 8.8.8.8:53 qppqpaehrn.info udp
US 8.8.8.8:53 mqahwhqmna.in udp
US 8.8.8.8:53 pppnqmners.in udp
US 8.8.8.8:53 mssnrqewnn.in udp
US 8.8.8.8:53 psrswqrawh.in udp
US 8.8.8.8:53 mprmrpahwn.in udp
US 8.8.8.8:53 qhnnqwqaen.info udp
US 8.8.8.8:53 shehpwqasa.biz udp
US 8.8.8.8:53 rhhrqnrrms.org udp
US 8.8.8.8:53 mphaeawqen.in udp
US 8.8.8.8:53 nssnewpnqh.us udp
US 8.8.8.8:53 wraapwawmh.in udp
US 8.8.8.8:53 phmshhrnmn.in udp
US 8.8.8.8:53 sarhmrwewa.biz udp
US 8.8.8.8:53 anqseapewn.com udp
US 8.8.8.8:53 mweahqppeh.in udp
US 8.8.8.8:53 wwqwnphqrn.in udp
US 8.8.8.8:53 qmrmqweswn.info udp
US 8.8.8.8:53 ehwsmnawns.ws udp
US 64.70.19.203:80 ehwsmnawns.ws tcp
US 8.8.8.8:53 rssesrrpwh.org udp
US 8.8.8.8:53 maasesnrsn.in udp
US 8.8.8.8:53 nhmmppnena.us udp
US 8.8.8.8:53 eesannhwrs.ws udp
US 64.70.19.203:80 eesannhwrs.ws tcp
US 8.8.8.8:53 pmhrewrsns.in udp
US 8.8.8.8:53 wmmqeqmwas.in udp
US 8.8.8.8:53 arrsrmewmh.com udp
US 8.8.8.8:53 hqnhnrwenr.net udp
US 8.8.8.8:53 rmmpmrsasr.org udp
US 8.8.8.8:53 werrarsrea.in udp
US 8.8.8.8:53 qhpaswmhqh.info udp
US 8.8.8.8:53 mhwnwwmsaa.in udp
US 8.8.8.8:53 aempmpwmpa.com udp
US 8.8.8.8:53 eaampameqa.ws udp
US 64.70.19.203:80 eaampameqa.ws tcp
US 8.8.8.8:53 nwnwqeprhh.us udp
US 8.8.8.8:53 haenpwpsqn.net udp
US 8.8.8.8:53 manaawwams.in udp
US 8.8.8.8:53 rpamqrheha.org udp
US 8.8.8.8:53 ewpraasqsa.ws udp
US 64.70.19.203:80 ewpraasqsa.ws tcp
US 8.8.8.8:53 amwwnsrpna.com udp
US 8.8.8.8:53 mnnnnwrmwn.in udp
US 8.8.8.8:53 neeeqppeqn.us udp
US 8.8.8.8:53 hnphpqqrsa.net udp
US 8.8.8.8:53 qpewaepmph.info udp
US 8.8.8.8:53 wwemwserhs.in udp
US 8.8.8.8:53 qehppwhhqh.info udp
US 64.70.19.203:80 ewpraasqsa.ws tcp
US 8.8.8.8:53 nphhashpsr.us udp
US 8.8.8.8:53 sqpqhqmrra.biz udp
US 8.8.8.8:53 apphmppmha.com udp
US 8.8.8.8:53 smmwpneqnn.biz udp
US 8.8.8.8:53 awwheepara.com udp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 wsarhsqhas.in udp
BE 74.125.133.26:25 aspmx.l.google.com tcp
US 8.8.8.8:53 nwephasasn.us udp
US 8.8.8.8:53 swmqpenpeh.biz udp
NL 142.251.9.26:25 alt2.gmail-smtp-in.l.google.com tcp
US 8.8.8.8:53 pewmrhmmsn.in udp
US 8.8.8.8:53 enwpseaqrn.ws udp
US 64.70.19.203:80 enwpseaqrn.ws tcp
US 8.8.8.8:53 pqseseahas.in udp
US 8.8.8.8:53 ehewwsenph.ws udp
US 64.70.19.203:80 ehewwsenph.ws tcp
US 8.8.8.8:53 qnphnqwsha.info udp
US 8.8.8.8:53 werpaqpsea.in udp
US 8.8.8.8:53 aawhampqpa.com udp
US 8.8.8.8:53 haneeahpsr.net udp
US 8.8.8.8:53 aseeqppeps.com udp
US 8.8.8.8:53 eanaqswnha.ws udp
US 64.70.19.203:80 eanaqswnha.ws tcp
US 8.8.8.8:53 aspmx5.googlemail.com udp
US 64.70.19.203:80 eanaqswnha.ws tcp
SG 74.125.200.26:25 aspmx5.googlemail.com tcp
US 8.8.8.8:53 pwwahpmsrn.in udp
US 8.8.8.8:53 wsqenprqnn.in udp
US 8.8.8.8:53 aawrpemqph.com udp
US 8.8.8.8:53 smnspwqqwa.biz udp
US 8.8.8.8:53 awnpppaapa.com udp
US 8.8.8.8:53 wswmphnrps.in udp
US 8.8.8.8:53 qhsmqmpsqh.info udp
US 8.8.8.8:53 hpwnwqhpsn.net udp
US 8.8.8.8:53 qrhwmmrqmh.info udp
US 8.8.8.8:53 mrnaqqemrn.in udp
US 8.8.8.8:53 rrawrsqsps.org udp
US 8.8.8.8:53 shsrmaseps.biz udp
US 8.8.8.8:53 npwenarsss.us udp
US 8.8.8.8:53 erpasrhswn.ws udp
US 64.70.19.203:80 erpasrhswn.ws tcp
US 8.8.8.8:53 raerrpqhpa.org udp
US 8.8.8.8:53 wappsehnes.in udp
US 8.8.8.8:53 eqqsamames.ws udp
US 64.70.19.203:80 eqqsamames.ws tcp
US 8.8.8.8:53 apssewsqsa.com udp
US 8.8.8.8:53 swhmamspns.biz udp
US 8.8.8.8:53 qnsrrnnmhs.info udp
US 8.8.8.8:53 srehhwpreh.biz udp
US 8.8.8.8:53 pnenawmpnn.in udp
US 8.8.8.8:53 hrmpmsehaa.net udp
US 8.8.8.8:53 nqeqsqeppn.us udp
US 8.8.8.8:53 sprhheahar.biz udp
US 8.8.8.8:53 anaanrqess.com udp
US 8.8.8.8:53 eserrwmqqn.ws udp
US 64.70.19.203:80 eserrwmqqn.ws tcp
US 8.8.8.8:53 pb-mx11.pobox.com udp
US 8.8.8.8:53 nqrserawpa.us udp
US 8.8.8.8:53 nwprqpewss.us udp
US 64.147.108.52:25 pb-mx11.pobox.com tcp
US 8.8.8.8:53 meswwrphnn.in udp
US 8.8.8.8:53 qawsmehssn.info udp
US 8.8.8.8:53 spnhqanweh.biz udp
US 8.8.8.8:53 qmeeppahsa.info udp
US 8.8.8.8:53 hneqmrrrss.net udp
US 8.8.8.8:53 qarewwrewn.info udp
US 8.8.8.8:53 hepananqea.net udp
US 8.8.8.8:53 qmqwqewehh.info udp
US 64.70.19.203:80 eserrwmqqn.ws tcp
US 8.8.8.8:53 awmwawnsra.com udp
US 8.8.8.8:53 wernrepama.in udp
US 8.8.8.8:53 apsnprnaha.com udp
US 8.8.8.8:53 sheaqhhhar.biz udp
US 8.8.8.8:53 sqneehasah.biz udp
US 8.8.8.8:53 pnmemrmash.in udp
US 8.8.8.8:53 smswpwrmmh.biz udp
US 8.8.8.8:53 hwqpqqwqnn.net udp
US 8.8.8.8:53 pamnsrhesh.in udp
US 8.8.8.8:53 ewrqwewqna.ws udp
US 64.70.19.203:80 ewrqwewqna.ws tcp
US 8.8.8.8:53 pmhpehwhqa.in udp
US 8.8.8.8:53 hsnaeemnsa.net udp
US 8.8.8.8:53 qwwwqsmesh.info udp
US 8.8.8.8:53 emarqsnsqs.ws udp
US 64.70.19.203:80 emarqsnsqs.ws tcp
US 8.8.8.8:53 ampwnewwrs.com udp
US 8.8.8.8:53 mrnphmqrnh.in udp
US 8.8.8.8:53 rpqhmssesa.org udp
US 8.8.8.8:53 haneeanwah.net udp
US 8.8.8.8:53 mqpeqrpanr.in udp
US 8.8.8.8:53 nespewmaws.us udp
US 8.8.8.8:53 wanmsnwwqa.in udp
US 8.8.8.8:53 ahhnqpwpwa.com udp
US 8.8.8.8:53 enrsnerhpa.ws udp
US 64.70.19.203:80 enrsnerhpa.ws tcp
US 8.8.8.8:53 nhwnsaswsa.us udp
US 8.8.8.8:53 wnpqnsmnwn.in udp
US 8.8.8.8:53 rsraemahsr.org udp
US 8.8.8.8:53 hsrhqemara.net udp
US 8.8.8.8:53 qepehmmwnn.info udp
US 8.8.8.8:53 mmwawqssmh.in udp
US 8.8.8.8:53 qaesnsrsnh.info udp
US 8.8.8.8:53 hhrmpaseeh.net udp
US 8.8.8.8:53 apenmqenrn.com udp
US 8.8.8.8:53 eeshasesns.ws udp
US 64.70.19.203:80 eeshasesns.ws tcp
US 8.8.8.8:53 sqrqasnrsn.biz udp
US 8.8.8.8:53 aqesrassrh.com udp
US 8.8.8.8:53 semrrprppn.biz udp
US 8.8.8.8:53 asneemmeph.com udp
US 8.8.8.8:53 hswwppweas.net udp
US 8.8.8.8:53 qmhaaqnapa.info udp
US 8.8.8.8:53 msqnaqeesr.in udp
US 8.8.8.8:53 reaerehaea.org udp
US 8.8.8.8:53 hwsmmawwrs.net udp
US 8.8.8.8:53 aqmrrhsaqn.com udp
US 8.8.8.8:53 sewrsnmphh.biz udp
US 8.8.8.8:53 amasemhrwn.com udp
US 8.8.8.8:53 hwqwhneaqa.net udp
US 8.8.8.8:53 swwparrqsa.biz udp
US 8.8.8.8:53 qqwhennmas.info udp
US 8.8.8.8:53 hmannenpeh.net udp
US 8.8.8.8:53 panmwrnpes.in udp
US 8.8.8.8:53 emqrhwmhph.ws udp
US 64.70.19.203:80 emqrhwmhph.ws tcp
US 8.8.8.8:53 amaqephqsh.com udp
US 8.8.8.8:53 hssprrnwrs.net udp
US 8.8.8.8:53 nepeqwqnha.us udp
US 8.8.8.8:53 mwhqahapea.in udp
US 8.8.8.8:53 rmaqaemhqs.org udp
US 8.8.8.8:53 mrmrrmrrrh.in udp
US 8.8.8.8:53 qhwaesheaa.info udp
US 8.8.8.8:53 esqsphqaar.ws udp
US 64.70.19.203:80 esqsphqaar.ws tcp
US 8.8.8.8:53 ahmqeeeqqa.com udp
US 8.8.8.8:53 enpqsrppps.ws udp
US 64.70.19.203:80 enpqsrppps.ws tcp
US 8.8.8.8:53 ppwqpnrqnh.in udp
US 8.8.8.8:53 seqsrmnqsn.biz udp
US 8.8.8.8:53 snnrqwsqqh.biz udp
US 8.8.8.8:53 prnpnmmhqh.in udp
US 8.8.8.8:53 ewsmnnahss.ws udp
US 8.8.8.8:53 214.143.182.52.in-addr.arpa udp
US 64.70.19.203:80 ewsmnnahss.ws tcp
US 8.8.8.8:53 amneneswns.com udp
US 8.8.8.8:53 qhrwpwpmrn.info udp
US 8.8.8.8:53 wqrenwqmes.in udp
US 8.8.8.8:53 pespperpna.in udp
US 8.8.8.8:53 errsnqmpna.ws udp
US 64.70.19.203:80 errsnqmpna.ws tcp
US 8.8.8.8:53 anmwhrehsh.com udp
US 8.8.8.8:53 waawnpwprh.in udp
US 8.8.8.8:53 nqmaenmrna.us udp
US 8.8.8.8:53 eqnpqeanna.ws udp
US 64.70.19.203:80 eqnpqeanna.ws tcp

Files

memory/1640-0-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1640-12-0x0000000010000000-0x000000001000D000-memory.dmp

C:\Windows\SysWOW64\shervans.dll

MD5 34c2d5df50ef91b91c49d245bc3dce71
SHA1 920ff3a7fb13e0f8a1f2d45af88899e20f37c6a4
SHA256 4521962c7181135a44d7729221638ffdef9eb0e7034f7493a99a236388228c4e
SHA512 d301682f7417a6b3ca97514fb06bdf5b52a8047bfc1d079cd97e954feb44bac36629ef687b4b93bd938e8ab880a3452c66c9126531b26021d7896fa5941e0bf6

C:\Windows\SysWOW64\grcopy.dll

MD5 6b1df4dba2a5716e312204a5c36b0585
SHA1 fc6cf32105ec688ecd0d36888eba0ebca7eea832
SHA256 ea2b0486b7fcf1f8a32e2e07148202fbbfa8ca3ef0a508568cb8c1740666ac20
SHA512 4c8aa17d1ea34558418f992f83208fe91f42ebce7b1de37b21d44590aa8eda1e9cd9943bbae360b54bb4768bfabfc832a5ce128aa668b5bd2deca60728ad340e

C:\Windows\SysWOW64\ctfmen.exe

MD5 cfc42b78ca1950fc3a7db08566f08302
SHA1 a6060b22ccb6add1bc0bcf14d27dc1a31fcd9474
SHA256 c62e82a02ab2464d385a934212fbf9bd95b340c7c85f5821de3ae392fd4d2b0b
SHA512 1f402366781a87e544d2d3d17868be2f93dc5c22a8e97d63a688e111a0e252961c72b0c338512f1bf9c41c97210501986b34b53cca4b16c6c04ace59fe8c32b4

memory/3632-26-0x0000000000400000-0x0000000000409000-memory.dmp

memory/1640-24-0x0000000010000000-0x000000001000D000-memory.dmp

memory/1640-21-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1672-29-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Windows\SysWOW64\satornas.dll

MD5 de9e15465cb6fb8f271e9a6242d8a165
SHA1 e5558b406b444d2258bea34dceaeeea295190e40
SHA256 33580f88ebfe35cf9a09f85ae6080bfa1b00a74be335d987fe65bab8a0292a0d
SHA512 a79242335f6e6e0628a0b5a583badbc24d11f2380b1f80d2552aa37a3411c23f244d1d2de6d486a8cc03a5956f9fc343e1a68cb56be49d8f37d403d40a3236a1

memory/1672-36-0x0000000010000000-0x000000001000D000-memory.dmp

memory/1672-37-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1672-39-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1672-41-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1672-43-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1672-45-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1672-47-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1672-49-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1672-51-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1672-53-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1672-55-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1672-57-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1672-59-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1672-61-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1672-63-0x0000000000400000-0x000000000041F000-memory.dmp