Malware Analysis Report

2025-01-02 15:06

Sample ID 201026-cwg9v8jcks
Target ce828cffe402a57948f338dcc698d79d
SHA256 16e2c661b13089b38aa8f3ade233d3cdd2a8b682fc2d9e0795279f782171474d
Tags
ransomware cerber
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

16e2c661b13089b38aa8f3ade233d3cdd2a8b682fc2d9e0795279f782171474d

Threat Level: Known bad

The file ce828cffe402a57948f338dcc698d79d was found to be: Known bad.

Malicious Activity Summary

ransomware cerber

Cerber

Blacklisted process makes network request

Deletes itself

Loads dropped DLL

Drops startup file

Sets desktop wallpaper using registry

Suspicious use of SetThreadContext

Drops file in Windows directory

Drops file in Program Files directory

Suspicious behavior: MapViewOfSection

Runs ping.exe

Suspicious use of FindShellTrayWindow

Modifies registry class

Modifies system certificate store

Kills process with taskkill

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2020-10-26 06:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2020-10-26 06:52

Reported

2020-10-26 06:54

Platform

win7

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe"

Signatures

Cerber

ransomware cerber

Blacklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp69AB.bmp" C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1416 set thread context of 1620 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification \??\c:\program files (x86)\microsoft\microsoft sql server C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\microsoft\onenote C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\onenote C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\outlook C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\ C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\excel C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\microsoft\office C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\microsoft\outlook C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\office C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\steam C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files\ C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\bitcoin C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\microsoft sql server C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\microsoft\excel C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\microsoft\word C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\powerpoint C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\microsoft\powerpoint C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\the bat! C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\thunderbird C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\word C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification \??\c:\windows\ C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4210623931-3856158591-1213714290-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SysWOW64\mshta.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Windows\SysWOW64\mshta.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802025300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c00b000000010000001600000047006c006f00620061006c005300690067006e000000140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Windows\SysWOW64\mshta.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b0b000000010000001600000047006c006f00620061006c005300690067006e0000005300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802020f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Windows\SysWOW64\mshta.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\DllHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1416 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe
PID 1416 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe
PID 1416 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe
PID 1416 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe
PID 1416 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe
PID 1620 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Windows\SysWOW64\mshta.exe
PID 1620 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Windows\SysWOW64\mshta.exe
PID 1620 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Windows\SysWOW64\mshta.exe
PID 1620 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Windows\SysWOW64\mshta.exe
PID 1620 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Windows\system32\cmd.exe
PID 1620 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Windows\system32\cmd.exe
PID 1620 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Windows\system32\cmd.exe
PID 1620 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Windows\system32\cmd.exe
PID 848 wrote to memory of 1656 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 848 wrote to memory of 1656 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 848 wrote to memory of 1656 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 848 wrote to memory of 1460 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 848 wrote to memory of 1460 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 848 wrote to memory of 1460 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe

"C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe"

C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe

"C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe"

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_HELP_HELP_HELP_SS60AG9.hta"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "ce828cffe402a57948f338dcc698d79d.exe"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

Network

Country Destination Domain Proto
N/A 90.2.1.0:6892 udp
N/A 90.2.1.1:6892 udp
N/A 90.2.1.2:6892 udp
N/A 90.2.1.3:6892 udp
N/A 90.2.1.4:6892 udp
N/A 90.2.1.5:6892 udp
N/A 90.2.1.6:6892 udp
N/A 90.2.1.7:6892 udp
N/A 90.2.1.8:6892 udp
N/A 90.2.1.9:6892 udp
N/A 90.2.1.10:6892 udp
N/A 90.2.1.11:6892 udp
N/A 90.2.1.12:6892 udp
N/A 90.2.1.13:6892 udp
N/A 90.2.1.14:6892 udp
N/A 90.2.1.15:6892 udp
N/A 90.2.1.16:6892 udp
N/A 90.2.1.17:6892 udp
N/A 90.2.1.18:6892 udp
N/A 90.2.1.19:6892 udp
N/A 90.2.1.20:6892 udp
N/A 90.2.1.21:6892 udp
N/A 90.2.1.22:6892 udp
N/A 90.2.1.23:6892 udp
N/A 90.2.1.24:6892 udp
N/A 90.2.1.25:6892 udp
N/A 90.2.1.26:6892 udp
N/A 90.2.1.27:6892 udp
N/A 90.2.1.28:6892 udp
N/A 90.2.1.29:6892 udp
N/A 90.2.1.30:6892 udp
N/A 90.2.1.31:6892 udp
N/A 90.3.1.0:6892 udp
N/A 90.3.1.1:6892 udp
N/A 90.3.1.2:6892 udp
N/A 90.3.1.3:6892 udp
N/A 90.3.1.4:6892 udp
N/A 90.3.1.5:6892 udp
N/A 90.3.1.6:6892 udp
N/A 90.3.1.7:6892 udp
N/A 90.3.1.8:6892 udp
N/A 90.3.1.9:6892 udp
N/A 90.3.1.10:6892 udp
N/A 90.3.1.11:6892 udp
N/A 90.3.1.12:6892 udp
N/A 90.3.1.13:6892 udp
N/A 90.3.1.14:6892 udp
N/A 90.3.1.15:6892 udp
N/A 90.3.1.16:6892 udp
N/A 90.3.1.17:6892 udp
N/A 90.3.1.18:6892 udp
N/A 90.3.1.19:6892 udp
N/A 90.3.1.20:6892 udp
N/A 90.3.1.21:6892 udp
N/A 90.3.1.22:6892 udp
N/A 90.3.1.23:6892 udp
N/A 90.3.1.24:6892 udp
N/A 90.3.1.25:6892 udp
N/A 90.3.1.26:6892 udp
N/A 90.3.1.27:6892 udp
N/A 90.3.1.28:6892 udp
N/A 90.3.1.29:6892 udp
N/A 90.3.1.30:6892 udp
N/A 90.3.1.31:6892 udp
N/A 91.239.24.0:6892 udp
N/A 91.239.24.1:6892 udp
N/A 91.239.24.2:6892 udp
N/A 91.239.24.3:6892 udp
N/A 91.239.24.4:6892 udp
N/A 91.239.24.5:6892 udp
N/A 91.239.24.6:6892 udp
N/A 91.239.24.7:6892 udp
N/A 91.239.24.8:6892 udp
N/A 91.239.24.9:6892 udp
N/A 91.239.24.10:6892 udp
N/A 91.239.24.11:6892 udp
N/A 91.239.24.12:6892 udp
N/A 91.239.24.13:6892 udp
N/A 91.239.24.14:6892 udp
N/A 91.239.24.15:6892 udp
N/A 91.239.24.16:6892 udp
N/A 91.239.24.17:6892 udp
N/A 91.239.24.18:6892 udp
N/A 91.239.24.19:6892 udp
N/A 91.239.24.20:6892 udp
N/A 91.239.24.21:6892 udp
N/A 91.239.24.22:6892 udp
N/A 91.239.24.23:6892 udp
N/A 91.239.24.24:6892 udp
N/A 91.239.24.25:6892 udp
N/A 91.239.24.26:6892 udp
N/A 91.239.24.27:6892 udp
N/A 91.239.24.28:6892 udp
N/A 91.239.24.29:6892 udp
N/A 91.239.24.30:6892 udp
N/A 91.239.24.31:6892 udp
N/A 91.239.24.32:6892 udp
N/A 91.239.24.33:6892 udp
N/A 91.239.24.34:6892 udp
N/A 91.239.24.35:6892 udp
N/A 91.239.24.36:6892 udp
N/A 91.239.24.37:6892 udp
N/A 91.239.24.38:6892 udp
N/A 91.239.24.39:6892 udp
N/A 91.239.24.40:6892 udp
N/A 91.239.24.41:6892 udp
N/A 91.239.24.42:6892 udp
N/A 91.239.24.43:6892 udp
N/A 91.239.24.44:6892 udp
N/A 91.239.24.45:6892 udp
N/A 91.239.24.46:6892 udp
N/A 91.239.24.47:6892 udp
N/A 91.239.24.48:6892 udp
N/A 91.239.24.49:6892 udp
N/A 91.239.24.50:6892 udp
N/A 91.239.24.51:6892 udp
N/A 91.239.24.52:6892 udp
N/A 91.239.24.53:6892 udp
N/A 91.239.24.54:6892 udp
N/A 91.239.24.55:6892 udp
N/A 91.239.24.56:6892 udp
N/A 91.239.24.57:6892 udp
N/A 91.239.24.58:6892 udp
N/A 91.239.24.59:6892 udp
N/A 91.239.24.60:6892 udp
N/A 91.239.24.61:6892 udp
N/A 91.239.24.62:6892 udp
N/A 91.239.24.63:6892 udp
N/A 91.239.24.64:6892 udp
N/A 91.239.24.65:6892 udp
N/A 91.239.24.66:6892 udp
N/A 91.239.24.67:6892 udp
N/A 91.239.24.68:6892 udp
N/A 91.239.24.69:6892 udp
N/A 91.239.24.70:6892 udp
N/A 91.239.24.71:6892 udp
N/A 91.239.24.72:6892 udp
N/A 91.239.24.73:6892 udp
N/A 91.239.24.74:6892 udp
N/A 91.239.24.75:6892 udp
N/A 91.239.24.76:6892 udp
N/A 91.239.24.77:6892 udp
N/A 91.239.24.78:6892 udp
N/A 91.239.24.79:6892 udp
N/A 91.239.24.80:6892 udp
N/A 91.239.24.81:6892 udp
N/A 91.239.24.82:6892 udp
N/A 91.239.24.83:6892 udp
N/A 91.239.24.84:6892 udp
N/A 91.239.24.85:6892 udp
N/A 91.239.24.86:6892 udp
N/A 91.239.24.87:6892 udp
N/A 91.239.24.88:6892 udp
N/A 91.239.24.89:6892 udp
N/A 91.239.24.90:6892 udp
N/A 91.239.24.91:6892 udp
N/A 91.239.24.92:6892 udp
N/A 91.239.24.93:6892 udp
N/A 91.239.24.94:6892 udp
N/A 91.239.24.95:6892 udp
N/A 91.239.24.96:6892 udp
N/A 91.239.24.97:6892 udp
N/A 91.239.24.98:6892 udp
N/A 91.239.24.99:6892 udp
N/A 91.239.24.100:6892 udp
N/A 91.239.24.101:6892 udp
N/A 91.239.24.102:6892 udp
N/A 91.239.24.103:6892 udp
N/A 91.239.24.104:6892 udp
N/A 91.239.24.105:6892 udp
N/A 91.239.24.106:6892 udp
N/A 91.239.24.107:6892 udp
N/A 91.239.24.108:6892 udp
N/A 91.239.24.109:6892 udp
N/A 91.239.24.110:6892 udp
N/A 91.239.24.111:6892 udp
N/A 91.239.24.112:6892 udp
N/A 91.239.24.113:6892 udp
N/A 91.239.24.114:6892 udp
N/A 91.239.24.115:6892 udp
N/A 91.239.24.116:6892 udp
N/A 91.239.24.117:6892 udp
N/A 91.239.24.118:6892 udp
N/A 91.239.24.119:6892 udp
N/A 91.239.24.120:6892 udp
N/A 91.239.24.121:6892 udp
N/A 91.239.24.122:6892 udp
N/A 91.239.24.123:6892 udp
N/A 91.239.24.124:6892 udp
N/A 91.239.24.125:6892 udp
N/A 91.239.24.126:6892 udp
N/A 91.239.24.127:6892 udp
N/A 91.239.24.128:6892 udp
N/A 91.239.24.129:6892 udp
N/A 91.239.24.130:6892 udp
N/A 91.239.24.131:6892 udp
N/A 91.239.24.132:6892 udp
N/A 91.239.24.133:6892 udp
N/A 91.239.24.134:6892 udp
N/A 91.239.24.135:6892 udp
N/A 91.239.24.136:6892 udp
N/A 91.239.24.137:6892 udp
N/A 91.239.24.138:6892 udp
N/A 91.239.24.139:6892 udp
N/A 91.239.24.140:6892 udp
N/A 91.239.24.141:6892 udp
N/A 91.239.24.142:6892 udp
N/A 91.239.24.143:6892 udp
N/A 91.239.24.144:6892 udp
N/A 91.239.24.145:6892 udp
N/A 91.239.24.146:6892 udp
N/A 91.239.24.147:6892 udp
N/A 91.239.24.148:6892 udp
N/A 91.239.24.149:6892 udp
N/A 91.239.24.150:6892 udp
N/A 91.239.24.151:6892 udp
N/A 91.239.24.152:6892 udp
N/A 91.239.24.153:6892 udp
N/A 91.239.24.154:6892 udp
N/A 91.239.24.155:6892 udp
N/A 91.239.24.156:6892 udp
N/A 91.239.24.157:6892 udp
N/A 91.239.24.158:6892 udp
N/A 91.239.24.159:6892 udp
N/A 91.239.24.160:6892 udp
N/A 91.239.24.161:6892 udp
N/A 91.239.24.162:6892 udp
N/A 91.239.24.163:6892 udp
N/A 91.239.24.164:6892 udp
N/A 91.239.24.165:6892 udp
N/A 91.239.24.166:6892 udp
N/A 91.239.24.167:6892 udp
N/A 91.239.24.168:6892 udp
N/A 91.239.24.169:6892 udp
N/A 91.239.24.170:6892 udp
N/A 91.239.24.171:6892 udp
N/A 91.239.24.172:6892 udp
N/A 91.239.24.173:6892 udp
N/A 91.239.24.174:6892 udp
N/A 91.239.24.175:6892 udp
N/A 91.239.24.176:6892 udp
N/A 91.239.24.177:6892 udp
N/A 91.239.24.178:6892 udp
N/A 91.239.24.179:6892 udp
N/A 91.239.24.180:6892 udp
N/A 91.239.24.181:6892 udp
N/A 91.239.24.182:6892 udp
N/A 91.239.24.183:6892 udp
N/A 91.239.24.184:6892 udp
N/A 91.239.24.185:6892 udp
N/A 91.239.24.186:6892 udp
N/A 91.239.24.187:6892 udp
N/A 91.239.24.188:6892 udp
N/A 91.239.24.189:6892 udp
N/A 91.239.24.190:6892 udp
N/A 91.239.24.191:6892 udp
N/A 91.239.24.192:6892 udp
N/A 91.239.24.193:6892 udp
N/A 91.239.24.194:6892 udp
N/A 91.239.24.195:6892 udp
N/A 91.239.24.196:6892 udp
N/A 91.239.24.197:6892 udp
N/A 91.239.24.198:6892 udp
N/A 91.239.24.199:6892 udp
N/A 91.239.24.200:6892 udp
N/A 91.239.24.201:6892 udp
N/A 91.239.24.202:6892 udp
N/A 91.239.24.203:6892 udp
N/A 91.239.24.204:6892 udp
N/A 91.239.24.205:6892 udp
N/A 91.239.24.206:6892 udp
N/A 91.239.24.207:6892 udp
N/A 91.239.24.208:6892 udp
N/A 91.239.24.209:6892 udp
N/A 91.239.24.210:6892 udp
N/A 91.239.24.211:6892 udp
N/A 91.239.24.212:6892 udp
N/A 91.239.24.213:6892 udp
N/A 91.239.24.214:6892 udp
N/A 91.239.24.215:6892 udp
N/A 91.239.24.216:6892 udp
N/A 91.239.24.217:6892 udp
N/A 91.239.24.218:6892 udp
N/A 91.239.24.219:6892 udp
N/A 91.239.24.220:6892 udp
N/A 91.239.24.221:6892 udp
N/A 91.239.24.222:6892 udp
N/A 91.239.24.223:6892 udp
N/A 91.239.24.224:6892 udp
N/A 91.239.24.225:6892 udp
N/A 91.239.24.226:6892 udp
N/A 91.239.24.227:6892 udp
N/A 91.239.24.228:6892 udp
N/A 91.239.24.229:6892 udp
N/A 91.239.24.230:6892 udp
N/A 91.239.24.231:6892 udp
N/A 91.239.24.232:6892 udp
N/A 91.239.24.233:6892 udp
N/A 91.239.24.234:6892 udp
N/A 91.239.24.235:6892 udp
N/A 91.239.24.236:6892 udp
N/A 91.239.24.237:6892 udp
N/A 91.239.24.238:6892 udp
N/A 91.239.24.239:6892 udp
N/A 91.239.24.240:6892 udp
N/A 91.239.24.241:6892 udp
N/A 91.239.24.242:6892 udp
N/A 91.239.24.243:6892 udp
N/A 91.239.24.244:6892 udp
N/A 91.239.24.245:6892 udp
N/A 91.239.24.246:6892 udp
N/A 91.239.24.247:6892 udp
N/A 91.239.24.248:6892 udp
N/A 91.239.24.249:6892 udp
N/A 91.239.24.250:6892 udp
N/A 91.239.24.251:6892 udp
N/A 91.239.24.252:6892 udp
N/A 91.239.24.253:6892 udp
N/A 91.239.24.254:6892 udp
N/A 91.239.24.255:6892 udp
N/A 91.239.25.0:6892 udp
N/A 91.239.25.1:6892 udp
N/A 91.239.25.2:6892 udp
N/A 91.239.25.3:6892 udp
N/A 91.239.25.4:6892 udp
N/A 91.239.25.5:6892 udp
N/A 91.239.25.6:6892 udp
N/A 91.239.25.7:6892 udp
N/A 91.239.25.8:6892 udp
N/A 91.239.25.9:6892 udp
N/A 91.239.25.10:6892 udp
N/A 91.239.25.11:6892 udp
N/A 91.239.25.12:6892 udp
N/A 91.239.25.13:6892 udp
N/A 91.239.25.14:6892 udp
N/A 91.239.25.15:6892 udp
N/A 91.239.25.16:6892 udp
N/A 91.239.25.17:6892 udp
N/A 91.239.25.18:6892 udp
N/A 91.239.25.19:6892 udp
N/A 91.239.25.20:6892 udp
N/A 91.239.25.21:6892 udp
N/A 91.239.25.22:6892 udp
N/A 91.239.25.23:6892 udp
N/A 91.239.25.24:6892 udp
N/A 91.239.25.25:6892 udp
N/A 91.239.25.26:6892 udp
N/A 91.239.25.27:6892 udp
N/A 91.239.25.28:6892 udp
N/A 91.239.25.29:6892 udp
N/A 91.239.25.30:6892 udp
N/A 91.239.25.31:6892 udp
N/A 91.239.25.32:6892 udp
N/A 91.239.25.33:6892 udp
N/A 91.239.25.34:6892 udp
N/A 91.239.25.35:6892 udp
N/A 91.239.25.36:6892 udp
N/A 91.239.25.37:6892 udp
N/A 91.239.25.38:6892 udp
N/A 91.239.25.39:6892 udp
N/A 91.239.25.40:6892 udp
N/A 91.239.25.41:6892 udp
N/A 91.239.25.42:6892 udp
N/A 91.239.25.43:6892 udp
N/A 91.239.25.44:6892 udp
N/A 91.239.25.45:6892 udp
N/A 91.239.25.46:6892 udp
N/A 91.239.25.47:6892 udp
N/A 91.239.25.48:6892 udp
N/A 91.239.25.49:6892 udp
N/A 91.239.25.50:6892 udp
N/A 91.239.25.51:6892 udp
N/A 91.239.25.52:6892 udp
N/A 91.239.25.53:6892 udp
N/A 91.239.25.54:6892 udp
N/A 91.239.25.55:6892 udp
N/A 91.239.25.56:6892 udp
N/A 91.239.25.57:6892 udp
N/A 91.239.25.58:6892 udp
N/A 91.239.25.59:6892 udp
N/A 91.239.25.60:6892 udp
N/A 91.239.25.61:6892 udp
N/A 91.239.25.62:6892 udp
N/A 91.239.25.63:6892 udp
N/A 91.239.25.64:6892 udp
N/A 91.239.25.65:6892 udp
N/A 91.239.25.66:6892 udp
N/A 91.239.25.67:6892 udp
N/A 91.239.25.68:6892 udp
N/A 91.239.25.69:6892 udp
N/A 91.239.25.70:6892 udp
N/A 91.239.25.71:6892 udp
N/A 91.239.25.72:6892 udp
N/A 91.239.25.73:6892 udp
N/A 91.239.25.74:6892 udp
N/A 91.239.25.75:6892 udp
N/A 91.239.25.76:6892 udp
N/A 91.239.25.77:6892 udp
N/A 91.239.25.78:6892 udp
N/A 91.239.25.79:6892 udp
N/A 91.239.25.80:6892 udp
N/A 91.239.25.81:6892 udp
N/A 91.239.25.82:6892 udp
N/A 91.239.25.83:6892 udp
N/A 91.239.25.84:6892 udp
N/A 91.239.25.85:6892 udp
N/A 91.239.25.86:6892 udp
N/A 91.239.25.87:6892 udp
N/A 91.239.25.88:6892 udp
N/A 91.239.25.89:6892 udp
N/A 91.239.25.90:6892 udp
N/A 91.239.25.91:6892 udp
N/A 91.239.25.92:6892 udp
N/A 91.239.25.93:6892 udp
N/A 91.239.25.94:6892 udp
N/A 91.239.25.95:6892 udp
N/A 91.239.25.96:6892 udp
N/A 91.239.25.97:6892 udp
N/A 91.239.25.98:6892 udp
N/A 91.239.25.99:6892 udp
N/A 91.239.25.100:6892 udp
N/A 91.239.25.101:6892 udp
N/A 91.239.25.102:6892 udp
N/A 91.239.25.103:6892 udp
N/A 91.239.25.104:6892 udp
N/A 91.239.25.105:6892 udp
N/A 91.239.25.106:6892 udp
N/A 91.239.25.107:6892 udp
N/A 91.239.25.108:6892 udp
N/A 91.239.25.109:6892 udp
N/A 91.239.25.110:6892 udp
N/A 91.239.25.111:6892 udp
N/A 91.239.25.112:6892 udp
N/A 91.239.25.113:6892 udp
N/A 91.239.25.114:6892 udp
N/A 91.239.25.115:6892 udp
N/A 91.239.25.116:6892 udp
N/A 91.239.25.117:6892 udp
N/A 91.239.25.118:6892 udp
N/A 91.239.25.119:6892 udp
N/A 91.239.25.120:6892 udp
N/A 91.239.25.121:6892 udp
N/A 91.239.25.122:6892 udp
N/A 91.239.25.123:6892 udp
N/A 91.239.25.124:6892 udp
N/A 91.239.25.125:6892 udp
N/A 91.239.25.126:6892 udp
N/A 91.239.25.127:6892 udp
N/A 91.239.25.128:6892 udp
N/A 91.239.25.129:6892 udp
N/A 91.239.25.130:6892 udp
N/A 91.239.25.131:6892 udp
N/A 91.239.25.132:6892 udp
N/A 91.239.25.133:6892 udp
N/A 91.239.25.134:6892 udp
N/A 91.239.25.135:6892 udp
N/A 91.239.25.136:6892 udp
N/A 91.239.25.137:6892 udp
N/A 91.239.25.138:6892 udp
N/A 91.239.25.139:6892 udp
N/A 91.239.25.140:6892 udp
N/A 91.239.25.141:6892 udp
N/A 91.239.25.142:6892 udp
N/A 91.239.25.143:6892 udp
N/A 91.239.25.144:6892 udp
N/A 91.239.25.145:6892 udp
N/A 91.239.25.146:6892 udp
N/A 91.239.25.147:6892 udp
N/A 91.239.25.148:6892 udp
N/A 91.239.25.149:6892 udp
N/A 91.239.25.150:6892 udp
N/A 91.239.25.151:6892 udp
N/A 91.239.25.152:6892 udp
N/A 91.239.25.153:6892 udp
N/A 91.239.25.154:6892 udp
N/A 91.239.25.155:6892 udp
N/A 91.239.25.156:6892 udp
N/A 91.239.25.157:6892 udp
N/A 91.239.25.158:6892 udp
N/A 91.239.25.159:6892 udp
N/A 91.239.25.160:6892 udp
N/A 91.239.25.161:6892 udp
N/A 91.239.25.162:6892 udp
N/A 91.239.25.163:6892 udp
N/A 91.239.25.164:6892 udp
N/A 91.239.25.165:6892 udp
N/A 91.239.25.166:6892 udp
N/A 91.239.25.167:6892 udp
N/A 91.239.25.168:6892 udp
N/A 91.239.25.169:6892 udp
N/A 91.239.25.170:6892 udp
N/A 91.239.25.171:6892 udp
N/A 91.239.25.172:6892 udp
N/A 91.239.25.173:6892 udp
N/A 91.239.25.174:6892 udp
N/A 91.239.25.175:6892 udp
N/A 91.239.25.176:6892 udp
N/A 91.239.25.177:6892 udp
N/A 91.239.25.178:6892 udp
N/A 91.239.25.179:6892 udp
N/A 91.239.25.180:6892 udp
N/A 91.239.25.181:6892 udp
N/A 91.239.25.182:6892 udp
N/A 91.239.25.183:6892 udp
N/A 91.239.25.184:6892 udp
N/A 91.239.25.185:6892 udp
N/A 91.239.25.186:6892 udp
N/A 91.239.25.187:6892 udp
N/A 91.239.25.188:6892 udp
N/A 91.239.25.189:6892 udp
N/A 91.239.25.190:6892 udp
N/A 91.239.25.191:6892 udp
N/A 91.239.25.192:6892 udp
N/A 91.239.25.193:6892 udp
N/A 91.239.25.194:6892 udp
N/A 91.239.25.195:6892 udp
N/A 91.239.25.196:6892 udp
N/A 91.239.25.197:6892 udp
N/A 91.239.25.198:6892 udp
N/A 91.239.25.199:6892 udp
N/A 91.239.25.200:6892 udp
N/A 91.239.25.201:6892 udp
N/A 91.239.25.202:6892 udp
N/A 91.239.25.203:6892 udp
N/A 91.239.25.204:6892 udp
N/A 91.239.25.205:6892 udp
N/A 91.239.25.206:6892 udp
N/A 91.239.25.207:6892 udp
N/A 91.239.25.208:6892 udp
N/A 91.239.25.209:6892 udp
N/A 91.239.25.210:6892 udp
N/A 91.239.25.211:6892 udp
N/A 91.239.25.212:6892 udp
N/A 91.239.25.213:6892 udp
N/A 91.239.25.214:6892 udp
N/A 91.239.25.215:6892 udp
N/A 91.239.25.216:6892 udp
N/A 91.239.25.217:6892 udp
N/A 91.239.25.218:6892 udp
N/A 91.239.25.219:6892 udp
N/A 91.239.25.220:6892 udp
N/A 91.239.25.221:6892 udp
N/A 91.239.25.222:6892 udp
N/A 91.239.25.223:6892 udp
N/A 91.239.25.224:6892 udp
N/A 91.239.25.225:6892 udp
N/A 91.239.25.226:6892 udp
N/A 91.239.25.227:6892 udp
N/A 91.239.25.228:6892 udp
N/A 91.239.25.229:6892 udp
N/A 91.239.25.230:6892 udp
N/A 91.239.25.231:6892 udp
N/A 91.239.25.232:6892 udp
N/A 91.239.25.233:6892 udp
N/A 91.239.25.234:6892 udp
N/A 91.239.25.235:6892 udp
N/A 91.239.25.236:6892 udp
N/A 91.239.25.237:6892 udp
N/A 91.239.25.238:6892 udp
N/A 91.239.25.239:6892 udp
N/A 91.239.25.240:6892 udp
N/A 91.239.25.241:6892 udp
N/A 91.239.25.242:6892 udp
N/A 91.239.25.243:6892 udp
N/A 91.239.25.244:6892 udp
N/A 91.239.25.245:6892 udp
N/A 91.239.25.246:6892 udp
N/A 91.239.25.247:6892 udp
N/A 91.239.25.248:6892 udp
N/A 91.239.25.249:6892 udp
N/A 91.239.25.250:6892 udp
N/A 91.239.25.251:6892 udp
N/A 91.239.25.252:6892 udp
N/A 91.239.25.253:6892 udp
N/A 91.239.25.254:6892 udp
N/A 91.239.25.255:6892 udp
N/A 90.2.1.0:6892 udp
N/A 90.2.1.1:6892 udp
N/A 90.2.1.2:6892 udp
N/A 90.2.1.3:6892 udp
N/A 90.2.1.4:6892 udp
N/A 90.2.1.5:6892 udp
N/A 90.2.1.6:6892 udp
N/A 90.2.1.7:6892 udp
N/A 90.2.1.8:6892 udp
N/A 90.2.1.9:6892 udp
N/A 90.2.1.10:6892 udp
N/A 90.2.1.11:6892 udp
N/A 90.2.1.12:6892 udp
N/A 90.2.1.13:6892 udp
N/A 90.2.1.14:6892 udp
N/A 90.2.1.15:6892 udp
N/A 90.2.1.16:6892 udp
N/A 90.2.1.17:6892 udp
N/A 90.2.1.18:6892 udp
N/A 90.2.1.19:6892 udp
N/A 90.2.1.20:6892 udp
N/A 90.2.1.21:6892 udp
N/A 90.2.1.22:6892 udp
N/A 90.2.1.23:6892 udp
N/A 90.2.1.24:6892 udp
N/A 90.2.1.25:6892 udp
N/A 90.2.1.26:6892 udp
N/A 90.2.1.27:6892 udp
N/A 90.2.1.28:6892 udp
N/A 90.2.1.29:6892 udp
N/A 90.2.1.30:6892 udp
N/A 90.2.1.31:6892 udp
N/A 90.3.1.0:6892 udp
N/A 90.3.1.1:6892 udp
N/A 90.3.1.2:6892 udp
N/A 90.3.1.3:6892 udp
N/A 90.3.1.4:6892 udp
N/A 90.3.1.5:6892 udp
N/A 90.3.1.6:6892 udp
N/A 90.3.1.7:6892 udp
N/A 90.3.1.8:6892 udp
N/A 90.3.1.9:6892 udp
N/A 90.3.1.10:6892 udp
N/A 90.3.1.11:6892 udp
N/A 90.3.1.12:6892 udp
N/A 90.3.1.13:6892 udp
N/A 90.3.1.14:6892 udp
N/A 90.3.1.15:6892 udp
N/A 90.3.1.16:6892 udp
N/A 90.3.1.17:6892 udp
N/A 90.3.1.18:6892 udp
N/A 90.3.1.19:6892 udp
N/A 90.3.1.20:6892 udp
N/A 90.3.1.21:6892 udp
N/A 90.3.1.22:6892 udp
N/A 90.3.1.23:6892 udp
N/A 90.3.1.24:6892 udp
N/A 90.3.1.25:6892 udp
N/A 90.3.1.26:6892 udp
N/A 90.3.1.27:6892 udp
N/A 90.3.1.28:6892 udp
N/A 90.3.1.29:6892 udp
N/A 90.3.1.30:6892 udp
N/A 90.3.1.31:6892 udp
N/A 91.239.24.0:6892 udp
N/A 91.239.24.1:6892 udp
N/A 91.239.24.2:6892 udp
N/A 91.239.24.3:6892 udp
N/A 91.239.24.4:6892 udp
N/A 91.239.24.5:6892 udp
N/A 91.239.24.6:6892 udp
N/A 91.239.24.7:6892 udp
N/A 91.239.24.8:6892 udp
N/A 91.239.24.9:6892 udp
N/A 91.239.24.10:6892 udp
N/A 91.239.24.11:6892 udp
N/A 91.239.24.12:6892 udp
N/A 91.239.24.13:6892 udp
N/A 91.239.24.14:6892 udp
N/A 91.239.24.15:6892 udp
N/A 91.239.24.16:6892 udp
N/A 91.239.24.17:6892 udp
N/A 91.239.24.18:6892 udp
N/A 91.239.24.19:6892 udp
N/A 91.239.24.20:6892 udp
N/A 91.239.24.21:6892 udp
N/A 91.239.24.22:6892 udp
N/A 91.239.24.23:6892 udp
N/A 91.239.24.24:6892 udp
N/A 91.239.24.25:6892 udp
N/A 91.239.24.26:6892 udp
N/A 91.239.24.27:6892 udp
N/A 91.239.24.28:6892 udp
N/A 91.239.24.29:6892 udp
N/A 91.239.24.30:6892 udp
N/A 91.239.24.31:6892 udp
N/A 91.239.24.32:6892 udp
N/A 91.239.24.33:6892 udp
N/A 91.239.24.34:6892 udp
N/A 91.239.24.35:6892 udp
N/A 91.239.24.36:6892 udp
N/A 91.239.24.37:6892 udp
N/A 91.239.24.38:6892 udp
N/A 91.239.24.39:6892 udp
N/A 91.239.24.40:6892 udp
N/A 91.239.24.41:6892 udp
N/A 91.239.24.42:6892 udp
N/A 91.239.24.43:6892 udp
N/A 91.239.24.44:6892 udp
N/A 91.239.24.45:6892 udp
N/A 91.239.24.46:6892 udp
N/A 91.239.24.47:6892 udp
N/A 91.239.24.48:6892 udp
N/A 91.239.24.49:6892 udp
N/A 91.239.24.50:6892 udp
N/A 91.239.24.51:6892 udp
N/A 91.239.24.52:6892 udp
N/A 91.239.24.53:6892 udp
N/A 91.239.24.54:6892 udp
N/A 91.239.24.55:6892 udp
N/A 91.239.24.56:6892 udp
N/A 91.239.24.57:6892 udp
N/A 91.239.24.58:6892 udp
N/A 91.239.24.59:6892 udp
N/A 91.239.24.60:6892 udp
N/A 91.239.24.61:6892 udp
N/A 91.239.24.62:6892 udp
N/A 91.239.24.63:6892 udp
N/A 91.239.24.64:6892 udp
N/A 91.239.24.65:6892 udp
N/A 91.239.24.66:6892 udp
N/A 91.239.24.67:6892 udp
N/A 91.239.24.68:6892 udp
N/A 91.239.24.69:6892 udp
N/A 91.239.24.70:6892 udp
N/A 91.239.24.71:6892 udp
N/A 91.239.24.72:6892 udp
N/A 91.239.24.73:6892 udp
N/A 91.239.24.74:6892 udp
N/A 91.239.24.75:6892 udp
N/A 91.239.24.76:6892 udp
N/A 91.239.24.77:6892 udp
N/A 91.239.24.78:6892 udp
N/A 91.239.24.79:6892 udp
N/A 91.239.24.80:6892 udp
N/A 91.239.24.81:6892 udp
N/A 91.239.24.82:6892 udp
N/A 91.239.24.83:6892 udp
N/A 91.239.24.84:6892 udp
N/A 91.239.24.85:6892 udp
N/A 91.239.24.86:6892 udp
N/A 91.239.24.87:6892 udp
N/A 91.239.24.88:6892 udp
N/A 91.239.24.89:6892 udp
N/A 91.239.24.90:6892 udp
N/A 91.239.24.91:6892 udp
N/A 91.239.24.92:6892 udp
N/A 91.239.24.93:6892 udp
N/A 91.239.24.94:6892 udp
N/A 91.239.24.95:6892 udp
N/A 91.239.24.96:6892 udp
N/A 91.239.24.97:6892 udp
N/A 91.239.24.98:6892 udp
N/A 91.239.24.99:6892 udp
N/A 91.239.24.100:6892 udp
N/A 91.239.24.101:6892 udp
N/A 91.239.24.102:6892 udp
N/A 91.239.24.103:6892 udp
N/A 91.239.24.104:6892 udp
N/A 91.239.24.105:6892 udp
N/A 91.239.24.106:6892 udp
N/A 91.239.24.107:6892 udp
N/A 91.239.24.108:6892 udp
N/A 91.239.24.109:6892 udp
N/A 91.239.24.110:6892 udp
N/A 91.239.24.111:6892 udp
N/A 91.239.24.112:6892 udp
N/A 91.239.24.113:6892 udp
N/A 91.239.24.114:6892 udp
N/A 91.239.24.115:6892 udp
N/A 91.239.24.116:6892 udp
N/A 91.239.24.117:6892 udp
N/A 91.239.24.118:6892 udp
N/A 91.239.24.119:6892 udp
N/A 91.239.24.120:6892 udp
N/A 91.239.24.121:6892 udp
N/A 91.239.24.122:6892 udp
N/A 91.239.24.123:6892 udp
N/A 91.239.24.124:6892 udp
N/A 91.239.24.125:6892 udp
N/A 91.239.24.126:6892 udp
N/A 91.239.24.127:6892 udp
N/A 91.239.24.128:6892 udp
N/A 91.239.24.129:6892 udp
N/A 91.239.24.130:6892 udp
N/A 91.239.24.131:6892 udp
N/A 91.239.24.132:6892 udp
N/A 91.239.24.133:6892 udp
N/A 91.239.24.134:6892 udp
N/A 91.239.24.135:6892 udp
N/A 91.239.24.136:6892 udp
N/A 91.239.24.137:6892 udp
N/A 91.239.24.138:6892 udp
N/A 91.239.24.139:6892 udp
N/A 91.239.24.140:6892 udp
N/A 91.239.24.141:6892 udp
N/A 91.239.24.142:6892 udp
N/A 91.239.24.143:6892 udp
N/A 91.239.24.144:6892 udp
N/A 91.239.24.145:6892 udp
N/A 91.239.24.146:6892 udp
N/A 91.239.24.147:6892 udp
N/A 91.239.24.148:6892 udp
N/A 91.239.24.149:6892 udp
N/A 91.239.24.150:6892 udp
N/A 91.239.24.151:6892 udp
N/A 91.239.24.152:6892 udp
N/A 91.239.24.153:6892 udp
N/A 91.239.24.154:6892 udp
N/A 91.239.24.155:6892 udp
N/A 91.239.24.156:6892 udp
N/A 91.239.24.157:6892 udp
N/A 91.239.24.158:6892 udp
N/A 91.239.24.159:6892 udp
N/A 91.239.24.160:6892 udp
N/A 91.239.24.161:6892 udp
N/A 91.239.24.162:6892 udp
N/A 91.239.24.163:6892 udp
N/A 91.239.24.164:6892 udp
N/A 91.239.24.165:6892 udp
N/A 91.239.24.166:6892 udp
N/A 91.239.24.167:6892 udp
N/A 91.239.24.168:6892 udp
N/A 91.239.24.169:6892 udp
N/A 91.239.24.170:6892 udp
N/A 91.239.24.171:6892 udp
N/A 91.239.24.172:6892 udp
N/A 91.239.24.173:6892 udp
N/A 91.239.24.174:6892 udp
N/A 91.239.24.175:6892 udp
N/A 91.239.24.176:6892 udp
N/A 91.239.24.177:6892 udp
N/A 91.239.24.178:6892 udp
N/A 91.239.24.179:6892 udp
N/A 91.239.24.180:6892 udp
N/A 91.239.24.181:6892 udp
N/A 91.239.24.182:6892 udp
N/A 91.239.24.183:6892 udp
N/A 91.239.24.184:6892 udp
N/A 91.239.24.185:6892 udp
N/A 91.239.24.186:6892 udp
N/A 91.239.24.187:6892 udp
N/A 91.239.24.188:6892 udp
N/A 91.239.24.189:6892 udp
N/A 91.239.24.190:6892 udp
N/A 91.239.24.191:6892 udp
N/A 91.239.24.192:6892 udp
N/A 91.239.24.193:6892 udp
N/A 91.239.24.194:6892 udp
N/A 91.239.24.195:6892 udp
N/A 91.239.24.196:6892 udp
N/A 91.239.24.197:6892 udp
N/A 91.239.24.198:6892 udp
N/A 91.239.24.199:6892 udp
N/A 91.239.24.200:6892 udp
N/A 91.239.24.201:6892 udp
N/A 91.239.24.202:6892 udp
N/A 91.239.24.203:6892 udp
N/A 91.239.24.204:6892 udp
N/A 91.239.24.205:6892 udp
N/A 91.239.24.206:6892 udp
N/A 91.239.24.207:6892 udp
N/A 91.239.24.208:6892 udp
N/A 91.239.24.209:6892 udp
N/A 91.239.24.210:6892 udp
N/A 91.239.24.211:6892 udp
N/A 91.239.24.212:6892 udp
N/A 91.239.24.213:6892 udp
N/A 91.239.24.214:6892 udp
N/A 91.239.24.215:6892 udp
N/A 91.239.24.216:6892 udp
N/A 91.239.24.217:6892 udp
N/A 91.239.24.218:6892 udp
N/A 91.239.24.219:6892 udp
N/A 91.239.24.220:6892 udp
N/A 91.239.24.221:6892 udp
N/A 91.239.24.222:6892 udp
N/A 91.239.24.223:6892 udp
N/A 91.239.24.224:6892 udp
N/A 91.239.24.225:6892 udp
N/A 91.239.24.226:6892 udp
N/A 91.239.24.227:6892 udp
N/A 91.239.24.228:6892 udp
N/A 91.239.24.229:6892 udp
N/A 91.239.24.230:6892 udp
N/A 91.239.24.231:6892 udp
N/A 91.239.24.232:6892 udp
N/A 91.239.24.233:6892 udp
N/A 91.239.24.234:6892 udp
N/A 91.239.24.235:6892 udp
N/A 91.239.24.236:6892 udp
N/A 91.239.24.237:6892 udp
N/A 91.239.24.238:6892 udp
N/A 91.239.24.239:6892 udp
N/A 91.239.24.240:6892 udp
N/A 91.239.24.241:6892 udp
N/A 91.239.24.242:6892 udp
N/A 91.239.24.243:6892 udp
N/A 91.239.24.244:6892 udp
N/A 91.239.24.245:6892 udp
N/A 91.239.24.246:6892 udp
N/A 91.239.24.247:6892 udp
N/A 91.239.24.248:6892 udp
N/A 91.239.24.249:6892 udp
N/A 91.239.24.250:6892 udp
N/A 91.239.24.251:6892 udp
N/A 91.239.24.252:6892 udp
N/A 91.239.24.253:6892 udp
N/A 91.239.24.254:6892 udp
N/A 91.239.24.255:6892 udp
N/A 91.239.25.0:6892 udp
N/A 91.239.25.1:6892 udp
N/A 91.239.25.2:6892 udp
N/A 91.239.25.3:6892 udp
N/A 91.239.25.4:6892 udp
N/A 91.239.25.5:6892 udp
N/A 91.239.25.6:6892 udp
N/A 91.239.25.7:6892 udp
N/A 91.239.25.8:6892 udp
N/A 91.239.25.9:6892 udp
N/A 91.239.25.10:6892 udp
N/A 91.239.25.11:6892 udp
N/A 91.239.25.12:6892 udp
N/A 91.239.25.13:6892 udp
N/A 91.239.25.14:6892 udp
N/A 91.239.25.15:6892 udp
N/A 91.239.25.16:6892 udp
N/A 91.239.25.17:6892 udp
N/A 91.239.25.18:6892 udp
N/A 91.239.25.19:6892 udp
N/A 91.239.25.20:6892 udp
N/A 91.239.25.21:6892 udp
N/A 91.239.25.22:6892 udp
N/A 91.239.25.23:6892 udp
N/A 91.239.25.24:6892 udp
N/A 91.239.25.25:6892 udp
N/A 91.239.25.26:6892 udp
N/A 91.239.25.27:6892 udp
N/A 91.239.25.28:6892 udp
N/A 91.239.25.29:6892 udp
N/A 91.239.25.30:6892 udp
N/A 91.239.25.31:6892 udp
N/A 91.239.25.32:6892 udp
N/A 91.239.25.33:6892 udp
N/A 91.239.25.34:6892 udp
N/A 91.239.25.35:6892 udp
N/A 91.239.25.36:6892 udp
N/A 91.239.25.37:6892 udp
N/A 91.239.25.38:6892 udp
N/A 91.239.25.39:6892 udp
N/A 91.239.25.40:6892 udp
N/A 91.239.25.41:6892 udp
N/A 91.239.25.42:6892 udp
N/A 91.239.25.43:6892 udp
N/A 91.239.25.44:6892 udp
N/A 91.239.25.45:6892 udp
N/A 91.239.25.46:6892 udp
N/A 91.239.25.47:6892 udp
N/A 91.239.25.48:6892 udp
N/A 91.239.25.49:6892 udp
N/A 91.239.25.50:6892 udp
N/A 91.239.25.51:6892 udp
N/A 91.239.25.52:6892 udp
N/A 91.239.25.53:6892 udp
N/A 91.239.25.54:6892 udp
N/A 91.239.25.55:6892 udp
N/A 91.239.25.56:6892 udp
N/A 91.239.25.57:6892 udp
N/A 91.239.25.58:6892 udp
N/A 91.239.25.59:6892 udp
N/A 91.239.25.60:6892 udp
N/A 91.239.25.61:6892 udp
N/A 91.239.25.62:6892 udp
N/A 91.239.25.63:6892 udp
N/A 91.239.25.64:6892 udp
N/A 91.239.25.65:6892 udp
N/A 91.239.25.66:6892 udp
N/A 91.239.25.67:6892 udp
N/A 91.239.25.68:6892 udp
N/A 91.239.25.69:6892 udp
N/A 91.239.25.70:6892 udp
N/A 91.239.25.71:6892 udp
N/A 91.239.25.72:6892 udp
N/A 91.239.25.73:6892 udp
N/A 91.239.25.74:6892 udp
N/A 91.239.25.75:6892 udp
N/A 91.239.25.76:6892 udp
N/A 91.239.25.77:6892 udp
N/A 91.239.25.78:6892 udp
N/A 91.239.25.79:6892 udp
N/A 91.239.25.80:6892 udp
N/A 91.239.25.81:6892 udp
N/A 91.239.25.82:6892 udp
N/A 91.239.25.83:6892 udp
N/A 91.239.25.84:6892 udp
N/A 91.239.25.85:6892 udp
N/A 91.239.25.86:6892 udp
N/A 91.239.25.87:6892 udp
N/A 91.239.25.88:6892 udp
N/A 91.239.25.89:6892 udp
N/A 91.239.25.90:6892 udp
N/A 91.239.25.91:6892 udp
N/A 91.239.25.92:6892 udp
N/A 91.239.25.93:6892 udp
N/A 91.239.25.94:6892 udp
N/A 91.239.25.95:6892 udp
N/A 91.239.25.96:6892 udp
N/A 91.239.25.97:6892 udp
N/A 91.239.25.98:6892 udp
N/A 91.239.25.99:6892 udp
N/A 91.239.25.100:6892 udp
N/A 91.239.25.101:6892 udp
N/A 91.239.25.102:6892 udp
N/A 91.239.25.103:6892 udp
N/A 91.239.25.104:6892 udp
N/A 91.239.25.105:6892 udp
N/A 91.239.25.106:6892 udp
N/A 91.239.25.107:6892 udp
N/A 91.239.25.108:6892 udp
N/A 91.239.25.109:6892 udp
N/A 91.239.25.110:6892 udp
N/A 91.239.25.111:6892 udp
N/A 91.239.25.112:6892 udp
N/A 91.239.25.113:6892 udp
N/A 91.239.25.114:6892 udp
N/A 91.239.25.115:6892 udp
N/A 91.239.25.116:6892 udp
N/A 91.239.25.117:6892 udp
N/A 91.239.25.118:6892 udp
N/A 91.239.25.119:6892 udp
N/A 91.239.25.120:6892 udp
N/A 91.239.25.121:6892 udp
N/A 91.239.25.122:6892 udp
N/A 91.239.25.123:6892 udp
N/A 91.239.25.124:6892 udp
N/A 91.239.25.125:6892 udp
N/A 91.239.25.126:6892 udp
N/A 91.239.25.127:6892 udp
N/A 91.239.25.128:6892 udp
N/A 91.239.25.129:6892 udp
N/A 91.239.25.130:6892 udp
N/A 91.239.25.131:6892 udp
N/A 91.239.25.132:6892 udp
N/A 91.239.25.133:6892 udp
N/A 91.239.25.134:6892 udp
N/A 91.239.25.135:6892 udp
N/A 91.239.25.136:6892 udp
N/A 91.239.25.137:6892 udp
N/A 91.239.25.138:6892 udp
N/A 91.239.25.139:6892 udp
N/A 91.239.25.140:6892 udp
N/A 91.239.25.141:6892 udp
N/A 91.239.25.142:6892 udp
N/A 91.239.25.143:6892 udp
N/A 91.239.25.144:6892 udp
N/A 91.239.25.145:6892 udp
N/A 91.239.25.146:6892 udp
N/A 91.239.25.147:6892 udp
N/A 91.239.25.148:6892 udp
N/A 91.239.25.149:6892 udp
N/A 91.239.25.150:6892 udp
N/A 91.239.25.151:6892 udp
N/A 91.239.25.152:6892 udp
N/A 91.239.25.153:6892 udp
N/A 91.239.25.154:6892 udp
N/A 91.239.25.155:6892 udp
N/A 91.239.25.156:6892 udp
N/A 91.239.25.157:6892 udp
N/A 91.239.25.158:6892 udp
N/A 91.239.25.159:6892 udp
N/A 91.239.25.160:6892 udp
N/A 91.239.25.161:6892 udp
N/A 91.239.25.162:6892 udp
N/A 91.239.25.163:6892 udp
N/A 91.239.25.164:6892 udp
N/A 91.239.25.165:6892 udp
N/A 91.239.25.166:6892 udp
N/A 91.239.25.167:6892 udp
N/A 91.239.25.168:6892 udp
N/A 91.239.25.169:6892 udp
N/A 91.239.25.170:6892 udp
N/A 91.239.25.171:6892 udp
N/A 91.239.25.172:6892 udp
N/A 91.239.25.173:6892 udp
N/A 91.239.25.174:6892 udp
N/A 91.239.25.175:6892 udp
N/A 91.239.25.176:6892 udp
N/A 91.239.25.177:6892 udp
N/A 91.239.25.178:6892 udp
N/A 91.239.25.179:6892 udp
N/A 91.239.25.180:6892 udp
N/A 91.239.25.181:6892 udp
N/A 91.239.25.182:6892 udp
N/A 91.239.25.183:6892 udp
N/A 91.239.25.184:6892 udp
N/A 91.239.25.185:6892 udp
N/A 91.239.25.186:6892 udp
N/A 91.239.25.187:6892 udp
N/A 91.239.25.188:6892 udp
N/A 91.239.25.189:6892 udp
N/A 91.239.25.190:6892 udp
N/A 91.239.25.191:6892 udp
N/A 91.239.25.192:6892 udp
N/A 91.239.25.193:6892 udp
N/A 91.239.25.194:6892 udp
N/A 91.239.25.195:6892 udp
N/A 91.239.25.196:6892 udp
N/A 91.239.25.197:6892 udp
N/A 91.239.25.198:6892 udp
N/A 91.239.25.199:6892 udp
N/A 91.239.25.200:6892 udp
N/A 91.239.25.201:6892 udp
N/A 91.239.25.202:6892 udp
N/A 91.239.25.203:6892 udp
N/A 91.239.25.204:6892 udp
N/A 91.239.25.205:6892 udp
N/A 91.239.25.206:6892 udp
N/A 91.239.25.207:6892 udp
N/A 91.239.25.208:6892 udp
N/A 91.239.25.209:6892 udp
N/A 91.239.25.210:6892 udp
N/A 91.239.25.211:6892 udp
N/A 91.239.25.212:6892 udp
N/A 91.239.25.213:6892 udp
N/A 91.239.25.214:6892 udp
N/A 91.239.25.215:6892 udp
N/A 91.239.25.216:6892 udp
N/A 91.239.25.217:6892 udp
N/A 91.239.25.218:6892 udp
N/A 91.239.25.219:6892 udp
N/A 91.239.25.220:6892 udp
N/A 91.239.25.221:6892 udp
N/A 91.239.25.222:6892 udp
N/A 91.239.25.223:6892 udp
N/A 91.239.25.224:6892 udp
N/A 91.239.25.225:6892 udp
N/A 91.239.25.226:6892 udp
N/A 91.239.25.227:6892 udp
N/A 91.239.25.228:6892 udp
N/A 91.239.25.229:6892 udp
N/A 91.239.25.230:6892 udp
N/A 91.239.25.231:6892 udp
N/A 91.239.25.232:6892 udp
N/A 91.239.25.233:6892 udp
N/A 91.239.25.234:6892 udp
N/A 91.239.25.235:6892 udp
N/A 91.239.25.236:6892 udp
N/A 91.239.25.237:6892 udp
N/A 91.239.25.238:6892 udp
N/A 91.239.25.239:6892 udp
N/A 91.239.25.240:6892 udp
N/A 91.239.25.241:6892 udp
N/A 91.239.25.242:6892 udp
N/A 91.239.25.243:6892 udp
N/A 91.239.25.244:6892 udp
N/A 91.239.25.245:6892 udp
N/A 91.239.25.246:6892 udp
N/A 91.239.25.247:6892 udp
N/A 91.239.25.248:6892 udp
N/A 91.239.25.249:6892 udp
N/A 91.239.25.250:6892 udp
N/A 91.239.25.251:6892 udp
N/A 91.239.25.252:6892 udp
N/A 91.239.25.253:6892 udp
N/A 91.239.25.254:6892 udp
N/A 91.239.25.255:6892 udp
N/A 8.8.8.8:53 api.blockcypher.com udp
N/A 104.20.20.251:80 api.blockcypher.com tcp
N/A 8.8.8.8:53 btc.blockr.io udp
N/A 8.8.8.8:53 bitaps.com udp
N/A 178.128.255.179:443 bitaps.com tcp
N/A 8.8.8.8:53 www.download.windowsupdate.com udp
N/A 205.185.216.10:80 www.download.windowsupdate.com tcp
N/A 104.18.21.226:80 ocsp.globalsign.com tcp
N/A 104.18.20.226:80 ocsp2.globalsign.com tcp
N/A 8.8.8.8:53 chain.so udp
N/A 172.67.157.138:443 chain.so tcp
N/A 93.184.220.29:80 ocsp.digicert.com tcp
N/A 8.8.8.8:53 crl.verisign.com udp
N/A 72.21.91.29:80 crl.verisign.com tcp

Files

\Users\Admin\AppData\Local\Temp\nss21F4.tmp\System.dll

MD5 3e6bf00b3ac976122f982ae2aadb1c51
SHA1 caab188f7fdc84d3fdcb2922edeeb5ed576bd31d
SHA256 4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe
SHA512 1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

memory/1620-1-0x0000000000400000-0x0000000000437000-memory.dmp

memory/1620-2-0x0000000000403854-mapping.dmp

memory/1620-3-0x0000000000400000-0x0000000000437000-memory.dmp

memory/1996-4-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\_HELP_HELP_HELP_SS60AG9.hta

MD5 bec4ab0dc0a02fcd417915d398bc17ce
SHA1 53505ddf69efaf2d7f5dfa8ece5ee5e4419ff90a
SHA256 1545d776e3350346cf829578fefa90e41c0ec3e66d61620f42cdf8653fe12921
SHA512 b35fee4fef8b401a7cb3a7ebb5715a7afe1d6be26ea6a07aed290693244bc6bdfa684488014e35929061b3dbe805f0cd4cdc95a5ec550fbc53ff2bcefa88efc9

memory/1896-6-0x000007FEF6AE0000-0x000007FEF6D5A000-memory.dmp

C:\Users\Admin\Desktop\_HELP_HELP_HELP_SS60AG9.jpg

MD5 96d8ef74e46117314ab681481db27dd3
SHA1 f919810b0bfe17183ab26f53c71a11ab64c4bb1b
SHA256 686675612cec1efb1ce6ffd7875a93c9657c7122daac93409a428c2c87742bea
SHA512 9fe2bb6eadc2572ac34ba281103c76528fe1def8a4c28b50dd4ae807c7af3a67325f832aab3f25a3ff82938d55cee67dc793296a00fe156970c90afdd5394389

memory/848-16-0x0000000000000000-mapping.dmp

memory/1656-17-0x0000000000000000-mapping.dmp

memory/1460-18-0x0000000000000000-mapping.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2020-10-26 06:52

Reported

2020-10-26 06:54

Platform

win10

Max time kernel

90s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe"

Signatures

Cerber

ransomware cerber

Blacklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification \??\c:\users\admin\appdata\roaming\microsoft\word\startup\ C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp6864.bmp" C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4700 set thread context of 4192 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification \??\c:\program files (x86)\onenote C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\excel C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\microsoft sql server C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\microsoft\onenote C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\microsoft\outlook C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\steam C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\word C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files\ C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\ C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\outlook C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\the bat! C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\thunderbird C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\microsoft\office C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\microsoft\powerpoint C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\microsoft\microsoft sql server C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\microsoft\word C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\office C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\powerpoint C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\bitcoin C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
File opened for modification \??\c:\program files (x86)\microsoft\excel C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification \??\c:\windows\ C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2627584638-3284755310-3019450177-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4700 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe
PID 4700 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe
PID 4700 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe
PID 4700 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe
PID 4192 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Windows\SysWOW64\mshta.exe
PID 4192 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Windows\SysWOW64\mshta.exe
PID 4192 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Windows\SysWOW64\mshta.exe
PID 4192 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Windows\system32\cmd.exe
PID 4192 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe C:\Windows\system32\cmd.exe
PID 3356 wrote to memory of 904 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3356 wrote to memory of 904 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3356 wrote to memory of 1108 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 3356 wrote to memory of 1108 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe

"C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe"

C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe

"C:\Users\Admin\AppData\Local\Temp\ce828cffe402a57948f338dcc698d79d.exe"

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_HELP_HELP_HELP_FZ66G3.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "ce828cffe402a57948f338dcc698d79d.exe"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

Network

Country Destination Domain Proto
N/A 90.2.1.0:6892 udp
N/A 90.2.1.1:6892 udp
N/A 90.2.1.2:6892 udp
N/A 90.2.1.3:6892 udp
N/A 90.2.1.4:6892 udp
N/A 90.2.1.5:6892 udp
N/A 90.2.1.6:6892 udp
N/A 90.2.1.7:6892 udp
N/A 90.2.1.8:6892 udp
N/A 90.2.1.9:6892 udp
N/A 90.2.1.10:6892 udp
N/A 90.2.1.11:6892 udp
N/A 90.2.1.12:6892 udp
N/A 90.2.1.13:6892 udp
N/A 90.2.1.14:6892 udp
N/A 90.2.1.15:6892 udp
N/A 90.2.1.16:6892 udp
N/A 90.2.1.17:6892 udp
N/A 90.2.1.18:6892 udp
N/A 90.2.1.19:6892 udp
N/A 90.2.1.20:6892 udp
N/A 90.2.1.21:6892 udp
N/A 90.2.1.22:6892 udp
N/A 90.2.1.23:6892 udp
N/A 90.2.1.24:6892 udp
N/A 90.2.1.25:6892 udp
N/A 90.2.1.26:6892 udp
N/A 90.2.1.27:6892 udp
N/A 90.2.1.28:6892 udp
N/A 90.2.1.29:6892 udp
N/A 90.2.1.30:6892 udp
N/A 90.2.1.31:6892 udp
N/A 90.3.1.0:6892 udp
N/A 90.3.1.1:6892 udp
N/A 90.3.1.2:6892 udp
N/A 90.3.1.3:6892 udp
N/A 90.3.1.4:6892 udp
N/A 90.3.1.5:6892 udp
N/A 90.3.1.6:6892 udp
N/A 90.3.1.7:6892 udp
N/A 90.3.1.8:6892 udp
N/A 90.3.1.9:6892 udp
N/A 90.3.1.10:6892 udp
N/A 90.3.1.11:6892 udp
N/A 90.3.1.12:6892 udp
N/A 90.3.1.13:6892 udp
N/A 90.3.1.14:6892 udp
N/A 90.3.1.15:6892 udp
N/A 90.3.1.16:6892 udp
N/A 90.3.1.17:6892 udp
N/A 90.3.1.18:6892 udp
N/A 90.3.1.19:6892 udp
N/A 90.3.1.20:6892 udp
N/A 90.3.1.21:6892 udp
N/A 90.3.1.22:6892 udp
N/A 90.3.1.23:6892 udp
N/A 90.3.1.24:6892 udp
N/A 90.3.1.25:6892 udp
N/A 90.3.1.26:6892 udp
N/A 90.3.1.27:6892 udp
N/A 90.3.1.28:6892 udp
N/A 90.3.1.29:6892 udp
N/A 90.3.1.30:6892 udp
N/A 90.3.1.31:6892 udp
N/A 91.239.24.0:6892 udp
N/A 91.239.24.1:6892 udp
N/A 91.239.24.2:6892 udp
N/A 91.239.24.3:6892 udp
N/A 91.239.24.4:6892 udp
N/A 91.239.24.5:6892 udp
N/A 91.239.24.6:6892 udp
N/A 91.239.24.7:6892 udp
N/A 91.239.24.8:6892 udp
N/A 91.239.24.9:6892 udp
N/A 91.239.24.10:6892 udp
N/A 91.239.24.11:6892 udp
N/A 91.239.24.12:6892 udp
N/A 91.239.24.13:6892 udp
N/A 91.239.24.14:6892 udp
N/A 91.239.24.15:6892 udp
N/A 91.239.24.16:6892 udp
N/A 91.239.24.17:6892 udp
N/A 91.239.24.18:6892 udp
N/A 91.239.24.19:6892 udp
N/A 91.239.24.20:6892 udp
N/A 91.239.24.21:6892 udp
N/A 91.239.24.22:6892 udp
N/A 91.239.24.23:6892 udp
N/A 91.239.24.24:6892 udp
N/A 91.239.24.25:6892 udp
N/A 91.239.24.26:6892 udp
N/A 91.239.24.27:6892 udp
N/A 91.239.24.28:6892 udp
N/A 91.239.24.29:6892 udp
N/A 91.239.24.30:6892 udp
N/A 91.239.24.31:6892 udp
N/A 91.239.24.32:6892 udp
N/A 91.239.24.33:6892 udp
N/A 91.239.24.34:6892 udp
N/A 91.239.24.35:6892 udp
N/A 91.239.24.36:6892 udp
N/A 91.239.24.37:6892 udp
N/A 91.239.24.38:6892 udp
N/A 91.239.24.39:6892 udp
N/A 91.239.24.40:6892 udp
N/A 91.239.24.41:6892 udp
N/A 91.239.24.42:6892 udp
N/A 91.239.24.43:6892 udp
N/A 91.239.24.44:6892 udp
N/A 91.239.24.45:6892 udp
N/A 91.239.24.46:6892 udp
N/A 91.239.24.47:6892 udp
N/A 91.239.24.48:6892 udp
N/A 91.239.24.49:6892 udp
N/A 91.239.24.50:6892 udp
N/A 91.239.24.51:6892 udp
N/A 91.239.24.52:6892 udp
N/A 91.239.24.53:6892 udp
N/A 91.239.24.54:6892 udp
N/A 91.239.24.55:6892 udp
N/A 91.239.24.56:6892 udp
N/A 91.239.24.57:6892 udp
N/A 91.239.24.58:6892 udp
N/A 91.239.24.59:6892 udp
N/A 91.239.24.60:6892 udp
N/A 91.239.24.61:6892 udp
N/A 91.239.24.62:6892 udp
N/A 91.239.24.63:6892 udp
N/A 91.239.24.64:6892 udp
N/A 91.239.24.65:6892 udp
N/A 91.239.24.66:6892 udp
N/A 91.239.24.67:6892 udp
N/A 91.239.24.68:6892 udp
N/A 91.239.24.69:6892 udp
N/A 91.239.24.70:6892 udp
N/A 91.239.24.71:6892 udp
N/A 91.239.24.72:6892 udp
N/A 91.239.24.73:6892 udp
N/A 91.239.24.74:6892 udp
N/A 91.239.24.75:6892 udp
N/A 91.239.24.76:6892 udp
N/A 91.239.24.77:6892 udp
N/A 91.239.24.78:6892 udp
N/A 91.239.24.79:6892 udp
N/A 91.239.24.80:6892 udp
N/A 91.239.24.81:6892 udp
N/A 91.239.24.82:6892 udp
N/A 91.239.24.83:6892 udp
N/A 91.239.24.84:6892 udp
N/A 91.239.24.85:6892 udp
N/A 91.239.24.86:6892 udp
N/A 91.239.24.87:6892 udp
N/A 91.239.24.88:6892 udp
N/A 91.239.24.89:6892 udp
N/A 91.239.24.90:6892 udp
N/A 91.239.24.91:6892 udp
N/A 91.239.24.92:6892 udp
N/A 91.239.24.93:6892 udp
N/A 91.239.24.94:6892 udp
N/A 91.239.24.95:6892 udp
N/A 91.239.24.96:6892 udp
N/A 91.239.24.97:6892 udp
N/A 91.239.24.98:6892 udp
N/A 91.239.24.99:6892 udp
N/A 91.239.24.100:6892 udp
N/A 91.239.24.101:6892 udp
N/A 91.239.24.102:6892 udp
N/A 91.239.24.103:6892 udp
N/A 91.239.24.104:6892 udp
N/A 91.239.24.105:6892 udp
N/A 91.239.24.106:6892 udp
N/A 91.239.24.107:6892 udp
N/A 91.239.24.108:6892 udp
N/A 91.239.24.109:6892 udp
N/A 91.239.24.110:6892 udp
N/A 91.239.24.111:6892 udp
N/A 91.239.24.112:6892 udp
N/A 91.239.24.113:6892 udp
N/A 91.239.24.114:6892 udp
N/A 91.239.24.115:6892 udp
N/A 91.239.24.116:6892 udp
N/A 91.239.24.117:6892 udp
N/A 91.239.24.118:6892 udp
N/A 91.239.24.119:6892 udp
N/A 91.239.24.120:6892 udp
N/A 91.239.24.121:6892 udp
N/A 91.239.24.122:6892 udp
N/A 91.239.24.123:6892 udp
N/A 91.239.24.124:6892 udp
N/A 91.239.24.125:6892 udp
N/A 91.239.24.126:6892 udp
N/A 91.239.24.127:6892 udp
N/A 91.239.24.128:6892 udp
N/A 91.239.24.129:6892 udp
N/A 91.239.24.130:6892 udp
N/A 91.239.24.131:6892 udp
N/A 91.239.24.132:6892 udp
N/A 91.239.24.133:6892 udp
N/A 91.239.24.134:6892 udp
N/A 91.239.24.135:6892 udp
N/A 91.239.24.136:6892 udp
N/A 91.239.24.137:6892 udp
N/A 91.239.24.138:6892 udp
N/A 91.239.24.139:6892 udp
N/A 91.239.24.140:6892 udp
N/A 91.239.24.141:6892 udp
N/A 91.239.24.142:6892 udp
N/A 91.239.24.143:6892 udp
N/A 91.239.24.144:6892 udp
N/A 91.239.24.145:6892 udp
N/A 91.239.24.146:6892 udp
N/A 91.239.24.147:6892 udp
N/A 91.239.24.148:6892 udp
N/A 91.239.24.149:6892 udp
N/A 91.239.24.150:6892 udp
N/A 91.239.24.151:6892 udp
N/A 91.239.24.152:6892 udp
N/A 91.239.24.153:6892 udp
N/A 91.239.24.154:6892 udp
N/A 91.239.24.155:6892 udp
N/A 91.239.24.156:6892 udp
N/A 91.239.24.157:6892 udp
N/A 91.239.24.158:6892 udp
N/A 91.239.24.159:6892 udp
N/A 91.239.24.160:6892 udp
N/A 91.239.24.161:6892 udp
N/A 91.239.24.162:6892 udp
N/A 91.239.24.163:6892 udp
N/A 91.239.24.164:6892 udp
N/A 91.239.24.165:6892 udp
N/A 91.239.24.166:6892 udp
N/A 91.239.24.167:6892 udp
N/A 91.239.24.168:6892 udp
N/A 91.239.24.169:6892 udp
N/A 91.239.24.170:6892 udp
N/A 91.239.24.171:6892 udp
N/A 91.239.24.172:6892 udp
N/A 91.239.24.173:6892 udp
N/A 91.239.24.174:6892 udp
N/A 91.239.24.175:6892 udp
N/A 91.239.24.176:6892 udp
N/A 91.239.24.177:6892 udp
N/A 91.239.24.178:6892 udp
N/A 91.239.24.179:6892 udp
N/A 91.239.24.180:6892 udp
N/A 91.239.24.181:6892 udp
N/A 91.239.24.182:6892 udp
N/A 91.239.24.183:6892 udp
N/A 91.239.24.184:6892 udp
N/A 91.239.24.185:6892 udp
N/A 91.239.24.186:6892 udp
N/A 91.239.24.187:6892 udp
N/A 91.239.24.188:6892 udp
N/A 91.239.24.189:6892 udp
N/A 91.239.24.190:6892 udp
N/A 91.239.24.191:6892 udp
N/A 91.239.24.192:6892 udp
N/A 91.239.24.193:6892 udp
N/A 91.239.24.194:6892 udp
N/A 91.239.24.195:6892 udp
N/A 91.239.24.196:6892 udp
N/A 91.239.24.197:6892 udp
N/A 91.239.24.198:6892 udp
N/A 91.239.24.199:6892 udp
N/A 91.239.24.200:6892 udp
N/A 91.239.24.201:6892 udp
N/A 91.239.24.202:6892 udp
N/A 91.239.24.203:6892 udp
N/A 91.239.24.204:6892 udp
N/A 91.239.24.205:6892 udp
N/A 91.239.24.206:6892 udp
N/A 91.239.24.207:6892 udp
N/A 91.239.24.208:6892 udp
N/A 91.239.24.209:6892 udp
N/A 91.239.24.210:6892 udp
N/A 91.239.24.211:6892 udp
N/A 91.239.24.212:6892 udp
N/A 91.239.24.213:6892 udp
N/A 91.239.24.214:6892 udp
N/A 91.239.24.215:6892 udp
N/A 91.239.24.216:6892 udp
N/A 91.239.24.217:6892 udp
N/A 91.239.24.218:6892 udp
N/A 91.239.24.219:6892 udp
N/A 91.239.24.220:6892 udp
N/A 91.239.24.221:6892 udp
N/A 91.239.24.222:6892 udp
N/A 91.239.24.223:6892 udp
N/A 91.239.24.224:6892 udp
N/A 91.239.24.225:6892 udp
N/A 91.239.24.226:6892 udp
N/A 91.239.24.227:6892 udp
N/A 91.239.24.228:6892 udp
N/A 91.239.24.229:6892 udp
N/A 91.239.24.230:6892 udp
N/A 91.239.24.231:6892 udp
N/A 91.239.24.232:6892 udp
N/A 91.239.24.233:6892 udp
N/A 91.239.24.234:6892 udp
N/A 91.239.24.235:6892 udp
N/A 91.239.24.236:6892 udp
N/A 91.239.24.237:6892 udp
N/A 91.239.24.238:6892 udp
N/A 91.239.24.239:6892 udp
N/A 91.239.24.240:6892 udp
N/A 91.239.24.241:6892 udp
N/A 91.239.24.242:6892 udp
N/A 91.239.24.243:6892 udp
N/A 91.239.24.244:6892 udp
N/A 91.239.24.245:6892 udp
N/A 91.239.24.246:6892 udp
N/A 91.239.24.247:6892 udp
N/A 91.239.24.248:6892 udp
N/A 91.239.24.249:6892 udp
N/A 91.239.24.250:6892 udp
N/A 91.239.24.251:6892 udp
N/A 91.239.24.252:6892 udp
N/A 91.239.24.253:6892 udp
N/A 91.239.24.254:6892 udp
N/A 91.239.24.255:6892 udp
N/A 91.239.25.0:6892 udp
N/A 91.239.25.1:6892 udp
N/A 91.239.25.2:6892 udp
N/A 91.239.25.3:6892 udp
N/A 91.239.25.4:6892 udp
N/A 91.239.25.5:6892 udp
N/A 91.239.25.6:6892 udp
N/A 91.239.25.7:6892 udp
N/A 91.239.25.8:6892 udp
N/A 91.239.25.9:6892 udp
N/A 91.239.25.10:6892 udp
N/A 91.239.25.11:6892 udp
N/A 91.239.25.12:6892 udp
N/A 91.239.25.13:6892 udp
N/A 91.239.25.14:6892 udp
N/A 91.239.25.15:6892 udp
N/A 91.239.25.16:6892 udp
N/A 91.239.25.17:6892 udp
N/A 91.239.25.18:6892 udp
N/A 91.239.25.19:6892 udp
N/A 91.239.25.20:6892 udp
N/A 91.239.25.21:6892 udp
N/A 91.239.25.22:6892 udp
N/A 91.239.25.23:6892 udp
N/A 91.239.25.24:6892 udp
N/A 91.239.25.25:6892 udp
N/A 91.239.25.26:6892 udp
N/A 91.239.25.27:6892 udp
N/A 91.239.25.28:6892 udp
N/A 91.239.25.29:6892 udp
N/A 91.239.25.30:6892 udp
N/A 91.239.25.31:6892 udp
N/A 91.239.25.32:6892 udp
N/A 91.239.25.33:6892 udp
N/A 91.239.25.34:6892 udp
N/A 91.239.25.35:6892 udp
N/A 91.239.25.36:6892 udp
N/A 91.239.25.37:6892 udp
N/A 91.239.25.38:6892 udp
N/A 91.239.25.39:6892 udp
N/A 91.239.25.40:6892 udp
N/A 91.239.25.41:6892 udp
N/A 91.239.25.42:6892 udp
N/A 91.239.25.43:6892 udp
N/A 91.239.25.44:6892 udp
N/A 91.239.25.45:6892 udp
N/A 91.239.25.46:6892 udp
N/A 91.239.25.47:6892 udp
N/A 91.239.25.48:6892 udp
N/A 91.239.25.49:6892 udp
N/A 91.239.25.50:6892 udp
N/A 91.239.25.51:6892 udp
N/A 91.239.25.52:6892 udp
N/A 91.239.25.53:6892 udp
N/A 91.239.25.54:6892 udp
N/A 91.239.25.55:6892 udp
N/A 91.239.25.56:6892 udp
N/A 91.239.25.57:6892 udp
N/A 91.239.25.58:6892 udp
N/A 91.239.25.59:6892 udp
N/A 91.239.25.60:6892 udp
N/A 91.239.25.61:6892 udp
N/A 91.239.25.62:6892 udp
N/A 91.239.25.63:6892 udp
N/A 91.239.25.64:6892 udp
N/A 91.239.25.65:6892 udp
N/A 91.239.25.66:6892 udp
N/A 91.239.25.67:6892 udp
N/A 91.239.25.68:6892 udp
N/A 91.239.25.69:6892 udp
N/A 91.239.25.70:6892 udp
N/A 91.239.25.71:6892 udp
N/A 91.239.25.72:6892 udp
N/A 91.239.25.73:6892 udp
N/A 91.239.25.74:6892 udp
N/A 91.239.25.75:6892 udp
N/A 91.239.25.76:6892 udp
N/A 91.239.25.77:6892 udp
N/A 91.239.25.78:6892 udp
N/A 91.239.25.79:6892 udp
N/A 91.239.25.80:6892 udp
N/A 91.239.25.81:6892 udp
N/A 91.239.25.82:6892 udp
N/A 91.239.25.83:6892 udp
N/A 91.239.25.84:6892 udp
N/A 91.239.25.85:6892 udp
N/A 91.239.25.86:6892 udp
N/A 91.239.25.87:6892 udp
N/A 91.239.25.88:6892 udp
N/A 91.239.25.89:6892 udp
N/A 91.239.25.90:6892 udp
N/A 91.239.25.91:6892 udp
N/A 91.239.25.92:6892 udp
N/A 91.239.25.93:6892 udp
N/A 91.239.25.94:6892 udp
N/A 91.239.25.95:6892 udp
N/A 91.239.25.96:6892 udp
N/A 91.239.25.97:6892 udp
N/A 91.239.25.98:6892 udp
N/A 91.239.25.99:6892 udp
N/A 91.239.25.100:6892 udp
N/A 91.239.25.101:6892 udp
N/A 91.239.25.102:6892 udp
N/A 91.239.25.103:6892 udp
N/A 91.239.25.104:6892 udp
N/A 91.239.25.105:6892 udp
N/A 91.239.25.106:6892 udp
N/A 91.239.25.107:6892 udp
N/A 91.239.25.108:6892 udp
N/A 91.239.25.109:6892 udp
N/A 91.239.25.110:6892 udp
N/A 91.239.25.111:6892 udp
N/A 91.239.25.112:6892 udp
N/A 91.239.25.113:6892 udp
N/A 91.239.25.114:6892 udp
N/A 91.239.25.115:6892 udp
N/A 91.239.25.116:6892 udp
N/A 91.239.25.117:6892 udp
N/A 91.239.25.118:6892 udp
N/A 91.239.25.119:6892 udp
N/A 91.239.25.120:6892 udp
N/A 91.239.25.121:6892 udp
N/A 91.239.25.122:6892 udp
N/A 91.239.25.123:6892 udp
N/A 91.239.25.124:6892 udp
N/A 91.239.25.125:6892 udp
N/A 91.239.25.126:6892 udp
N/A 91.239.25.127:6892 udp
N/A 91.239.25.128:6892 udp
N/A 91.239.25.129:6892 udp
N/A 91.239.25.130:6892 udp
N/A 91.239.25.131:6892 udp
N/A 91.239.25.132:6892 udp
N/A 91.239.25.133:6892 udp
N/A 91.239.25.134:6892 udp
N/A 91.239.25.135:6892 udp
N/A 91.239.25.136:6892 udp
N/A 91.239.25.137:6892 udp
N/A 91.239.25.138:6892 udp
N/A 91.239.25.139:6892 udp
N/A 91.239.25.140:6892 udp
N/A 91.239.25.141:6892 udp
N/A 91.239.25.142:6892 udp
N/A 91.239.25.143:6892 udp
N/A 91.239.25.144:6892 udp
N/A 91.239.25.145:6892 udp
N/A 91.239.25.146:6892 udp
N/A 91.239.25.147:6892 udp
N/A 91.239.25.148:6892 udp
N/A 91.239.25.149:6892 udp
N/A 91.239.25.150:6892 udp
N/A 91.239.25.151:6892 udp
N/A 91.239.25.152:6892 udp
N/A 91.239.25.153:6892 udp
N/A 91.239.25.154:6892 udp
N/A 91.239.25.155:6892 udp
N/A 91.239.25.156:6892 udp
N/A 91.239.25.157:6892 udp
N/A 91.239.25.158:6892 udp
N/A 91.239.25.159:6892 udp
N/A 91.239.25.160:6892 udp
N/A 91.239.25.161:6892 udp
N/A 91.239.25.162:6892 udp
N/A 91.239.25.163:6892 udp
N/A 91.239.25.164:6892 udp
N/A 91.239.25.165:6892 udp
N/A 91.239.25.166:6892 udp
N/A 91.239.25.167:6892 udp
N/A 91.239.25.168:6892 udp
N/A 91.239.25.169:6892 udp
N/A 91.239.25.170:6892 udp
N/A 91.239.25.171:6892 udp
N/A 91.239.25.172:6892 udp
N/A 91.239.25.173:6892 udp
N/A 91.239.25.174:6892 udp
N/A 91.239.25.175:6892 udp
N/A 91.239.25.176:6892 udp
N/A 91.239.25.177:6892 udp
N/A 91.239.25.178:6892 udp
N/A 91.239.25.179:6892 udp
N/A 91.239.25.180:6892 udp
N/A 91.239.25.181:6892 udp
N/A 91.239.25.182:6892 udp
N/A 91.239.25.183:6892 udp
N/A 91.239.25.184:6892 udp
N/A 91.239.25.185:6892 udp
N/A 91.239.25.186:6892 udp
N/A 91.239.25.187:6892 udp
N/A 91.239.25.188:6892 udp
N/A 91.239.25.189:6892 udp
N/A 91.239.25.190:6892 udp
N/A 91.239.25.191:6892 udp
N/A 91.239.25.192:6892 udp
N/A 91.239.25.193:6892 udp
N/A 91.239.25.194:6892 udp
N/A 91.239.25.195:6892 udp
N/A 91.239.25.196:6892 udp
N/A 91.239.25.197:6892 udp
N/A 91.239.25.198:6892 udp
N/A 91.239.25.199:6892 udp
N/A 91.239.25.200:6892 udp
N/A 91.239.25.201:6892 udp
N/A 91.239.25.202:6892 udp
N/A 91.239.25.203:6892 udp
N/A 91.239.25.204:6892 udp
N/A 91.239.25.205:6892 udp
N/A 91.239.25.206:6892 udp
N/A 91.239.25.207:6892 udp
N/A 91.239.25.208:6892 udp
N/A 91.239.25.209:6892 udp
N/A 91.239.25.210:6892 udp
N/A 91.239.25.211:6892 udp
N/A 91.239.25.212:6892 udp
N/A 91.239.25.213:6892 udp
N/A 91.239.25.214:6892 udp
N/A 91.239.25.215:6892 udp
N/A 91.239.25.216:6892 udp
N/A 91.239.25.217:6892 udp
N/A 91.239.25.218:6892 udp
N/A 91.239.25.219:6892 udp
N/A 91.239.25.220:6892 udp
N/A 91.239.25.221:6892 udp
N/A 91.239.25.222:6892 udp
N/A 91.239.25.223:6892 udp
N/A 91.239.25.224:6892 udp
N/A 91.239.25.225:6892 udp
N/A 91.239.25.226:6892 udp
N/A 91.239.25.227:6892 udp
N/A 91.239.25.228:6892 udp
N/A 91.239.25.229:6892 udp
N/A 91.239.25.230:6892 udp
N/A 91.239.25.231:6892 udp
N/A 91.239.25.232:6892 udp
N/A 91.239.25.233:6892 udp
N/A 91.239.25.234:6892 udp
N/A 91.239.25.235:6892 udp
N/A 91.239.25.236:6892 udp
N/A 91.239.25.237:6892 udp
N/A 91.239.25.238:6892 udp
N/A 91.239.25.239:6892 udp
N/A 91.239.25.240:6892 udp
N/A 91.239.25.241:6892 udp
N/A 91.239.25.242:6892 udp
N/A 91.239.25.243:6892 udp
N/A 91.239.25.244:6892 udp
N/A 91.239.25.245:6892 udp
N/A 91.239.25.246:6892 udp
N/A 91.239.25.247:6892 udp
N/A 91.239.25.248:6892 udp
N/A 91.239.25.249:6892 udp
N/A 91.239.25.250:6892 udp
N/A 91.239.25.251:6892 udp
N/A 91.239.25.252:6892 udp
N/A 91.239.25.253:6892 udp
N/A 91.239.25.254:6892 udp
N/A 91.239.25.255:6892 udp
N/A 90.2.1.0:6892 udp
N/A 90.2.1.1:6892 udp
N/A 90.2.1.2:6892 udp
N/A 90.2.1.3:6892 udp
N/A 90.2.1.4:6892 udp
N/A 90.2.1.5:6892 udp
N/A 90.2.1.6:6892 udp
N/A 90.2.1.7:6892 udp
N/A 90.2.1.8:6892 udp
N/A 90.2.1.9:6892 udp
N/A 90.2.1.10:6892 udp
N/A 90.2.1.11:6892 udp
N/A 90.2.1.12:6892 udp
N/A 90.2.1.13:6892 udp
N/A 90.2.1.14:6892 udp
N/A 90.2.1.15:6892 udp
N/A 90.2.1.16:6892 udp
N/A 90.2.1.17:6892 udp
N/A 90.2.1.18:6892 udp
N/A 90.2.1.19:6892 udp
N/A 90.2.1.20:6892 udp
N/A 90.2.1.21:6892 udp
N/A 90.2.1.22:6892 udp
N/A 90.2.1.23:6892 udp
N/A 90.2.1.24:6892 udp
N/A 90.2.1.25:6892 udp
N/A 90.2.1.26:6892 udp
N/A 90.2.1.27:6892 udp
N/A 90.2.1.28:6892 udp
N/A 90.2.1.29:6892 udp
N/A 90.2.1.30:6892 udp
N/A 90.2.1.31:6892 udp
N/A 90.3.1.0:6892 udp
N/A 90.3.1.1:6892 udp
N/A 90.3.1.2:6892 udp
N/A 90.3.1.3:6892 udp
N/A 90.3.1.4:6892 udp
N/A 90.3.1.5:6892 udp
N/A 90.3.1.6:6892 udp
N/A 90.3.1.7:6892 udp
N/A 90.3.1.8:6892 udp
N/A 90.3.1.9:6892 udp
N/A 90.3.1.10:6892 udp
N/A 90.3.1.11:6892 udp
N/A 90.3.1.12:6892 udp
N/A 90.3.1.13:6892 udp
N/A 90.3.1.14:6892 udp
N/A 90.3.1.15:6892 udp
N/A 90.3.1.16:6892 udp
N/A 90.3.1.17:6892 udp
N/A 90.3.1.18:6892 udp
N/A 90.3.1.19:6892 udp
N/A 90.3.1.20:6892 udp
N/A 90.3.1.21:6892 udp
N/A 90.3.1.22:6892 udp
N/A 90.3.1.23:6892 udp
N/A 90.3.1.24:6892 udp
N/A 90.3.1.25:6892 udp
N/A 90.3.1.26:6892 udp
N/A 90.3.1.27:6892 udp
N/A 90.3.1.28:6892 udp
N/A 90.3.1.29:6892 udp
N/A 90.3.1.30:6892 udp
N/A 90.3.1.31:6892 udp
N/A 91.239.24.0:6892 udp
N/A 91.239.24.1:6892 udp
N/A 91.239.24.2:6892 udp
N/A 91.239.24.3:6892 udp
N/A 91.239.24.4:6892 udp
N/A 91.239.24.5:6892 udp
N/A 91.239.24.6:6892 udp
N/A 91.239.24.7:6892 udp
N/A 91.239.24.8:6892 udp
N/A 91.239.24.9:6892 udp
N/A 91.239.24.10:6892 udp
N/A 91.239.24.11:6892 udp
N/A 91.239.24.12:6892 udp
N/A 91.239.24.13:6892 udp
N/A 91.239.24.14:6892 udp
N/A 91.239.24.15:6892 udp
N/A 91.239.24.16:6892 udp
N/A 91.239.24.17:6892 udp
N/A 91.239.24.18:6892 udp
N/A 91.239.24.19:6892 udp
N/A 91.239.24.20:6892 udp
N/A 91.239.24.21:6892 udp
N/A 91.239.24.22:6892 udp
N/A 91.239.24.23:6892 udp
N/A 91.239.24.24:6892 udp
N/A 91.239.24.25:6892 udp
N/A 91.239.24.26:6892 udp
N/A 91.239.24.27:6892 udp
N/A 91.239.24.28:6892 udp
N/A 91.239.24.29:6892 udp
N/A 91.239.24.30:6892 udp
N/A 91.239.24.31:6892 udp
N/A 91.239.24.32:6892 udp
N/A 91.239.24.33:6892 udp
N/A 91.239.24.34:6892 udp
N/A 91.239.24.35:6892 udp
N/A 91.239.24.36:6892 udp
N/A 91.239.24.37:6892 udp
N/A 91.239.24.38:6892 udp
N/A 91.239.24.39:6892 udp
N/A 91.239.24.40:6892 udp
N/A 91.239.24.41:6892 udp
N/A 91.239.24.42:6892 udp
N/A 91.239.24.43:6892 udp
N/A 91.239.24.44:6892 udp
N/A 91.239.24.45:6892 udp
N/A 91.239.24.46:6892 udp
N/A 91.239.24.47:6892 udp
N/A 91.239.24.48:6892 udp
N/A 91.239.24.49:6892 udp
N/A 91.239.24.50:6892 udp
N/A 91.239.24.51:6892 udp
N/A 91.239.24.52:6892 udp
N/A 91.239.24.53:6892 udp
N/A 91.239.24.54:6892 udp
N/A 91.239.24.55:6892 udp
N/A 91.239.24.56:6892 udp
N/A 91.239.24.57:6892 udp
N/A 91.239.24.58:6892 udp
N/A 91.239.24.59:6892 udp
N/A 91.239.24.60:6892 udp
N/A 91.239.24.61:6892 udp
N/A 91.239.24.62:6892 udp
N/A 91.239.24.63:6892 udp
N/A 91.239.24.64:6892 udp
N/A 91.239.24.65:6892 udp
N/A 91.239.24.66:6892 udp
N/A 91.239.24.67:6892 udp
N/A 91.239.24.68:6892 udp
N/A 91.239.24.69:6892 udp
N/A 91.239.24.70:6892 udp
N/A 91.239.24.71:6892 udp
N/A 91.239.24.72:6892 udp
N/A 91.239.24.73:6892 udp
N/A 91.239.24.74:6892 udp
N/A 91.239.24.75:6892 udp
N/A 91.239.24.76:6892 udp
N/A 91.239.24.77:6892 udp
N/A 91.239.24.78:6892 udp
N/A 91.239.24.79:6892 udp
N/A 91.239.24.80:6892 udp
N/A 91.239.24.81:6892 udp
N/A 91.239.24.82:6892 udp
N/A 91.239.24.83:6892 udp
N/A 91.239.24.84:6892 udp
N/A 91.239.24.85:6892 udp
N/A 91.239.24.86:6892 udp
N/A 91.239.24.87:6892 udp
N/A 91.239.24.88:6892 udp
N/A 91.239.24.89:6892 udp
N/A 91.239.24.90:6892 udp
N/A 91.239.24.91:6892 udp
N/A 91.239.24.92:6892 udp
N/A 91.239.24.93:6892 udp
N/A 91.239.24.94:6892 udp
N/A 91.239.24.95:6892 udp
N/A 91.239.24.96:6892 udp
N/A 91.239.24.97:6892 udp
N/A 91.239.24.98:6892 udp
N/A 91.239.24.99:6892 udp
N/A 91.239.24.100:6892 udp
N/A 91.239.24.101:6892 udp
N/A 91.239.24.102:6892 udp
N/A 91.239.24.103:6892 udp
N/A 91.239.24.104:6892 udp
N/A 91.239.24.105:6892 udp
N/A 91.239.24.106:6892 udp
N/A 91.239.24.107:6892 udp
N/A 91.239.24.108:6892 udp
N/A 91.239.24.109:6892 udp
N/A 91.239.24.110:6892 udp
N/A 91.239.24.111:6892 udp
N/A 91.239.24.112:6892 udp
N/A 91.239.24.113:6892 udp
N/A 91.239.24.114:6892 udp
N/A 91.239.24.115:6892 udp
N/A 91.239.24.116:6892 udp
N/A 91.239.24.117:6892 udp
N/A 91.239.24.118:6892 udp
N/A 91.239.24.119:6892 udp
N/A 91.239.24.120:6892 udp
N/A 91.239.24.121:6892 udp
N/A 91.239.24.122:6892 udp
N/A 91.239.24.123:6892 udp
N/A 91.239.24.124:6892 udp
N/A 91.239.24.125:6892 udp
N/A 91.239.24.126:6892 udp
N/A 91.239.24.127:6892 udp
N/A 91.239.24.128:6892 udp
N/A 91.239.24.129:6892 udp
N/A 91.239.24.130:6892 udp
N/A 91.239.24.131:6892 udp
N/A 91.239.24.132:6892 udp
N/A 91.239.24.133:6892 udp
N/A 91.239.24.134:6892 udp
N/A 91.239.24.135:6892 udp
N/A 91.239.24.136:6892 udp
N/A 91.239.24.137:6892 udp
N/A 91.239.24.138:6892 udp
N/A 91.239.24.139:6892 udp
N/A 91.239.24.140:6892 udp
N/A 91.239.24.141:6892 udp
N/A 91.239.24.142:6892 udp
N/A 91.239.24.143:6892 udp
N/A 91.239.24.144:6892 udp
N/A 91.239.24.145:6892 udp
N/A 91.239.24.146:6892 udp
N/A 91.239.24.147:6892 udp
N/A 91.239.24.148:6892 udp
N/A 91.239.24.149:6892 udp
N/A 91.239.24.150:6892 udp
N/A 91.239.24.151:6892 udp
N/A 91.239.24.152:6892 udp
N/A 91.239.24.153:6892 udp
N/A 91.239.24.154:6892 udp
N/A 91.239.24.155:6892 udp
N/A 91.239.24.156:6892 udp
N/A 91.239.24.157:6892 udp
N/A 91.239.24.158:6892 udp
N/A 91.239.24.159:6892 udp
N/A 91.239.24.160:6892 udp
N/A 91.239.24.161:6892 udp
N/A 91.239.24.162:6892 udp
N/A 91.239.24.163:6892 udp
N/A 91.239.24.164:6892 udp
N/A 91.239.24.165:6892 udp
N/A 91.239.24.166:6892 udp
N/A 91.239.24.167:6892 udp
N/A 91.239.24.168:6892 udp
N/A 91.239.24.169:6892 udp
N/A 91.239.24.170:6892 udp
N/A 91.239.24.171:6892 udp
N/A 91.239.24.172:6892 udp
N/A 91.239.24.173:6892 udp
N/A 91.239.24.174:6892 udp
N/A 91.239.24.175:6892 udp
N/A 91.239.24.176:6892 udp
N/A 91.239.24.177:6892 udp
N/A 91.239.24.178:6892 udp
N/A 91.239.24.179:6892 udp
N/A 91.239.24.180:6892 udp
N/A 91.239.24.181:6892 udp
N/A 91.239.24.182:6892 udp
N/A 91.239.24.183:6892 udp
N/A 91.239.24.184:6892 udp
N/A 91.239.24.185:6892 udp
N/A 91.239.24.186:6892 udp
N/A 91.239.24.187:6892 udp
N/A 91.239.24.188:6892 udp
N/A 91.239.24.189:6892 udp
N/A 91.239.24.190:6892 udp
N/A 91.239.24.191:6892 udp
N/A 91.239.24.192:6892 udp
N/A 91.239.24.193:6892 udp
N/A 91.239.24.194:6892 udp
N/A 91.239.24.195:6892 udp
N/A 91.239.24.196:6892 udp
N/A 91.239.24.197:6892 udp
N/A 91.239.24.198:6892 udp
N/A 91.239.24.199:6892 udp
N/A 91.239.24.200:6892 udp
N/A 91.239.24.201:6892 udp
N/A 91.239.24.202:6892 udp
N/A 91.239.24.203:6892 udp
N/A 91.239.24.204:6892 udp
N/A 91.239.24.205:6892 udp
N/A 91.239.24.206:6892 udp
N/A 91.239.24.207:6892 udp
N/A 91.239.24.208:6892 udp
N/A 91.239.24.209:6892 udp
N/A 91.239.24.210:6892 udp
N/A 91.239.24.211:6892 udp
N/A 91.239.24.212:6892 udp
N/A 91.239.24.213:6892 udp
N/A 91.239.24.214:6892 udp
N/A 91.239.24.215:6892 udp
N/A 91.239.24.216:6892 udp
N/A 91.239.24.217:6892 udp
N/A 91.239.24.218:6892 udp
N/A 91.239.24.219:6892 udp
N/A 91.239.24.220:6892 udp
N/A 91.239.24.221:6892 udp
N/A 91.239.24.222:6892 udp
N/A 91.239.24.223:6892 udp
N/A 91.239.24.224:6892 udp
N/A 91.239.24.225:6892 udp
N/A 91.239.24.226:6892 udp
N/A 91.239.24.227:6892 udp
N/A 91.239.24.228:6892 udp
N/A 91.239.24.229:6892 udp
N/A 91.239.24.230:6892 udp
N/A 91.239.24.231:6892 udp
N/A 91.239.24.232:6892 udp
N/A 91.239.24.233:6892 udp
N/A 91.239.24.234:6892 udp
N/A 91.239.24.235:6892 udp
N/A 91.239.24.236:6892 udp
N/A 91.239.24.237:6892 udp
N/A 91.239.24.238:6892 udp
N/A 91.239.24.239:6892 udp
N/A 91.239.24.240:6892 udp
N/A 91.239.24.241:6892 udp
N/A 91.239.24.242:6892 udp
N/A 91.239.24.243:6892 udp
N/A 91.239.24.244:6892 udp
N/A 91.239.24.245:6892 udp
N/A 91.239.24.246:6892 udp
N/A 91.239.24.247:6892 udp
N/A 91.239.24.248:6892 udp
N/A 91.239.24.249:6892 udp
N/A 91.239.24.250:6892 udp
N/A 91.239.24.251:6892 udp
N/A 91.239.24.252:6892 udp
N/A 91.239.24.253:6892 udp
N/A 91.239.24.254:6892 udp
N/A 91.239.24.255:6892 udp
N/A 91.239.25.0:6892 udp
N/A 91.239.25.1:6892 udp
N/A 91.239.25.2:6892 udp
N/A 91.239.25.3:6892 udp
N/A 91.239.25.4:6892 udp
N/A 91.239.25.5:6892 udp
N/A 91.239.25.6:6892 udp
N/A 91.239.25.7:6892 udp
N/A 91.239.25.8:6892 udp
N/A 91.239.25.9:6892 udp
N/A 91.239.25.10:6892 udp
N/A 91.239.25.11:6892 udp
N/A 91.239.25.12:6892 udp
N/A 91.239.25.13:6892 udp
N/A 91.239.25.14:6892 udp
N/A 91.239.25.15:6892 udp
N/A 91.239.25.16:6892 udp
N/A 91.239.25.17:6892 udp
N/A 91.239.25.18:6892 udp
N/A 91.239.25.19:6892 udp
N/A 91.239.25.20:6892 udp
N/A 91.239.25.21:6892 udp
N/A 91.239.25.22:6892 udp
N/A 91.239.25.23:6892 udp
N/A 91.239.25.24:6892 udp
N/A 91.239.25.25:6892 udp
N/A 91.239.25.26:6892 udp
N/A 91.239.25.27:6892 udp
N/A 91.239.25.28:6892 udp
N/A 91.239.25.29:6892 udp
N/A 91.239.25.30:6892 udp
N/A 91.239.25.31:6892 udp
N/A 91.239.25.32:6892 udp
N/A 91.239.25.33:6892 udp
N/A 91.239.25.34:6892 udp
N/A 91.239.25.35:6892 udp
N/A 91.239.25.36:6892 udp
N/A 91.239.25.37:6892 udp
N/A 91.239.25.38:6892 udp
N/A 91.239.25.39:6892 udp
N/A 91.239.25.40:6892 udp
N/A 91.239.25.41:6892 udp
N/A 91.239.25.42:6892 udp
N/A 91.239.25.43:6892 udp
N/A 91.239.25.44:6892 udp
N/A 91.239.25.45:6892 udp
N/A 91.239.25.46:6892 udp
N/A 91.239.25.47:6892 udp
N/A 91.239.25.48:6892 udp
N/A 91.239.25.49:6892 udp
N/A 91.239.25.50:6892 udp
N/A 91.239.25.51:6892 udp
N/A 91.239.25.52:6892 udp
N/A 91.239.25.53:6892 udp
N/A 91.239.25.54:6892 udp
N/A 91.239.25.55:6892 udp
N/A 91.239.25.56:6892 udp
N/A 91.239.25.57:6892 udp
N/A 91.239.25.58:6892 udp
N/A 91.239.25.59:6892 udp
N/A 91.239.25.60:6892 udp
N/A 91.239.25.61:6892 udp
N/A 91.239.25.62:6892 udp
N/A 91.239.25.63:6892 udp
N/A 91.239.25.64:6892 udp
N/A 91.239.25.65:6892 udp
N/A 91.239.25.66:6892 udp
N/A 91.239.25.67:6892 udp
N/A 91.239.25.68:6892 udp
N/A 91.239.25.69:6892 udp
N/A 91.239.25.70:6892 udp
N/A 91.239.25.71:6892 udp
N/A 91.239.25.72:6892 udp
N/A 91.239.25.73:6892 udp
N/A 91.239.25.74:6892 udp
N/A 91.239.25.75:6892 udp
N/A 91.239.25.76:6892 udp
N/A 91.239.25.77:6892 udp
N/A 91.239.25.78:6892 udp
N/A 91.239.25.79:6892 udp
N/A 91.239.25.80:6892 udp
N/A 91.239.25.81:6892 udp
N/A 91.239.25.82:6892 udp
N/A 91.239.25.83:6892 udp
N/A 91.239.25.84:6892 udp
N/A 91.239.25.85:6892 udp
N/A 91.239.25.86:6892 udp
N/A 91.239.25.87:6892 udp
N/A 91.239.25.88:6892 udp
N/A 91.239.25.89:6892 udp
N/A 91.239.25.90:6892 udp
N/A 91.239.25.91:6892 udp
N/A 91.239.25.92:6892 udp
N/A 91.239.25.93:6892 udp
N/A 91.239.25.94:6892 udp
N/A 91.239.25.95:6892 udp
N/A 91.239.25.96:6892 udp
N/A 91.239.25.97:6892 udp
N/A 91.239.25.98:6892 udp
N/A 91.239.25.99:6892 udp
N/A 91.239.25.100:6892 udp
N/A 91.239.25.101:6892 udp
N/A 91.239.25.102:6892 udp
N/A 91.239.25.103:6892 udp
N/A 91.239.25.104:6892 udp
N/A 91.239.25.105:6892 udp
N/A 91.239.25.106:6892 udp
N/A 91.239.25.107:6892 udp
N/A 91.239.25.108:6892 udp
N/A 91.239.25.109:6892 udp
N/A 91.239.25.110:6892 udp
N/A 91.239.25.111:6892 udp
N/A 91.239.25.112:6892 udp
N/A 91.239.25.113:6892 udp
N/A 91.239.25.114:6892 udp
N/A 91.239.25.115:6892 udp
N/A 91.239.25.116:6892 udp
N/A 91.239.25.117:6892 udp
N/A 91.239.25.118:6892 udp
N/A 91.239.25.119:6892 udp
N/A 91.239.25.120:6892 udp
N/A 91.239.25.121:6892 udp
N/A 91.239.25.122:6892 udp
N/A 91.239.25.123:6892 udp
N/A 91.239.25.124:6892 udp
N/A 91.239.25.125:6892 udp
N/A 91.239.25.126:6892 udp
N/A 91.239.25.127:6892 udp
N/A 91.239.25.128:6892 udp
N/A 91.239.25.129:6892 udp
N/A 91.239.25.130:6892 udp
N/A 91.239.25.131:6892 udp
N/A 91.239.25.132:6892 udp
N/A 91.239.25.133:6892 udp
N/A 91.239.25.134:6892 udp
N/A 91.239.25.135:6892 udp
N/A 91.239.25.136:6892 udp
N/A 91.239.25.137:6892 udp
N/A 91.239.25.138:6892 udp
N/A 91.239.25.139:6892 udp
N/A 91.239.25.140:6892 udp
N/A 91.239.25.141:6892 udp
N/A 91.239.25.142:6892 udp
N/A 91.239.25.143:6892 udp
N/A 91.239.25.144:6892 udp
N/A 91.239.25.145:6892 udp
N/A 91.239.25.146:6892 udp
N/A 91.239.25.147:6892 udp
N/A 91.239.25.148:6892 udp
N/A 91.239.25.149:6892 udp
N/A 91.239.25.150:6892 udp
N/A 91.239.25.151:6892 udp
N/A 91.239.25.152:6892 udp
N/A 91.239.25.153:6892 udp
N/A 91.239.25.154:6892 udp
N/A 91.239.25.155:6892 udp
N/A 91.239.25.156:6892 udp
N/A 91.239.25.157:6892 udp
N/A 91.239.25.158:6892 udp
N/A 91.239.25.159:6892 udp
N/A 91.239.25.160:6892 udp
N/A 91.239.25.161:6892 udp
N/A 91.239.25.162:6892 udp
N/A 91.239.25.163:6892 udp
N/A 91.239.25.164:6892 udp
N/A 91.239.25.165:6892 udp
N/A 91.239.25.166:6892 udp
N/A 91.239.25.167:6892 udp
N/A 91.239.25.168:6892 udp
N/A 91.239.25.169:6892 udp
N/A 91.239.25.170:6892 udp
N/A 91.239.25.171:6892 udp
N/A 91.239.25.172:6892 udp
N/A 91.239.25.173:6892 udp
N/A 91.239.25.174:6892 udp
N/A 91.239.25.175:6892 udp
N/A 91.239.25.176:6892 udp
N/A 91.239.25.177:6892 udp
N/A 91.239.25.178:6892 udp
N/A 91.239.25.179:6892 udp
N/A 91.239.25.180:6892 udp
N/A 91.239.25.181:6892 udp
N/A 91.239.25.182:6892 udp
N/A 91.239.25.183:6892 udp
N/A 91.239.25.184:6892 udp
N/A 91.239.25.185:6892 udp
N/A 91.239.25.186:6892 udp
N/A 91.239.25.187:6892 udp
N/A 91.239.25.188:6892 udp
N/A 91.239.25.189:6892 udp
N/A 91.239.25.190:6892 udp
N/A 91.239.25.191:6892 udp
N/A 91.239.25.192:6892 udp
N/A 91.239.25.193:6892 udp
N/A 91.239.25.194:6892 udp
N/A 91.239.25.195:6892 udp
N/A 91.239.25.196:6892 udp
N/A 91.239.25.197:6892 udp
N/A 91.239.25.198:6892 udp
N/A 91.239.25.199:6892 udp
N/A 91.239.25.200:6892 udp
N/A 91.239.25.201:6892 udp
N/A 91.239.25.202:6892 udp
N/A 91.239.25.203:6892 udp
N/A 91.239.25.204:6892 udp
N/A 91.239.25.205:6892 udp
N/A 91.239.25.206:6892 udp
N/A 91.239.25.207:6892 udp
N/A 91.239.25.208:6892 udp
N/A 91.239.25.209:6892 udp
N/A 91.239.25.210:6892 udp
N/A 91.239.25.211:6892 udp
N/A 91.239.25.212:6892 udp
N/A 91.239.25.213:6892 udp
N/A 91.239.25.214:6892 udp
N/A 91.239.25.215:6892 udp
N/A 91.239.25.216:6892 udp
N/A 91.239.25.217:6892 udp
N/A 91.239.25.218:6892 udp
N/A 91.239.25.219:6892 udp
N/A 91.239.25.220:6892 udp
N/A 91.239.25.221:6892 udp
N/A 91.239.25.222:6892 udp
N/A 91.239.25.223:6892 udp
N/A 91.239.25.224:6892 udp
N/A 91.239.25.225:6892 udp
N/A 91.239.25.226:6892 udp
N/A 91.239.25.227:6892 udp
N/A 91.239.25.228:6892 udp
N/A 91.239.25.229:6892 udp
N/A 91.239.25.230:6892 udp
N/A 91.239.25.231:6892 udp
N/A 91.239.25.232:6892 udp
N/A 91.239.25.233:6892 udp
N/A 91.239.25.234:6892 udp
N/A 91.239.25.235:6892 udp
N/A 91.239.25.236:6892 udp
N/A 91.239.25.237:6892 udp
N/A 91.239.25.238:6892 udp
N/A 91.239.25.239:6892 udp
N/A 91.239.25.240:6892 udp
N/A 91.239.25.241:6892 udp
N/A 91.239.25.242:6892 udp
N/A 91.239.25.243:6892 udp
N/A 91.239.25.244:6892 udp
N/A 91.239.25.245:6892 udp
N/A 91.239.25.246:6892 udp
N/A 91.239.25.247:6892 udp
N/A 91.239.25.248:6892 udp
N/A 91.239.25.249:6892 udp
N/A 91.239.25.250:6892 udp
N/A 91.239.25.251:6892 udp
N/A 91.239.25.252:6892 udp
N/A 91.239.25.253:6892 udp
N/A 91.239.25.254:6892 udp
N/A 91.239.25.255:6892 udp
N/A 46.37.26.7:80 tcp
N/A 8.8.8.8:53 api.blockcypher.com udp
N/A 104.20.20.251:80 api.blockcypher.com tcp
N/A 8.8.8.8:53 btc.blockr.io udp
N/A 8.8.8.8:53 bitaps.com udp
N/A 178.128.255.179:443 bitaps.com tcp
N/A 93.184.221.240:80 ctldl.windowsupdate.com tcp
N/A 104.18.21.226:80 ocsp.globalsign.com tcp
N/A 104.18.20.226:80 ocsp2.globalsign.com tcp
N/A 8.8.8.8:53 chain.so udp
N/A 172.67.157.138:443 chain.so tcp
N/A 93.184.220.29:80 ocsp.digicert.com tcp
N/A 8.8.8.8:53 sochain.com udp
N/A 104.26.14.247:443 sochain.com tcp
N/A 8.8.8.8:53 p27dokhpz2n7nvgr.1lseoi.top udp

Files

\Users\Admin\AppData\Local\Temp\nsu1238.tmp\System.dll

MD5 3e6bf00b3ac976122f982ae2aadb1c51
SHA1 caab188f7fdc84d3fdcb2922edeeb5ed576bd31d
SHA256 4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe
SHA512 1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

memory/4192-1-0x0000000000400000-0x0000000000437000-memory.dmp

memory/4192-2-0x0000000000403854-mapping.dmp

memory/4700-4-0x0000000002400000-0x0000000002437000-memory.dmp

memory/4192-3-0x0000000000400000-0x0000000000437000-memory.dmp

memory/4672-76-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\_HELP_HELP_HELP_FZ66G3.hta

MD5 5339021ee322dadbb2c985d69a3b1781
SHA1 e10ef2011de2f04ee0ad06d05c724fddbb172007
SHA256 574bbdc0851c1983c66b25eea6619ca2b6c9c09e50cf579d6351911b35c5e18c
SHA512 2c009cce64d4b9ced6730b9374658137d70e5cbcf8ea83f5279b6f4d690ebb0eb648512167a8dc74dd720fc2fdaa6bee609eeb7e9a980fee5ad5871c5dbe537d

memory/3356-86-0x0000000000000000-mapping.dmp

memory/904-87-0x0000000000000000-mapping.dmp

memory/1108-88-0x0000000000000000-mapping.dmp