Malware Analysis Report

2024-09-22 14:25

Sample ID 240507-zpaa9sfc7s
Target 21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118
SHA256 bdffd754d6462d9db91edb3d7e65cab81279265e28054564e47773e0def807d6
Tags
cerber defense_evasion discovery execution impact ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bdffd754d6462d9db91edb3d7e65cab81279265e28054564e47773e0def807d6

Threat Level: Known bad

The file 21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

cerber defense_evasion discovery execution impact ransomware spyware stealer

Cerber

Deletes shadow copies

Blocklisted process makes network request

Contacts a large (519) amount of remote hosts

Contacts a large (531) amount of remote hosts

Loads dropped DLL

Deletes itself

Checks computer location settings

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

Sets desktop wallpaper using registry

Drops file in Program Files directory

Enumerates physical storage devices

Program crash

Unsigned PE

NSIS installer

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy service COM API

Kills process with taskkill

Runs ping.exe

Suspicious use of SetWindowsHookEx

Modifies registry class

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-05-07 20:53

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-07 20:53

Reported

2024-05-07 20:55

Platform

win7-20231129-en

Max time kernel

122s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe"

Signatures

Cerber

ransomware cerber

Deletes shadow copies

ransomware defense_evasion impact execution

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A

Contacts a large (519) amount of remote hosts

discovery

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A

Reads user/profile data of web browsers

spyware stealer

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp290.bmp" C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\PLANNERS.ONE C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ACADEMIC.ONE C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\README.hta C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BLANK.ONE C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BUSINESS.ONE C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\DESIGNER.ONE C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A

Enumerates physical storage devices

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SysWOW64\mshta.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Windows\SysWOW64\mshta.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802025300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c00b000000010000001600000047006c006f00620061006c005300690067006e000000140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Windows\SysWOW64\mshta.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b0b000000010000001600000047006c006f00620061006c005300690067006e0000005300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802020f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Windows\SysWOW64\mshta.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1848 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 1848 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 1848 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 1848 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 1848 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 1848 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 1848 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 1848 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 1848 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 1848 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 2940 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2940 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2940 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2940 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2592 wrote to memory of 2736 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 2592 wrote to memory of 2736 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 2592 wrote to memory of 2736 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 2940 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 2940 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 2940 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 2940 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 2940 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2940 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2940 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2940 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 1764 wrote to memory of 1804 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1764 wrote to memory of 1804 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1764 wrote to memory of 1804 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1764 wrote to memory of 2896 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 1764 wrote to memory of 2896 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 1764 wrote to memory of 2896 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\README.hta"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

Network

Country Destination Domain Proto
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
US 8.8.8.8:53 lfdachijzuwx4bc4.5b4ej6.bid udp
US 8.8.8.8:53 btc.blockr.io udp
US 8.8.8.8:53 api.blockcypher.com udp
US 104.20.98.10:80 api.blockcypher.com tcp
US 8.8.8.8:53 chain.so udp
US 172.67.40.90:443 chain.so tcp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp

Files

C:\Users\Admin\AppData\Local\Temp\nsd2260.tmp\System.dll

MD5 a436db0c473a087eb61ff5c53c34ba27
SHA1 65ea67e424e75f5065132b539c8b2eda88aa0506
SHA256 75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49
SHA512 908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d

\Users\Admin\AppData\Roaming\NsResize.dll

MD5 d53bd2d5591a78ea15b3bd59e2652bd6
SHA1 40968bcae13ee63469d241200679b25dfa5fdd4c
SHA256 1734bceb77dab6739b80575fd7ee87c437327d8eb147339e1d93b7d3235c5394
SHA512 c07bbab95251f16ac4b1c03e0324792b35badd111cced2e5c8e0de467226e572edfe5ca6e528c3494664f2569774f6a422806f54883cc2ef3726e21f4a011f5b

memory/2940-33-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-31-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2940-29-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-27-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-25-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-23-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-21-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-35-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-37-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-42-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-43-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-45-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-46-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-47-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\README.hta

MD5 def66c32fbe280a866aef4cf2ad7fb3e
SHA1 e0e41412492c0d0baf37c6468f769f96774f1cdd
SHA256 40a9566f7eba230d7160ee31a1885b3fee1405ab96662e45540b592f397081cb
SHA512 c823d2c54ebfe49d2826733ba40b5d24c91122d58f3478b3b7fb514d34b1b7e06500aa7e2a8484641d9eb2e1012be8826e22685e1aa9cbff0d8a963296eb2873

C:\Users\Admin\AppData\Roaming\article.appendix.title.properties.xml

MD5 adb1a285a2b926f98c062fbb74e1e992
SHA1 1f9799a61072673042a1a3da0fdf3fa93cf10f90
SHA256 4ba4637bffa741ba5619c3de97b6c209b5a9deb330385efc7a588492a98b7b45
SHA512 aa65628e34601645dfcdcb1f5f0347ae84555bd1a99432d4c25a50044dae932385bfa1f50551f6577d184de684f9264743facb53f4aa2e46bdfeff5c85bc6bd7

C:\Users\Admin\AppData\Roaming\Addendum.H

MD5 a2039fc589b4554aae01adc00c678bd5
SHA1 76bb96251feec4ceebb44cd7b44e42bb3da03b8b
SHA256 9ede8dfb24c6efa751960f68da159e8c099f95cefde9b6fdf56f817d158c2bf6
SHA512 3711a8b885ab3c794739a53d8bae5d9685fa1c39c5d1dbd298357f6d896ece66d9a8bed3c01350add0fdf5b48aa0c1ef08156874ecafcb7ce340994bb394390b

C:\Users\Admin\AppData\Roaming\btn-next-static.png

MD5 20418349e7f8244ea53bc174b2ff9576
SHA1 edb9087b6d85247ea0cad0060f540b0f890a80e1
SHA256 35d36d6619e249e8bf4838098fd1770c78617e3019162aaca092f8fa37c82dcb
SHA512 b12946ca17bb23403e106d561ae42d15695efde73eb4efb4099b57824c7ba0d2e331850022405f1d5da9502b568a217c06f259600cbbacc0d1c2b7210b31081f

memory/2940-322-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-325-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-328-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-331-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-334-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-337-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-340-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-343-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-347-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-350-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-353-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-356-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-359-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-362-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-365-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-368-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-375-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2940-388-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-07 20:53

Reported

2024-05-07 20:55

Platform

win10v2004-20240419-en

Max time kernel

145s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe"

Signatures

Cerber

ransomware cerber

Deletes shadow copies

ransomware defense_evasion impact execution

Contacts a large (531) amount of remote hosts

discovery

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpD954.bmp" C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\BLANK.ONE C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\PLANNERS.ONE C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\ACADEMIC.ONE C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\BUSINESS.ONE C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\README.hta C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\DESIGNER.ONE C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A

Enumerates physical storage devices

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4336 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 4336 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 4336 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 4336 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 4336 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 4336 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 4336 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 4336 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 4336 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 4336 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe
PID 3720 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 3720 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 4416 wrote to memory of 4872 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 4416 wrote to memory of 4872 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 3720 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 3720 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 3720 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 3720 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 3720 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 1284 wrote to memory of 2432 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1284 wrote to memory of 2432 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1284 wrote to memory of 3648 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 1284 wrote to memory of 3648 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3b4 0x40c

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\README.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "21af27ba9ac8e0dc4124c57f82b7e514_JaffaCakes118.exe"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 24.121.18.2.in-addr.arpa udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
US 8.8.8.8:53 0.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 1.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 2.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 4.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 5.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 3.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 7.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 6.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 8.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 9.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 10.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 11.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 12.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 13.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 14.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 15.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 16.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 17.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 18.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 19.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 20.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 21.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 22.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 23.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 24.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 25.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 26.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 27.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 28.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 29.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 30.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 31.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 32.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 33.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 34.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 35.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 36.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 37.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 39.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 38.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 41.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 40.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 42.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 43.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 44.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 45.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 46.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 47.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 48.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 49.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 50.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 51.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 53.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 52.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 54.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 55.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 56.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 57.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 58.234.184.31.in-addr.arpa udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
US 8.8.8.8:53 59.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 60.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 61.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 62.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 63.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 64.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 65.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 66.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 67.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 68.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 69.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 70.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 71.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 72.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 73.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 74.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 75.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 76.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 77.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 79.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 78.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 80.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 81.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 82.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 83.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 84.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 85.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 86.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 87.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 88.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 90.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 89.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 91.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 93.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 92.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 94.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 95.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 96.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 97.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 98.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 99.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 100.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 101.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 102.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 103.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 105.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 104.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 107.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 106.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 108.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 109.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 110.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 111.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 112.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 113.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 114.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 115.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 116.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 117.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 118.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 119.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 120.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 121.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 122.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 123.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 124.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 125.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 126.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 127.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 128.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 129.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 131.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 130.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 132.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 133.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 134.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 135.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 136.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 137.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 138.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 139.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 140.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 141.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 142.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 143.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 144.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 145.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 146.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 147.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 148.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 149.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 150.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 151.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 152.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 154.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 153.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 155.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 156.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 158.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 157.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 159.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 160.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 161.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 162.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 163.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 165.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 166.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 167.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 168.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 169.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 170.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 171.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 172.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 173.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 174.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 176.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 177.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 178.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 179.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 181.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 180.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 182.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 183.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 184.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 185.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 186.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 187.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 188.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 189.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 190.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 191.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 192.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 193.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 194.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 195.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 196.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 197.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 198.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 199.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 200.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 201.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 202.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 203.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 204.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 205.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 206.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 208.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 207.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 210.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 209.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 211.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 213.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 214.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 215.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 216.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 217.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 218.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 219.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 220.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 221.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 222.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 223.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 224.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 225.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 226.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 227.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 228.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 229.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 230.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 231.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 232.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 233.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 234.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 236.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 235.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 237.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 238.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 239.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 240.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 241.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 242.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 243.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 244.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 246.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 247.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 248.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 249.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 250.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 251.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 252.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 253.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 254.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 255.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 0.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 1.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 2.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 3.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 4.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 5.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 6.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 9.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 8.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 10.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 7.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 11.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 12.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 14.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 13.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 15.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 17.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 16.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 18.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 19.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 20.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 21.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 22.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 23.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 24.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 25.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 26.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 28.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 27.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 29.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 30.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 31.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 32.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 33.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 34.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 35.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 36.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 38.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 37.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 40.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 39.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 41.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 42.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 43.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 45.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 44.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 46.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 48.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 49.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 50.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 51.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 52.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 53.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 54.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 55.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 56.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 57.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 58.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 59.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 60.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 62.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 61.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 64.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 65.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 66.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 67.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 68.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 69.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 70.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 71.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 72.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 73.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 74.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 75.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 76.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 77.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 78.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 79.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 80.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 81.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 82.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 83.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 84.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 85.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 86.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 87.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 88.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 89.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 90.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 91.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 92.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 93.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 94.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 95.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 96.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 97.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 98.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 99.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 100.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 101.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 102.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 103.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 104.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 105.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 107.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 106.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 108.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 109.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 110.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 111.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 112.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 113.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 114.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 115.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 116.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 117.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 118.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 119.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 120.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 121.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 122.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 123.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 124.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 125.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 126.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 127.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 128.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 129.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 131.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 130.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 132.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 133.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 134.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 135.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 136.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 137.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 138.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 139.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 141.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 142.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 143.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 144.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 145.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 146.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 147.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 148.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 149.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 150.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 152.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 151.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 153.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 154.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 155.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 156.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 157.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 158.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 159.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 160.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 162.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 163.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 164.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 161.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 165.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 166.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 167.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 168.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 169.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 170.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 171.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 172.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 173.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 174.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 175.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 176.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 177.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 178.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 179.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 180.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 181.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 182.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 183.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 184.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 185.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 186.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 187.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 188.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 189.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 190.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 191.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 192.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 193.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 194.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 196.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 195.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 197.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 198.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 199.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 200.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 201.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 202.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 203.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 204.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 206.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 205.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 207.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 208.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 209.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 210.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 211.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 212.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 213.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 214.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 215.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 216.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 217.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 218.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 219.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 220.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 221.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 222.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 223.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 224.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 226.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 225.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 227.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 228.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 229.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 230.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 232.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 233.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 231.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 234.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 235.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 237.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 238.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 239.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 240.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 241.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 243.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 242.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 244.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 245.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 247.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 248.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 249.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 250.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 251.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 253.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 252.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 254.235.184.31.in-addr.arpa udp
AM 31.184.235.255:6892 udp
US 8.8.8.8:53 255.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 37.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 14.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 133.190.18.2.in-addr.arpa udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
AM 31.184.235.255:6892 udp

Files

C:\Users\Admin\AppData\Local\Temp\nsc4017.tmp\System.dll

MD5 a436db0c473a087eb61ff5c53c34ba27
SHA1 65ea67e424e75f5065132b539c8b2eda88aa0506
SHA256 75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49
SHA512 908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d

C:\Users\Admin\AppData\Roaming\NsResize.dll

MD5 d53bd2d5591a78ea15b3bd59e2652bd6
SHA1 40968bcae13ee63469d241200679b25dfa5fdd4c
SHA256 1734bceb77dab6739b80575fd7ee87c437327d8eb147339e1d93b7d3235c5394
SHA512 c07bbab95251f16ac4b1c03e0324792b35badd111cced2e5c8e0de467226e572edfe5ca6e528c3494664f2569774f6a422806f54883cc2ef3726e21f4a011f5b

memory/3720-24-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-26-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-27-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-32-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-33-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-34-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-40-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-39-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\Documents\OneNote Notebooks\README.hta

MD5 929cbd3b1533c579dee3803d8cea935a
SHA1 4bc02a8750dfe028ef3f82dee144432d9d523c96
SHA256 6e4316d7fdfcdac224e5052c4b61a4e8d94a1ef68848d5f59c31098e659c89a2
SHA512 341e5471a4410ecf7943654472fecab64a06fdbe07090d37323049c57c71e7a1028cbbdde6b4c763ff8134a61cc95a7c7dd358efbc8631d3966d17f6b562e898

C:\Users\Admin\AppData\Roaming\article.appendix.title.properties.xml

MD5 adb1a285a2b926f98c062fbb74e1e992
SHA1 1f9799a61072673042a1a3da0fdf3fa93cf10f90
SHA256 4ba4637bffa741ba5619c3de97b6c209b5a9deb330385efc7a588492a98b7b45
SHA512 aa65628e34601645dfcdcb1f5f0347ae84555bd1a99432d4c25a50044dae932385bfa1f50551f6577d184de684f9264743facb53f4aa2e46bdfeff5c85bc6bd7

C:\Users\Admin\AppData\Roaming\Addendum.H

MD5 79382b8ded97b3c296d13ec3174627c4
SHA1 0941ac3bcf63768986fc247587edf7b93ff14137
SHA256 98d3bbb508f1e7dc27acc7820f91b6dfb4602bedaa76da8bca49ad33150524db
SHA512 76eee44a156dc7183febf03978df9f378a2cbb873f5f70c9ed034dd78d07bae0ada72f022c1d07e9b828a9d14eeff7be994ecb77380ae91180ced57621a6eb5a

memory/3720-369-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Roaming\btn-next-static.png

MD5 e3d0209f09f8349579195ceac89420bd
SHA1 432bf86c5a8d68a775db1af0b29dcca92f11247d
SHA256 2556a483b1557bc59f0d40ce87162d692e2e19d7fe8bef5740efc46153f63b92
SHA512 d1dfcc9ccd6fc66c3a8f4f4e568a56401ead530fadd83978283e2bdbb71ca2ea04df566a732c9a8be33bcd3166ef6fa81a1e8d3a3176892cae6b5001b119cd7e

memory/3720-707-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-710-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-713-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-716-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-719-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-722-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-725-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-728-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-731-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-734-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-737-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-740-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-743-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-746-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-749-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-752-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-759-0x0000000000400000-0x0000000000431000-memory.dmp

memory/3720-764-0x0000000000400000-0x0000000000431000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-07 20:53

Reported

2024-05-07 20:55

Platform

win7-20240221-en

Max time kernel

120s

Max time network

127s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 228

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-07 20:53

Reported

2024-05-07 20:55

Platform

win10v2004-20240419-en

Max time kernel

132s

Max time network

126s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 552 wrote to memory of 3720 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 552 wrote to memory of 3720 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 552 wrote to memory of 3720 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3720 -ip 3720

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
NL 23.62.61.152:443 www.bing.com tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 152.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 48.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-07 20:53

Reported

2024-05-07 20:55

Platform

win7-20240215-en

Max time kernel

119s

Max time network

122s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\NsResize.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2388 wrote to memory of 2360 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2388 wrote to memory of 2360 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2388 wrote to memory of 2360 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2388 wrote to memory of 2360 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2388 wrote to memory of 2360 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2388 wrote to memory of 2360 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2388 wrote to memory of 2360 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\NsResize.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\NsResize.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-07 20:53

Reported

2024-05-07 20:55

Platform

win10v2004-20240419-en

Max time kernel

133s

Max time network

125s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\NsResize.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 652 wrote to memory of 4576 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 652 wrote to memory of 4576 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 652 wrote to memory of 4576 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\NsResize.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\NsResize.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4576 -ip 4576

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 560

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 37.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 14.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A