Analysis Overview
SHA256
954d80f7e2ee27d8056e565e351b2c81d7d22c430b5443cf59924015b5f3664f
Threat Level: Known bad
The file 3c23060bff44df650a2def69bf0733a7_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Cerber
Deletes shadow copies
Contacts a large (517) amount of remote hosts
Blocklisted process makes network request
Deletes itself
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Suspicious use of SetThreadContext
Sets desktop wallpaper using registry
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Command and Scripting Interpreter: JavaScript
Program crash
Suspicious behavior: MapViewOfSection
Kills process with taskkill
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Runs ping.exe
Suspicious use of FindShellTrayWindow
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-13 18:04
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral7
Detonation Overview
Submitted
2024-05-13 18:04
Reported
2024-05-13 18:06
Platform
win7-20240221-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2128 wrote to memory of 1732 | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 2128 wrote to memory of 1732 | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 2128 wrote to memory of 1732 | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 2128 wrote to memory of 1732 | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
Network
Files
\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
| MD5 | e4cd221c4e43b554715b0a8a57434a46 |
| SHA1 | 4f07d920d8fe3bd614cc229f114b312f26013880 |
| SHA256 | 16a3798c80a0dd793b583892535687b0ce2e10ff10675ae159fe6d42fa17aeea |
| SHA512 | ef54ddaab0ac420fe868d089a1f8d08134802bcf192070ad1e87236836d5c5a04037daf6f862d7c9b116b3863347969cc0fa1ee76260eb4621760015900e6725 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-13 18:04
Reported
2024-05-13 18:06
Platform
win10v2004-20240508-en
Max time kernel
93s
Max time network
94s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 852 wrote to memory of 436 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 852 wrote to memory of 436 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 852 wrote to memory of 436 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 436 -ip 436
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| NL | 23.62.61.88:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-13 18:04
Reported
2024-05-13 18:06
Platform
win7-20240215-en
Max time kernel
121s
Max time network
126s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StartMenu.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StartMenu.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 224
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-05-13 18:04
Reported
2024-05-13 18:06
Platform
win7-20240221-en
Max time kernel
121s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\youtube_activex.js
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-05-13 18:04
Reported
2024-05-13 18:06
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\youtube_activex.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-13 18:04
Reported
2024-05-13 18:06
Platform
win7-20240419-en
Max time kernel
122s
Max time network
139s
Command Line
Signatures
Cerber
Deletes shadow copies
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
Contacts a large (517) amount of remote hosts
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe | N/A |
Reads user/profile data of web browsers
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpC275.bmp" | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1760 set thread context of 2664 | N/A | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BUSINESS.ONE | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\DESIGNER.ONE | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\PLANNERS.ONE | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ACADEMIC.ONE | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\_README_.hta | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BLANK.ONE | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 428
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\wbem\WMIC.exe
C:\Windows\system32\wbem\wmic.exe shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\_README_.hta"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im "3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe"
C:\Windows\system32\PING.EXE
ping -n 1 127.0.0.1
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.0:6892 | udp | |
| N/A | 127.0.0.1:6892 | udp | |
| N/A | 127.0.0.2:6892 | udp | |
| N/A | 127.0.0.3:6892 | udp | |
| N/A | 127.0.0.4:6892 | udp | |
| N/A | 127.0.0.5:6892 | udp | |
| N/A | 127.0.0.6:6892 | udp | |
| N/A | 127.0.0.7:6892 | udp | |
| N/A | 127.0.0.8:6892 | udp | |
| N/A | 127.0.0.9:6892 | udp | |
| N/A | 127.0.0.10:6892 | udp | |
| N/A | 127.0.0.11:6892 | udp | |
| N/A | 127.0.0.12:6892 | udp | |
| N/A | 127.0.0.13:6892 | udp | |
| N/A | 127.0.0.14:6892 | udp | |
| N/A | 127.0.0.15:6892 | udp | |
| N/A | 127.0.0.16:6892 | udp | |
| N/A | 127.0.0.17:6892 | udp | |
| N/A | 127.0.0.18:6892 | udp | |
| N/A | 127.0.0.19:6892 | udp | |
| N/A | 127.0.0.20:6892 | udp | |
| N/A | 127.0.0.21:6892 | udp | |
| N/A | 127.0.0.22:6892 | udp | |
| N/A | 127.0.0.23:6892 | udp | |
| N/A | 127.0.0.24:6892 | udp | |
| N/A | 127.0.0.25:6892 | udp | |
| N/A | 127.0.0.26:6892 | udp | |
| N/A | 127.0.0.27:6892 | udp | |
| N/A | 127.0.0.28:6892 | udp | |
| N/A | 127.0.0.29:6892 | udp | |
| N/A | 127.0.0.30:6892 | udp | |
| N/A | 127.0.0.31:6892 | udp | |
| N/A | 192.168.0.0:6892 | udp | |
| N/A | 192.168.0.1:6892 | udp | |
| N/A | 192.168.0.2:6892 | udp | |
| N/A | 192.168.0.3:6892 | udp | |
| N/A | 192.168.0.4:6892 | udp | |
| N/A | 192.168.0.5:6892 | udp | |
| N/A | 192.168.0.6:6892 | udp | |
| N/A | 192.168.0.7:6892 | udp | |
| N/A | 192.168.0.8:6892 | udp | |
| N/A | 192.168.0.9:6892 | udp | |
| N/A | 192.168.0.10:6892 | udp | |
| N/A | 192.168.0.11:6892 | udp | |
| N/A | 192.168.0.12:6892 | udp | |
| N/A | 192.168.0.13:6892 | udp | |
| N/A | 192.168.0.14:6892 | udp | |
| N/A | 192.168.0.15:6892 | udp | |
| N/A | 192.168.0.16:6892 | udp | |
| N/A | 192.168.0.17:6892 | udp | |
| N/A | 192.168.0.18:6892 | udp | |
| N/A | 192.168.0.19:6892 | udp | |
| N/A | 192.168.0.20:6892 | udp | |
| N/A | 192.168.0.21:6892 | udp | |
| N/A | 192.168.0.22:6892 | udp | |
| N/A | 192.168.0.23:6892 | udp | |
| N/A | 192.168.0.24:6892 | udp | |
| N/A | 192.168.0.25:6892 | udp | |
| N/A | 192.168.0.26:6892 | udp | |
| N/A | 192.168.0.27:6892 | udp | |
| N/A | 192.168.0.28:6892 | udp | |
| N/A | 192.168.0.29:6892 | udp | |
| N/A | 192.168.0.30:6892 | udp | |
| N/A | 192.168.0.31:6892 | udp | |
| LT | 194.165.16.0:6892 | udp | |
| LT | 194.165.16.1:6892 | udp | |
| LT | 194.165.16.2:6892 | udp | |
| LT | 194.165.16.3:6892 | udp | |
| LT | 194.165.16.4:6892 | udp | |
| LT | 194.165.16.5:6892 | udp | |
| LT | 194.165.16.6:6892 | udp | |
| LT | 194.165.16.7:6892 | udp | |
| LT | 194.165.16.8:6892 | udp | |
| LT | 194.165.16.9:6892 | udp | |
| LT | 194.165.16.10:6892 | udp | |
| LT | 194.165.16.11:6892 | udp | |
| LT | 194.165.16.12:6892 | udp | |
| LT | 194.165.16.13:6892 | udp | |
| LT | 194.165.16.14:6892 | udp | |
| LT | 194.165.16.15:6892 | udp | |
| LT | 194.165.16.16:6892 | udp | |
| LT | 194.165.16.17:6892 | udp | |
| LT | 194.165.16.18:6892 | udp | |
| LT | 194.165.16.19:6892 | udp | |
| LT | 194.165.16.20:6892 | udp | |
| LT | 194.165.16.21:6892 | udp | |
| LT | 194.165.16.22:6892 | udp | |
| LT | 194.165.16.23:6892 | udp | |
| LT | 194.165.16.24:6892 | udp | |
| LT | 194.165.16.25:6892 | udp | |
| LT | 194.165.16.26:6892 | udp | |
| LT | 194.165.16.27:6892 | udp | |
| LT | 194.165.16.28:6892 | udp | |
| LT | 194.165.16.29:6892 | udp | |
| LT | 194.165.16.30:6892 | udp | |
| LT | 194.165.16.31:6892 | udp | |
| LT | 194.165.16.32:6892 | udp | |
| LT | 194.165.16.33:6892 | udp | |
| LT | 194.165.16.34:6892 | udp | |
| LT | 194.165.16.35:6892 | udp | |
| LT | 194.165.16.36:6892 | udp | |
| LT | 194.165.16.37:6892 | udp | |
| LT | 194.165.16.38:6892 | udp | |
| LT | 194.165.16.39:6892 | udp | |
| LT | 194.165.16.40:6892 | udp | |
| LT | 194.165.16.41:6892 | udp | |
| LT | 194.165.16.42:6892 | udp | |
| LT | 194.165.16.43:6892 | udp | |
| LT | 194.165.16.44:6892 | udp | |
| LT | 194.165.16.45:6892 | udp | |
| LT | 194.165.16.46:6892 | udp | |
| LT | 194.165.16.47:6892 | udp | |
| LT | 194.165.16.48:6892 | udp | |
| LT | 194.165.16.49:6892 | udp | |
| LT | 194.165.16.50:6892 | udp | |
| LT | 194.165.16.51:6892 | udp | |
| LT | 194.165.16.52:6892 | udp | |
| LT | 194.165.16.53:6892 | udp | |
| LT | 194.165.16.54:6892 | udp | |
| LT | 194.165.16.55:6892 | udp | |
| LT | 194.165.16.56:6892 | udp | |
| LT | 194.165.16.57:6892 | udp | |
| LT | 194.165.16.58:6892 | udp | |
| LT | 194.165.16.59:6892 | udp | |
| LT | 194.165.16.60:6892 | udp | |
| LT | 194.165.16.61:6892 | udp | |
| LT | 194.165.16.62:6892 | udp | |
| LT | 194.165.16.63:6892 | udp | |
| LT | 194.165.16.64:6892 | udp | |
| LT | 194.165.16.65:6892 | udp | |
| LT | 194.165.16.66:6892 | udp | |
| LT | 194.165.16.67:6892 | udp | |
| LT | 194.165.16.68:6892 | udp | |
| LT | 194.165.16.69:6892 | udp | |
| LT | 194.165.16.70:6892 | udp | |
| LT | 194.165.16.71:6892 | udp | |
| LT | 194.165.16.72:6892 | udp | |
| LT | 194.165.16.73:6892 | udp | |
| LT | 194.165.16.74:6892 | udp | |
| LT | 194.165.16.75:6892 | udp | |
| LT | 194.165.16.76:6892 | udp | |
| LT | 194.165.16.77:6892 | udp | |
| LT | 194.165.16.78:6892 | udp | |
| LT | 194.165.16.79:6892 | udp | |
| LT | 194.165.16.80:6892 | udp | |
| LT | 194.165.16.81:6892 | udp | |
| LT | 194.165.16.82:6892 | udp | |
| LT | 194.165.16.83:6892 | udp | |
| LT | 194.165.16.84:6892 | udp | |
| LT | 194.165.16.85:6892 | udp | |
| LT | 194.165.16.86:6892 | udp | |
| LT | 194.165.16.87:6892 | udp | |
| LT | 194.165.16.88:6892 | udp | |
| LT | 194.165.16.89:6892 | udp | |
| LT | 194.165.16.90:6892 | udp | |
| LT | 194.165.16.91:6892 | udp | |
| LT | 194.165.16.92:6892 | udp | |
| LT | 194.165.16.93:6892 | udp | |
| LT | 194.165.16.94:6892 | udp | |
| LT | 194.165.16.95:6892 | udp | |
| LT | 194.165.16.96:6892 | udp | |
| LT | 194.165.16.97:6892 | udp | |
| LT | 194.165.16.98:6892 | udp | |
| LT | 194.165.16.99:6892 | udp | |
| LT | 194.165.16.100:6892 | udp | |
| LT | 194.165.16.101:6892 | udp | |
| LT | 194.165.16.102:6892 | udp | |
| LT | 194.165.16.103:6892 | udp | |
| LT | 194.165.16.104:6892 | udp | |
| LT | 194.165.16.105:6892 | udp | |
| LT | 194.165.16.106:6892 | udp | |
| LT | 194.165.16.107:6892 | udp | |
| LT | 194.165.16.108:6892 | udp | |
| LT | 194.165.16.109:6892 | udp | |
| LT | 194.165.16.110:6892 | udp | |
| LT | 194.165.16.111:6892 | udp | |
| LT | 194.165.16.112:6892 | udp | |
| LT | 194.165.16.113:6892 | udp | |
| LT | 194.165.16.114:6892 | udp | |
| LT | 194.165.16.115:6892 | udp | |
| LT | 194.165.16.116:6892 | udp | |
| LT | 194.165.16.117:6892 | udp | |
| LT | 194.165.16.118:6892 | udp | |
| LT | 194.165.16.119:6892 | udp | |
| LT | 194.165.16.120:6892 | udp | |
| LT | 194.165.16.121:6892 | udp | |
| LT | 194.165.16.122:6892 | udp | |
| LT | 194.165.16.123:6892 | udp | |
| LT | 194.165.16.124:6892 | udp | |
| LT | 194.165.16.125:6892 | udp | |
| LT | 194.165.16.126:6892 | udp | |
| LT | 194.165.16.127:6892 | udp | |
| LT | 194.165.16.128:6892 | udp | |
| LT | 194.165.16.129:6892 | udp | |
| LT | 194.165.16.130:6892 | udp | |
| LT | 194.165.16.131:6892 | udp | |
| LT | 194.165.16.132:6892 | udp | |
| LT | 194.165.16.133:6892 | udp | |
| LT | 194.165.16.134:6892 | udp | |
| LT | 194.165.16.135:6892 | udp | |
| LT | 194.165.16.136:6892 | udp | |
| LT | 194.165.16.137:6892 | udp | |
| LT | 194.165.16.138:6892 | udp | |
| LT | 194.165.16.139:6892 | udp | |
| LT | 194.165.16.140:6892 | udp | |
| LT | 194.165.16.141:6892 | udp | |
| LT | 194.165.16.142:6892 | udp | |
| LT | 194.165.16.143:6892 | udp | |
| LT | 194.165.16.144:6892 | udp | |
| LT | 194.165.16.145:6892 | udp | |
| LT | 194.165.16.146:6892 | udp | |
| LT | 194.165.16.147:6892 | udp | |
| LT | 194.165.16.148:6892 | udp | |
| LT | 194.165.16.149:6892 | udp | |
| LT | 194.165.16.150:6892 | udp | |
| LT | 194.165.16.151:6892 | udp | |
| LT | 194.165.16.152:6892 | udp | |
| LT | 194.165.16.153:6892 | udp | |
| LT | 194.165.16.154:6892 | udp | |
| LT | 194.165.16.155:6892 | udp | |
| LT | 194.165.16.156:6892 | udp | |
| LT | 194.165.16.157:6892 | udp | |
| LT | 194.165.16.158:6892 | udp | |
| LT | 194.165.16.159:6892 | udp | |
| LT | 194.165.16.160:6892 | udp | |
| LT | 194.165.16.161:6892 | udp | |
| LT | 194.165.16.162:6892 | udp | |
| LT | 194.165.16.163:6892 | udp | |
| LT | 194.165.16.164:6892 | udp | |
| LT | 194.165.16.165:6892 | udp | |
| LT | 194.165.16.166:6892 | udp | |
| LT | 194.165.16.167:6892 | udp | |
| LT | 194.165.16.168:6892 | udp | |
| LT | 194.165.16.169:6892 | udp | |
| LT | 194.165.16.170:6892 | udp | |
| LT | 194.165.16.171:6892 | udp | |
| LT | 194.165.16.172:6892 | udp | |
| LT | 194.165.16.173:6892 | udp | |
| LT | 194.165.16.174:6892 | udp | |
| LT | 194.165.16.175:6892 | udp | |
| LT | 194.165.16.176:6892 | udp | |
| LT | 194.165.16.177:6892 | udp | |
| LT | 194.165.16.178:6892 | udp | |
| LT | 194.165.16.179:6892 | udp | |
| LT | 194.165.16.180:6892 | udp | |
| LT | 194.165.16.181:6892 | udp | |
| LT | 194.165.16.182:6892 | udp | |
| LT | 194.165.16.183:6892 | udp | |
| LT | 194.165.16.184:6892 | udp | |
| LT | 194.165.16.185:6892 | udp | |
| LT | 194.165.16.186:6892 | udp | |
| LT | 194.165.16.187:6892 | udp | |
| LT | 194.165.16.188:6892 | udp | |
| LT | 194.165.16.189:6892 | udp | |
| LT | 194.165.16.190:6892 | udp | |
| LT | 194.165.16.191:6892 | udp | |
| LT | 194.165.16.192:6892 | udp | |
| LT | 194.165.16.193:6892 | udp | |
| LT | 194.165.16.194:6892 | udp | |
| LT | 194.165.16.195:6892 | udp | |
| LT | 194.165.16.196:6892 | udp | |
| LT | 194.165.16.197:6892 | udp | |
| LT | 194.165.16.198:6892 | udp | |
| LT | 194.165.16.199:6892 | udp | |
| LT | 194.165.16.200:6892 | udp | |
| LT | 194.165.16.201:6892 | udp | |
| LT | 194.165.16.202:6892 | udp | |
| LT | 194.165.16.203:6892 | udp | |
| LT | 194.165.16.204:6892 | udp | |
| LT | 194.165.16.205:6892 | udp | |
| LT | 194.165.16.206:6892 | udp | |
| LT | 194.165.16.207:6892 | udp | |
| LT | 194.165.16.208:6892 | udp | |
| LT | 194.165.16.209:6892 | udp | |
| LT | 194.165.16.210:6892 | udp | |
| LT | 194.165.16.211:6892 | udp | |
| LT | 194.165.16.212:6892 | udp | |
| LT | 194.165.16.213:6892 | udp | |
| LT | 194.165.16.214:6892 | udp | |
| LT | 194.165.16.215:6892 | udp | |
| LT | 194.165.16.216:6892 | udp | |
| LT | 194.165.16.217:6892 | udp | |
| LT | 194.165.16.218:6892 | udp | |
| LT | 194.165.16.219:6892 | udp | |
| LT | 194.165.16.220:6892 | udp | |
| LT | 194.165.16.221:6892 | udp | |
| LT | 194.165.16.222:6892 | udp | |
| LT | 194.165.16.223:6892 | udp | |
| LT | 194.165.16.224:6892 | udp | |
| LT | 194.165.16.225:6892 | udp | |
| LT | 194.165.16.226:6892 | udp | |
| LT | 194.165.16.227:6892 | udp | |
| LT | 194.165.16.228:6892 | udp | |
| LT | 194.165.16.229:6892 | udp | |
| LT | 194.165.16.230:6892 | udp | |
| LT | 194.165.16.231:6892 | udp | |
| LT | 194.165.16.232:6892 | udp | |
| LT | 194.165.16.233:6892 | udp | |
| LT | 194.165.16.234:6892 | udp | |
| LT | 194.165.16.235:6892 | udp | |
| LT | 194.165.16.236:6892 | udp | |
| LT | 194.165.16.237:6892 | udp | |
| LT | 194.165.16.238:6892 | udp | |
| LT | 194.165.16.239:6892 | udp | |
| LT | 194.165.16.240:6892 | udp | |
| LT | 194.165.16.241:6892 | udp | |
| LT | 194.165.16.242:6892 | udp | |
| LT | 194.165.16.243:6892 | udp | |
| LT | 194.165.16.244:6892 | udp | |
| LT | 194.165.16.245:6892 | udp | |
| LT | 194.165.16.246:6892 | udp | |
| LT | 194.165.16.247:6892 | udp | |
| LT | 194.165.16.248:6892 | udp | |
| LT | 194.165.16.249:6892 | udp | |
| LT | 194.165.16.250:6892 | udp | |
| LT | 194.165.16.251:6892 | udp | |
| LT | 194.165.16.252:6892 | udp | |
| LT | 194.165.16.253:6892 | udp | |
| LT | 194.165.16.254:6892 | udp | |
| LT | 194.165.16.255:6892 | udp | |
| LT | 194.165.17.0:6892 | udp | |
| LT | 194.165.17.1:6892 | udp | |
| LT | 194.165.17.2:6892 | udp | |
| LT | 194.165.17.3:6892 | udp | |
| LT | 194.165.17.4:6892 | udp | |
| LT | 194.165.17.5:6892 | udp | |
| LT | 194.165.17.6:6892 | udp | |
| LT | 194.165.17.7:6892 | udp | |
| LT | 194.165.17.8:6892 | udp | |
| LT | 194.165.17.9:6892 | udp | |
| LT | 194.165.17.10:6892 | udp | |
| LT | 194.165.17.11:6892 | udp | |
| LT | 194.165.17.12:6892 | udp | |
| LT | 194.165.17.13:6892 | udp | |
| LT | 194.165.17.14:6892 | udp | |
| LT | 194.165.17.15:6892 | udp | |
| LT | 194.165.17.16:6892 | udp | |
| LT | 194.165.17.17:6892 | udp | |
| LT | 194.165.17.18:6892 | udp | |
| LT | 194.165.17.19:6892 | udp | |
| LT | 194.165.17.20:6892 | udp | |
| LT | 194.165.17.21:6892 | udp | |
| LT | 194.165.17.22:6892 | udp | |
| LT | 194.165.17.23:6892 | udp | |
| LT | 194.165.17.24:6892 | udp | |
| LT | 194.165.17.25:6892 | udp | |
| LT | 194.165.17.26:6892 | udp | |
| LT | 194.165.17.27:6892 | udp | |
| LT | 194.165.17.28:6892 | udp | |
| LT | 194.165.17.29:6892 | udp | |
| LT | 194.165.17.30:6892 | udp | |
| LT | 194.165.17.31:6892 | udp | |
| LT | 194.165.17.32:6892 | udp | |
| LT | 194.165.17.33:6892 | udp | |
| LT | 194.165.17.34:6892 | udp | |
| LT | 194.165.17.35:6892 | udp | |
| LT | 194.165.17.36:6892 | udp | |
| LT | 194.165.17.37:6892 | udp | |
| LT | 194.165.17.38:6892 | udp | |
| LT | 194.165.17.39:6892 | udp | |
| LT | 194.165.17.40:6892 | udp | |
| LT | 194.165.17.41:6892 | udp | |
| LT | 194.165.17.42:6892 | udp | |
| LT | 194.165.17.43:6892 | udp | |
| LT | 194.165.17.44:6892 | udp | |
| LT | 194.165.17.45:6892 | udp | |
| LT | 194.165.17.46:6892 | udp | |
| LT | 194.165.17.47:6892 | udp | |
| LT | 194.165.17.48:6892 | udp | |
| LT | 194.165.17.49:6892 | udp | |
| LT | 194.165.17.50:6892 | udp | |
| LT | 194.165.17.51:6892 | udp | |
| LT | 194.165.17.52:6892 | udp | |
| LT | 194.165.17.53:6892 | udp | |
| LT | 194.165.17.54:6892 | udp | |
| LT | 194.165.17.55:6892 | udp | |
| LT | 194.165.17.56:6892 | udp | |
| LT | 194.165.17.57:6892 | udp | |
| LT | 194.165.17.58:6892 | udp | |
| LT | 194.165.17.59:6892 | udp | |
| LT | 194.165.17.60:6892 | udp | |
| LT | 194.165.17.61:6892 | udp | |
| LT | 194.165.17.62:6892 | udp | |
| LT | 194.165.17.63:6892 | udp | |
| LT | 194.165.17.64:6892 | udp | |
| LT | 194.165.17.65:6892 | udp | |
| LT | 194.165.17.66:6892 | udp | |
| LT | 194.165.17.67:6892 | udp | |
| LT | 194.165.17.68:6892 | udp | |
| LT | 194.165.17.69:6892 | udp | |
| LT | 194.165.17.70:6892 | udp | |
| LT | 194.165.17.71:6892 | udp | |
| LT | 194.165.17.72:6892 | udp | |
| LT | 194.165.17.73:6892 | udp | |
| LT | 194.165.17.74:6892 | udp | |
| LT | 194.165.17.75:6892 | udp | |
| LT | 194.165.17.76:6892 | udp | |
| LT | 194.165.17.77:6892 | udp | |
| LT | 194.165.17.78:6892 | udp | |
| LT | 194.165.17.79:6892 | udp | |
| LT | 194.165.17.80:6892 | udp | |
| LT | 194.165.17.81:6892 | udp | |
| LT | 194.165.17.82:6892 | udp | |
| LT | 194.165.17.83:6892 | udp | |
| LT | 194.165.17.84:6892 | udp | |
| LT | 194.165.17.85:6892 | udp | |
| LT | 194.165.17.86:6892 | udp | |
| LT | 194.165.17.87:6892 | udp | |
| LT | 194.165.17.88:6892 | udp | |
| LT | 194.165.17.89:6892 | udp | |
| LT | 194.165.17.90:6892 | udp | |
| LT | 194.165.17.91:6892 | udp | |
| LT | 194.165.17.92:6892 | udp | |
| LT | 194.165.17.93:6892 | udp | |
| LT | 194.165.17.94:6892 | udp | |
| LT | 194.165.17.95:6892 | udp | |
| LT | 194.165.17.96:6892 | udp | |
| LT | 194.165.17.97:6892 | udp | |
| LT | 194.165.17.98:6892 | udp | |
| LT | 194.165.17.99:6892 | udp | |
| LT | 194.165.17.100:6892 | udp | |
| LT | 194.165.17.101:6892 | udp | |
| LT | 194.165.17.102:6892 | udp | |
| LT | 194.165.17.103:6892 | udp | |
| LT | 194.165.17.104:6892 | udp | |
| LT | 194.165.17.105:6892 | udp | |
| LT | 194.165.17.106:6892 | udp | |
| LT | 194.165.17.107:6892 | udp | |
| LT | 194.165.17.108:6892 | udp | |
| LT | 194.165.17.109:6892 | udp | |
| LT | 194.165.17.110:6892 | udp | |
| LT | 194.165.17.111:6892 | udp | |
| LT | 194.165.17.112:6892 | udp | |
| LT | 194.165.17.113:6892 | udp | |
| LT | 194.165.17.114:6892 | udp | |
| LT | 194.165.17.115:6892 | udp | |
| LT | 194.165.17.116:6892 | udp | |
| LT | 194.165.17.117:6892 | udp | |
| LT | 194.165.17.118:6892 | udp | |
| LT | 194.165.17.119:6892 | udp | |
| LT | 194.165.17.120:6892 | udp | |
| LT | 194.165.17.121:6892 | udp | |
| LT | 194.165.17.122:6892 | udp | |
| LT | 194.165.17.123:6892 | udp | |
| LT | 194.165.17.124:6892 | udp | |
| LT | 194.165.17.125:6892 | udp | |
| LT | 194.165.17.126:6892 | udp | |
| LT | 194.165.17.127:6892 | udp | |
| LT | 194.165.17.128:6892 | udp | |
| LT | 194.165.17.129:6892 | udp | |
| LT | 194.165.17.130:6892 | udp | |
| LT | 194.165.17.131:6892 | udp | |
| LT | 194.165.17.132:6892 | udp | |
| LT | 194.165.17.133:6892 | udp | |
| LT | 194.165.17.134:6892 | udp | |
| LT | 194.165.17.135:6892 | udp | |
| LT | 194.165.17.136:6892 | udp | |
| LT | 194.165.17.137:6892 | udp | |
| LT | 194.165.17.138:6892 | udp | |
| LT | 194.165.17.139:6892 | udp | |
| LT | 194.165.17.140:6892 | udp | |
| LT | 194.165.17.141:6892 | udp | |
| LT | 194.165.17.142:6892 | udp | |
| LT | 194.165.17.143:6892 | udp | |
| LT | 194.165.17.144:6892 | udp | |
| LT | 194.165.17.145:6892 | udp | |
| LT | 194.165.17.146:6892 | udp | |
| LT | 194.165.17.147:6892 | udp | |
| LT | 194.165.17.148:6892 | udp | |
| LT | 194.165.17.149:6892 | udp | |
| LT | 194.165.17.150:6892 | udp | |
| LT | 194.165.17.151:6892 | udp | |
| LT | 194.165.17.152:6892 | udp | |
| LT | 194.165.17.153:6892 | udp | |
| LT | 194.165.17.154:6892 | udp | |
| LT | 194.165.17.155:6892 | udp | |
| LT | 194.165.17.156:6892 | udp | |
| LT | 194.165.17.157:6892 | udp | |
| LT | 194.165.17.158:6892 | udp | |
| LT | 194.165.17.159:6892 | udp | |
| LT | 194.165.17.160:6892 | udp | |
| LT | 194.165.17.161:6892 | udp | |
| LT | 194.165.17.162:6892 | udp | |
| LT | 194.165.17.163:6892 | udp | |
| LT | 194.165.17.164:6892 | udp | |
| LT | 194.165.17.165:6892 | udp | |
| LT | 194.165.17.166:6892 | udp | |
| LT | 194.165.17.167:6892 | udp | |
| LT | 194.165.17.168:6892 | udp | |
| LT | 194.165.17.169:6892 | udp | |
| LT | 194.165.17.170:6892 | udp | |
| LT | 194.165.17.171:6892 | udp | |
| LT | 194.165.17.172:6892 | udp | |
| LT | 194.165.17.173:6892 | udp | |
| LT | 194.165.17.174:6892 | udp | |
| LT | 194.165.17.175:6892 | udp | |
| LT | 194.165.17.176:6892 | udp | |
| LT | 194.165.17.177:6892 | udp | |
| LT | 194.165.17.178:6892 | udp | |
| LT | 194.165.17.179:6892 | udp | |
| LT | 194.165.17.180:6892 | udp | |
| LT | 194.165.17.181:6892 | udp | |
| LT | 194.165.17.182:6892 | udp | |
| LT | 194.165.17.183:6892 | udp | |
| LT | 194.165.17.184:6892 | udp | |
| LT | 194.165.17.185:6892 | udp | |
| LT | 194.165.17.186:6892 | udp | |
| LT | 194.165.17.187:6892 | udp | |
| LT | 194.165.17.188:6892 | udp | |
| LT | 194.165.17.189:6892 | udp | |
| LT | 194.165.17.190:6892 | udp | |
| LT | 194.165.17.191:6892 | udp | |
| LT | 194.165.17.192:6892 | udp | |
| LT | 194.165.17.193:6892 | udp | |
| LT | 194.165.17.194:6892 | udp | |
| LT | 194.165.17.195:6892 | udp | |
| LT | 194.165.17.196:6892 | udp | |
| LT | 194.165.17.197:6892 | udp | |
| LT | 194.165.17.198:6892 | udp | |
| LT | 194.165.17.199:6892 | udp | |
| LT | 194.165.17.200:6892 | udp | |
| LT | 194.165.17.201:6892 | udp | |
| LT | 194.165.17.202:6892 | udp | |
| LT | 194.165.17.203:6892 | udp | |
| LT | 194.165.17.204:6892 | udp | |
| LT | 194.165.17.205:6892 | udp | |
| LT | 194.165.17.206:6892 | udp | |
| LT | 194.165.17.207:6892 | udp | |
| LT | 194.165.17.208:6892 | udp | |
| LT | 194.165.17.209:6892 | udp | |
| LT | 194.165.17.210:6892 | udp | |
| LT | 194.165.17.211:6892 | udp | |
| LT | 194.165.17.212:6892 | udp | |
| LT | 194.165.17.213:6892 | udp | |
| LT | 194.165.17.214:6892 | udp | |
| LT | 194.165.17.215:6892 | udp | |
| LT | 194.165.17.216:6892 | udp | |
| LT | 194.165.17.217:6892 | udp | |
| LT | 194.165.17.218:6892 | udp | |
| LT | 194.165.17.219:6892 | udp | |
| LT | 194.165.17.220:6892 | udp | |
| LT | 194.165.17.221:6892 | udp | |
| LT | 194.165.17.222:6892 | udp | |
| LT | 194.165.17.223:6892 | udp | |
| LT | 194.165.17.224:6892 | udp | |
| LT | 194.165.17.225:6892 | udp | |
| LT | 194.165.17.226:6892 | udp | |
| LT | 194.165.17.227:6892 | udp | |
| LT | 194.165.17.228:6892 | udp | |
| LT | 194.165.17.229:6892 | udp | |
| LT | 194.165.17.230:6892 | udp | |
| LT | 194.165.17.231:6892 | udp | |
| LT | 194.165.17.232:6892 | udp | |
| LT | 194.165.17.233:6892 | udp | |
| LT | 194.165.17.234:6892 | udp | |
| LT | 194.165.17.235:6892 | udp | |
| LT | 194.165.17.236:6892 | udp | |
| LT | 194.165.17.237:6892 | udp | |
| LT | 194.165.17.238:6892 | udp | |
| LT | 194.165.17.239:6892 | udp | |
| LT | 194.165.17.240:6892 | udp | |
| LT | 194.165.17.241:6892 | udp | |
| LT | 194.165.17.242:6892 | udp | |
| LT | 194.165.17.243:6892 | udp | |
| LT | 194.165.17.244:6892 | udp | |
| LT | 194.165.17.245:6892 | udp | |
| LT | 194.165.17.246:6892 | udp | |
| LT | 194.165.17.247:6892 | udp | |
| LT | 194.165.17.248:6892 | udp | |
| LT | 194.165.17.249:6892 | udp | |
| LT | 194.165.17.250:6892 | udp | |
| LT | 194.165.17.251:6892 | udp | |
| LT | 194.165.17.252:6892 | udp | |
| LT | 194.165.17.253:6892 | udp | |
| LT | 194.165.17.254:6892 | udp | |
| LT | 194.165.17.255:6892 | udp | |
| N/A | 192.168.0.0:6892 | udp | |
| N/A | 192.168.0.1:6892 | udp | |
| N/A | 192.168.0.2:6892 | udp | |
| N/A | 192.168.0.3:6892 | udp | |
| N/A | 192.168.0.4:6892 | udp | |
| N/A | 192.168.0.5:6892 | udp | |
| N/A | 192.168.0.6:6892 | udp | |
| N/A | 192.168.0.7:6892 | udp | |
| N/A | 192.168.0.8:6892 | udp | |
| N/A | 192.168.0.9:6892 | udp | |
| N/A | 192.168.0.10:6892 | udp | |
| N/A | 192.168.0.11:6892 | udp | |
| N/A | 192.168.0.12:6892 | udp | |
| N/A | 192.168.0.13:6892 | udp | |
| N/A | 192.168.0.14:6892 | udp | |
| N/A | 192.168.0.15:6892 | udp | |
| N/A | 192.168.0.16:6892 | udp | |
| N/A | 192.168.0.17:6892 | udp | |
| N/A | 192.168.0.18:6892 | udp | |
| N/A | 192.168.0.19:6892 | udp | |
| N/A | 192.168.0.20:6892 | udp | |
| N/A | 192.168.0.21:6892 | udp | |
| N/A | 192.168.0.22:6892 | udp | |
| N/A | 192.168.0.23:6892 | udp | |
| N/A | 192.168.0.24:6892 | udp | |
| N/A | 192.168.0.25:6892 | udp | |
| N/A | 192.168.0.26:6892 | udp | |
| N/A | 192.168.0.27:6892 | udp | |
| N/A | 192.168.0.28:6892 | udp | |
| N/A | 192.168.0.29:6892 | udp | |
| N/A | 192.168.0.30:6892 | udp | |
| N/A | 192.168.0.31:6892 | udp | |
| LT | 194.165.16.0:6892 | udp | |
| LT | 194.165.16.1:6892 | udp | |
| LT | 194.165.16.2:6892 | udp | |
| LT | 194.165.16.3:6892 | udp | |
| LT | 194.165.16.4:6892 | udp | |
| LT | 194.165.16.5:6892 | udp | |
| LT | 194.165.16.6:6892 | udp | |
| LT | 194.165.16.7:6892 | udp | |
| LT | 194.165.16.8:6892 | udp | |
| LT | 194.165.16.9:6892 | udp | |
| LT | 194.165.16.10:6892 | udp | |
| LT | 194.165.16.11:6892 | udp | |
| LT | 194.165.16.12:6892 | udp | |
| LT | 194.165.16.13:6892 | udp | |
| LT | 194.165.16.14:6892 | udp | |
| LT | 194.165.16.15:6892 | udp | |
| LT | 194.165.16.16:6892 | udp | |
| LT | 194.165.16.17:6892 | udp | |
| LT | 194.165.16.18:6892 | udp | |
| LT | 194.165.16.19:6892 | udp | |
| LT | 194.165.16.20:6892 | udp | |
| LT | 194.165.16.21:6892 | udp | |
| LT | 194.165.16.22:6892 | udp | |
| LT | 194.165.16.23:6892 | udp | |
| LT | 194.165.16.24:6892 | udp | |
| LT | 194.165.16.25:6892 | udp | |
| LT | 194.165.16.26:6892 | udp | |
| LT | 194.165.16.27:6892 | udp | |
| LT | 194.165.16.28:6892 | udp | |
| LT | 194.165.16.29:6892 | udp | |
| LT | 194.165.16.30:6892 | udp | |
| LT | 194.165.16.31:6892 | udp | |
| LT | 194.165.16.32:6892 | udp | |
| LT | 194.165.16.33:6892 | udp | |
| LT | 194.165.16.34:6892 | udp | |
| LT | 194.165.16.35:6892 | udp | |
| LT | 194.165.16.36:6892 | udp | |
| LT | 194.165.16.37:6892 | udp | |
| LT | 194.165.16.38:6892 | udp | |
| LT | 194.165.16.39:6892 | udp | |
| LT | 194.165.16.40:6892 | udp | |
| LT | 194.165.16.41:6892 | udp | |
| LT | 194.165.16.42:6892 | udp | |
| LT | 194.165.16.43:6892 | udp | |
| LT | 194.165.16.44:6892 | udp | |
| LT | 194.165.16.45:6892 | udp | |
| LT | 194.165.16.46:6892 | udp | |
| LT | 194.165.16.47:6892 | udp | |
| LT | 194.165.16.48:6892 | udp | |
| LT | 194.165.16.49:6892 | udp | |
| LT | 194.165.16.50:6892 | udp | |
| LT | 194.165.16.51:6892 | udp | |
| LT | 194.165.16.52:6892 | udp | |
| LT | 194.165.16.53:6892 | udp | |
| LT | 194.165.16.54:6892 | udp | |
| LT | 194.165.16.55:6892 | udp | |
| LT | 194.165.16.56:6892 | udp | |
| LT | 194.165.16.57:6892 | udp | |
| LT | 194.165.16.58:6892 | udp | |
| LT | 194.165.16.59:6892 | udp | |
| LT | 194.165.16.60:6892 | udp | |
| LT | 194.165.16.61:6892 | udp | |
| LT | 194.165.16.62:6892 | udp | |
| LT | 194.165.16.63:6892 | udp | |
| LT | 194.165.16.64:6892 | udp | |
| LT | 194.165.16.65:6892 | udp | |
| LT | 194.165.16.66:6892 | udp | |
| LT | 194.165.16.67:6892 | udp | |
| LT | 194.165.16.68:6892 | udp | |
| LT | 194.165.16.69:6892 | udp | |
| LT | 194.165.16.70:6892 | udp | |
| LT | 194.165.16.71:6892 | udp | |
| LT | 194.165.16.72:6892 | udp | |
| LT | 194.165.16.73:6892 | udp | |
| LT | 194.165.16.74:6892 | udp | |
| LT | 194.165.16.75:6892 | udp | |
| LT | 194.165.16.76:6892 | udp | |
| LT | 194.165.16.77:6892 | udp | |
| LT | 194.165.16.78:6892 | udp | |
| LT | 194.165.16.79:6892 | udp | |
| LT | 194.165.16.80:6892 | udp | |
| LT | 194.165.16.81:6892 | udp | |
| LT | 194.165.16.82:6892 | udp | |
| LT | 194.165.16.83:6892 | udp | |
| LT | 194.165.16.84:6892 | udp | |
| LT | 194.165.16.85:6892 | udp | |
| LT | 194.165.16.86:6892 | udp | |
| LT | 194.165.16.87:6892 | udp | |
| LT | 194.165.16.88:6892 | udp | |
| LT | 194.165.16.89:6892 | udp | |
| LT | 194.165.16.90:6892 | udp | |
| LT | 194.165.16.91:6892 | udp | |
| LT | 194.165.16.92:6892 | udp | |
| LT | 194.165.16.93:6892 | udp | |
| LT | 194.165.16.94:6892 | udp | |
| LT | 194.165.16.95:6892 | udp | |
| LT | 194.165.16.96:6892 | udp | |
| LT | 194.165.16.97:6892 | udp | |
| LT | 194.165.16.98:6892 | udp | |
| LT | 194.165.16.99:6892 | udp | |
| LT | 194.165.16.100:6892 | udp | |
| LT | 194.165.16.101:6892 | udp | |
| LT | 194.165.16.102:6892 | udp | |
| LT | 194.165.16.103:6892 | udp | |
| LT | 194.165.16.104:6892 | udp | |
| LT | 194.165.16.105:6892 | udp | |
| LT | 194.165.16.106:6892 | udp | |
| LT | 194.165.16.107:6892 | udp | |
| LT | 194.165.16.108:6892 | udp | |
| LT | 194.165.16.109:6892 | udp | |
| LT | 194.165.16.110:6892 | udp | |
| LT | 194.165.16.111:6892 | udp | |
| LT | 194.165.16.112:6892 | udp | |
| LT | 194.165.16.113:6892 | udp | |
| LT | 194.165.16.114:6892 | udp | |
| LT | 194.165.16.115:6892 | udp | |
| LT | 194.165.16.116:6892 | udp | |
| LT | 194.165.16.117:6892 | udp | |
| LT | 194.165.16.118:6892 | udp | |
| LT | 194.165.16.119:6892 | udp | |
| LT | 194.165.16.120:6892 | udp | |
| LT | 194.165.16.121:6892 | udp | |
| LT | 194.165.16.122:6892 | udp | |
| LT | 194.165.16.123:6892 | udp | |
| LT | 194.165.16.124:6892 | udp | |
| LT | 194.165.16.125:6892 | udp | |
| LT | 194.165.16.126:6892 | udp | |
| LT | 194.165.16.127:6892 | udp | |
| LT | 194.165.16.128:6892 | udp | |
| LT | 194.165.16.129:6892 | udp | |
| LT | 194.165.16.130:6892 | udp | |
| LT | 194.165.16.131:6892 | udp | |
| LT | 194.165.16.132:6892 | udp | |
| LT | 194.165.16.133:6892 | udp | |
| LT | 194.165.16.134:6892 | udp | |
| LT | 194.165.16.135:6892 | udp | |
| LT | 194.165.16.136:6892 | udp | |
| LT | 194.165.16.137:6892 | udp | |
| LT | 194.165.16.138:6892 | udp | |
| LT | 194.165.16.139:6892 | udp | |
| LT | 194.165.16.140:6892 | udp | |
| LT | 194.165.16.141:6892 | udp | |
| LT | 194.165.16.142:6892 | udp | |
| LT | 194.165.16.143:6892 | udp | |
| LT | 194.165.16.144:6892 | udp | |
| LT | 194.165.16.145:6892 | udp | |
| LT | 194.165.16.146:6892 | udp | |
| LT | 194.165.16.147:6892 | udp | |
| LT | 194.165.16.148:6892 | udp | |
| LT | 194.165.16.149:6892 | udp | |
| LT | 194.165.16.150:6892 | udp | |
| LT | 194.165.16.151:6892 | udp | |
| LT | 194.165.16.152:6892 | udp | |
| LT | 194.165.16.153:6892 | udp | |
| LT | 194.165.16.154:6892 | udp | |
| LT | 194.165.16.155:6892 | udp | |
| LT | 194.165.16.156:6892 | udp | |
| LT | 194.165.16.157:6892 | udp | |
| LT | 194.165.16.158:6892 | udp | |
| LT | 194.165.16.159:6892 | udp | |
| LT | 194.165.16.160:6892 | udp | |
| LT | 194.165.16.161:6892 | udp | |
| LT | 194.165.16.162:6892 | udp | |
| LT | 194.165.16.163:6892 | udp | |
| LT | 194.165.16.164:6892 | udp | |
| LT | 194.165.16.165:6892 | udp | |
| LT | 194.165.16.166:6892 | udp | |
| LT | 194.165.16.167:6892 | udp | |
| LT | 194.165.16.168:6892 | udp | |
| LT | 194.165.16.169:6892 | udp | |
| LT | 194.165.16.170:6892 | udp | |
| LT | 194.165.16.171:6892 | udp | |
| LT | 194.165.16.172:6892 | udp | |
| LT | 194.165.16.173:6892 | udp | |
| LT | 194.165.16.174:6892 | udp | |
| LT | 194.165.16.175:6892 | udp | |
| LT | 194.165.16.176:6892 | udp | |
| LT | 194.165.16.177:6892 | udp | |
| LT | 194.165.16.178:6892 | udp | |
| LT | 194.165.16.179:6892 | udp | |
| LT | 194.165.16.180:6892 | udp | |
| LT | 194.165.16.181:6892 | udp | |
| LT | 194.165.16.182:6892 | udp | |
| LT | 194.165.16.183:6892 | udp | |
| LT | 194.165.16.184:6892 | udp | |
| LT | 194.165.16.185:6892 | udp | |
| LT | 194.165.16.186:6892 | udp | |
| LT | 194.165.16.187:6892 | udp | |
| LT | 194.165.16.188:6892 | udp | |
| LT | 194.165.16.189:6892 | udp | |
| LT | 194.165.16.190:6892 | udp | |
| LT | 194.165.16.191:6892 | udp | |
| LT | 194.165.16.192:6892 | udp | |
| LT | 194.165.16.193:6892 | udp | |
| LT | 194.165.16.194:6892 | udp | |
| LT | 194.165.16.195:6892 | udp | |
| LT | 194.165.16.196:6892 | udp | |
| LT | 194.165.16.197:6892 | udp | |
| LT | 194.165.16.198:6892 | udp | |
| LT | 194.165.16.199:6892 | udp | |
| LT | 194.165.16.200:6892 | udp | |
| LT | 194.165.16.201:6892 | udp | |
| LT | 194.165.16.202:6892 | udp | |
| LT | 194.165.16.203:6892 | udp | |
| LT | 194.165.16.204:6892 | udp | |
| LT | 194.165.16.205:6892 | udp | |
| LT | 194.165.16.206:6892 | udp | |
| LT | 194.165.16.207:6892 | udp | |
| LT | 194.165.16.208:6892 | udp | |
| LT | 194.165.16.209:6892 | udp | |
| LT | 194.165.16.210:6892 | udp | |
| LT | 194.165.16.211:6892 | udp | |
| LT | 194.165.16.212:6892 | udp | |
| LT | 194.165.16.213:6892 | udp | |
| LT | 194.165.16.214:6892 | udp | |
| LT | 194.165.16.215:6892 | udp | |
| LT | 194.165.16.216:6892 | udp | |
| LT | 194.165.16.217:6892 | udp | |
| LT | 194.165.16.218:6892 | udp | |
| LT | 194.165.16.219:6892 | udp | |
| LT | 194.165.16.220:6892 | udp | |
| LT | 194.165.16.221:6892 | udp | |
| LT | 194.165.16.222:6892 | udp | |
| LT | 194.165.16.223:6892 | udp | |
| LT | 194.165.16.224:6892 | udp | |
| LT | 194.165.16.225:6892 | udp | |
| LT | 194.165.16.226:6892 | udp | |
| LT | 194.165.16.227:6892 | udp | |
| LT | 194.165.16.228:6892 | udp | |
| LT | 194.165.16.229:6892 | udp | |
| LT | 194.165.16.230:6892 | udp | |
| LT | 194.165.16.231:6892 | udp | |
| LT | 194.165.16.232:6892 | udp | |
| LT | 194.165.16.233:6892 | udp | |
| LT | 194.165.16.234:6892 | udp | |
| LT | 194.165.16.235:6892 | udp | |
| LT | 194.165.16.236:6892 | udp | |
| LT | 194.165.16.237:6892 | udp | |
| LT | 194.165.16.238:6892 | udp | |
| LT | 194.165.16.239:6892 | udp | |
| LT | 194.165.16.240:6892 | udp | |
| LT | 194.165.16.241:6892 | udp | |
| LT | 194.165.16.242:6892 | udp | |
| LT | 194.165.16.243:6892 | udp | |
| LT | 194.165.16.244:6892 | udp | |
| LT | 194.165.16.245:6892 | udp | |
| LT | 194.165.16.246:6892 | udp | |
| LT | 194.165.16.247:6892 | udp | |
| LT | 194.165.16.248:6892 | udp | |
| LT | 194.165.16.249:6892 | udp | |
| LT | 194.165.16.250:6892 | udp | |
| LT | 194.165.16.251:6892 | udp | |
| LT | 194.165.16.252:6892 | udp | |
| LT | 194.165.16.253:6892 | udp | |
| LT | 194.165.16.254:6892 | udp | |
| N/A | 127.0.0.0:6892 | udp | |
| N/A | 127.0.0.1:6892 | udp | |
| N/A | 127.0.0.2:6892 | udp | |
| N/A | 127.0.0.3:6892 | udp | |
| N/A | 127.0.0.4:6892 | udp | |
| N/A | 127.0.0.5:6892 | udp | |
| N/A | 127.0.0.6:6892 | udp | |
| N/A | 127.0.0.7:6892 | udp | |
| N/A | 127.0.0.8:6892 | udp | |
| N/A | 127.0.0.9:6892 | udp | |
| N/A | 127.0.0.10:6892 | udp | |
| N/A | 127.0.0.11:6892 | udp | |
| N/A | 127.0.0.12:6892 | udp | |
| N/A | 127.0.0.13:6892 | udp | |
| N/A | 127.0.0.14:6892 | udp | |
| N/A | 127.0.0.15:6892 | udp | |
| N/A | 127.0.0.16:6892 | udp | |
| N/A | 127.0.0.17:6892 | udp | |
| N/A | 127.0.0.18:6892 | udp | |
| N/A | 127.0.0.19:6892 | udp | |
| N/A | 127.0.0.20:6892 | udp | |
| N/A | 127.0.0.21:6892 | udp | |
| N/A | 127.0.0.22:6892 | udp | |
| N/A | 127.0.0.23:6892 | udp | |
| N/A | 127.0.0.24:6892 | udp | |
| N/A | 127.0.0.25:6892 | udp | |
| N/A | 127.0.0.26:6892 | udp | |
| N/A | 127.0.0.27:6892 | udp | |
| N/A | 127.0.0.28:6892 | udp | |
| N/A | 127.0.0.29:6892 | udp | |
| N/A | 127.0.0.30:6892 | udp | |
| N/A | 127.0.0.31:6892 | udp | |
| LT | 194.165.16.255:6892 | udp | |
| LT | 194.165.17.0:6892 | udp | |
| LT | 194.165.17.1:6892 | udp | |
| LT | 194.165.17.2:6892 | udp | |
| LT | 194.165.17.3:6892 | udp | |
| LT | 194.165.17.4:6892 | udp | |
| LT | 194.165.17.5:6892 | udp | |
| LT | 194.165.17.6:6892 | udp | |
| LT | 194.165.17.7:6892 | udp | |
| LT | 194.165.17.8:6892 | udp | |
| LT | 194.165.17.9:6892 | udp | |
| LT | 194.165.17.10:6892 | udp | |
| LT | 194.165.17.11:6892 | udp | |
| LT | 194.165.17.12:6892 | udp | |
| LT | 194.165.17.13:6892 | udp | |
| LT | 194.165.17.14:6892 | udp | |
| LT | 194.165.17.15:6892 | udp | |
| LT | 194.165.17.16:6892 | udp | |
| LT | 194.165.17.17:6892 | udp | |
| LT | 194.165.17.18:6892 | udp | |
| LT | 194.165.17.19:6892 | udp | |
| LT | 194.165.17.20:6892 | udp | |
| LT | 194.165.17.21:6892 | udp | |
| LT | 194.165.17.22:6892 | udp | |
| LT | 194.165.17.23:6892 | udp | |
| LT | 194.165.17.24:6892 | udp | |
| LT | 194.165.17.25:6892 | udp | |
| LT | 194.165.17.26:6892 | udp | |
| LT | 194.165.17.27:6892 | udp | |
| LT | 194.165.17.28:6892 | udp | |
| LT | 194.165.17.29:6892 | udp | |
| LT | 194.165.17.30:6892 | udp | |
| LT | 194.165.17.31:6892 | udp | |
| LT | 194.165.17.32:6892 | udp | |
| LT | 194.165.17.33:6892 | udp | |
| LT | 194.165.17.34:6892 | udp | |
| LT | 194.165.17.35:6892 | udp | |
| LT | 194.165.17.36:6892 | udp | |
| LT | 194.165.17.37:6892 | udp | |
| LT | 194.165.17.38:6892 | udp | |
| LT | 194.165.17.39:6892 | udp | |
| LT | 194.165.17.40:6892 | udp | |
| LT | 194.165.17.41:6892 | udp | |
| LT | 194.165.17.42:6892 | udp | |
| LT | 194.165.17.43:6892 | udp | |
| LT | 194.165.17.44:6892 | udp | |
| LT | 194.165.17.45:6892 | udp | |
| LT | 194.165.17.46:6892 | udp | |
| LT | 194.165.17.47:6892 | udp | |
| LT | 194.165.17.48:6892 | udp | |
| LT | 194.165.17.49:6892 | udp | |
| LT | 194.165.17.50:6892 | udp | |
| LT | 194.165.17.51:6892 | udp | |
| LT | 194.165.17.52:6892 | udp | |
| LT | 194.165.17.53:6892 | udp | |
| LT | 194.165.17.54:6892 | udp | |
| LT | 194.165.17.55:6892 | udp | |
| LT | 194.165.17.56:6892 | udp | |
| LT | 194.165.17.57:6892 | udp | |
| LT | 194.165.17.58:6892 | udp | |
| LT | 194.165.17.59:6892 | udp | |
| LT | 194.165.17.60:6892 | udp | |
| LT | 194.165.17.61:6892 | udp | |
| LT | 194.165.17.62:6892 | udp | |
| LT | 194.165.17.63:6892 | udp | |
| LT | 194.165.17.64:6892 | udp | |
| LT | 194.165.17.65:6892 | udp | |
| LT | 194.165.17.66:6892 | udp | |
| LT | 194.165.17.67:6892 | udp | |
| LT | 194.165.17.68:6892 | udp | |
| LT | 194.165.17.69:6892 | udp | |
| LT | 194.165.17.70:6892 | udp | |
| LT | 194.165.17.71:6892 | udp | |
| LT | 194.165.17.72:6892 | udp | |
| LT | 194.165.17.73:6892 | udp | |
| LT | 194.165.17.74:6892 | udp | |
| LT | 194.165.17.75:6892 | udp | |
| LT | 194.165.17.76:6892 | udp | |
| LT | 194.165.17.77:6892 | udp | |
| LT | 194.165.17.78:6892 | udp | |
| LT | 194.165.17.79:6892 | udp | |
| LT | 194.165.17.80:6892 | udp | |
| LT | 194.165.17.81:6892 | udp | |
| LT | 194.165.17.82:6892 | udp | |
| LT | 194.165.17.83:6892 | udp | |
| LT | 194.165.17.84:6892 | udp | |
| LT | 194.165.17.85:6892 | udp | |
| LT | 194.165.17.86:6892 | udp | |
| LT | 194.165.17.87:6892 | udp | |
| LT | 194.165.17.88:6892 | udp | |
| LT | 194.165.17.89:6892 | udp | |
| LT | 194.165.17.90:6892 | udp | |
| LT | 194.165.17.91:6892 | udp | |
| LT | 194.165.17.92:6892 | udp | |
| LT | 194.165.17.93:6892 | udp | |
| LT | 194.165.17.94:6892 | udp | |
| LT | 194.165.17.95:6892 | udp | |
| LT | 194.165.17.96:6892 | udp | |
| LT | 194.165.17.97:6892 | udp | |
| LT | 194.165.17.98:6892 | udp | |
| LT | 194.165.17.99:6892 | udp | |
| LT | 194.165.17.100:6892 | udp | |
| LT | 194.165.17.101:6892 | udp | |
| LT | 194.165.17.102:6892 | udp | |
| LT | 194.165.17.103:6892 | udp | |
| LT | 194.165.17.104:6892 | udp | |
| LT | 194.165.17.105:6892 | udp | |
| LT | 194.165.17.106:6892 | udp | |
| LT | 194.165.17.107:6892 | udp | |
| LT | 194.165.17.108:6892 | udp | |
| LT | 194.165.17.109:6892 | udp | |
| LT | 194.165.17.110:6892 | udp | |
| LT | 194.165.17.111:6892 | udp | |
| LT | 194.165.17.112:6892 | udp | |
| LT | 194.165.17.113:6892 | udp | |
| LT | 194.165.17.114:6892 | udp | |
| LT | 194.165.17.115:6892 | udp | |
| LT | 194.165.17.116:6892 | udp | |
| LT | 194.165.17.117:6892 | udp | |
| LT | 194.165.17.118:6892 | udp | |
| LT | 194.165.17.119:6892 | udp | |
| LT | 194.165.17.120:6892 | udp | |
| LT | 194.165.17.121:6892 | udp | |
| LT | 194.165.17.122:6892 | udp | |
| LT | 194.165.17.123:6892 | udp | |
| LT | 194.165.17.124:6892 | udp | |
| LT | 194.165.17.125:6892 | udp | |
| LT | 194.165.17.126:6892 | udp | |
| LT | 194.165.17.127:6892 | udp | |
| LT | 194.165.17.128:6892 | udp | |
| LT | 194.165.17.129:6892 | udp | |
| LT | 194.165.17.130:6892 | udp | |
| LT | 194.165.17.131:6892 | udp | |
| LT | 194.165.17.132:6892 | udp | |
| LT | 194.165.17.133:6892 | udp | |
| LT | 194.165.17.134:6892 | udp | |
| LT | 194.165.17.135:6892 | udp | |
| LT | 194.165.17.136:6892 | udp | |
| LT | 194.165.17.137:6892 | udp | |
| LT | 194.165.17.138:6892 | udp | |
| LT | 194.165.17.139:6892 | udp | |
| LT | 194.165.17.140:6892 | udp | |
| LT | 194.165.17.141:6892 | udp | |
| LT | 194.165.17.142:6892 | udp | |
| LT | 194.165.17.143:6892 | udp | |
| LT | 194.165.17.144:6892 | udp | |
| LT | 194.165.17.145:6892 | udp | |
| LT | 194.165.17.146:6892 | udp | |
| LT | 194.165.17.147:6892 | udp | |
| LT | 194.165.17.148:6892 | udp | |
| LT | 194.165.17.149:6892 | udp | |
| LT | 194.165.17.150:6892 | udp | |
| LT | 194.165.17.151:6892 | udp | |
| LT | 194.165.17.152:6892 | udp | |
| LT | 194.165.17.153:6892 | udp | |
| LT | 194.165.17.154:6892 | udp | |
| LT | 194.165.17.155:6892 | udp | |
| LT | 194.165.17.156:6892 | udp | |
| LT | 194.165.17.157:6892 | udp | |
| LT | 194.165.17.158:6892 | udp | |
| LT | 194.165.17.159:6892 | udp | |
| LT | 194.165.17.160:6892 | udp | |
| LT | 194.165.17.161:6892 | udp | |
| LT | 194.165.17.162:6892 | udp | |
| LT | 194.165.17.163:6892 | udp | |
| LT | 194.165.17.164:6892 | udp | |
| LT | 194.165.17.165:6892 | udp | |
| LT | 194.165.17.166:6892 | udp | |
| LT | 194.165.17.167:6892 | udp | |
| LT | 194.165.17.168:6892 | udp | |
| LT | 194.165.17.169:6892 | udp | |
| LT | 194.165.17.170:6892 | udp | |
| LT | 194.165.17.171:6892 | udp | |
| LT | 194.165.17.172:6892 | udp | |
| LT | 194.165.17.173:6892 | udp | |
| LT | 194.165.17.174:6892 | udp | |
| LT | 194.165.17.175:6892 | udp | |
| LT | 194.165.17.176:6892 | udp | |
| LT | 194.165.17.177:6892 | udp | |
| LT | 194.165.17.178:6892 | udp | |
| LT | 194.165.17.179:6892 | udp | |
| LT | 194.165.17.180:6892 | udp | |
| LT | 194.165.17.181:6892 | udp | |
| LT | 194.165.17.182:6892 | udp | |
| LT | 194.165.17.183:6892 | udp | |
| LT | 194.165.17.184:6892 | udp | |
| LT | 194.165.17.185:6892 | udp | |
| LT | 194.165.17.186:6892 | udp | |
| LT | 194.165.17.187:6892 | udp | |
| LT | 194.165.17.188:6892 | udp | |
| LT | 194.165.17.189:6892 | udp | |
| LT | 194.165.17.190:6892 | udp | |
| LT | 194.165.17.191:6892 | udp | |
| LT | 194.165.17.192:6892 | udp | |
| LT | 194.165.17.193:6892 | udp | |
| LT | 194.165.17.194:6892 | udp | |
| LT | 194.165.17.195:6892 | udp | |
| LT | 194.165.17.196:6892 | udp | |
| LT | 194.165.17.197:6892 | udp | |
| LT | 194.165.17.198:6892 | udp | |
| LT | 194.165.17.199:6892 | udp | |
| LT | 194.165.17.200:6892 | udp | |
| LT | 194.165.17.201:6892 | udp | |
| LT | 194.165.17.202:6892 | udp | |
| LT | 194.165.17.203:6892 | udp | |
| LT | 194.165.17.204:6892 | udp | |
| LT | 194.165.17.205:6892 | udp | |
| LT | 194.165.17.206:6892 | udp | |
| LT | 194.165.17.207:6892 | udp | |
| LT | 194.165.17.208:6892 | udp | |
| LT | 194.165.17.209:6892 | udp | |
| LT | 194.165.17.210:6892 | udp | |
| LT | 194.165.17.211:6892 | udp | |
| LT | 194.165.17.212:6892 | udp | |
| LT | 194.165.17.213:6892 | udp | |
| LT | 194.165.17.214:6892 | udp | |
| LT | 194.165.17.215:6892 | udp | |
| LT | 194.165.17.216:6892 | udp | |
| LT | 194.165.17.217:6892 | udp | |
| LT | 194.165.17.218:6892 | udp | |
| LT | 194.165.17.219:6892 | udp | |
| LT | 194.165.17.220:6892 | udp | |
| LT | 194.165.17.221:6892 | udp | |
| LT | 194.165.17.222:6892 | udp | |
| LT | 194.165.17.223:6892 | udp | |
| LT | 194.165.17.224:6892 | udp | |
| LT | 194.165.17.225:6892 | udp | |
| LT | 194.165.17.226:6892 | udp | |
| LT | 194.165.17.227:6892 | udp | |
| LT | 194.165.17.228:6892 | udp | |
| LT | 194.165.17.229:6892 | udp | |
| LT | 194.165.17.230:6892 | udp | |
| LT | 194.165.17.231:6892 | udp | |
| LT | 194.165.17.232:6892 | udp | |
| LT | 194.165.17.233:6892 | udp | |
| LT | 194.165.17.234:6892 | udp | |
| LT | 194.165.17.235:6892 | udp | |
| LT | 194.165.17.236:6892 | udp | |
| LT | 194.165.17.237:6892 | udp | |
| LT | 194.165.17.238:6892 | udp | |
| LT | 194.165.17.239:6892 | udp | |
| LT | 194.165.17.240:6892 | udp | |
| LT | 194.165.17.241:6892 | udp | |
| LT | 194.165.17.242:6892 | udp | |
| LT | 194.165.17.243:6892 | udp | |
| LT | 194.165.17.244:6892 | udp | |
| LT | 194.165.17.245:6892 | udp | |
| LT | 194.165.17.246:6892 | udp | |
| LT | 194.165.17.247:6892 | udp | |
| LT | 194.165.17.248:6892 | udp | |
| LT | 194.165.17.249:6892 | udp | |
| LT | 194.165.17.250:6892 | udp | |
| LT | 194.165.17.251:6892 | udp | |
| LT | 194.165.17.252:6892 | udp | |
| LT | 194.165.17.253:6892 | udp | |
| LT | 194.165.17.254:6892 | udp | |
| LT | 194.165.17.255:6892 | udp | |
| N/A | 192.168.0.0:6892 | udp | |
| N/A | 192.168.0.1:6892 | udp | |
| N/A | 192.168.0.2:6892 | udp | |
| N/A | 192.168.0.3:6892 | udp | |
| N/A | 192.168.0.4:6892 | udp | |
| N/A | 192.168.0.5:6892 | udp | |
| N/A | 192.168.0.6:6892 | udp | |
| N/A | 192.168.0.7:6892 | udp | |
| N/A | 192.168.0.8:6892 | udp | |
| N/A | 192.168.0.9:6892 | udp | |
| N/A | 192.168.0.10:6892 | udp | |
| N/A | 192.168.0.11:6892 | udp | |
| N/A | 192.168.0.12:6892 | udp | |
| N/A | 192.168.0.13:6892 | udp | |
| N/A | 192.168.0.14:6892 | udp | |
| N/A | 192.168.0.15:6892 | udp | |
| N/A | 192.168.0.16:6892 | udp | |
| N/A | 192.168.0.17:6892 | udp | |
| N/A | 192.168.0.18:6892 | udp | |
| N/A | 192.168.0.19:6892 | udp | |
| N/A | 192.168.0.20:6892 | udp | |
| N/A | 192.168.0.21:6892 | udp | |
| N/A | 192.168.0.22:6892 | udp | |
| N/A | 192.168.0.23:6892 | udp | |
| N/A | 192.168.0.24:6892 | udp | |
| N/A | 192.168.0.25:6892 | udp | |
| N/A | 192.168.0.26:6892 | udp | |
| N/A | 192.168.0.27:6892 | udp | |
| N/A | 192.168.0.28:6892 | udp | |
| N/A | 192.168.0.29:6892 | udp | |
| N/A | 192.168.0.30:6892 | udp | |
| N/A | 192.168.0.31:6892 | udp | |
| LT | 194.165.16.0:6892 | udp | |
| LT | 194.165.16.1:6892 | udp | |
| LT | 194.165.16.2:6892 | udp | |
| LT | 194.165.16.3:6892 | udp | |
| LT | 194.165.16.4:6892 | udp | |
| LT | 194.165.16.5:6892 | udp | |
| LT | 194.165.16.6:6892 | udp | |
| LT | 194.165.16.7:6892 | udp | |
| LT | 194.165.16.8:6892 | udp | |
| LT | 194.165.16.9:6892 | udp | |
| LT | 194.165.16.10:6892 | udp | |
| LT | 194.165.16.11:6892 | udp | |
| LT | 194.165.16.12:6892 | udp | |
| LT | 194.165.16.13:6892 | udp | |
| LT | 194.165.16.14:6892 | udp | |
| LT | 194.165.16.15:6892 | udp | |
| LT | 194.165.16.16:6892 | udp | |
| LT | 194.165.16.17:6892 | udp | |
| LT | 194.165.16.18:6892 | udp | |
| LT | 194.165.16.19:6892 | udp | |
| LT | 194.165.16.20:6892 | udp | |
| LT | 194.165.16.21:6892 | udp | |
| LT | 194.165.16.22:6892 | udp | |
| LT | 194.165.16.23:6892 | udp | |
| LT | 194.165.16.24:6892 | udp | |
| LT | 194.165.16.25:6892 | udp | |
| LT | 194.165.16.26:6892 | udp | |
| LT | 194.165.16.27:6892 | udp | |
| LT | 194.165.16.28:6892 | udp | |
| LT | 194.165.16.29:6892 | udp | |
| LT | 194.165.16.30:6892 | udp | |
| LT | 194.165.16.31:6892 | udp | |
| LT | 194.165.16.32:6892 | udp | |
| LT | 194.165.16.33:6892 | udp | |
| LT | 194.165.16.34:6892 | udp | |
| LT | 194.165.16.35:6892 | udp | |
| LT | 194.165.16.36:6892 | udp | |
| LT | 194.165.16.37:6892 | udp | |
| LT | 194.165.16.38:6892 | udp | |
| LT | 194.165.16.39:6892 | udp | |
| LT | 194.165.16.40:6892 | udp | |
| LT | 194.165.16.41:6892 | udp | |
| LT | 194.165.16.42:6892 | udp | |
| LT | 194.165.16.43:6892 | udp | |
| LT | 194.165.16.44:6892 | udp | |
| LT | 194.165.16.45:6892 | udp | |
| LT | 194.165.16.46:6892 | udp | |
| LT | 194.165.16.47:6892 | udp | |
| LT | 194.165.16.48:6892 | udp | |
| LT | 194.165.16.49:6892 | udp | |
| LT | 194.165.16.50:6892 | udp | |
| LT | 194.165.16.51:6892 | udp | |
| LT | 194.165.16.52:6892 | udp | |
| LT | 194.165.16.53:6892 | udp | |
| LT | 194.165.16.54:6892 | udp | |
| LT | 194.165.16.55:6892 | udp | |
| LT | 194.165.16.56:6892 | udp | |
| LT | 194.165.16.57:6892 | udp | |
| LT | 194.165.16.58:6892 | udp | |
| LT | 194.165.16.59:6892 | udp | |
| LT | 194.165.16.60:6892 | udp | |
| LT | 194.165.16.61:6892 | udp | |
| LT | 194.165.16.62:6892 | udp | |
| LT | 194.165.16.63:6892 | udp | |
| LT | 194.165.16.64:6892 | udp | |
| LT | 194.165.16.65:6892 | udp | |
| LT | 194.165.16.66:6892 | udp | |
| LT | 194.165.16.67:6892 | udp | |
| LT | 194.165.16.68:6892 | udp | |
| LT | 194.165.16.69:6892 | udp | |
| LT | 194.165.16.70:6892 | udp | |
| LT | 194.165.16.71:6892 | udp | |
| LT | 194.165.16.72:6892 | udp | |
| LT | 194.165.16.73:6892 | udp | |
| LT | 194.165.16.74:6892 | udp | |
| LT | 194.165.16.75:6892 | udp | |
| LT | 194.165.16.76:6892 | udp | |
| LT | 194.165.16.77:6892 | udp | |
| LT | 194.165.16.78:6892 | udp | |
| LT | 194.165.16.79:6892 | udp | |
| LT | 194.165.16.80:6892 | udp | |
| LT | 194.165.16.81:6892 | udp | |
| LT | 194.165.16.82:6892 | udp | |
| LT | 194.165.16.83:6892 | udp | |
| LT | 194.165.16.84:6892 | udp | |
| LT | 194.165.16.85:6892 | udp | |
| LT | 194.165.16.86:6892 | udp | |
| LT | 194.165.16.87:6892 | udp | |
| LT | 194.165.16.88:6892 | udp | |
| LT | 194.165.16.89:6892 | udp | |
| LT | 194.165.16.90:6892 | udp | |
| LT | 194.165.16.91:6892 | udp | |
| LT | 194.165.16.92:6892 | udp | |
| LT | 194.165.16.93:6892 | udp | |
| LT | 194.165.16.94:6892 | udp | |
| LT | 194.165.16.95:6892 | udp | |
| LT | 194.165.16.96:6892 | udp | |
| LT | 194.165.16.97:6892 | udp | |
| LT | 194.165.16.98:6892 | udp | |
| LT | 194.165.16.99:6892 | udp | |
| LT | 194.165.16.100:6892 | udp | |
| LT | 194.165.16.101:6892 | udp | |
| LT | 194.165.16.102:6892 | udp | |
| LT | 194.165.16.103:6892 | udp | |
| LT | 194.165.16.104:6892 | udp | |
| LT | 194.165.16.105:6892 | udp | |
| LT | 194.165.16.106:6892 | udp | |
| LT | 194.165.16.107:6892 | udp | |
| LT | 194.165.16.108:6892 | udp | |
| LT | 194.165.16.109:6892 | udp | |
| LT | 194.165.16.110:6892 | udp | |
| LT | 194.165.16.111:6892 | udp | |
| LT | 194.165.16.112:6892 | udp | |
| LT | 194.165.16.113:6892 | udp | |
| LT | 194.165.16.114:6892 | udp | |
| LT | 194.165.16.115:6892 | udp | |
| LT | 194.165.16.116:6892 | udp | |
| LT | 194.165.16.117:6892 | udp | |
| LT | 194.165.16.118:6892 | udp | |
| LT | 194.165.16.119:6892 | udp | |
| LT | 194.165.16.120:6892 | udp | |
| LT | 194.165.16.121:6892 | udp | |
| LT | 194.165.16.122:6892 | udp | |
| LT | 194.165.16.123:6892 | udp | |
| LT | 194.165.16.124:6892 | udp | |
| LT | 194.165.16.125:6892 | udp | |
| LT | 194.165.16.126:6892 | udp | |
| LT | 194.165.16.127:6892 | udp | |
| LT | 194.165.16.128:6892 | udp | |
| LT | 194.165.16.129:6892 | udp | |
| LT | 194.165.16.130:6892 | udp | |
| LT | 194.165.16.131:6892 | udp | |
| LT | 194.165.16.132:6892 | udp | |
| LT | 194.165.16.133:6892 | udp | |
| LT | 194.165.16.134:6892 | udp | |
| LT | 194.165.16.135:6892 | udp | |
| LT | 194.165.16.136:6892 | udp | |
| LT | 194.165.16.137:6892 | udp | |
| LT | 194.165.16.138:6892 | udp | |
| LT | 194.165.16.139:6892 | udp | |
| LT | 194.165.16.140:6892 | udp | |
| LT | 194.165.16.141:6892 | udp | |
| LT | 194.165.16.142:6892 | udp | |
| LT | 194.165.16.143:6892 | udp | |
| LT | 194.165.16.144:6892 | udp | |
| LT | 194.165.16.145:6892 | udp | |
| LT | 194.165.16.146:6892 | udp | |
| LT | 194.165.16.147:6892 | udp | |
| LT | 194.165.16.148:6892 | udp | |
| LT | 194.165.16.149:6892 | udp | |
| LT | 194.165.16.150:6892 | udp | |
| LT | 194.165.16.151:6892 | udp | |
| LT | 194.165.16.152:6892 | udp | |
| LT | 194.165.16.153:6892 | udp | |
| LT | 194.165.16.154:6892 | udp | |
| LT | 194.165.16.155:6892 | udp | |
| LT | 194.165.16.156:6892 | udp | |
| LT | 194.165.16.157:6892 | udp | |
| LT | 194.165.16.158:6892 | udp | |
| LT | 194.165.16.159:6892 | udp | |
| LT | 194.165.16.160:6892 | udp | |
| LT | 194.165.16.161:6892 | udp | |
| LT | 194.165.16.162:6892 | udp | |
| LT | 194.165.16.163:6892 | udp | |
| LT | 194.165.16.164:6892 | udp | |
| LT | 194.165.16.165:6892 | udp | |
| LT | 194.165.16.166:6892 | udp | |
| LT | 194.165.16.167:6892 | udp | |
| LT | 194.165.16.168:6892 | udp | |
| LT | 194.165.16.169:6892 | udp | |
| LT | 194.165.16.170:6892 | udp | |
| LT | 194.165.16.171:6892 | udp | |
| LT | 194.165.16.172:6892 | udp | |
| LT | 194.165.16.173:6892 | udp | |
| LT | 194.165.16.174:6892 | udp | |
| LT | 194.165.16.175:6892 | udp | |
| LT | 194.165.16.176:6892 | udp | |
| LT | 194.165.16.177:6892 | udp | |
| LT | 194.165.16.178:6892 | udp | |
| LT | 194.165.16.179:6892 | udp | |
| LT | 194.165.16.180:6892 | udp | |
| LT | 194.165.16.181:6892 | udp | |
| LT | 194.165.16.182:6892 | udp | |
| LT | 194.165.16.183:6892 | udp | |
| LT | 194.165.16.184:6892 | udp | |
| LT | 194.165.16.185:6892 | udp | |
| LT | 194.165.16.186:6892 | udp | |
| LT | 194.165.16.187:6892 | udp | |
| LT | 194.165.16.188:6892 | udp | |
| LT | 194.165.16.189:6892 | udp | |
| LT | 194.165.16.190:6892 | udp | |
| LT | 194.165.16.191:6892 | udp | |
| LT | 194.165.16.192:6892 | udp | |
| LT | 194.165.16.193:6892 | udp | |
| LT | 194.165.16.194:6892 | udp | |
| LT | 194.165.16.195:6892 | udp | |
| LT | 194.165.16.196:6892 | udp | |
| LT | 194.165.16.197:6892 | udp | |
| LT | 194.165.16.198:6892 | udp | |
| LT | 194.165.16.199:6892 | udp | |
| LT | 194.165.16.200:6892 | udp | |
| LT | 194.165.16.201:6892 | udp | |
| LT | 194.165.16.202:6892 | udp | |
| LT | 194.165.16.203:6892 | udp | |
| LT | 194.165.16.204:6892 | udp | |
| LT | 194.165.16.205:6892 | udp | |
| LT | 194.165.16.206:6892 | udp | |
| LT | 194.165.16.207:6892 | udp | |
| LT | 194.165.16.208:6892 | udp | |
| LT | 194.165.16.209:6892 | udp | |
| LT | 194.165.16.210:6892 | udp | |
| LT | 194.165.16.211:6892 | udp | |
| LT | 194.165.16.212:6892 | udp | |
| LT | 194.165.16.213:6892 | udp | |
| LT | 194.165.16.214:6892 | udp | |
| LT | 194.165.16.215:6892 | udp | |
| LT | 194.165.16.216:6892 | udp | |
| LT | 194.165.16.217:6892 | udp | |
| LT | 194.165.16.218:6892 | udp | |
| LT | 194.165.16.219:6892 | udp | |
| LT | 194.165.16.220:6892 | udp | |
| LT | 194.165.16.221:6892 | udp | |
| LT | 194.165.16.222:6892 | udp | |
| LT | 194.165.16.223:6892 | udp | |
| LT | 194.165.16.224:6892 | udp | |
| LT | 194.165.16.225:6892 | udp | |
| LT | 194.165.16.226:6892 | udp | |
| LT | 194.165.16.227:6892 | udp | |
| LT | 194.165.16.228:6892 | udp | |
| LT | 194.165.16.229:6892 | udp | |
| LT | 194.165.16.230:6892 | udp | |
| LT | 194.165.16.231:6892 | udp | |
| LT | 194.165.16.232:6892 | udp | |
| LT | 194.165.16.233:6892 | udp | |
| LT | 194.165.16.234:6892 | udp | |
| LT | 194.165.16.235:6892 | udp | |
| LT | 194.165.16.236:6892 | udp | |
| LT | 194.165.16.237:6892 | udp | |
| LT | 194.165.16.238:6892 | udp | |
| LT | 194.165.16.239:6892 | udp | |
| LT | 194.165.16.240:6892 | udp | |
| LT | 194.165.16.241:6892 | udp | |
| LT | 194.165.16.242:6892 | udp | |
| LT | 194.165.16.243:6892 | udp | |
| LT | 194.165.16.244:6892 | udp | |
| LT | 194.165.16.245:6892 | udp | |
| LT | 194.165.16.246:6892 | udp | |
| LT | 194.165.16.247:6892 | udp | |
| LT | 194.165.16.248:6892 | udp | |
| LT | 194.165.16.249:6892 | udp | |
| LT | 194.165.16.250:6892 | udp | |
| LT | 194.165.16.251:6892 | udp | |
| LT | 194.165.16.252:6892 | udp | |
| LT | 194.165.16.253:6892 | udp | |
| LT | 194.165.16.254:6892 | udp | |
| N/A | 127.0.0.0:6892 | udp | |
| N/A | 127.0.0.1:6892 | udp | |
| N/A | 127.0.0.2:6892 | udp | |
| N/A | 127.0.0.3:6892 | udp | |
| N/A | 127.0.0.4:6892 | udp | |
| N/A | 127.0.0.5:6892 | udp | |
| N/A | 127.0.0.6:6892 | udp | |
| N/A | 127.0.0.7:6892 | udp | |
| N/A | 127.0.0.8:6892 | udp | |
| N/A | 127.0.0.9:6892 | udp | |
| N/A | 127.0.0.10:6892 | udp | |
| N/A | 127.0.0.11:6892 | udp | |
| N/A | 127.0.0.12:6892 | udp | |
| N/A | 127.0.0.13:6892 | udp | |
| N/A | 127.0.0.14:6892 | udp | |
| N/A | 127.0.0.15:6892 | udp | |
| N/A | 127.0.0.16:6892 | udp | |
| N/A | 127.0.0.17:6892 | udp | |
| N/A | 127.0.0.18:6892 | udp | |
| N/A | 127.0.0.19:6892 | udp | |
| N/A | 127.0.0.20:6892 | udp | |
| N/A | 127.0.0.21:6892 | udp | |
| N/A | 127.0.0.22:6892 | udp | |
| N/A | 127.0.0.23:6892 | udp | |
| N/A | 127.0.0.24:6892 | udp | |
| N/A | 127.0.0.25:6892 | udp | |
| N/A | 127.0.0.26:6892 | udp | |
| N/A | 127.0.0.27:6892 | udp | |
| N/A | 127.0.0.28:6892 | udp | |
| N/A | 127.0.0.29:6892 | udp | |
| N/A | 127.0.0.30:6892 | udp | |
| N/A | 127.0.0.31:6892 | udp | |
| LT | 194.165.16.255:6892 | udp | |
| LT | 194.165.17.0:6892 | udp | |
| LT | 194.165.17.1:6892 | udp | |
| LT | 194.165.17.2:6892 | udp | |
| LT | 194.165.17.3:6892 | udp | |
| LT | 194.165.17.4:6892 | udp | |
| LT | 194.165.17.5:6892 | udp | |
| LT | 194.165.17.6:6892 | udp | |
| LT | 194.165.17.7:6892 | udp | |
| LT | 194.165.17.8:6892 | udp | |
| LT | 194.165.17.9:6892 | udp | |
| LT | 194.165.17.10:6892 | udp | |
| LT | 194.165.17.11:6892 | udp | |
| LT | 194.165.17.12:6892 | udp | |
| LT | 194.165.17.13:6892 | udp | |
| LT | 194.165.17.14:6892 | udp | |
| LT | 194.165.17.15:6892 | udp | |
| LT | 194.165.17.16:6892 | udp | |
| LT | 194.165.17.17:6892 | udp | |
| LT | 194.165.17.18:6892 | udp | |
| LT | 194.165.17.19:6892 | udp | |
| LT | 194.165.17.20:6892 | udp | |
| LT | 194.165.17.21:6892 | udp | |
| LT | 194.165.17.22:6892 | udp | |
| LT | 194.165.17.23:6892 | udp | |
| LT | 194.165.17.24:6892 | udp | |
| LT | 194.165.17.25:6892 | udp | |
| LT | 194.165.17.26:6892 | udp | |
| LT | 194.165.17.27:6892 | udp | |
| LT | 194.165.17.28:6892 | udp | |
| LT | 194.165.17.29:6892 | udp | |
| LT | 194.165.17.30:6892 | udp | |
| LT | 194.165.17.31:6892 | udp | |
| LT | 194.165.17.32:6892 | udp | |
| LT | 194.165.17.33:6892 | udp | |
| LT | 194.165.17.34:6892 | udp | |
| LT | 194.165.17.35:6892 | udp | |
| LT | 194.165.17.36:6892 | udp | |
| LT | 194.165.17.37:6892 | udp | |
| LT | 194.165.17.38:6892 | udp | |
| LT | 194.165.17.39:6892 | udp | |
| LT | 194.165.17.40:6892 | udp | |
| LT | 194.165.17.41:6892 | udp | |
| LT | 194.165.17.42:6892 | udp | |
| LT | 194.165.17.43:6892 | udp | |
| LT | 194.165.17.44:6892 | udp | |
| LT | 194.165.17.45:6892 | udp | |
| LT | 194.165.17.46:6892 | udp | |
| LT | 194.165.17.47:6892 | udp | |
| LT | 194.165.17.48:6892 | udp | |
| LT | 194.165.17.49:6892 | udp | |
| LT | 194.165.17.50:6892 | udp | |
| LT | 194.165.17.51:6892 | udp | |
| LT | 194.165.17.52:6892 | udp | |
| LT | 194.165.17.53:6892 | udp | |
| LT | 194.165.17.54:6892 | udp | |
| LT | 194.165.17.55:6892 | udp | |
| LT | 194.165.17.56:6892 | udp | |
| LT | 194.165.17.57:6892 | udp | |
| LT | 194.165.17.58:6892 | udp | |
| LT | 194.165.17.59:6892 | udp | |
| LT | 194.165.17.60:6892 | udp | |
| LT | 194.165.17.61:6892 | udp | |
| LT | 194.165.17.62:6892 | udp | |
| LT | 194.165.17.63:6892 | udp | |
| LT | 194.165.17.64:6892 | udp | |
| LT | 194.165.17.65:6892 | udp | |
| LT | 194.165.17.66:6892 | udp | |
| LT | 194.165.17.67:6892 | udp | |
| LT | 194.165.17.68:6892 | udp | |
| LT | 194.165.17.69:6892 | udp | |
| LT | 194.165.17.70:6892 | udp | |
| LT | 194.165.17.71:6892 | udp | |
| LT | 194.165.17.72:6892 | udp | |
| LT | 194.165.17.73:6892 | udp | |
| LT | 194.165.17.74:6892 | udp | |
| LT | 194.165.17.75:6892 | udp | |
| LT | 194.165.17.76:6892 | udp | |
| LT | 194.165.17.77:6892 | udp | |
| LT | 194.165.17.78:6892 | udp | |
| LT | 194.165.17.79:6892 | udp | |
| LT | 194.165.17.80:6892 | udp | |
| LT | 194.165.17.81:6892 | udp | |
| LT | 194.165.17.82:6892 | udp | |
| LT | 194.165.17.83:6892 | udp | |
| LT | 194.165.17.84:6892 | udp | |
| LT | 194.165.17.85:6892 | udp | |
| LT | 194.165.17.86:6892 | udp | |
| LT | 194.165.17.87:6892 | udp | |
| LT | 194.165.17.88:6892 | udp | |
| LT | 194.165.17.89:6892 | udp | |
| LT | 194.165.17.90:6892 | udp | |
| LT | 194.165.17.91:6892 | udp | |
| LT | 194.165.17.92:6892 | udp | |
| LT | 194.165.17.93:6892 | udp | |
| LT | 194.165.17.94:6892 | udp | |
| LT | 194.165.17.95:6892 | udp | |
| LT | 194.165.17.96:6892 | udp | |
| LT | 194.165.17.97:6892 | udp | |
| LT | 194.165.17.98:6892 | udp | |
| LT | 194.165.17.99:6892 | udp | |
| LT | 194.165.17.100:6892 | udp | |
| LT | 194.165.17.101:6892 | udp | |
| LT | 194.165.17.102:6892 | udp | |
| LT | 194.165.17.103:6892 | udp | |
| LT | 194.165.17.104:6892 | udp | |
| LT | 194.165.17.105:6892 | udp | |
| LT | 194.165.17.106:6892 | udp | |
| LT | 194.165.17.107:6892 | udp | |
| LT | 194.165.17.108:6892 | udp | |
| LT | 194.165.17.109:6892 | udp | |
| LT | 194.165.17.110:6892 | udp | |
| LT | 194.165.17.111:6892 | udp | |
| LT | 194.165.17.112:6892 | udp | |
| LT | 194.165.17.113:6892 | udp | |
| LT | 194.165.17.114:6892 | udp | |
| LT | 194.165.17.115:6892 | udp | |
| LT | 194.165.17.116:6892 | udp | |
| LT | 194.165.17.117:6892 | udp | |
| LT | 194.165.17.118:6892 | udp | |
| LT | 194.165.17.119:6892 | udp | |
| LT | 194.165.17.120:6892 | udp | |
| LT | 194.165.17.121:6892 | udp | |
| LT | 194.165.17.122:6892 | udp | |
| LT | 194.165.17.123:6892 | udp | |
| LT | 194.165.17.124:6892 | udp | |
| LT | 194.165.17.125:6892 | udp | |
| LT | 194.165.17.126:6892 | udp | |
| LT | 194.165.17.127:6892 | udp | |
| LT | 194.165.17.128:6892 | udp | |
| LT | 194.165.17.129:6892 | udp | |
| LT | 194.165.17.130:6892 | udp | |
| LT | 194.165.17.131:6892 | udp | |
| LT | 194.165.17.132:6892 | udp | |
| LT | 194.165.17.133:6892 | udp | |
| LT | 194.165.17.134:6892 | udp | |
| LT | 194.165.17.135:6892 | udp | |
| LT | 194.165.17.136:6892 | udp | |
| LT | 194.165.17.137:6892 | udp | |
| LT | 194.165.17.138:6892 | udp | |
| LT | 194.165.17.139:6892 | udp | |
| LT | 194.165.17.140:6892 | udp | |
| LT | 194.165.17.141:6892 | udp | |
| LT | 194.165.17.142:6892 | udp | |
| LT | 194.165.17.143:6892 | udp | |
| LT | 194.165.17.144:6892 | udp | |
| LT | 194.165.17.145:6892 | udp | |
| LT | 194.165.17.146:6892 | udp | |
| LT | 194.165.17.147:6892 | udp | |
| LT | 194.165.17.148:6892 | udp | |
| LT | 194.165.17.149:6892 | udp | |
| LT | 194.165.17.150:6892 | udp | |
| LT | 194.165.17.151:6892 | udp | |
| LT | 194.165.17.152:6892 | udp | |
| LT | 194.165.17.153:6892 | udp | |
| LT | 194.165.17.154:6892 | udp | |
| LT | 194.165.17.155:6892 | udp | |
| LT | 194.165.17.156:6892 | udp | |
| LT | 194.165.17.157:6892 | udp | |
| LT | 194.165.17.158:6892 | udp | |
| LT | 194.165.17.159:6892 | udp | |
| LT | 194.165.17.160:6892 | udp | |
| LT | 194.165.17.161:6892 | udp | |
| LT | 194.165.17.162:6892 | udp | |
| LT | 194.165.17.163:6892 | udp | |
| LT | 194.165.17.164:6892 | udp | |
| LT | 194.165.17.165:6892 | udp | |
| LT | 194.165.17.166:6892 | udp | |
| LT | 194.165.17.167:6892 | udp | |
| LT | 194.165.17.168:6892 | udp | |
| LT | 194.165.17.169:6892 | udp | |
| LT | 194.165.17.170:6892 | udp | |
| LT | 194.165.17.171:6892 | udp | |
| LT | 194.165.17.172:6892 | udp | |
| LT | 194.165.17.173:6892 | udp | |
| LT | 194.165.17.174:6892 | udp | |
| LT | 194.165.17.175:6892 | udp | |
| LT | 194.165.17.176:6892 | udp | |
| LT | 194.165.17.177:6892 | udp | |
| LT | 194.165.17.178:6892 | udp | |
| LT | 194.165.17.179:6892 | udp | |
| LT | 194.165.17.180:6892 | udp | |
| LT | 194.165.17.181:6892 | udp | |
| LT | 194.165.17.182:6892 | udp | |
| LT | 194.165.17.183:6892 | udp | |
| LT | 194.165.17.184:6892 | udp | |
| LT | 194.165.17.185:6892 | udp | |
| LT | 194.165.17.186:6892 | udp | |
| LT | 194.165.17.187:6892 | udp | |
| LT | 194.165.17.188:6892 | udp | |
| LT | 194.165.17.189:6892 | udp | |
| LT | 194.165.17.190:6892 | udp | |
| LT | 194.165.17.191:6892 | udp | |
| LT | 194.165.17.192:6892 | udp | |
| LT | 194.165.17.193:6892 | udp | |
| LT | 194.165.17.194:6892 | udp | |
| LT | 194.165.17.195:6892 | udp | |
| LT | 194.165.17.196:6892 | udp | |
| LT | 194.165.17.197:6892 | udp | |
| LT | 194.165.17.198:6892 | udp | |
| LT | 194.165.17.199:6892 | udp | |
| LT | 194.165.17.200:6892 | udp | |
| LT | 194.165.17.201:6892 | udp | |
| LT | 194.165.17.202:6892 | udp | |
| LT | 194.165.17.203:6892 | udp | |
| LT | 194.165.17.204:6892 | udp | |
| LT | 194.165.17.205:6892 | udp | |
| LT | 194.165.17.206:6892 | udp | |
| LT | 194.165.17.207:6892 | udp | |
| LT | 194.165.17.208:6892 | udp | |
| LT | 194.165.17.209:6892 | udp | |
| LT | 194.165.17.210:6892 | udp | |
| LT | 194.165.17.211:6892 | udp | |
| LT | 194.165.17.212:6892 | udp | |
| LT | 194.165.17.213:6892 | udp | |
| LT | 194.165.17.214:6892 | udp | |
| LT | 194.165.17.215:6892 | udp | |
| LT | 194.165.17.216:6892 | udp | |
| LT | 194.165.17.217:6892 | udp | |
| LT | 194.165.17.218:6892 | udp | |
| LT | 194.165.17.219:6892 | udp | |
| LT | 194.165.17.220:6892 | udp | |
| LT | 194.165.17.221:6892 | udp | |
| LT | 194.165.17.222:6892 | udp | |
| LT | 194.165.17.223:6892 | udp | |
| LT | 194.165.17.224:6892 | udp | |
| LT | 194.165.17.225:6892 | udp | |
| LT | 194.165.17.226:6892 | udp | |
| LT | 194.165.17.227:6892 | udp | |
| LT | 194.165.17.228:6892 | udp | |
| LT | 194.165.17.229:6892 | udp | |
| LT | 194.165.17.230:6892 | udp | |
| LT | 194.165.17.231:6892 | udp | |
| LT | 194.165.17.232:6892 | udp | |
| LT | 194.165.17.233:6892 | udp | |
| LT | 194.165.17.234:6892 | udp | |
| LT | 194.165.17.235:6892 | udp | |
| LT | 194.165.17.236:6892 | udp | |
| LT | 194.165.17.237:6892 | udp | |
| LT | 194.165.17.238:6892 | udp | |
| LT | 194.165.17.239:6892 | udp | |
| LT | 194.165.17.240:6892 | udp | |
| LT | 194.165.17.241:6892 | udp | |
| LT | 194.165.17.242:6892 | udp | |
| LT | 194.165.17.243:6892 | udp | |
| LT | 194.165.17.244:6892 | udp | |
| LT | 194.165.17.245:6892 | udp | |
| LT | 194.165.17.246:6892 | udp | |
| LT | 194.165.17.247:6892 | udp | |
| LT | 194.165.17.248:6892 | udp | |
| LT | 194.165.17.249:6892 | udp | |
| LT | 194.165.17.250:6892 | udp | |
| LT | 194.165.17.251:6892 | udp | |
| LT | 194.165.17.252:6892 | udp | |
| LT | 194.165.17.253:6892 | udp | |
| LT | 194.165.17.254:6892 | udp | |
| LT | 194.165.17.255:6892 | udp | |
| US | 8.8.8.8:53 | avsxrcoq2q5fgrw2.9mu6vk.top | udp |
| US | 8.8.8.8:53 | btc.blockr.io | udp |
| US | 8.8.8.8:53 | api.blockcypher.com | udp |
| US | 104.20.98.10:80 | api.blockcypher.com | tcp |
| US | 8.8.8.8:53 | chain.so | udp |
| US | 172.67.40.90:443 | chain.so | tcp |
Files
\Users\Admin\AppData\Local\Temp\nso1B9D.tmp\System.dll
| MD5 | ca332bb753b0775d5e806e236ddcec55 |
| SHA1 | f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f |
| SHA256 | df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d |
| SHA512 | 2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00 |
memory/1760-11-0x00000000003C0000-0x00000000003ED000-memory.dmp
memory/2664-13-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2664-15-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2664-16-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2664-21-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2664-22-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1760-24-0x00000000003C0000-0x00000000003ED000-memory.dmp
memory/2664-25-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2664-27-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2664-26-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\Pictures\_README_.hta
| MD5 | 2d1e6a29ba1380cba775d03d10e40937 |
| SHA1 | 464e9b865800ea96f9695ec6d0ae555ff7927bf3 |
| SHA256 | 566fffb2357b35d01eca9e2c01590906e3541c67b996aa7df824a3a5540609a1 |
| SHA512 | 82010207480f589bf65d56fdde5f647ab1353dfd181986f4f1091b803c33e1b2d8555724944582df8fc61b68c7b134a19f73e16e69c6b7a176cc99ed94148253 |
memory/2664-299-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2664-305-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2664-316-0x0000000000400000-0x0000000000432000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-13 18:04
Reported
2024-05-13 18:06
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2680 wrote to memory of 3892 | N/A | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe |
| PID 2680 wrote to memory of 3892 | N/A | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe |
| PID 2680 wrote to memory of 3892 | N/A | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c23060bff44df650a2def69bf0733a7_JaffaCakes118.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2680 -ip 2680
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 864
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsz52C4.tmp\System.dll
| MD5 | ca332bb753b0775d5e806e236ddcec55 |
| SHA1 | f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f |
| SHA256 | df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d |
| SHA512 | 2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00 |
memory/2680-10-0x0000000002180000-0x00000000021AD000-memory.dmp
memory/2680-12-0x0000000002180000-0x00000000021AD000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-13 18:04
Reported
2024-05-13 18:06
Platform
win10v2004-20240508-en
Max time kernel
120s
Max time network
93s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4044 wrote to memory of 1488 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4044 wrote to memory of 1488 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4044 wrote to memory of 1488 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StartMenu.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StartMenu.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1488 -ip 1488
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.190.18.2.in-addr.arpa | udp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-05-13 18:04
Reported
2024-05-13 18:06
Platform
win10v2004-20240508-en
Max time kernel
93s
Max time network
95s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1704 wrote to memory of 4180 | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 1704 wrote to memory of 4180 | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 1704 wrote to memory of 4180 | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.53.126.40.in-addr.arpa | udp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
| MD5 | e4cd221c4e43b554715b0a8a57434a46 |
| SHA1 | 4f07d920d8fe3bd614cc229f114b312f26013880 |
| SHA256 | 16a3798c80a0dd793b583892535687b0ce2e10ff10675ae159fe6d42fa17aeea |
| SHA512 | ef54ddaab0ac420fe868d089a1f8d08134802bcf192070ad1e87236836d5c5a04037daf6f862d7c9b116b3863347969cc0fa1ee76260eb4621760015900e6725 |
Analysis: behavioral10
Detonation Overview
Submitted
2024-05-13 18:04
Reported
2024-05-13 18:06
Platform
win10v2004-20240508-en
Max time kernel
128s
Max time network
139s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\store.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3400,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=2716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3748,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5296,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5300,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5744,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5640,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3948,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4192 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | astore.amazon.com | udp |
| US | 8.8.8.8:53 | astore.amazon.com | udp |
| US | 8.8.8.8:53 | astore.amazon.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 176.32.98.40:80 | astore.amazon.com | tcp |
| NL | 2.18.121.10:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | rcm.amazon.com | udp |
| US | 8.8.8.8:53 | rcm.amazon.com | udp |
| US | 8.8.8.8:53 | www.jjtc.com | udp |
| US | 8.8.8.8:53 | www.jjtc.com | udp |
| US | 176.32.98.40:80 | astore.amazon.com | tcp |
| US | 8.8.8.8:53 | rcm.amazon.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 67.20.76.247:80 | www.jjtc.com | tcp |
| US | 8.8.8.8:53 | g-ecx.images-amazon.com | udp |
| US | 8.8.8.8:53 | g-ecx.images-amazon.com | udp |
| US | 52.84.197.43:80 | g-ecx.images-amazon.com | tcp |
| US | 67.20.76.247:80 | www.jjtc.com | tcp |
| US | 8.8.8.8:53 | www.jjtc.com | udp |
| US | 8.8.8.8:53 | www.jjtc.com | udp |
| US | 67.20.76.247:443 | www.jjtc.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 10.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.98.32.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.197.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.76.20.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| NL | 23.62.61.185:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 185.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| NL | 23.62.61.59:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 59.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.10.44.20.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-05-13 18:04
Reported
2024-05-13 18:06
Platform
win7-20231129-en
Max time kernel
143s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{33629071-1153-11EF-888E-CA4C2FB69A12} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421785319" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d1b2f9d0e990d4e9712b8e5b490bb6c00000000020000000000106600000001000020000000d51c047a4651a91f3e5247d69240215d7c3a7e7b4ff0e92fd7bbb5b4b0482fc8000000000e80000000020000200000008e72ef4684366d06f5473db36a5c3ddde56b090f071122a776750bf2cdcfea4b200000002ba298a700b9fb72470c11669ed65568ef642169e031b7dd8f49f0602d5f824d400000008067dab742bff37c00cadf05ae7ab76cf1459cad37df6cf4b3dab827634550d74b171e02ade6515f9cfb53f3f5e0e5e5b88e7216586efbd757a46b22e6cd71f6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d1b2f9d0e990d4e9712b8e5b490bb6c000000000200000000001066000000010000200000008bf4329031183efa926a6e43495a2d2ac52272b1176226fd174b65fce599a805000000000e800000000200002000000007bdcc19b8e1860b361a3cdaf21b62122c2ea8f2048b834c8ece591649ac795890000000c78f864a793bd03c7a9c96adfedeb818a1fcd4b0014be859feafca7e523b9d3429ca1c8905bbb9c7405259d97944a86c1c1e8f65357e225384240e86626e349fd11cefcb1aa84f351b4a54ad4377ef323e90fc47c41bc47072dc91b321c3dcd5d9580848798a15558371764076bbf6cec1ec18c61b8478e16e038bb7eb91de6220c2e1b7665a7d23b9b3875df5dec02640000000996f519ce702724fe4c32dad3edd51103302112eccae5067f899bf5a6f1ee13175eb3e4a9d12802b39f64140d4237e195cdf0460bfa1e7912b57229768b49c39 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d030b30a60a5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1724 wrote to memory of 2008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1724 wrote to memory of 2008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1724 wrote to memory of 2008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1724 wrote to memory of 2008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\store.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | rcm.amazon.com | udp |
| US | 8.8.8.8:53 | www.jjtc.com | udp |
| US | 67.20.76.247:80 | www.jjtc.com | tcp |
| US | 67.20.76.247:80 | www.jjtc.com | tcp |
| US | 8.8.8.8:53 | astore.amazon.com | udp |
| US | 176.32.98.40:80 | astore.amazon.com | tcp |
| US | 176.32.98.40:80 | astore.amazon.com | tcp |
| US | 8.8.8.8:53 | g-ecx.images-amazon.com | udp |
| US | 67.20.76.247:443 | www.jjtc.com | tcp |
| US | 52.84.197.43:80 | g-ecx.images-amazon.com | tcp |
| US | 52.84.197.43:80 | g-ecx.images-amazon.com | tcp |
| US | 67.20.76.247:443 | www.jjtc.com | tcp |
| US | 67.20.76.247:443 | www.jjtc.com | tcp |
| US | 67.20.76.247:443 | www.jjtc.com | tcp |
| US | 8.8.8.8:53 | rcm.amazon.com | udp |
| FR | 172.217.20.206:80 | www.google-analytics.com | tcp |
| FR | 172.217.20.206:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.160:80 | www.bing.com | tcp |
| NL | 23.62.61.160:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar42D0.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2a7a66dfbeb5a6e3226fa8515c3d775 |
| SHA1 | faa4839e06ccacb262173ec0813234556c05203e |
| SHA256 | a9248b229b4292352a147e06fcbe30b1f21946dde8e1e720ae36302d7ece14cc |
| SHA512 | 3e2b8d0aed0f3e3651bec1ab8123e7286e331241b0b450257b08886bf8b5ee4838ecbb85fd24e0a0dcec222145bd61e339ae1635e3ec4689e0c851ed2cae029f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bd8f532273f211b99f870401f3da0df |
| SHA1 | 71d20243cf6c05b20b9ad324ef2cb15268f47b77 |
| SHA256 | 8444423caf264640a6129eac56da4c1cc7e66c5c268fefebba250b72c99a7642 |
| SHA512 | a0a4b4d1b28ec91db39133457242d22d3bb5b1503e085dd5175d5f189b591dd9922b30e5247aa575aee3541ad848de167e9ee0439c3859c544da020fe844f8f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 9862ac0596e2eab2d95a9e03fa7cf1f1 |
| SHA1 | 7db78d80acc60244fdda785e96fb349546fd63e6 |
| SHA256 | 0eac9d1054162dc89ea41509f9ee92d6cf189112249ee1c81d801c7cff3675fa |
| SHA512 | eda3af1d2a80159cbb718e4b32cd2f92bfa589bb97aa9f4788a53ed31479ea5cdccd0662e95d41d86732dd6ce8c9d806dacae6eb362f8a66e3f7ab5973880fb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2349f58844f09d4551f925e8cfa23312 |
| SHA1 | 67dc56b41a8f9be82eadeee1d2aef6583a79d604 |
| SHA256 | aa576aaf66df00ee90932f1b6c036d6040be2bf4daa71c3e72b38770679d2eee |
| SHA512 | cb38eb6670b1d99d0fe6833c1a38d82e3d1f35a0ff01e156dbc58617322f99bf6b7ef462e569a78bdf4e89ae69e55a01b61631111a0802dd68571cd0419a46a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6f08ca2687895546a4ddf714c80422e |
| SHA1 | 80696e829a0105c22eda052c94b50a60a82daff5 |
| SHA256 | eee018bda5fd1dcff003bccb7bdb511422786cf6696e2a0e15f7766ce1bb247a |
| SHA512 | 172a688c2a7f2f71118c6d997f830b9ec9e56140290b1ef74b68d7df725e60e2d7b5bdced0f274378e7137fd1b5ad4a174ff29144e92635c00601922fc7f8df8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 3c533baf215268555666c4b49d06043e |
| SHA1 | 205bebae7b0f01d889c77f04346e79d341b128f9 |
| SHA256 | c99abb1093e0d9ae3463be69984032f7c048981fc3eebd995a10489f2f969b65 |
| SHA512 | 23500e84746eac3d72bbcc2555f085abf294943a2b43c35c0af74701f683a80b997b91eb168393fdd1bf9d730dec362958ac48c9d92cf8c961258ddfb939aaa8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bb77d83286a8bcba8fc4a1a1285e4cc |
| SHA1 | 7e8a3fd076b5460b9e67aea3b6cf70b435211f93 |
| SHA256 | 0b739bc83a87a79dc8ac2b5cb68698e31f74b57240a3e787e07ad64caa5163db |
| SHA512 | a6dedfad3a25e69793e4035edf557f48e6374427b86b65921741f3d1207a09eba83a75e5a1846cf4903bae1ed0138e4ecaac4118332b612b167df82fed611870 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d89d49f91daa857bcc69aefa56d55a5 |
| SHA1 | 24c18effd61387d4324cbb15a7f4f75fbf34db63 |
| SHA256 | 960af10e008b5ddeaa41b9b2bd5655a2dc958ba99e667ea64de9e8fe4d07a708 |
| SHA512 | 2384c6711599b240f51efb97417c9bc1661792e4346a4284390523c65213897d116e1ca0a2b82439de5cabadede89b3385bab6523a727f11ef9bbf6aa5a609c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b1d8b2d59c4dc8f6468fb947dd258eb |
| SHA1 | 0f15a4054df4b71d29440fb24e4e846715af39cd |
| SHA256 | bdfdc31e36067e3ca051d62c5d549729f72d0a2c2d96dacb0a3c252173c5dade |
| SHA512 | 567b73629e84e5c442270a752b99f4e94aa26f590990ba374c33073349fe724b4c8e04a2ee26688f8e8ec48d8233ca407bb262cdb285ff4d3d3bda2394fda5ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55b7e35c8dae545db63fef0442034382 |
| SHA1 | daa55d8717ba1aaac935411ac1692a962b40166b |
| SHA256 | 25c2267b2bace8eef49f5572a38e543ee7b8f71e66287822214f1ab66121ede9 |
| SHA512 | e93217fe83d629f0751b05e059d453785fbf921bbf82137c7074271cd85a47c8b16d2666ad22ef4b85bc0cdf9c807fc26da1dff94f330699c68902e8b6742285 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d3535eba0b4e6d06515f42ff77ff1c1 |
| SHA1 | 069d92eba206bab917182739d82066832431b809 |
| SHA256 | 0c9b1c5152644d280970e4db2b1fa7395d7543d0c1fdbf5a3c2a4f9951517368 |
| SHA512 | 2625e3308c646ba44f203e978b08521e85e7b271c337e314ed2f181bf8b58b4f59f51ca24c9ffd6a84d69397909f5011f7404974d44b9a93314fe735b1b9beff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f063012c6fff6806a8f61f3e992c172 |
| SHA1 | c8c179dbf56d4c3fac6aca8072ac325bd140377a |
| SHA256 | e0371a19598a49cd26f65ed372fdcb57b3b5cfa3f9989b74db5c0284681a1531 |
| SHA512 | 2101051f8bf99da634b85caf2626c9c889e8aabb39153c2c52a3b6195bf99ec96fe80db82313088c455b2df5008d724d3dc3304148e57b190f5c8afca014de21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be783c9a7b8a21560384ccc40b455cb7 |
| SHA1 | 4a18565a999af68f9ff3728bdfcff316140b4053 |
| SHA256 | 19499ae3cb02a5a8ca16d175c28347dc8f8bd0de889cbd2f0f2ae96f0c6055bd |
| SHA512 | f2836702e299ef3b728f6950b8092d8a364fb2d6c88de67b117a0eae3fc958d8762e09ecd660619572a60fbeb6ad7840278df3a4a4a3e2e34b84565d0d94a933 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42e6a19ac7ad7d1f91764df572dc72b3 |
| SHA1 | 1d43ffb43041df3b79186ecb95195614c94c633d |
| SHA256 | d5df0ead445e4d0e59b0c0418f7d55a5c91b2b380b634dcd17eb296b5b384df8 |
| SHA512 | f4c3a09699acb7700ba6153db9bb95112c70b696cf81fb8e4cc6927ee66c113a541e4ab58bb260fac99b8b5d95dcd1644fe1c14fc0f73c1f18422c13658ffba9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 688ccdf70345fafe16544fc6d7b9aa98 |
| SHA1 | 62a4c382cf102335bdcbab2e286081475c093f38 |
| SHA256 | f3c3e959d86f3ecca1d19cab629fce87461fcebaa326766b0b72237c91a1b884 |
| SHA512 | 2a60d2adefcca5a844b4fcb0ee7c89fccdf24a553fef7f97119923903b4cc5e66b36d1992ed899fd67179d5f0ff24b58de375f6678f818a19f20186a58eab1c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb2b673ff7710acc4f55fbde7336ef52 |
| SHA1 | 3dfff573e6726d625e449dc04cd4f71840654508 |
| SHA256 | 1957cb94bd0b3cae93241471b529c3bc65142e2d19d373eccde4ff864d86a6f5 |
| SHA512 | 0997c15e0465c0ea0e2adbccf465954de80ca36dc0551c77fde9ce87e212953db93349a47fffb18a007788a952143c0952e2a0d064eb56775519a4f56c69355e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c92d917570ce4b17d6c1b175255e6a7 |
| SHA1 | 5e95d5916d5201ff34d0cb3dda0d8b0dac9f9fc5 |
| SHA256 | d3e5087be29faee2ed11f7034e8e80b5c4d680c5913a9ca26c18060cc72d0f8f |
| SHA512 | 693c859c23e4da86ccc9065ca43539be447607e8e8ca920b02f7178d6a078b5d790e8a1edbf9ebbcca6ec512fc481ad8297a6ddc175a0b24f3813f3712616a98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 890c2884d8180935dafe77b7bf7c7361 |
| SHA1 | 63fb5c9968131f73f1572026f3d952581e2ca48f |
| SHA256 | 16b0d8f1e0a14ba487577a4460127f8d8aa5ca5338505f9ea4fe3bea99218b43 |
| SHA512 | 66455b13de9942afd43d01c8348560b730a87ff5d1d16fabbbfc24fc0d2d0eda9df14da7f45fe9804a8aa7527340a6b7be53cd30886c9b1c9b5ea9c3926f88c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d041736e73122b19ecf1681aa51fd141 |
| SHA1 | 60c4db86bf19ca9ffd0404e44b66c5b077ebde28 |
| SHA256 | 9eb93cba43e011022fce1e644c21f803f47fa374c11ff2bed3d4b8c41f413dd2 |
| SHA512 | 65047c74dc0e739838aaba15f7f000640c21017f744baeafff9b150f7d7d5fcb159d2bf0a930b75086ddbc651d4445fe17411704a3dc1ed03c1d4d1c1bcb2448 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96aa73ddc1790a1a2b0974394a85927b |
| SHA1 | 5c0ccaf656609875ba7aa02b95b511c2165f7174 |
| SHA256 | 7d9da573e0c5295437f03c576a56b6640b405a53256ecc15d88ed77ad51ed22e |
| SHA512 | 8916f8a65d83ab6ce88deaba44c326694b07735830376bd0692a78da443bdb88b8dfe83eb575287c7d350cbaa8a505f4d0898a1b5180ac1c9783b33571044b77 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-13 18:04
Reported
2024-05-13 18:06
Platform
win7-20240508-en
Max time kernel
120s
Max time network
120s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 224