Malware Analysis Report

2024-09-22 14:23

Sample ID 240515-wcyxbacc39
Target 474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118
SHA256 1c77bceb256e2c7e570830558b2084008f961483981d352b874af0e6e2ee3f10
Tags
cerber discovery evasion persistence ransomware spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1c77bceb256e2c7e570830558b2084008f961483981d352b874af0e6e2ee3f10

Threat Level: Known bad

The file 474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

cerber discovery evasion persistence ransomware spyware stealer trojan

Cerber

Contacts a large (517) amount of remote hosts

Contacts a large (527) amount of remote hosts

Adds policy Run key to start application

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Deletes itself

Drops startup file

Adds Run key to start application

Looks up external IP address via web service

Checks whether UAC is enabled

Drops file in System32 directory

Suspicious use of SetThreadContext

Sets desktop wallpaper using registry

Unsigned PE

Enumerates physical storage devices

NSIS installer

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Runs ping.exe

Kills process with taskkill

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Modifies Control Panel

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-05-15 17:47

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-15 17:47

Reported

2024-05-15 17:49

Platform

win7-20240221-en

Max time kernel

146s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe"

Signatures

Cerber

ransomware cerber

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{13610826-3503-134D-4C2C-C16FE04D06AA}\\wuapp.exe\"" C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{13610826-3503-134D-4C2C-C16FE04D06AA}\\wuapp.exe\"" C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A

Contacts a large (517) amount of remote hosts

discovery

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\wuapp.lnk C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\wuapp.lnk C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\wuapp = "\"C:\\Users\\Admin\\AppData\\Roaming\\{13610826-3503-134D-4C2C-C16FE04D06AA}\\wuapp.exe\"" C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wuapp = "\"C:\\Users\\Admin\\AppData\\Roaming\\{13610826-3503-134D-4C2C-C16FE04D06AA}\\wuapp.exe\"" C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\wuapp = "\"C:\\Users\\Admin\\AppData\\Roaming\\{13610826-3503-134D-4C2C-C16FE04D06AA}\\wuapp.exe\"" C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wuapp = "\"C:\\Users\\Admin\\AppData\\Roaming\\{13610826-3503-134D-4C2C-C16FE04D06AA}\\wuapp.exe\"" C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\choosers C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp8F45.bmp" C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A

Enumerates physical storage devices

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{13610826-3503-134D-4C2C-C16FE04D06AA}\\wuapp.exe\"" C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{13610826-3503-134D-4C2C-C16FE04D06AA}\\wuapp.exe\"" C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7ADD5B11-12E3-11EF-B2DC-EA263619F6CB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70d0443ef0a6da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000f2b3c89ff8a406d0e2710d493fe93cf8480cf7d1662ebf4a6c7233252eea50d8000000000e80000000020000200000007e517a243cd64748ee197f772c46adb896b1a67ddd6b713a513a840333b86127900000009745d8ee8e914e310d325775a33e97ea2b2db26533dd8f5f1d1ba32ff77a9b53d158f74889146766f683b99f7f84229f02738dd15b0c95963ce0e8099308606bfeb633e045b2bb6b761d3e6bdb34cc80c0c9b02732bdcbcbe83f6ddbcd9c6d2788390cdfe74db1c855d78f9a536b88dbe5c768d24d4a2b0313c02162c0725fe7b53372d2bd625e37f5faeeae1f72ebb0400000004b4578bade3795d339c15a9aa6410bfe6b02701064669f638db4093d1b1a981a9a092bc067b47df0a8414f113f9a0d976f43e400cb69534f063980976d011091 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000009d4c5512b87b43e0f2132a9f4ae248b0d9ced11a3d78bbc63b808dbdfb006cf3000000000e80000000020000200000003e87d6857e3a918b9b5e6cb4a6e2833932d1335b496565072f34a5a167ad9e5820000000037994cc7a52a82ae711c5a7470edb9f93af5d593054eaaf4b9da0a7196ba7e440000000a3fb27684b4144bf1e0b29f3a68f27aa1078a5327f4865ecc06f206a8cc81802611234b027446781a738e14baa7b766c745ce5ed9565a6a957a80fc58c09097b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7B18DD71-12E3-11EF-B2DC-EA263619F6CB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2896 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 2896 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 2896 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 2896 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 2896 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 2896 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 2896 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 2896 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 2896 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 2896 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 2672 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 2672 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 2672 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 2672 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 2672 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2672 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2672 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2672 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1188 wrote to memory of 1200 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1188 wrote to memory of 1200 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1188 wrote to memory of 1200 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1188 wrote to memory of 1200 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1188 wrote to memory of 2728 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1188 wrote to memory of 2728 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1188 wrote to memory of 2728 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1188 wrote to memory of 2728 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1388 wrote to memory of 896 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1388 wrote to memory of 896 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1388 wrote to memory of 896 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1388 wrote to memory of 896 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1388 wrote to memory of 896 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1388 wrote to memory of 896 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1388 wrote to memory of 896 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1388 wrote to memory of 896 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1388 wrote to memory of 896 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1388 wrote to memory of 896 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1432 wrote to memory of 1584 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1432 wrote to memory of 1584 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1432 wrote to memory of 1584 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1432 wrote to memory of 1584 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1584 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1584 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1584 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1584 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1584 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1584 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1584 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1584 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1584 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 1584 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe
PID 896 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 896 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 896 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 896 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 896 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Windows\system32\NOTEPAD.EXE
PID 896 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Windows\system32\NOTEPAD.EXE
PID 896 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Windows\system32\NOTEPAD.EXE
PID 896 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe C:\Windows\system32\NOTEPAD.EXE
PID 1708 wrote to memory of 1724 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1708 wrote to memory of 1724 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1708 wrote to memory of 1724 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1708 wrote to memory of 1724 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1708 wrote to memory of 836 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1708 wrote to memory of 836 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe"

C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe

"C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe"

C:\Windows\SysWOW64\cmd.exe

/d /c taskkill /t /f /im "474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe" > NUL

C:\Windows\SysWOW64\taskkill.exe

taskkill /t /f /im "474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe"

C:\Windows\SysWOW64\PING.EXE

ping -n 1 127.0.0.1

C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe

"C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe"

C:\Windows\system32\taskeng.exe

taskeng.exe {FE593FA7-6924-4E19-B8C0-94DE9923264B} S-1-5-21-330940541-141609230-1670313778-1000:KXIPPCKF\Admin:Interactive:[1]

C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe

C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe

C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe

C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1708 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1708 CREDAT:406530 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1836 CREDAT:275457 /prefetch:2

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x594

C:\Windows\system32\cmd.exe

/d /c taskkill /t /f /im "wuapp.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe" > NUL

C:\Windows\system32\taskkill.exe

taskkill /t /f /im "wuapp.exe"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

Network

Country Destination Domain Proto
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:80 ipinfo.io tcp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
US 8.8.8.8:53 52uo5k3t73ypjije.5b1s82.top udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp

Files

\Users\Admin\AppData\Local\Temp\nsoBAA9.tmp\System.dll

MD5 a436db0c473a087eb61ff5c53c34ba27
SHA1 65ea67e424e75f5065132b539c8b2eda88aa0506
SHA256 75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49
SHA512 908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d

\Users\Admin\AppData\Roaming\DumpLog.dll

MD5 a7071875105cb81943f72ecb7c3d10f1
SHA1 7353fbdda3fed9bb8dbec6df39547bdac910c185
SHA256 8eecdcb35325eaad230f69747759a7eac9642be32be799db28cbaf4e076769b5
SHA512 31a24168d9a37cbff1ee93d2d69e6d50545625e5d2751cd68286aad099894402cbdea1fe2995adc2e721e97dceed213c1886332e2130597b409ac2350e5edac2

memory/2896-32-0x00000000003F0000-0x00000000003FA000-memory.dmp

memory/2672-35-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2672-43-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2672-47-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2672-45-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2672-41-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2672-39-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2672-37-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2672-49-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2672-50-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2672-51-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2672-52-0x0000000000400000-0x0000000000424000-memory.dmp

\Users\Admin\AppData\Roaming\{13610826-3503-134D-4C2C-C16FE04D06AA}\wuapp.exe

MD5 474f76977fa109dd9a1a8a7e51c49659
SHA1 aed91b01397c5a067201e0eed886f7fe2acdc02e
SHA256 1c77bceb256e2c7e570830558b2084008f961483981d352b874af0e6e2ee3f10
SHA512 997f426de2c1942c7eb2efee57946eaa50f0f67e3cf1603b9e9ebf4bf9e09008172c74ca30b34943c25e0dc64815749f474ececc4ac84d5ef2217dd4efb0a1e8

memory/2672-65-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Roaming\flash.icon1.ico

MD5 5b6d410767b3f51805b65bd53047ddff
SHA1 7eae072adbc3b102a3e06873f643e5e11674d936
SHA256 c665dbded35fd10240134d7199cba83e69eedeb893fdffa73235e5f3ceaacaa3
SHA512 45a409739c6f7ef6444d0fd80134941a20806b7248336b5bc76f757107fd0637f292b2827c0b90c26c1bc5ee4fb6658a1a1d6c2a23b55b8b8bd550a2671c04f4

C:\Users\Admin\AppData\Roaming\9.gif

MD5 89ef56055c93539c44f2a59def331ff8
SHA1 68de36276c6482f4a596b9881be44625fce0996e
SHA256 e3274dae4562db681c6e7ef3f4f52dbbd86c25d8810d919d7b7a89bd57af53f8
SHA512 6a6c36641ab25b6f39a8eb33f3ea65af7afaa4c24005aeed27eaba69aab105dd9a41c11a130af5269874a8aded230273ab681cd124513ba4664ad364a0e27e90

C:\Users\Admin\AppData\Roaming\data_transfer.png

MD5 6dcfd632eb0a8124ea05a92209e73bab
SHA1 094612b281c4d378ec3def211d60a259bcb41fca
SHA256 0b7e998b98af82bbf0e9f8916aa5e1614a3e42d7a79cd2877c7c72690a42272e
SHA512 581f7f73592c3cf0999a76a2400e0d385330d0594f12c1fe7e37cdef492fd2eafafaec2b6310000efac34c507a1bc660a7e9d38158c888e3869d19ca3f74acab

C:\Users\Admin\AppData\Roaming\external-link.gif

MD5 bae65d05d67c86148948fdf7a773a207
SHA1 37313e079df4ee9020c2ff14eedee17b65ac6880
SHA256 67ce0e5ca8696537cb2c4fce9e8e945c6134e36945c719c879b9b7288bcd5d96
SHA512 09e4b5d0328b02adeca1855c37235007e6d711f835fcccddcc2ed2b0dc5de6cd32a3ac07c97140e376c1e71a362fd59dafe41db697187ecd9bf636d8f8655e46

C:\Users\Admin\AppData\Roaming\variability.kpd

MD5 59b666941a1ca106c9d3a0bf58b7b7d4
SHA1 392e93b08a658dea9e24a5ef34e5daf591c43247
SHA256 b9ea6983a6eec38a0e120361ca843da7a9f52de1569b5dbab19bd4b90b4a0ab1
SHA512 0bc1592ceb10c2e1b774ad357f97ef3757b86a3c1c5ecb89b35be5231330b7c0b02ab36223edcd8b06776ec5540e3183c2378d8a229263454cc53ddb3a99a1a7

C:\Users\Admin\AppData\Roaming\Escudo.qBC

MD5 60eddd78af5fb9e8236f86ee672eb97d
SHA1 f76a5f7400e193f53683553e6562262521a32a74
SHA256 354b3fa35d71922a72c3d9b55a53099948d135bb7d49366d106e9a938786ffc6
SHA512 22ebbe27e3e524792478a9f3e63c42d9b391a604bbcf870dbe3ffc195e693fd47a2830e3ee995d0d561d59c67ecfcfea3f17d5497c063ffed838d9968eb38377

C:\Users\Admin\AppData\Roaming\microseism.rjh

MD5 7be3aa61e943269fd4f504dcd95e7016
SHA1 8bcc960f9128d1ff1004174f4f78dd839a5a1684
SHA256 92c02f210805bd497e288299ee3da1b46cff3c93da4f5f5af7f65f6e83b5429d
SHA512 aa858e3f0e8aaf77b70aea820d808ca01860f0d1e27c93ad361a27830848ed64677327d12c75bd6860434f5be8e98b7f865aa40a00d3429b8831991cd2cd5b69

C:\Users\Admin\AppData\Roaming\403.htm

MD5 394a5c0cee0392d04fad577c6766f06b
SHA1 16197acb33ddc2e8c5d1f7fc04aaa0cf1f26b95f
SHA256 ed1e1c39e647d0aa8b950c98ff6ba2e7d551927263e45d4ba86b8747ce5149ee
SHA512 9027e504499d057097c2b149ae3743519178cb570c48d4f0dd5cc735554199ad2525915af3b8e4ff1bafc471ebe3cefcd4760fc6c2c5a9e8f7bfde5805a89397

C:\Users\Admin\AppData\Roaming\axf.extensions.xml

MD5 af841ee6aa03ff9847d5bdd00473ff90
SHA1 2ef974619172b802252ffac7576a3762f6236dd1
SHA256 7a28d8ac66543a242f64890404d706d649224b6b43fd4f8f0c20455052b7dc41
SHA512 a48523b843a06fe158dc4ca3d9c5ba2346261d33f0515fb2018bec52cb4315f06981d5cb658dad5f4d83c2af49cc36f6c55cb746386b0bfbf8863c0c3b70c9ac

C:\Users\Admin\AppData\Roaming\en-US.pak

MD5 375253e9ff91d59171322445c14873ab
SHA1 6c2dd2a90b40d7d35f0baa8f762761deae6903ff
SHA256 2f5e83acc8bbb76507342f6e7d22728113519e86cc645170035148dc36074951
SHA512 ac0762dc5b49da6c26728af8809527dfc1576771728d09426b9459f0cf20dd5982c2054fe1b999c2fbf9e0139c340aa56c2e7867a873620c2c5a839e0a5280f6

C:\Users\Admin\AppData\Roaming\appcmd.xml

MD5 a1abf60add7c54a1a444e83b523f8095
SHA1 ac7571cde28c55642f44f35e25fb66597233636f
SHA256 24c63a00a384d26a929c3285e41822631a846c5c69627360dec267b35c55410a
SHA512 a8b35138bc9495ad7ef64dc0c4bbe1fda1f4bf34530c77080be9f54ccfadac96b3a45eb018dc3ef30bdbf6013ec8b0ffd18475516ea680a6308008806d4374d7

C:\Users\Admin\AppData\Roaming\Damascus

MD5 93657662177fdc9183a0fd632790c0ae
SHA1 5586f64b641545aa2610b3bcd5df7750a17955de
SHA256 a353644ae75ca0a454a56caa9a442e361f1097ff429d035fc7ba73e87650e21e
SHA512 c0a0deb8e5773c783e3656084fb751847b71b2b1e6b2bf489f31f97100e4c629c0266c10d3f1a75c6811a2a195308d564d7216be8bce01b8ec5dda3a5096eb93

C:\Users\Admin\AppData\Roaming\arbortext.extensions.xml

MD5 b7a3d5891858ec987692f843d0da635e
SHA1 144dfcf7282b499e4b07b3b4ae10bbb5dc23e08c
SHA256 a021af7e7c49f2c338f12e715d4e2f853f4f53327dadb73b11d089fb43bf6a85
SHA512 c7bb9f9f0cec125ae61617bc2b6ce1b449b736d7bf5d776605d830a4a2e2e9b7957de4b1d146faa403e169052eb54af00f551e392bdc286c190e62df3df3f7f6

C:\Users\Admin\AppData\Roaming\goURL_lr_photoshop_en.csv

MD5 72846352548853b375cd1966c5b25a3a
SHA1 c51c6d5641dfcabdb6569e071c502deacda8d2d1
SHA256 97f1d4f62e381f8f65d3e7d3da9f3c5d8194c73a2d30a2d08057d0d5ce30e130
SHA512 b4c5a4be9a676323e3f1df1eed60761def150a91e237d830c96413770397df3138176ffb1374580b10abb1466bebc8f8aef99d0a44be0fa29ac5edce3cf9874e

C:\Users\Admin\AppData\Roaming\Adobe-CNS1-6

MD5 632dcddcbedcb4c38a4cffabd99dedf3
SHA1 c033e731c067d0732961f656d9bee65f46da9594
SHA256 70942bcd54b48fcc2ebdfd19da8031c9c5b4c710f5d2543f12b3f0fe0f4d2592
SHA512 ea04f016d74c3da10d2aaefc400f99a3b76d0ea4591995d8eb418a32a955552e2ed13c365fecec65ab52938dd99982dc794df89d200fba231b85d2ed2269cd2e

C:\Users\Admin\AppData\Roaming\battery.png

MD5 1ed001d1427fa0a32e4ab6cb81d01ce3
SHA1 1a933f36ca48c52ff8085f272c7d66dd249154a5
SHA256 e4ead39126138a19651b074531a4dd312a86d0e3addd1ac8c943814b106453b0
SHA512 8d279f3dd7b0b5d778b4852e0b5fa3c5bf688a487d581c303813de6bf8edf0395de1559d3cd3a24f7782e491ef1108078bcdbb0c43c837c442b098cc106721b2

C:\Users\Admin\AppData\Roaming\GMT+7

MD5 11f8e73ad57571383afa5eaf6bc0456a
SHA1 65a736dddd8e9a3f1dd6fbe999b188910b5f7931
SHA256 0e6a7f1ab731ae6840eacc36b37cbe3277a991720a7c779e116ab488e0eeed4e
SHA512 578665a0897a2c05eda59fb6828f4a9f440fc784059a5f97c8484f164a5fcec95274159c6ff6336f4863b942129cb884110d14c9bd507a2d12d83a4e17f596d2

C:\Users\Admin\AppData\Roaming\forward_disabled.png

MD5 875ff3260a35602560fa96c60aab9b09
SHA1 457c51cb571ed8c2f66860b884b3897094832563
SHA256 e6ca6d6e4408a85d06dec320917eaface8871796c5bc5c7974d99b8415e49e2e
SHA512 aab5a58ee6147c1d2dd40722d6ca56df336d49103f08c123936a8efe2f3250a5ce1d0e90c1c54edbb82e1014213aa78b74ea3570c3c53d9a3ad36af37e42d09f

C:\Users\Admin\AppData\Roaming\Bl soft CG9 CG2.ADO

MD5 4965e28a04e6047d390e8798dce77eb6
SHA1 8abe2196dfcb8fcf664c036b6f55acad0a638a6f
SHA256 425f1c29b829c23c1728cabe2bedb7b9d00298749c1530c932ac1f96d93c07fe
SHA512 c9b12151f06aee6b86a538f1057c1d201bb75db1094b93a4e3d4a94dbd292b2dda7ffe74b99d2c60b2eb994f04c6e5137de7e8ebb3edd65661bf5e1278056c8f

C:\Users\Admin\AppData\Roaming\Adobe-Korea1-0

MD5 41a6fcc09060a5ac59c9b48e4cffdf66
SHA1 79a83a69c8d994f27fb44f315c755839d997ad1d
SHA256 a3cc88d1aec75afa3677e069ffe35d24498e587f7eb3730d9976d16ef04f044d
SHA512 9d15801891b745eaf62411015db16ea13dc20294c97de71a877f91ae62161a7cf530cf10209d89f31d66f67ba2d4142f02b00f006de56a7fb16b5d9d1efba369

C:\Users\Admin\AppData\Roaming\Darker.alv

MD5 7f2d29a5e3ded93d9a3bdadf45ccec15
SHA1 2e03d94db3ab943514a3e61e79fb7fa22f9e1155
SHA256 4f56ea00303af5b79de9a12422a764a6d7942c369a0ecf5bb4dc945a7f545ec7
SHA512 2a07cb08608f3fc15f00cc4a151cf2eb757e69a35f8f9e5a9f03e60e28b1122a4df5f3f891fb6a48c060d181b1457e360a29fa569fe7fda213c71ae12a7ed5a4

C:\Users\Admin\AppData\Roaming\arrow_right_disabled.png

MD5 399856c91725d77cf54be89fb5736f42
SHA1 b368497d9c460757b466d08cd2487aea335e52f2
SHA256 5000bb746100b29ac857d20248f373d0bfc2bad66c88043e27a68dd0dd7313c9
SHA512 3169bf57a46a6900c05c67a3bdd86cbc282fe9a64b5adc784d1097c4d6527ba06eb0ebc0902b953c1664a0a61157d7e34494debabec7dfcc9a2b42e73d419848

C:\Users\Admin\AppData\Roaming\SildMajorgeneralship.U

MD5 91b9526efaad7322ac339490015bffc1
SHA1 6798644896cfec5d07ecdb5d38fe006c8817e6ab
SHA256 f7ffcfc355e940c68ae80173552ab703f1d9a2b1bbe6e75229bca2ccfa3357d6
SHA512 65c7901c2da54fe7785e13257c129258838c01b3109274ff8343790723a0f8b0471d24a7fb1ba27f7821cb814eef28b34d66fb8de8371c6208c0dcfeaf564d6e

memory/1388-122-0x00000000004E0000-0x00000000004EA000-memory.dmp

memory/896-138-0x0000000000400000-0x0000000000424000-memory.dmp

memory/896-139-0x0000000000400000-0x0000000000424000-memory.dmp

memory/896-140-0x0000000000400000-0x0000000000424000-memory.dmp

memory/896-142-0x0000000001F10000-0x0000000001F11000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\wuapp.lnk

MD5 4767e8499d1e6c2bf1ac18999c7c5e37
SHA1 a991c45c099875101c0641c19e8e846efdb3739f
SHA256 c7c4f746d6d1376837caec9bd34789cf76d67258766cf8432b54432106904a4b
SHA512 e55d0b1bb50afe5e24585a8e1c27c524c10ff73ebaf7f17750fd134d61b3a6fd5217f4cccd4b66caa91b4e57b71ac0d1e0d6e8c63eb397088f53b6a7a347e066

memory/896-144-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Roaming\SildMajorgeneralship.U

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1584-207-0x00000000006C0000-0x00000000006CA000-memory.dmp

memory/896-222-0x0000000000400000-0x0000000000424000-memory.dmp

memory/896-225-0x0000000000400000-0x0000000000424000-memory.dmp

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\# DECRYPT MY FILES #.vbs

MD5 6f84dbf74ef41dc3d861f5fb3e0f45ff
SHA1 3e5f17e9b9589f33ce6add7f2518a666ff2253a4
SHA256 df5f432d7e0d2bd1c4dddb1fabbf1e77bd1065b9020f71abaf1a45fbb950bbb8
SHA512 9f9ec25b815be7b20df26244d31848c9a4896b130241b63636d63511a290eaad78d289a9bb04592c0ba31492064671351b4c7359310f03469e27764132a20a5a

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\# DECRYPT MY FILES #.url

MD5 7b8cd30bc64167fcdb96ae9496aa3238
SHA1 09bf25f7b78c93cd3ded50ed51a7fc65b6425b9c
SHA256 714d7fbeb70ea079f4fd833fde49c7137e1002560d1fd8d6cc2ef1ca73a50ef5
SHA512 5985c2ef9592007ea79a13b3da31dfb86634b555e6b53802d2cc373fb15c402bf839c12e4b4add0cb2e755323b39bf20f11b79997825748671f90970ffce46a7

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt

MD5 eb4692178412be4d8c9f4f2f5579f0a9
SHA1 c0d6961b2dc15af28e378af818d388ba8b14f031
SHA256 602afb51afb52777f6bf0e22881efe9edb38da71cc9e53d765a31aa163913798
SHA512 13214b352ef6c9a4bf70d5f9d38ca4ca2e3a5594220980ac6fe0af41403358a53fad68cb94427e8a6702de10ae3a34d67a1293deb95697ff5fea822a2c90f6ae

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\# DECRYPT MY FILES #.html

MD5 0916192ff00a8b72ea123bba5f713795
SHA1 b95c6aeb1e6e0343db7b8138be4eab61a1a5524b
SHA256 346772e4abcfb7529fb992847c5b9ec1275bea38904527c5b63dfe3544e4a116
SHA512 b835cf13f51b5a23a3f8b3074097cb58c3f4fc70dfbd4306ab59c4af73cd0894f76b89e77483c4a1e58783b3aea85ae273f7ae3408220e3f56ac17f190001d63

memory/896-223-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Roaming\arrow_right_disabled.png

MD5 bfa2f168336eab987a39861125d2231c
SHA1 a5db7e462fa06a74e4f1ce13e87ec8b2d8f06e6c
SHA256 bb27419f29f973a0e6365a3534bf4fc32182a7b2bd3512dcc4e561f7f543b658
SHA512 13fda2115ef335af425262b5e839b5436f396395ca5f780d613b360b3d3170ee9d16609a7f9a17784aeb629b019ec178d5942c5958daa5a7e927ea605ed801d7

C:\Users\Admin\AppData\Roaming\arbortext.extensions.xml

MD5 285746e28b644e1ac847e5c990e32a56
SHA1 d1cb002a48fadac4daa7880f3a023d52c5b10ccc
SHA256 6f3c48b811d7042d7822f767f5b84289fb8e0697be9ef81020aad650dd6c046a
SHA512 2f6a18154552e7979743fda05ae5b856d3274a60e14673021bc3ffc819d737202d5790af4ec699493232cb01a5437f7673d7cd9cb777b40491730bbb40bb0ca7

C:\Users\Admin\AppData\Roaming\appcmd.xml

MD5 f01e192cf16800c99b67daccc5327414
SHA1 f9ec74ccbd0a2e61b62620cb31bcb9cbeea7cd25
SHA256 2c99d8143cea36ecd92e0fbbd64c0c9853d6c0e09c129c797ba47216bfc4eac6
SHA512 a09056a25175be0dae3357103897664383193d2709f8ea830b35f9c845316960a0a3ede2133006ea6664a1f105e1603a5ba1b89d7dc7a0fc6f937feaaf00c832

C:\Users\Admin\AppData\Roaming\9.gif

MD5 ada7438f0d47718c45548579475b4de5
SHA1 8753c024c8d33f30cea3c8a013175a99155c3637
SHA256 80229e356eb97dadb177598440e752c4d300fd44baefe4cf09e37e36a82f9b65
SHA512 b2eeeaedc6f571d1bae97f9c0f0663f1a85158b197702796440015bfa21d4864a2ffadb714d71d3cbd1f5835338690a8f0bb541f0447216e45b17b2256549740

C:\Users\Admin\AppData\Local\Temp\CabAA27.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\TarAB09.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f48f90ecf0cc9b4c49e4274b452dfd6
SHA1 d5f78329418ea5912014a4451a9b5558e1795b41
SHA256 15c06ba1db1ab9fa1a0f5ff81935b33060e4724bbc7313bcdadf8332f1082c4b
SHA512 f7dc61a799053083b556bf64ea21b32e47ec2c39c2aecf63c385c50c1fc100ba9f4e82e8a07a014eca4464213205b048c519a69980627ba01b50e448bd5bad94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6db639ad706a519183c5c4aa6952611
SHA1 426aed153cfa8a6640e9c7c6abce735b762330cb
SHA256 abf83df4539c950a1302ba620588aff22662151001a96abfb9df2e15b72ba622
SHA512 f461b32f8d0fc2c7139794a6692d1708dd3f3695761314c59f5379dc8295657cde312f829da219ae44c6578153d303e23683d668a857b8f7940f1447a5c845da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa277bf7af1a7fe68963527bd4461b89
SHA1 027d641fcf15b42728f8c029cd98b1da6daaa7aa
SHA256 7b878884c71a3d26b6074f13520abaeba0055520dbc4bdf86098f7d9aee581ac
SHA512 b26b4f8f1b098ab77b2355d69afae5a4aa7e70cb8bc0c63bf9affb93fb5c0d5dc84c8f456cdc08912ca883827d230a66aaa7860d924312293f2b357b88a9ece7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 210587eadd03be7eefecd64d03626c52
SHA1 9d673aba14a16606f10c3d57355d3431729b9775
SHA256 1b2358f979ec3ae8ddf550f2fb484159ab4bace773bf3ec642bb45e35651a34d
SHA512 84df5f39242c597acb039303574875501f8a3be32e8b92750988965a5240d858ddbe5c81fa41d81dbc6d32475968d0682984639e45a7c0ff830fc06725899f33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f769f0bb13be2167fd6712bd9ec1d015
SHA1 075e5e1e113bd38e189fc83ebf5317052f0daa75
SHA256 0d3e2c9002cf99be9401e27835765a19788e9f033110ab5ee089fd3a7696134c
SHA512 664ea53da455d5aa076eaad94673530f225a37f481b9b38c31dc1df691420a9e6eb13c7d8305825a7ad11db56779f9b2c75e4ffd5927599f2b49d67dae0e00ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5537a09cefab31a21f69b62511645cf7
SHA1 de3233cb1e1856d96d357475564f9a52ee5c5f2a
SHA256 80237aee45e9635f656fbfd50b8f97a6c055362c6c3643ea9191310b6a8cb022
SHA512 80f7050d5ab6dc7fd78f4f6fc2b334e1a628133e47efd22af796eb27f6e1e0f8e4750eadc6a55357540ac17048b5c1d17e994a0c1248ee730d324eb08044f544

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec0ae3de8ee5cea0656d10775f792158
SHA1 bd6d4c9d9c504c3afbd41f89f93bd3124e5a4036
SHA256 3527bb6521ca509f0f145ef8145b51c4bf31b07993865ad2daad82f9aa498571
SHA512 e381909aefa66f9d72ee3af33d4c7145d53e385dd1e6fb7e31f9fe3a525ea61269595a5025f7a865b7d956a74ba2aa4cc575d696d8af2e3a6dcbb807aaa92816

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9378cb0ff00fcc966f63514e196f6512
SHA1 038c5cdd393cfa2d580d4dccac3e25f6ed51b35a
SHA256 8f14765062bda183513120dfe6f14ba51ecb1aa3a34c466e6b4e30072c3aa2fa
SHA512 3cad339735434be52202943ecf0a5f97db396d802844d9be7b226f6719f329129fc44af21e95b4e5dfcf4e223b4f76565022f35314e369a363d521a6d630f923

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd5380aae71095579e9119b77c66493b
SHA1 cacea0325ce50598d71b3e78c40397ae8549ffbd
SHA256 fb47bf42260375d0e5baa89704a2185cd5a58bc40ef04d8e7aee2c1c3a2f647f
SHA512 2f293a530a359560f65134aa0732f2784d7490a4cc18fe474210de20108e7060cbdd1125bf0c908ad50dbbb8cb04c305775930fbefb346c0a58daa67d1499dc1

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-15 17:47

Reported

2024-05-15 17:49

Platform

win10v2004-20240226-en

Max time kernel

152s

Max time network

159s

Command Line

"C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe"

Signatures

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\\wecutil.exe\"" C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\\wecutil.exe\"" C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe N/A

Contacts a large (527) amount of remote hosts

discovery

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\wecutil.lnk C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wecutil = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\\wecutil.exe\"" C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wecutil = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\\wecutil.exe\"" C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wecutil = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\\wecutil.exe\"" C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wecutil = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\\wecutil.exe\"" C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\choosers C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe N/A

Enumerates physical storage devices

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\\wecutil.exe\"" C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\Desktop C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\\wecutil.exe\"" C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4248 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 4248 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 4248 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 4248 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 4248 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 4248 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 4248 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 4248 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 4248 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 4248 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe
PID 1360 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 1360 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 1360 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 1360 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1360 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1360 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1760 wrote to memory of 5000 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1760 wrote to memory of 5000 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1760 wrote to memory of 5000 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1760 wrote to memory of 1868 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1760 wrote to memory of 1868 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1760 wrote to memory of 1868 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1572 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 1572 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 1572 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 1572 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 1572 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 1572 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 1572 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 1572 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 1572 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 1572 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 488 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 488 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 488 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 488 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 488 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 488 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 488 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 488 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 488 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe
PID 488 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe

Processes

C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe"

C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe

"C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe"

C:\Windows\SysWOW64\cmd.exe

/d /c taskkill /t /f /im "474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe" > NUL

C:\Windows\SysWOW64\taskkill.exe

taskkill /t /f /im "474f76977fa109dd9a1a8a7e51c49659_JaffaCakes118.exe"

C:\Windows\SysWOW64\PING.EXE

ping -n 1 127.0.0.1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe

"C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe"

C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe

C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe

C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe

C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:80 ipinfo.io tcp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
US 8.8.8.8:53 0.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 1.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 2.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 3.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 4.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 5.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 6.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 7.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 9.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 10.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 12.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 11.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 13.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 14.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 15.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 16.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 17.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 18.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 19.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 20.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 21.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 22.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 23.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 24.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 25.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 26.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 27.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 28.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 29.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 30.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 31.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 32.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 33.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 35.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 34.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 36.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 37.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 38.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 39.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 40.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 41.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 42.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 43.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 44.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 46.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 45.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 47.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 48.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 49.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 8.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 50.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 51.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 52.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 53.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 54.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 55.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 56.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 57.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 58.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 59.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 60.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 61.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 62.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 63.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 65.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 64.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 66.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 67.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 68.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 70.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 69.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 71.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 72.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 73.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 74.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 75.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 77.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 76.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 78.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 79.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 80.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 81.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 82.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 83.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 84.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 85.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 86.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 87.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 88.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 89.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 90.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 91.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 92.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 94.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 93.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 95.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 96.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 97.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 98.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 99.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 100.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 101.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 102.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 103.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 104.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 105.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 107.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 106.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 108.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 109.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 110.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 111.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 113.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 112.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 114.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 115.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 116.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 117.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 118.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 119.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 120.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 121.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 122.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 123.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 124.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 125.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 126.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 127.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 128.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 130.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 129.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 131.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 132.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 133.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 134.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 135.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 136.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 138.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 139.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 140.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 141.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 142.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 143.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 144.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 145.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 146.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 147.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 148.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 149.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 150.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 151.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 152.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 153.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 155.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 154.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 156.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 157.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 158.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 159.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 160.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 161.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 162.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 163.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 164.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 165.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 166.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 167.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 168.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 169.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 170.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 173.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 171.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 172.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 174.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 175.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 176.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 177.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 178.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 179.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 180.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 181.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 182.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 183.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 184.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 185.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 186.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 187.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 188.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 189.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 190.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 191.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 192.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 193.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 194.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 195.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 196.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 197.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 198.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 199.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 200.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 201.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 202.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 203.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 204.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 205.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 206.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 207.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 208.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 209.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 210.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 211.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 212.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 213.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 214.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 215.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 216.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 217.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 218.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 219.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 220.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 221.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 222.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 223.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 224.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 225.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 226.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 227.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 228.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 229.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 230.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 231.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 232.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 233.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 234.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 235.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 236.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 237.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 238.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 239.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 240.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 241.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 242.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 243.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 244.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 245.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 246.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 247.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 248.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 249.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 250.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 251.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 252.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 253.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 254.234.184.31.in-addr.arpa udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
US 8.8.8.8:53 255.234.184.31.in-addr.arpa udp
US 8.8.8.8:53 0.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 1.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 2.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 3.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 4.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 5.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 6.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 7.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 8.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 10.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 11.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 9.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 12.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 13.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 14.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 15.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 17.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 16.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 19.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 18.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 20.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 21.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 22.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 23.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 24.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 25.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 26.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 28.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 27.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 30.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 29.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 31.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 32.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 33.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 34.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 35.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 36.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 37.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 39.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 40.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 41.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 42.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 43.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 44.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 45.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 46.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 47.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 48.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 49.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 50.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 51.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 52.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 53.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 55.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 54.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 56.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 57.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 58.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 59.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 60.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 61.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 62.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 63.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 64.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 65.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 66.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 67.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 68.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 69.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 70.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 71.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 72.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 73.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 74.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 75.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 76.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 77.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 78.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 79.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 80.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 81.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 82.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 83.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 84.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 85.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 86.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 87.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 88.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 89.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 90.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 91.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 92.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 93.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 94.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 96.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 97.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 98.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 99.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 100.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 102.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 101.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 103.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 104.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 105.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 106.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 107.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 109.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 108.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 110.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 111.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 112.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 113.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 114.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 115.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 116.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 118.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 119.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 120.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 121.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 122.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 123.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 124.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 125.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 126.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 127.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 128.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 129.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 131.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 130.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 132.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 133.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 134.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 135.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 136.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 137.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 138.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 139.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 140.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 141.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 142.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 143.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 144.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 145.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 146.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 147.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 148.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 149.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 150.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 151.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 152.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 153.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 154.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 155.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 156.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 157.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 158.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 159.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 160.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 161.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 162.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 164.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 163.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 165.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 166.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 167.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 168.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 170.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 169.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 171.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 172.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 173.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 174.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 175.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 176.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 177.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 178.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 179.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 180.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 181.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 182.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 183.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 184.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 185.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 186.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 187.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 189.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 188.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 191.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 190.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 192.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 193.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 194.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 195.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 197.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 196.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 198.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 199.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 200.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 201.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 202.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 203.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 204.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 205.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 206.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 207.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 208.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 209.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 210.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 211.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 212.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 213.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 214.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 215.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 216.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 217.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 218.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 219.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 220.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 221.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 222.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 223.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 224.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 225.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 226.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 227.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 228.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 230.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 229.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 231.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 232.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 233.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 234.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 235.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 236.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 237.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 238.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 239.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 240.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 241.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 242.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 243.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 245.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 246.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 247.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 248.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 249.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 250.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 252.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 253.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 254.235.184.31.in-addr.arpa udp
AM 31.184.235.255:6892 udp
US 8.8.8.8:53 255.235.184.31.in-addr.arpa udp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsv3862.tmp\System.dll

MD5 a436db0c473a087eb61ff5c53c34ba27
SHA1 65ea67e424e75f5065132b539c8b2eda88aa0506
SHA256 75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49
SHA512 908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d

C:\Users\Admin\AppData\Roaming\DumpLog.dll

MD5 a7071875105cb81943f72ecb7c3d10f1
SHA1 7353fbdda3fed9bb8dbec6df39547bdac910c185
SHA256 8eecdcb35325eaad230f69747759a7eac9642be32be799db28cbaf4e076769b5
SHA512 31a24168d9a37cbff1ee93d2d69e6d50545625e5d2751cd68286aad099894402cbdea1fe2995adc2e721e97dceed213c1886332e2130597b409ac2350e5edac2

memory/4248-34-0x00000000022A0000-0x00000000022AA000-memory.dmp

memory/1360-38-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1360-40-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1360-42-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1360-43-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Roaming\{7B88A631-9DB0-95C8-FE5C-A999350AECED}\wecutil.exe

MD5 474f76977fa109dd9a1a8a7e51c49659
SHA1 aed91b01397c5a067201e0eed886f7fe2acdc02e
SHA256 1c77bceb256e2c7e570830558b2084008f961483981d352b874af0e6e2ee3f10
SHA512 997f426de2c1942c7eb2efee57946eaa50f0f67e3cf1603b9e9ebf4bf9e09008172c74ca30b34943c25e0dc64815749f474ececc4ac84d5ef2217dd4efb0a1e8

memory/1360-51-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Roaming\SildMajorgeneralship.U

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\data_transfer.png

MD5 6dcfd632eb0a8124ea05a92209e73bab
SHA1 094612b281c4d378ec3def211d60a259bcb41fca
SHA256 0b7e998b98af82bbf0e9f8916aa5e1614a3e42d7a79cd2877c7c72690a42272e
SHA512 581f7f73592c3cf0999a76a2400e0d385330d0594f12c1fe7e37cdef492fd2eafafaec2b6310000efac34c507a1bc660a7e9d38158c888e3869d19ca3f74acab

C:\Users\Admin\AppData\Roaming\9.gif

MD5 89ef56055c93539c44f2a59def331ff8
SHA1 68de36276c6482f4a596b9881be44625fce0996e
SHA256 e3274dae4562db681c6e7ef3f4f52dbbd86c25d8810d919d7b7a89bd57af53f8
SHA512 6a6c36641ab25b6f39a8eb33f3ea65af7afaa4c24005aeed27eaba69aab105dd9a41c11a130af5269874a8aded230273ab681cd124513ba4664ad364a0e27e90

C:\Users\Admin\AppData\Roaming\arrow_right_disabled.png

MD5 399856c91725d77cf54be89fb5736f42
SHA1 b368497d9c460757b466d08cd2487aea335e52f2
SHA256 5000bb746100b29ac857d20248f373d0bfc2bad66c88043e27a68dd0dd7313c9
SHA512 3169bf57a46a6900c05c67a3bdd86cbc282fe9a64b5adc784d1097c4d6527ba06eb0ebc0902b953c1664a0a61157d7e34494debabec7dfcc9a2b42e73d419848

C:\Users\Admin\AppData\Roaming\flash.icon1.ico

MD5 5b6d410767b3f51805b65bd53047ddff
SHA1 7eae072adbc3b102a3e06873f643e5e11674d936
SHA256 c665dbded35fd10240134d7199cba83e69eedeb893fdffa73235e5f3ceaacaa3
SHA512 45a409739c6f7ef6444d0fd80134941a20806b7248336b5bc76f757107fd0637f292b2827c0b90c26c1bc5ee4fb6658a1a1d6c2a23b55b8b8bd550a2671c04f4

C:\Users\Admin\AppData\Roaming\Darker.alv

MD5 7f2d29a5e3ded93d9a3bdadf45ccec15
SHA1 2e03d94db3ab943514a3e61e79fb7fa22f9e1155
SHA256 4f56ea00303af5b79de9a12422a764a6d7942c369a0ecf5bb4dc945a7f545ec7
SHA512 2a07cb08608f3fc15f00cc4a151cf2eb757e69a35f8f9e5a9f03e60e28b1122a4df5f3f891fb6a48c060d181b1457e360a29fa569fe7fda213c71ae12a7ed5a4

C:\Users\Admin\AppData\Roaming\axf.extensions.xml

MD5 af841ee6aa03ff9847d5bdd00473ff90
SHA1 2ef974619172b802252ffac7576a3762f6236dd1
SHA256 7a28d8ac66543a242f64890404d706d649224b6b43fd4f8f0c20455052b7dc41
SHA512 a48523b843a06fe158dc4ca3d9c5ba2346261d33f0515fb2018bec52cb4315f06981d5cb658dad5f4d83c2af49cc36f6c55cb746386b0bfbf8863c0c3b70c9ac

C:\Users\Admin\AppData\Roaming\variability.kpd

MD5 59b666941a1ca106c9d3a0bf58b7b7d4
SHA1 392e93b08a658dea9e24a5ef34e5daf591c43247
SHA256 b9ea6983a6eec38a0e120361ca843da7a9f52de1569b5dbab19bd4b90b4a0ab1
SHA512 0bc1592ceb10c2e1b774ad357f97ef3757b86a3c1c5ecb89b35be5231330b7c0b02ab36223edcd8b06776ec5540e3183c2378d8a229263454cc53ddb3a99a1a7

C:\Users\Admin\AppData\Roaming\microseism.rjh

MD5 7be3aa61e943269fd4f504dcd95e7016
SHA1 8bcc960f9128d1ff1004174f4f78dd839a5a1684
SHA256 92c02f210805bd497e288299ee3da1b46cff3c93da4f5f5af7f65f6e83b5429d
SHA512 aa858e3f0e8aaf77b70aea820d808ca01860f0d1e27c93ad361a27830848ed64677327d12c75bd6860434f5be8e98b7f865aa40a00d3429b8831991cd2cd5b69

C:\Users\Admin\AppData\Roaming\403.htm

MD5 394a5c0cee0392d04fad577c6766f06b
SHA1 16197acb33ddc2e8c5d1f7fc04aaa0cf1f26b95f
SHA256 ed1e1c39e647d0aa8b950c98ff6ba2e7d551927263e45d4ba86b8747ce5149ee
SHA512 9027e504499d057097c2b149ae3743519178cb570c48d4f0dd5cc735554199ad2525915af3b8e4ff1bafc471ebe3cefcd4760fc6c2c5a9e8f7bfde5805a89397

C:\Users\Admin\AppData\Roaming\en-US.pak

MD5 375253e9ff91d59171322445c14873ab
SHA1 6c2dd2a90b40d7d35f0baa8f762761deae6903ff
SHA256 2f5e83acc8bbb76507342f6e7d22728113519e86cc645170035148dc36074951
SHA512 ac0762dc5b49da6c26728af8809527dfc1576771728d09426b9459f0cf20dd5982c2054fe1b999c2fbf9e0139c340aa56c2e7867a873620c2c5a839e0a5280f6

C:\Users\Admin\AppData\Roaming\appcmd.xml

MD5 a1abf60add7c54a1a444e83b523f8095
SHA1 ac7571cde28c55642f44f35e25fb66597233636f
SHA256 24c63a00a384d26a929c3285e41822631a846c5c69627360dec267b35c55410a
SHA512 a8b35138bc9495ad7ef64dc0c4bbe1fda1f4bf34530c77080be9f54ccfadac96b3a45eb018dc3ef30bdbf6013ec8b0ffd18475516ea680a6308008806d4374d7

C:\Users\Admin\AppData\Roaming\Damascus

MD5 93657662177fdc9183a0fd632790c0ae
SHA1 5586f64b641545aa2610b3bcd5df7750a17955de
SHA256 a353644ae75ca0a454a56caa9a442e361f1097ff429d035fc7ba73e87650e21e
SHA512 c0a0deb8e5773c783e3656084fb751847b71b2b1e6b2bf489f31f97100e4c629c0266c10d3f1a75c6811a2a195308d564d7216be8bce01b8ec5dda3a5096eb93

C:\Users\Admin\AppData\Roaming\arbortext.extensions.xml

MD5 b7a3d5891858ec987692f843d0da635e
SHA1 144dfcf7282b499e4b07b3b4ae10bbb5dc23e08c
SHA256 a021af7e7c49f2c338f12e715d4e2f853f4f53327dadb73b11d089fb43bf6a85
SHA512 c7bb9f9f0cec125ae61617bc2b6ce1b449b736d7bf5d776605d830a4a2e2e9b7957de4b1d146faa403e169052eb54af00f551e392bdc286c190e62df3df3f7f6

C:\Users\Admin\AppData\Roaming\goURL_lr_photoshop_en.csv

MD5 72846352548853b375cd1966c5b25a3a
SHA1 c51c6d5641dfcabdb6569e071c502deacda8d2d1
SHA256 97f1d4f62e381f8f65d3e7d3da9f3c5d8194c73a2d30a2d08057d0d5ce30e130
SHA512 b4c5a4be9a676323e3f1df1eed60761def150a91e237d830c96413770397df3138176ffb1374580b10abb1466bebc8f8aef99d0a44be0fa29ac5edce3cf9874e

C:\Users\Admin\AppData\Roaming\Adobe-CNS1-6

MD5 632dcddcbedcb4c38a4cffabd99dedf3
SHA1 c033e731c067d0732961f656d9bee65f46da9594
SHA256 70942bcd54b48fcc2ebdfd19da8031c9c5b4c710f5d2543f12b3f0fe0f4d2592
SHA512 ea04f016d74c3da10d2aaefc400f99a3b76d0ea4591995d8eb418a32a955552e2ed13c365fecec65ab52938dd99982dc794df89d200fba231b85d2ed2269cd2e

C:\Users\Admin\AppData\Roaming\battery.png

MD5 1ed001d1427fa0a32e4ab6cb81d01ce3
SHA1 1a933f36ca48c52ff8085f272c7d66dd249154a5
SHA256 e4ead39126138a19651b074531a4dd312a86d0e3addd1ac8c943814b106453b0
SHA512 8d279f3dd7b0b5d778b4852e0b5fa3c5bf688a487d581c303813de6bf8edf0395de1559d3cd3a24f7782e491ef1108078bcdbb0c43c837c442b098cc106721b2

C:\Users\Admin\AppData\Roaming\GMT+7

MD5 11f8e73ad57571383afa5eaf6bc0456a
SHA1 65a736dddd8e9a3f1dd6fbe999b188910b5f7931
SHA256 0e6a7f1ab731ae6840eacc36b37cbe3277a991720a7c779e116ab488e0eeed4e
SHA512 578665a0897a2c05eda59fb6828f4a9f440fc784059a5f97c8484f164a5fcec95274159c6ff6336f4863b942129cb884110d14c9bd507a2d12d83a4e17f596d2

C:\Users\Admin\AppData\Roaming\forward_disabled.png

MD5 875ff3260a35602560fa96c60aab9b09
SHA1 457c51cb571ed8c2f66860b884b3897094832563
SHA256 e6ca6d6e4408a85d06dec320917eaface8871796c5bc5c7974d99b8415e49e2e
SHA512 aab5a58ee6147c1d2dd40722d6ca56df336d49103f08c123936a8efe2f3250a5ce1d0e90c1c54edbb82e1014213aa78b74ea3570c3c53d9a3ad36af37e42d09f

C:\Users\Admin\AppData\Roaming\external-link.gif

MD5 bae65d05d67c86148948fdf7a773a207
SHA1 37313e079df4ee9020c2ff14eedee17b65ac6880
SHA256 67ce0e5ca8696537cb2c4fce9e8e945c6134e36945c719c879b9b7288bcd5d96
SHA512 09e4b5d0328b02adeca1855c37235007e6d711f835fcccddcc2ed2b0dc5de6cd32a3ac07c97140e376c1e71a362fd59dafe41db697187ecd9bf636d8f8655e46

C:\Users\Admin\AppData\Roaming\Bl soft CG9 CG2.ADO

MD5 4965e28a04e6047d390e8798dce77eb6
SHA1 8abe2196dfcb8fcf664c036b6f55acad0a638a6f
SHA256 425f1c29b829c23c1728cabe2bedb7b9d00298749c1530c932ac1f96d93c07fe
SHA512 c9b12151f06aee6b86a538f1057c1d201bb75db1094b93a4e3d4a94dbd292b2dda7ffe74b99d2c60b2eb994f04c6e5137de7e8ebb3edd65661bf5e1278056c8f

C:\Users\Admin\AppData\Roaming\Adobe-Korea1-0

MD5 41a6fcc09060a5ac59c9b48e4cffdf66
SHA1 79a83a69c8d994f27fb44f315c755839d997ad1d
SHA256 a3cc88d1aec75afa3677e069ffe35d24498e587f7eb3730d9976d16ef04f044d
SHA512 9d15801891b745eaf62411015db16ea13dc20294c97de71a877f91ae62161a7cf530cf10209d89f31d66f67ba2d4142f02b00f006de56a7fb16b5d9d1efba369

C:\Users\Admin\AppData\Roaming\Escudo.qBC

MD5 60eddd78af5fb9e8236f86ee672eb97d
SHA1 f76a5f7400e193f53683553e6562262521a32a74
SHA256 354b3fa35d71922a72c3d9b55a53099948d135bb7d49366d106e9a938786ffc6
SHA512 22ebbe27e3e524792478a9f3e63c42d9b391a604bbcf870dbe3ffc195e693fd47a2830e3ee995d0d561d59c67ecfcfea3f17d5497c063ffed838d9968eb38377

memory/1572-112-0x0000000003010000-0x000000000301A000-memory.dmp

memory/1392-118-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1392-119-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1392-120-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1392-122-0x0000000003880000-0x0000000003881000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\wecutil.lnk

MD5 e4d7131a9282e7072604a17b2ca11190
SHA1 2fd74c6244b106074a395bfadcb1f9f3e3deaaec
SHA256 32990b0f3b447ac9bb304f66fca5cffb010afee848a2a4dd6235f53e4ad0b0f6
SHA512 6ad2c0b36311238658d589c244b7c231b98f6ed0795a3bc41e58de8d63687ce2bfb56929a28f4775910177b19fb9327e649675e1ab00c6eac9592ac95f8cdb51

memory/1392-124-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1392-125-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1392-128-0x0000000000400000-0x0000000000424000-memory.dmp

memory/488-186-0x0000000002160000-0x000000000216A000-memory.dmp

memory/3364-194-0x0000000000400000-0x0000000000424000-memory.dmp

memory/3364-195-0x0000000000400000-0x0000000000424000-memory.dmp